See spec file

This commit is contained in:
Miroslav Grepl 2014-01-17 16:40:25 +01:00
parent f264f9cf08
commit 368fb803a8
4 changed files with 1357 additions and 456 deletions

View File

@ -2457,3 +2457,17 @@ ipa = module
# mirrormanager policy # mirrormanager policy
# #
mirrormanager = module mirrormanager = module
# Layer: contrib
# Module: snapper
#
# snapper policy
#
snapper = module
# Layer: contrib
# Module: pcp
#
# pcp policy
#
pcp = module

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.13.1 Version: 3.13.1
Release: 13%{?dist} Release: 14%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -576,6 +576,61 @@ SELinux Reference policy mls base module.
%endif %endif
%changelog %changelog
* Fri Jan 17 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-14
- Make rpm_transition_script accept a role
- Clean up pcp.te
- Added new policy for pcp
- Allow bumbleed to connect to xserver port
- Added support for named-sdb in bind policy
- Allow NetworkManager to signal and sigkill init scripts
- Allow pegasus_openlmi_storage_t to read hwdata
- Fix rhcs_rw_cluster_tmpfs()
- Allow fenced_t to bind on zented udp port
- Fix mirrormanager_read_lib_files()
- Allow mirromanager scripts running as httpd_t to manage mirrormanager pid files
- Dontaudit read/write to init stream socket for lsmd_plugin_t
- Allow automount to read nfs link files
- Allow lsm plugins to read/write lsmd stream socket
- Allow svirt_lxc domains to umount dockersocket filesytem
- Allow gnome keyring domains to create gnome config dirs
- Allow rpm scritplets to create /run/gather with correct labeling
- Add sblim_filetrans_named_content() interface
- Allow ctdb to create sock files in /var/run/ctdb
- Add also labeling for /var/run/ctdb
- Add missing labeling for /var/lib/ctdb
- ALlow tuned to manage syslog.conf. Should be fixed in tuned. #1030446
- Dontaudit hypervkvp to search homedirs
- Dontaudit hypervkvp to search admin homedirs
- Allow hypervkvp to execute bin_t and ifconfig in the caller domain
- Dontaudit xguest_t to read ABRT conf files
- Add abrt_dontaudit_read_config()
- Allow namespace-init to getattr on fs
- Add thumb_role() also for xguest
- Add filename transitions to create .spamassassin with correct labeling
- Allow apache domain to read mirrormanager pid files
- Allow domains to read/write shm and sem owned by mozilla_plugin_t
- Allow alsactl to send a generic signal to kernel_t
- Allow plymouthd to read run/udev/queue.bin
- Allow sys_chroot for NM required by iodine service
- Change glusterd to allow mounton all non security
- Labeled ~/.nv/GLCache as being gstreamer output
- Restrict the ability to set usermodehelpers and proc security settings.
- Limit the ability to write to the files that configure kernel i
- usermodehelpers and security-sensitive proc settings to the init domain. i
- Permissive domains can also continue to set these values.
- The current list is not exhaustive, just an initial set.
- Not all of these files will exist on all kernels/devices.
- Controlling access to certain kernel usermodehelpers, e.g. cgroup
- release_agent, will require kernel changes to support and cannot be
- addressed here.
- Ideas come from Stephen Smalley and seandroid
- Make rpm_transition_script accept a role
- Make rpm_transition_script accept a role
- Allow NetworkManager to signal and sigkill init scripts
- Allow init_t to work on transitient and snapshot unit files
- Add logging_manage_syslog_config()
- Update sysnet_dns_name_resolve() to allow connect to dnssec port
* Mon Jan 13 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-13 * Mon Jan 13 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-13
- Remove file_t from the system and realias it with unlabeled_t - Remove file_t from the system and realias it with unlabeled_t