* Tue Aug 12 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-180
- label /usr/libexec/cockpit-agent as shell_exec_t
- sysadm_t should be allowed to communicate with networkmanager
- Allow sysadm_t to create netlink_tcpdiag socket
- Label also /var/run/glusterd.socket file as gluster_var_run_t
- Label conmans pid file as conman_var_run_t
- Allow certmonger to stream connect to dirsrv to make
ipa-server-install working.
- Allow sensord to send a signal.
- Dontaudit attempts to access check cert dirs/files for sssd.
- Label keystone var run dir (#1123013)
- Label neutron var run dir (#1123013)
- Allow bacula manage bacula_log_t dirs
- Fix typo in bacula.te and add filetrans also for bacula log files.
- docker needs more access, need back port to RHEL7
- Allow alsa to create lock file to see if it fixes #1123423.
- Add new mozilla_plugin_bind_unreserved_ports boolean to allow mozilla
plugin to use tcp/udp unreserved ports
- Dontaudit write access on generic cert files. We don't audit also
access check.
- Allow nacl_helper_boo running in :chrome_sandbox_t to send SIGCHLD to
chrome_sandbox_nacl_t.
- Back port modemmanager for F21.
- docker does a getattr on all file systems
- Allow denyhosts to enable synchronization which needs to connect to
tcp/9911 port.
- shell_exec_t should not be in cockip.fc
- Allow smokeping cgi script to send syslog messages (#1122163)
- Allow cachefilesd_t to send itself signals
- Allow svirt domains to manage chr files and blk files for mknod
commands
- docker needs setfcap