From 26761212674615c14295fdd52991dfe1e95e4c9a Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 24 Jul 2012 15:56:40 -0400 Subject: [PATCH] Add interface to dontaudit getattr access on sysctls - Allow sshd to execute /bin/login - Looks like xdm is recreating the xdm directory in ~/.cache/ on login - Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jounald - Fix semanage to work with unconfined domain disabled on F18 - Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls - Virt seems to be using lock files - Dovecot seems to be searching directories of every mountpoint - Allow jockey to read random/urandom, execute shell and install third-party drivers - Add aditional params to allow cachedfiles to manage its content - gpg agent needs to read /dev/random - The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd wants to read and write - Add a bunch of dontaudit rules to quiet svirt_lxc domains - Additional perms needed to run svirt_lxc domains - Allow cgclear to read cgconfig - Allow sys_ptrace capability for snmp - Allow freshclam to read /proc - Allow procmail to manage /home/user/Maildir content - Allow NM to execute wpa_cli - Allow amavis to read clamd system state - Regenerate man pages --- selinux-policy.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 3fea886e..69aa8632 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -15,7 +15,7 @@ %endif %define POLICYVER 27 %define POLICYCOREUTILSVER 2.1.9-4 -%define CHECKPOLICYVER 2.1.9-4 +%define CHECKPOLICYVER 2.1.10-3 Summary: SELinux policy configuration Name: selinux-policy Version: 3.11.0