* Tue Jul 3 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-8
- initrc is calling exportfs which is not confined so it attempts to read nfsd_files - Fixes for passenger running within openshift. - Add labeling for all tomcat6 dirs - Add support for tomcat6 - Allow cobblerd to read /etc/passwd - Allow jockey to read sysfs and and execute binaries with bin_t - Allow thum to use user terminals - Allow cgclear to read cgconfig config files - Fix bcf2g.fc - Remove sysnet_dns_name_resolve() from policies where auth_use_nsswitch() is used for other - Allow dbomatic to execute ruby - abrt_watch_log should be abrt_domain - Allow mozilla_plugin to connect to gatekeeper port
This commit is contained in:
parent
1de5de6450
commit
0f07ba7f55
@ -60457,7 +60457,7 @@ index db981df..b77f19f 100644
|
||||
+/usr/lib/ruby/gems/.*/agents(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
+/usr/lib/virtualbox/VBoxManage -- gen_context(system_u:object_r:bin_t,s0)
|
||||
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
|
||||
index 9e9263a..ba59ffd 100644
|
||||
index 9e9263a..c4dc1b6 100644
|
||||
--- a/policy/modules/kernel/corecommands.if
|
||||
+++ b/policy/modules/kernel/corecommands.if
|
||||
@@ -122,6 +122,7 @@ interface(`corecmd_search_bin',`
|
||||
@ -60534,7 +60534,18 @@ index 9e9263a..ba59ffd 100644
|
||||
read_sock_files_pattern($1, bin_t, bin_t)
|
||||
')
|
||||
|
||||
@@ -362,6 +385,7 @@ interface(`corecmd_manage_bin_files',`
|
||||
@@ -345,6 +368,10 @@ interface(`corecmd_exec_bin',`
|
||||
read_lnk_files_pattern($1, bin_t, bin_t)
|
||||
list_dirs_pattern($1, bin_t, bin_t)
|
||||
can_exec($1, bin_t)
|
||||
+ #ifdef(`enable_mls',`',`
|
||||
+ # files_exec_usr_files($1)
|
||||
+ # libs_exec_lib_files($1)
|
||||
+ #')
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -362,6 +389,7 @@ interface(`corecmd_manage_bin_files',`
|
||||
type bin_t;
|
||||
')
|
||||
|
||||
@ -60542,7 +60553,7 @@ index 9e9263a..ba59ffd 100644
|
||||
manage_files_pattern($1, bin_t, bin_t)
|
||||
')
|
||||
|
||||
@@ -398,6 +422,7 @@ interface(`corecmd_mmap_bin_files',`
|
||||
@@ -398,6 +426,7 @@ interface(`corecmd_mmap_bin_files',`
|
||||
type bin_t;
|
||||
')
|
||||
|
||||
@ -60550,7 +60561,7 @@ index 9e9263a..ba59ffd 100644
|
||||
mmap_files_pattern($1, bin_t, bin_t)
|
||||
')
|
||||
|
||||
@@ -954,6 +979,24 @@ interface(`corecmd_exec_chroot',`
|
||||
@@ -954,6 +983,24 @@ interface(`corecmd_exec_chroot',`
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -60575,7 +60586,7 @@ index 9e9263a..ba59ffd 100644
|
||||
## Get the attributes of all executable files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -1049,6 +1092,7 @@ interface(`corecmd_manage_all_executables',`
|
||||
@@ -1049,6 +1096,7 @@ interface(`corecmd_manage_all_executables',`
|
||||
type bin_t;
|
||||
')
|
||||
|
||||
@ -76848,7 +76859,7 @@ index 6ce867a..ee79c5a 100644
|
||||
+ userdom_user_home_dir_filetrans($1, auth_home_t, file, ".google_authenticator~")
|
||||
')
|
||||
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
|
||||
index f12b8ff..2293c1b 100644
|
||||
index f12b8ff..3b80e52 100644
|
||||
--- a/policy/modules/system/authlogin.te
|
||||
+++ b/policy/modules/system/authlogin.te
|
||||
@@ -5,22 +5,42 @@ policy_module(authlogin, 2.3.1)
|
||||
@ -76957,7 +76968,7 @@ index f12b8ff..2293c1b 100644
|
||||
# Allow utemper to write to /tmp/.xses-*
|
||||
userdom_write_user_tmp_files(utempter_t)
|
||||
|
||||
@@ -388,10 +416,74 @@ ifdef(`distro_ubuntu',`
|
||||
@@ -388,10 +416,79 @@ ifdef(`distro_ubuntu',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -76978,6 +76989,11 @@ index f12b8ff..2293c1b 100644
|
||||
+ ')
|
||||
+')
|
||||
+
|
||||
+######################################
|
||||
+#
|
||||
+# nsswitch_domain local policy
|
||||
+#
|
||||
+
|
||||
+auth_read_passwd(nsswitch_domain)
|
||||
+
|
||||
+# read /etc/nsswitch.conf
|
||||
@ -78579,7 +78595,7 @@ index d26fe81..3ff8fef 100644
|
||||
+ allow $1 init_t:system undefined;
|
||||
+')
|
||||
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||
index 5fb9683..0721079 100644
|
||||
index 5fb9683..a2c2556 100644
|
||||
--- a/policy/modules/system/init.te
|
||||
+++ b/policy/modules/system/init.te
|
||||
@@ -16,6 +16,34 @@ gen_require(`
|
||||
@ -79001,7 +79017,7 @@ index 5fb9683..0721079 100644
|
||||
|
||||
init_write_initctl(initrc_t)
|
||||
|
||||
@@ -265,20 +494,34 @@ kernel_change_ring_buffer_level(initrc_t)
|
||||
@@ -265,20 +494,35 @@ kernel_change_ring_buffer_level(initrc_t)
|
||||
kernel_clear_ring_buffer(initrc_t)
|
||||
kernel_get_sysvipc_info(initrc_t)
|
||||
kernel_read_all_sysctls(initrc_t)
|
||||
@ -79024,6 +79040,7 @@ index 5fb9683..0721079 100644
|
||||
+fs_manage_tmpfs_symlinks(initrc_t)
|
||||
+fs_delete_tmpfs_files(initrc_t)
|
||||
+fs_tmpfs_filetrans(initrc_t, initrc_state_t, file)
|
||||
+fs_read_nfsd_files(initrc_t)
|
||||
|
||||
corecmd_exec_all_executables(initrc_t)
|
||||
|
||||
@ -79040,7 +79057,7 @@ index 5fb9683..0721079 100644
|
||||
corenet_tcp_sendrecv_all_ports(initrc_t)
|
||||
corenet_udp_sendrecv_all_ports(initrc_t)
|
||||
corenet_tcp_connect_all_ports(initrc_t)
|
||||
@@ -286,6 +529,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
||||
@@ -286,6 +530,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
||||
|
||||
dev_read_rand(initrc_t)
|
||||
dev_read_urand(initrc_t)
|
||||
@ -79048,7 +79065,7 @@ index 5fb9683..0721079 100644
|
||||
dev_write_kmsg(initrc_t)
|
||||
dev_write_rand(initrc_t)
|
||||
dev_write_urand(initrc_t)
|
||||
@@ -296,8 +540,10 @@ dev_write_framebuffer(initrc_t)
|
||||
@@ -296,8 +541,10 @@ dev_write_framebuffer(initrc_t)
|
||||
dev_read_realtime_clock(initrc_t)
|
||||
dev_read_sound_mixer(initrc_t)
|
||||
dev_write_sound_mixer(initrc_t)
|
||||
@ -79059,7 +79076,7 @@ index 5fb9683..0721079 100644
|
||||
dev_delete_lvm_control_dev(initrc_t)
|
||||
dev_manage_generic_symlinks(initrc_t)
|
||||
dev_manage_generic_files(initrc_t)
|
||||
@@ -305,17 +551,16 @@ dev_manage_generic_files(initrc_t)
|
||||
@@ -305,17 +552,16 @@ dev_manage_generic_files(initrc_t)
|
||||
dev_delete_generic_symlinks(initrc_t)
|
||||
dev_getattr_all_blk_files(initrc_t)
|
||||
dev_getattr_all_chr_files(initrc_t)
|
||||
@ -79079,7 +79096,7 @@ index 5fb9683..0721079 100644
|
||||
domain_getsession_all_domains(initrc_t)
|
||||
domain_use_interactive_fds(initrc_t)
|
||||
# for lsof which is used by alsa shutdown:
|
||||
@@ -323,6 +568,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
||||
@@ -323,6 +569,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
||||
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
||||
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
||||
domain_dontaudit_getattr_all_pipes(initrc_t)
|
||||
@ -79087,7 +79104,7 @@ index 5fb9683..0721079 100644
|
||||
|
||||
files_getattr_all_dirs(initrc_t)
|
||||
files_getattr_all_files(initrc_t)
|
||||
@@ -330,8 +576,10 @@ files_getattr_all_symlinks(initrc_t)
|
||||
@@ -330,8 +577,10 @@ files_getattr_all_symlinks(initrc_t)
|
||||
files_getattr_all_pipes(initrc_t)
|
||||
files_getattr_all_sockets(initrc_t)
|
||||
files_purge_tmp(initrc_t)
|
||||
@ -79099,7 +79116,7 @@ index 5fb9683..0721079 100644
|
||||
files_delete_all_pids(initrc_t)
|
||||
files_delete_all_pid_dirs(initrc_t)
|
||||
files_read_etc_files(initrc_t)
|
||||
@@ -347,8 +595,12 @@ files_list_isid_type_dirs(initrc_t)
|
||||
@@ -347,8 +596,12 @@ files_list_isid_type_dirs(initrc_t)
|
||||
files_mounton_isid_type_dirs(initrc_t)
|
||||
files_list_default(initrc_t)
|
||||
files_mounton_default(initrc_t)
|
||||
@ -79113,7 +79130,7 @@ index 5fb9683..0721079 100644
|
||||
fs_list_inotifyfs(initrc_t)
|
||||
fs_register_binary_executable_type(initrc_t)
|
||||
# rhgb-console writes to ramfs
|
||||
@@ -358,9 +610,12 @@ fs_mount_all_fs(initrc_t)
|
||||
@@ -358,9 +611,12 @@ fs_mount_all_fs(initrc_t)
|
||||
fs_unmount_all_fs(initrc_t)
|
||||
fs_remount_all_fs(initrc_t)
|
||||
fs_getattr_all_fs(initrc_t)
|
||||
@ -79127,7 +79144,7 @@ index 5fb9683..0721079 100644
|
||||
mcs_killall(initrc_t)
|
||||
mcs_process_set_categories(initrc_t)
|
||||
|
||||
@@ -370,6 +625,7 @@ mls_process_read_up(initrc_t)
|
||||
@@ -370,6 +626,7 @@ mls_process_read_up(initrc_t)
|
||||
mls_process_write_down(initrc_t)
|
||||
mls_rangetrans_source(initrc_t)
|
||||
mls_fd_share_all_levels(initrc_t)
|
||||
@ -79135,7 +79152,7 @@ index 5fb9683..0721079 100644
|
||||
|
||||
selinux_get_enforce_mode(initrc_t)
|
||||
|
||||
@@ -381,6 +637,7 @@ term_use_all_terms(initrc_t)
|
||||
@@ -381,6 +638,7 @@ term_use_all_terms(initrc_t)
|
||||
term_reset_tty_labels(initrc_t)
|
||||
|
||||
auth_rw_login_records(initrc_t)
|
||||
@ -79143,7 +79160,7 @@ index 5fb9683..0721079 100644
|
||||
auth_setattr_login_records(initrc_t)
|
||||
auth_rw_lastlog(initrc_t)
|
||||
auth_read_pam_pid(initrc_t)
|
||||
@@ -401,18 +658,17 @@ logging_read_audit_config(initrc_t)
|
||||
@@ -401,18 +659,17 @@ logging_read_audit_config(initrc_t)
|
||||
|
||||
miscfiles_read_localization(initrc_t)
|
||||
# slapd needs to read cert files from its initscript
|
||||
@ -79165,7 +79182,7 @@ index 5fb9683..0721079 100644
|
||||
|
||||
ifdef(`distro_debian',`
|
||||
dev_setattr_generic_dirs(initrc_t)
|
||||
@@ -465,6 +721,10 @@ ifdef(`distro_gentoo',`
|
||||
@@ -465,6 +722,10 @@ ifdef(`distro_gentoo',`
|
||||
sysnet_setattr_config(initrc_t)
|
||||
|
||||
optional_policy(`
|
||||
@ -79176,7 +79193,7 @@ index 5fb9683..0721079 100644
|
||||
alsa_read_lib(initrc_t)
|
||||
')
|
||||
|
||||
@@ -485,7 +745,7 @@ ifdef(`distro_redhat',`
|
||||
@@ -485,7 +746,7 @@ ifdef(`distro_redhat',`
|
||||
|
||||
# Red Hat systems seem to have a stray
|
||||
# fd open from the initrd
|
||||
@ -79185,7 +79202,7 @@ index 5fb9683..0721079 100644
|
||||
files_dontaudit_read_root_files(initrc_t)
|
||||
|
||||
# These seem to be from the initrd
|
||||
@@ -500,6 +760,7 @@ ifdef(`distro_redhat',`
|
||||
@@ -500,6 +761,7 @@ ifdef(`distro_redhat',`
|
||||
files_create_boot_dirs(initrc_t)
|
||||
files_create_boot_flag(initrc_t)
|
||||
files_rw_boot_symlinks(initrc_t)
|
||||
@ -79193,7 +79210,7 @@ index 5fb9683..0721079 100644
|
||||
# wants to read /.fonts directory
|
||||
files_read_default_files(initrc_t)
|
||||
files_mountpoint(initrc_tmp_t)
|
||||
@@ -520,6 +781,7 @@ ifdef(`distro_redhat',`
|
||||
@@ -520,6 +782,7 @@ ifdef(`distro_redhat',`
|
||||
miscfiles_rw_localization(initrc_t)
|
||||
miscfiles_setattr_localization(initrc_t)
|
||||
miscfiles_relabel_localization(initrc_t)
|
||||
@ -79201,7 +79218,7 @@ index 5fb9683..0721079 100644
|
||||
|
||||
miscfiles_read_fonts(initrc_t)
|
||||
miscfiles_read_hwdata(initrc_t)
|
||||
@@ -529,8 +791,35 @@ ifdef(`distro_redhat',`
|
||||
@@ -529,8 +792,35 @@ ifdef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79237,7 +79254,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -538,14 +827,27 @@ ifdef(`distro_redhat',`
|
||||
@@ -538,14 +828,27 @@ ifdef(`distro_redhat',`
|
||||
rpc_write_exports(initrc_t)
|
||||
rpc_manage_nfs_state_data(initrc_t)
|
||||
')
|
||||
@ -79265,7 +79282,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
')
|
||||
|
||||
@@ -556,6 +858,39 @@ ifdef(`distro_suse',`
|
||||
@@ -556,6 +859,39 @@ ifdef(`distro_suse',`
|
||||
')
|
||||
')
|
||||
|
||||
@ -79305,7 +79322,7 @@ index 5fb9683..0721079 100644
|
||||
optional_policy(`
|
||||
amavis_search_lib(initrc_t)
|
||||
amavis_setattr_pid_files(initrc_t)
|
||||
@@ -568,6 +903,8 @@ optional_policy(`
|
||||
@@ -568,6 +904,8 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
apache_read_config(initrc_t)
|
||||
apache_list_modules(initrc_t)
|
||||
@ -79314,7 +79331,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -589,6 +926,7 @@ optional_policy(`
|
||||
@@ -589,6 +927,7 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
cgroup_stream_connect_cgred(initrc_t)
|
||||
@ -79322,7 +79339,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -601,6 +939,17 @@ optional_policy(`
|
||||
@@ -601,6 +940,17 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79340,7 +79357,7 @@ index 5fb9683..0721079 100644
|
||||
dev_getattr_printer_dev(initrc_t)
|
||||
|
||||
cups_read_log(initrc_t)
|
||||
@@ -617,9 +966,13 @@ optional_policy(`
|
||||
@@ -617,9 +967,13 @@ optional_policy(`
|
||||
dbus_connect_system_bus(initrc_t)
|
||||
dbus_system_bus_client(initrc_t)
|
||||
dbus_read_config(initrc_t)
|
||||
@ -79354,7 +79371,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -644,6 +997,10 @@ optional_policy(`
|
||||
@@ -644,6 +998,10 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79365,7 +79382,7 @@ index 5fb9683..0721079 100644
|
||||
gpm_setattr_gpmctl(initrc_t)
|
||||
')
|
||||
|
||||
@@ -661,6 +1018,15 @@ optional_policy(`
|
||||
@@ -661,6 +1019,15 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79381,7 +79398,7 @@ index 5fb9683..0721079 100644
|
||||
inn_exec_config(initrc_t)
|
||||
')
|
||||
|
||||
@@ -701,6 +1067,7 @@ optional_policy(`
|
||||
@@ -701,6 +1068,7 @@ optional_policy(`
|
||||
lpd_list_spool(initrc_t)
|
||||
|
||||
lpd_read_config(initrc_t)
|
||||
@ -79389,7 +79406,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -718,7 +1085,13 @@ optional_policy(`
|
||||
@@ -718,7 +1086,13 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79403,7 +79420,7 @@ index 5fb9683..0721079 100644
|
||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||
')
|
||||
|
||||
@@ -741,6 +1114,10 @@ optional_policy(`
|
||||
@@ -741,6 +1115,10 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79414,7 +79431,7 @@ index 5fb9683..0721079 100644
|
||||
postgresql_manage_db(initrc_t)
|
||||
postgresql_read_config(initrc_t)
|
||||
')
|
||||
@@ -750,10 +1127,20 @@ optional_policy(`
|
||||
@@ -750,10 +1128,20 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79435,7 +79452,7 @@ index 5fb9683..0721079 100644
|
||||
quota_manage_flags(initrc_t)
|
||||
')
|
||||
|
||||
@@ -762,6 +1149,10 @@ optional_policy(`
|
||||
@@ -762,6 +1150,10 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79446,7 +79463,7 @@ index 5fb9683..0721079 100644
|
||||
fs_write_ramfs_sockets(initrc_t)
|
||||
fs_search_ramfs(initrc_t)
|
||||
|
||||
@@ -783,8 +1174,6 @@ optional_policy(`
|
||||
@@ -783,8 +1175,6 @@ optional_policy(`
|
||||
# bash tries ioctl for some reason
|
||||
files_dontaudit_ioctl_all_pids(initrc_t)
|
||||
|
||||
@ -79455,7 +79472,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -793,6 +1182,10 @@ optional_policy(`
|
||||
@@ -793,6 +1183,10 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79466,7 +79483,7 @@ index 5fb9683..0721079 100644
|
||||
# shorewall-init script run /var/lib/shorewall/firewall
|
||||
shorewall_lib_domtrans(initrc_t)
|
||||
')
|
||||
@@ -802,10 +1195,12 @@ optional_policy(`
|
||||
@@ -802,10 +1196,12 @@ optional_policy(`
|
||||
squid_manage_logs(initrc_t)
|
||||
')
|
||||
|
||||
@ -79479,7 +79496,7 @@ index 5fb9683..0721079 100644
|
||||
|
||||
optional_policy(`
|
||||
ssh_dontaudit_read_server_keys(initrc_t)
|
||||
@@ -817,7 +1212,6 @@ optional_policy(`
|
||||
@@ -817,7 +1213,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79487,7 +79504,7 @@ index 5fb9683..0721079 100644
|
||||
udev_manage_pid_files(initrc_t)
|
||||
udev_manage_rules_files(initrc_t)
|
||||
')
|
||||
@@ -827,12 +1221,30 @@ optional_policy(`
|
||||
@@ -827,12 +1222,30 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79520,7 +79537,7 @@ index 5fb9683..0721079 100644
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
# system-config-services causes avc messages that should be dontaudited
|
||||
@@ -842,6 +1254,18 @@ optional_policy(`
|
||||
@@ -842,6 +1255,18 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
mono_domtrans(initrc_t)
|
||||
')
|
||||
@ -79539,7 +79556,7 @@ index 5fb9683..0721079 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -857,6 +1281,10 @@ optional_policy(`
|
||||
@@ -857,6 +1282,10 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -79550,7 +79567,7 @@ index 5fb9683..0721079 100644
|
||||
# Set device ownerships/modes.
|
||||
xserver_setattr_console_pipes(initrc_t)
|
||||
|
||||
@@ -867,3 +1295,165 @@ optional_policy(`
|
||||
@@ -867,3 +1296,165 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
zebra_read_config(initrc_t)
|
||||
')
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.11.0
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -491,6 +491,21 @@ SELinux Reference policy mls base module.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jul 3 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-8
|
||||
- initrc is calling exportfs which is not confined so it attempts to read nfsd_files
|
||||
- Fixes for passenger running within openshift.
|
||||
- Add labeling for all tomcat6 dirs
|
||||
- Add support for tomcat6
|
||||
- Allow cobblerd to read /etc/passwd
|
||||
- Allow jockey to read sysfs and and execute binaries with bin_t
|
||||
- Allow thum to use user terminals
|
||||
- Allow cgclear to read cgconfig config files
|
||||
- Fix bcf2g.fc
|
||||
- Remove sysnet_dns_name_resolve() from policies where auth_use_nsswitch() is used for other domains
|
||||
- Allow dbomatic to execute ruby
|
||||
- abrt_watch_log should be abrt_domain
|
||||
- Allow mozilla_plugin to connect to gatekeeper port
|
||||
|
||||
* Wed Jun 27 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-7
|
||||
- add ptrace_child access to process
|
||||
- remove files_read_etc_files() calling from all policies which have auth_use_nsswith()
|
||||
|
Loading…
Reference in New Issue
Block a user