Add interface to dontaudit getattr access on sysctls

- Allow sshd to execute /bin/login
- Looks like xdm is recreating the xdm directory in ~/.cache/ on login
- Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jounald
-  Fix semanage to work with unconfined domain disabled on F18
- Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls
- Virt seems to be using lock files
- Dovecot seems to be searching directories of every mountpoint
- Allow jockey to read random/urandom, execute shell and install third-party drivers
- Add aditional params to allow cachedfiles to manage its content
- gpg agent needs to read /dev/random
- The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd wants to read and write
- Add a bunch of dontaudit rules to quiet svirt_lxc domains
- Additional perms needed to run svirt_lxc domains
- Allow cgclear to read cgconfig
- Allow sys_ptrace capability for snmp
- Allow freshclam to read /proc
- Allow procmail to manage /home/user/Maildir content
- Allow NM to execute wpa_cli
- Allow amavis to read clamd system state
- Regenerate man pages
This commit is contained in:
Dan Walsh 2012-07-24 15:56:40 -04:00
parent 9ba137b17b
commit 2676121267

View File

@ -15,7 +15,7 @@
%endif %endif
%define POLICYVER 27 %define POLICYVER 27
%define POLICYCOREUTILSVER 2.1.9-4 %define POLICYCOREUTILSVER 2.1.9-4
%define CHECKPOLICYVER 2.1.9-4 %define CHECKPOLICYVER 2.1.10-3
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.11.0 Version: 3.11.0