+- Add realmd and stapserver policies
+- Allow useradd to manage stap-server lib files +- Tighten up capabilities for confined users +- Label /etc/security/opasswd as shadow_t +- Add label for /dev/ecryptfs +- Allow condor_startd_t to start sshd with the ranged +- Allow lpstat.cups to read fips_enabled file +- Allow pyzor running as spamc_t to create /root/.pyzor directory +- Add labelinf for amavisd-snmp init script +- Add support for amavisd-snmp +- Allow fprintd sigkill self +- Allow xend (w/o libvirt) to start virtual machines +- Allow aiccu to read /etc/passwd +- Allow condor_startd to Make specified domain MCS trusted for setting any category set fo +- Add condor_startd_ranged_domtrans_to() interface +- Add ssd_conf_t for /etc/sssd +- accountsd needs to fchown some files/directories +- Add ICACLient and zibrauserdata as mozilla_filetrans_home_content +- SELinux reports afs_t needs dac_override to read /etc/mtab, even though everything works +- Allow xend_t to read the /etc/passwd file Please enter the commit message for your changes. Lines starting with '#' will be ignored, and an empty message aborts the commit. On branch master Changes to be committed: (use "git reset HEAD <file>..." to unstage) modified: policy-rawhide.patch modified: policy_contrib-rawhide.patch modified: selinux-policy.spec
This commit is contained in:
parent
3bbc9bb5a8
commit
3da13de031
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.11.0
|
Version: 3.11.0
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -491,6 +491,28 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 16 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-10
|
||||||
|
- Add realmd and stapserver policies
|
||||||
|
- Allow useradd to manage stap-server lib files
|
||||||
|
- Tighten up capabilities for confined users
|
||||||
|
- Label /etc/security/opasswd as shadow_t
|
||||||
|
- Add label for /dev/ecryptfs
|
||||||
|
- Allow condor_startd_t to start sshd with the ranged
|
||||||
|
- Allow lpstat.cups to read fips_enabled file
|
||||||
|
- Allow pyzor running as spamc_t to create /root/.pyzor directory
|
||||||
|
- Add labelinf for amavisd-snmp init script
|
||||||
|
- Add support for amavisd-snmp
|
||||||
|
- Allow fprintd sigkill self
|
||||||
|
- Allow xend (w/o libvirt) to start virtual machines
|
||||||
|
- Allow aiccu to read /etc/passwd
|
||||||
|
- Allow condor_startd to Make specified domain MCS trusted for setting any category set for the processes it executes
|
||||||
|
- Add condor_startd_ranged_domtrans_to() interface
|
||||||
|
- Add ssd_conf_t for /etc/sssd
|
||||||
|
- accountsd needs to fchown some files/directories
|
||||||
|
- Add ICACLient and zibrauserdata as mozilla_filetrans_home_content
|
||||||
|
- SELinux reports afs_t needs dac_override to read /etc/mtab, even though everything works, adding dontaudit
|
||||||
|
- Allow xend_t to read the /etc/passwd file
|
||||||
|
|
||||||
* Wed Jul 11 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-9
|
* Wed Jul 11 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-9
|
||||||
- Until we figure out how to fix systemd issues, allow all apps that send syslog messages to send them to kernel_t
|
- Until we figure out how to fix systemd issues, allow all apps that send syslog messages to send them to kernel_t
|
||||||
- Add init_access_check() interface
|
- Add init_access_check() interface
|
||||||
|
Loading…
Reference in New Issue
Block a user