Add interface to dontaudit getattr access on sysctls
- Allow sshd to execute /bin/login - Looks like xdm is recreating the xdm directory in ~/.cache/ on login - Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jounald - Fix semanage to work with unconfined domain disabled on F18 - Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls - Virt seems to be using lock files - Dovecot seems to be searching directories of every mountpoint - Allow jockey to read random/urandom, execute shell and install third-party drivers - Add aditional params to allow cachedfiles to manage its content - gpg agent needs to read /dev/random - The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd wants to read and write - Add a bunch of dontaudit rules to quiet svirt_lxc domains - Additional perms needed to run svirt_lxc domains - Allow cgclear to read cgconfig - Allow sys_ptrace capability for snmp - Allow freshclam to read /proc - Allow procmail to manage /home/user/Maildir content - Allow NM to execute wpa_cli - Allow amavis to read clamd system state - Regenerate man pages
This commit is contained in:
Dan Walsh
parent
9ba137b17b
commit
2676121267
|
|
@ -15,7 +15,7 @@
|
|||
%endif
|
||||
%define POLICYVER 27
|
||||
%define POLICYCOREUTILSVER 2.1.9-4
|
||||
%define CHECKPOLICYVER 2.1.9-4
|
||||
%define CHECKPOLICYVER 2.1.10-3
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.11.0
|
||||
|
|
|
|||
Loading…
Reference in New Issue