See spec file
This commit is contained in:
parent
f264f9cf08
commit
368fb803a8
@ -2457,3 +2457,17 @@ ipa = module
|
|||||||
# mirrormanager policy
|
# mirrormanager policy
|
||||||
#
|
#
|
||||||
mirrormanager = module
|
mirrormanager = module
|
||||||
|
|
||||||
|
# Layer: contrib
|
||||||
|
# Module: snapper
|
||||||
|
#
|
||||||
|
# snapper policy
|
||||||
|
#
|
||||||
|
snapper = module
|
||||||
|
|
||||||
|
# Layer: contrib
|
||||||
|
# Module: pcp
|
||||||
|
#
|
||||||
|
# pcp policy
|
||||||
|
#
|
||||||
|
pcp = module
|
||||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -576,6 +576,61 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 17 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-14
|
||||||
|
- Make rpm_transition_script accept a role
|
||||||
|
- Clean up pcp.te
|
||||||
|
- Added new policy for pcp
|
||||||
|
- Allow bumbleed to connect to xserver port
|
||||||
|
- Added support for named-sdb in bind policy
|
||||||
|
- Allow NetworkManager to signal and sigkill init scripts
|
||||||
|
- Allow pegasus_openlmi_storage_t to read hwdata
|
||||||
|
- Fix rhcs_rw_cluster_tmpfs()
|
||||||
|
- Allow fenced_t to bind on zented udp port
|
||||||
|
- Fix mirrormanager_read_lib_files()
|
||||||
|
- Allow mirromanager scripts running as httpd_t to manage mirrormanager pid files
|
||||||
|
- Dontaudit read/write to init stream socket for lsmd_plugin_t
|
||||||
|
- Allow automount to read nfs link files
|
||||||
|
- Allow lsm plugins to read/write lsmd stream socket
|
||||||
|
- Allow svirt_lxc domains to umount dockersocket filesytem
|
||||||
|
- Allow gnome keyring domains to create gnome config dirs
|
||||||
|
- Allow rpm scritplets to create /run/gather with correct labeling
|
||||||
|
- Add sblim_filetrans_named_content() interface
|
||||||
|
- Allow ctdb to create sock files in /var/run/ctdb
|
||||||
|
- Add also labeling for /var/run/ctdb
|
||||||
|
- Add missing labeling for /var/lib/ctdb
|
||||||
|
- ALlow tuned to manage syslog.conf. Should be fixed in tuned. #1030446
|
||||||
|
- Dontaudit hypervkvp to search homedirs
|
||||||
|
- Dontaudit hypervkvp to search admin homedirs
|
||||||
|
- Allow hypervkvp to execute bin_t and ifconfig in the caller domain
|
||||||
|
- Dontaudit xguest_t to read ABRT conf files
|
||||||
|
- Add abrt_dontaudit_read_config()
|
||||||
|
- Allow namespace-init to getattr on fs
|
||||||
|
- Add thumb_role() also for xguest
|
||||||
|
- Add filename transitions to create .spamassassin with correct labeling
|
||||||
|
- Allow apache domain to read mirrormanager pid files
|
||||||
|
- Allow domains to read/write shm and sem owned by mozilla_plugin_t
|
||||||
|
- Allow alsactl to send a generic signal to kernel_t
|
||||||
|
- Allow plymouthd to read run/udev/queue.bin
|
||||||
|
- Allow sys_chroot for NM required by iodine service
|
||||||
|
- Change glusterd to allow mounton all non security
|
||||||
|
- Labeled ~/.nv/GLCache as being gstreamer output
|
||||||
|
- Restrict the ability to set usermodehelpers and proc security settings.
|
||||||
|
- Limit the ability to write to the files that configure kernel i
|
||||||
|
- usermodehelpers and security-sensitive proc settings to the init domain. i
|
||||||
|
- Permissive domains can also continue to set these values.
|
||||||
|
- The current list is not exhaustive, just an initial set.
|
||||||
|
- Not all of these files will exist on all kernels/devices.
|
||||||
|
- Controlling access to certain kernel usermodehelpers, e.g. cgroup
|
||||||
|
- release_agent, will require kernel changes to support and cannot be
|
||||||
|
- addressed here.
|
||||||
|
- Ideas come from Stephen Smalley and seandroid
|
||||||
|
- Make rpm_transition_script accept a role
|
||||||
|
- Make rpm_transition_script accept a role
|
||||||
|
- Allow NetworkManager to signal and sigkill init scripts
|
||||||
|
- Allow init_t to work on transitient and snapshot unit files
|
||||||
|
- Add logging_manage_syslog_config()
|
||||||
|
- Update sysnet_dns_name_resolve() to allow connect to dnssec port
|
||||||
|
|
||||||
* Mon Jan 13 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-13
|
* Mon Jan 13 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-13
|
||||||
- Remove file_t from the system and realias it with unlabeled_t
|
- Remove file_t from the system and realias it with unlabeled_t
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user