- Allow glusterd to interact with gluster tools running in a user domain
- rpm_transition_script() is called from rpm_run. Update cloud-init rules. - Call rpm_transition_script() from rpm_run() interface. - Allow radvd has setuid and it requires dac_override. BZ(1224403) - Add glusterd_manage_lib_files() interface. - Allow samba_t net_admin capability to make CIFS mount working. - S30samba-start gluster hooks wants to search audit logs. Dontaudit it. - Reflect logrotate change which moves /var/lib/logrotate.status to /var/lib/logrotate/logrotate.status. BZ(1228531) - ntop reads /var/lib/ntop/macPrefix.db and it needs dac_override. It has setuid/setgid. BZ(1058822) - Allow cloud-init to run rpm scriptlets to install packages. BZ(1227484) - Allow nagios to generate charts. - Allow glusterd to send generic signals to systemd_passwd_agent processes. - Allow glusterd to run init scripts. - Allow glusterd to execute /usr/sbin/xfs_dbin glusterd_t domain. - Calling cron_system_entry() in pcp_domain_template needs to be a part of optional_policy block. - Allow samba-net to access /var/lib/ctdbd dirs/files. - Allow glusterd to send a signal to smbd. - Make ctdbd as home manager to access also FUSE. - Allow glusterd to use geo-replication gluster tool. - Allow glusterd to execute ssh-keygen. - Allow glusterd to interact with cluster services. - Add rhcs_dbus_chat_cluster() - systemd-logind accesses /dev/shm. BZ(1230443) - Label gluster python hooks also as bin_t. - Allow sshd to execute gnome-keyring if there is configured pam_gnome_keyring.so. - Allow gnome-keyring executed by passwd to access /run/user/UID/keyring to change a password.
This commit is contained in:
parent
8f46225b71
commit
66628cef58
@ -2744,7 +2744,7 @@ index 99e3903..fa68362 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
|
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
|
||||||
index 1d732f1..0dbda7d 100644
|
index 1d732f1..6a6da75 100644
|
||||||
--- a/policy/modules/admin/usermanage.te
|
--- a/policy/modules/admin/usermanage.te
|
||||||
+++ b/policy/modules/admin/usermanage.te
|
+++ b/policy/modules/admin/usermanage.te
|
||||||
@@ -26,6 +26,7 @@ type chfn_exec_t;
|
@@ -26,6 +26,7 @@ type chfn_exec_t;
|
||||||
@ -2973,13 +2973,16 @@ index 1d732f1..0dbda7d 100644
|
|||||||
userdom_use_unpriv_users_fds(passwd_t)
|
userdom_use_unpriv_users_fds(passwd_t)
|
||||||
# make sure that getcon succeeds
|
# make sure that getcon succeeds
|
||||||
userdom_getattr_all_users(passwd_t)
|
userdom_getattr_all_users(passwd_t)
|
||||||
@@ -352,6 +383,15 @@ userdom_read_user_tmp_files(passwd_t)
|
@@ -352,6 +383,18 @@ userdom_read_user_tmp_files(passwd_t)
|
||||||
# user generally runs this from their home directory, so do not audit a search
|
# user generally runs this from their home directory, so do not audit a search
|
||||||
# on user home dir
|
# on user home dir
|
||||||
userdom_dontaudit_search_user_home_content(passwd_t)
|
userdom_dontaudit_search_user_home_content(passwd_t)
|
||||||
+userdom_stream_connect(passwd_t)
|
+userdom_stream_connect(passwd_t)
|
||||||
+userdom_rw_stream(passwd_t)
|
+userdom_rw_stream(passwd_t)
|
||||||
+
|
+
|
||||||
|
+# needed by gnome-keyring
|
||||||
|
+userdom_manage_user_tmp_files(passwd_t)
|
||||||
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ gnome_exec_keyringd(passwd_t)
|
+ gnome_exec_keyringd(passwd_t)
|
||||||
+ gnome_manage_cache_home_dir(passwd_t)
|
+ gnome_manage_cache_home_dir(passwd_t)
|
||||||
@ -2989,7 +2992,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
nscd_run(passwd_t, passwd_roles)
|
nscd_run(passwd_t, passwd_roles)
|
||||||
@@ -401,9 +441,10 @@ dev_read_urand(sysadm_passwd_t)
|
@@ -401,9 +444,10 @@ dev_read_urand(sysadm_passwd_t)
|
||||||
fs_getattr_xattr_fs(sysadm_passwd_t)
|
fs_getattr_xattr_fs(sysadm_passwd_t)
|
||||||
fs_search_auto_mountpoints(sysadm_passwd_t)
|
fs_search_auto_mountpoints(sysadm_passwd_t)
|
||||||
|
|
||||||
@ -3002,7 +3005,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
auth_manage_shadow(sysadm_passwd_t)
|
auth_manage_shadow(sysadm_passwd_t)
|
||||||
auth_relabel_shadow(sysadm_passwd_t)
|
auth_relabel_shadow(sysadm_passwd_t)
|
||||||
auth_etc_filetrans_shadow(sysadm_passwd_t)
|
auth_etc_filetrans_shadow(sysadm_passwd_t)
|
||||||
@@ -416,7 +457,6 @@ files_read_usr_files(sysadm_passwd_t)
|
@@ -416,7 +460,6 @@ files_read_usr_files(sysadm_passwd_t)
|
||||||
|
|
||||||
domain_use_interactive_fds(sysadm_passwd_t)
|
domain_use_interactive_fds(sysadm_passwd_t)
|
||||||
|
|
||||||
@ -3010,7 +3013,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
files_relabel_etc_files(sysadm_passwd_t)
|
files_relabel_etc_files(sysadm_passwd_t)
|
||||||
files_read_etc_runtime_files(sysadm_passwd_t)
|
files_read_etc_runtime_files(sysadm_passwd_t)
|
||||||
# for nscd lookups
|
# for nscd lookups
|
||||||
@@ -426,12 +466,9 @@ files_dontaudit_search_pids(sysadm_passwd_t)
|
@@ -426,12 +469,9 @@ files_dontaudit_search_pids(sysadm_passwd_t)
|
||||||
# correctly without it. Do not audit write denials to utmp.
|
# correctly without it. Do not audit write denials to utmp.
|
||||||
init_dontaudit_rw_utmp(sysadm_passwd_t)
|
init_dontaudit_rw_utmp(sysadm_passwd_t)
|
||||||
|
|
||||||
@ -3023,7 +3026,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
userdom_use_unpriv_users_fds(sysadm_passwd_t)
|
userdom_use_unpriv_users_fds(sysadm_passwd_t)
|
||||||
# user generally runs this from their home directory, so do not audit a search
|
# user generally runs this from their home directory, so do not audit a search
|
||||||
# on user home dir
|
# on user home dir
|
||||||
@@ -446,7 +483,8 @@ optional_policy(`
|
@@ -446,7 +486,8 @@ optional_policy(`
|
||||||
# Useradd local policy
|
# Useradd local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -3033,7 +3036,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
dontaudit useradd_t self:capability sys_tty_config;
|
dontaudit useradd_t self:capability sys_tty_config;
|
||||||
allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||||
allow useradd_t self:process setfscreate;
|
allow useradd_t self:process setfscreate;
|
||||||
@@ -461,6 +499,10 @@ allow useradd_t self:unix_stream_socket create_stream_socket_perms;
|
@@ -461,6 +502,10 @@ allow useradd_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow useradd_t self:unix_dgram_socket sendto;
|
allow useradd_t self:unix_dgram_socket sendto;
|
||||||
allow useradd_t self:unix_stream_socket connectto;
|
allow useradd_t self:unix_stream_socket connectto;
|
||||||
|
|
||||||
@ -3044,7 +3047,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
# for getting the number of groups
|
# for getting the number of groups
|
||||||
kernel_read_kernel_sysctls(useradd_t)
|
kernel_read_kernel_sysctls(useradd_t)
|
||||||
|
|
||||||
@@ -468,29 +510,28 @@ corecmd_exec_shell(useradd_t)
|
@@ -468,29 +513,28 @@ corecmd_exec_shell(useradd_t)
|
||||||
# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
|
# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
|
||||||
corecmd_exec_bin(useradd_t)
|
corecmd_exec_bin(useradd_t)
|
||||||
|
|
||||||
@ -3084,7 +3087,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
|
|
||||||
auth_run_chk_passwd(useradd_t, useradd_roles)
|
auth_run_chk_passwd(useradd_t, useradd_roles)
|
||||||
auth_rw_lastlog(useradd_t)
|
auth_rw_lastlog(useradd_t)
|
||||||
@@ -498,6 +539,7 @@ auth_rw_faillog(useradd_t)
|
@@ -498,6 +542,7 @@ auth_rw_faillog(useradd_t)
|
||||||
auth_use_nsswitch(useradd_t)
|
auth_use_nsswitch(useradd_t)
|
||||||
# these may be unnecessary due to the above
|
# these may be unnecessary due to the above
|
||||||
# domtrans_chk_passwd() call.
|
# domtrans_chk_passwd() call.
|
||||||
@ -3092,7 +3095,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
auth_manage_shadow(useradd_t)
|
auth_manage_shadow(useradd_t)
|
||||||
auth_relabel_shadow(useradd_t)
|
auth_relabel_shadow(useradd_t)
|
||||||
auth_etc_filetrans_shadow(useradd_t)
|
auth_etc_filetrans_shadow(useradd_t)
|
||||||
@@ -508,33 +550,32 @@ init_rw_utmp(useradd_t)
|
@@ -508,33 +553,32 @@ init_rw_utmp(useradd_t)
|
||||||
logging_send_audit_msgs(useradd_t)
|
logging_send_audit_msgs(useradd_t)
|
||||||
logging_send_syslog_msg(useradd_t)
|
logging_send_syslog_msg(useradd_t)
|
||||||
|
|
||||||
@ -3137,7 +3140,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_manage_all_user_content(useradd_t)
|
apache_manage_all_user_content(useradd_t)
|
||||||
')
|
')
|
||||||
@@ -549,10 +590,19 @@ optional_policy(`
|
@@ -549,10 +593,19 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -3157,7 +3160,7 @@ index 1d732f1..0dbda7d 100644
|
|||||||
tunable_policy(`samba_domain_controller',`
|
tunable_policy(`samba_domain_controller',`
|
||||||
samba_append_log(useradd_t)
|
samba_append_log(useradd_t)
|
||||||
')
|
')
|
||||||
@@ -562,3 +612,12 @@ optional_policy(`
|
@@ -562,3 +615,12 @@ optional_policy(`
|
||||||
rpm_use_fds(useradd_t)
|
rpm_use_fds(useradd_t)
|
||||||
rpm_rw_pipes(useradd_t)
|
rpm_rw_pipes(useradd_t)
|
||||||
')
|
')
|
||||||
@ -3343,7 +3346,7 @@ index 7590165..d81185e 100644
|
|||||||
+ fs_mounton_fusefs(seunshare_domain)
|
+ fs_mounton_fusefs(seunshare_domain)
|
||||||
')
|
')
|
||||||
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
||||||
index 33e0f8d..c5c1122 100644
|
index 33e0f8d..d41bb39 100644
|
||||||
--- a/policy/modules/kernel/corecommands.fc
|
--- a/policy/modules/kernel/corecommands.fc
|
||||||
+++ b/policy/modules/kernel/corecommands.fc
|
+++ b/policy/modules/kernel/corecommands.fc
|
||||||
@@ -1,9 +1,10 @@
|
@@ -1,9 +1,10 @@
|
||||||
@ -3683,7 +3686,7 @@ index 33e0f8d..c5c1122 100644
|
|||||||
/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -387,17 +469,33 @@ ifdef(`distro_suse', `
|
@@ -387,17 +469,34 @@ ifdef(`distro_suse', `
|
||||||
#
|
#
|
||||||
# /var
|
# /var
|
||||||
#
|
#
|
||||||
@ -3705,6 +3708,7 @@ index 33e0f8d..c5c1122 100644
|
|||||||
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
|
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
+/var/lib/glusterd/hooks/.*/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
+/var/lib/glusterd/hooks/.*/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
+/var/lib/glusterd/hooks/.*/.*\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
+
|
+
|
||||||
ifdef(`distro_suse',`
|
ifdef(`distro_suse',`
|
||||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -23857,7 +23861,7 @@ index fe0c682..3ad1b1f 100644
|
|||||||
+ ps_process_pattern($1, sshd_t)
|
+ ps_process_pattern($1, sshd_t)
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
|
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
|
||||||
index cc877c7..66bf790 100644
|
index cc877c7..b8e6e98 100644
|
||||||
--- a/policy/modules/services/ssh.te
|
--- a/policy/modules/services/ssh.te
|
||||||
+++ b/policy/modules/services/ssh.te
|
+++ b/policy/modules/services/ssh.te
|
||||||
@@ -6,43 +6,69 @@ policy_module(ssh, 2.4.2)
|
@@ -6,43 +6,69 @@ policy_module(ssh, 2.4.2)
|
||||||
@ -24193,7 +24197,7 @@ index cc877c7..66bf790 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -266,6 +327,15 @@ optional_policy(`
|
@@ -266,6 +327,19 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -24205,11 +24209,15 @@ index cc877c7..66bf790 100644
|
|||||||
+ gitosis_manage_lib_files(sshd_t)
|
+ gitosis_manage_lib_files(sshd_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ gnome_exec_keyringd(sshd_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
inetd_tcp_service_domain(sshd_t, sshd_exec_t)
|
inetd_tcp_service_domain(sshd_t, sshd_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -275,10 +345,26 @@ optional_policy(`
|
@@ -275,10 +349,26 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -24236,7 +24244,7 @@ index cc877c7..66bf790 100644
|
|||||||
rpm_use_script_fds(sshd_t)
|
rpm_use_script_fds(sshd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -289,13 +375,93 @@ optional_policy(`
|
@@ -289,13 +379,93 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -24330,7 +24338,7 @@ index cc877c7..66bf790 100644
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# ssh_keygen local policy
|
# ssh_keygen local policy
|
||||||
@@ -304,19 +470,33 @@ optional_policy(`
|
@@ -304,19 +474,33 @@ optional_policy(`
|
||||||
# ssh_keygen_t is the type of the ssh-keygen program when run at install time
|
# ssh_keygen_t is the type of the ssh-keygen program when run at install time
|
||||||
# and by sysadm_t
|
# and by sysadm_t
|
||||||
|
|
||||||
@ -24365,7 +24373,7 @@ index cc877c7..66bf790 100644
|
|||||||
dev_read_urand(ssh_keygen_t)
|
dev_read_urand(ssh_keygen_t)
|
||||||
|
|
||||||
term_dontaudit_use_console(ssh_keygen_t)
|
term_dontaudit_use_console(ssh_keygen_t)
|
||||||
@@ -332,7 +512,9 @@ auth_use_nsswitch(ssh_keygen_t)
|
@@ -332,7 +516,9 @@ auth_use_nsswitch(ssh_keygen_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(ssh_keygen_t)
|
logging_send_syslog_msg(ssh_keygen_t)
|
||||||
|
|
||||||
@ -24375,7 +24383,7 @@ index cc877c7..66bf790 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(ssh_keygen_t)
|
seutil_sigchld_newrole(ssh_keygen_t)
|
||||||
@@ -341,3 +523,148 @@ optional_policy(`
|
@@ -341,3 +527,148 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
udev_read_db(ssh_keygen_t)
|
udev_read_db(ssh_keygen_t)
|
||||||
')
|
')
|
||||||
@ -42591,10 +42599,10 @@ index 0000000..d2a8fc7
|
|||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
|
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..3c4ffa35
|
index 0000000..0401ad8
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policy/modules/system/systemd.te
|
+++ b/policy/modules/system/systemd.te
|
||||||
@@ -0,0 +1,720 @@
|
@@ -0,0 +1,721 @@
|
||||||
+policy_module(systemd, 1.0.0)
|
+policy_module(systemd, 1.0.0)
|
||||||
+
|
+
|
||||||
+#######################################
|
+#######################################
|
||||||
@ -42768,6 +42776,7 @@ index 0000000..3c4ffa35
|
|||||||
+init_halt(systemd_logind_t)
|
+init_halt(systemd_logind_t)
|
||||||
+init_undefined(systemd_logind_t)
|
+init_undefined(systemd_logind_t)
|
||||||
+init_signal_script(systemd_logind_t)
|
+init_signal_script(systemd_logind_t)
|
||||||
|
+init_getattr_script_status_files(systemd_logind_t)
|
||||||
+
|
+
|
||||||
+getty_systemctl(systemd_logind_t)
|
+getty_systemctl(systemd_logind_t)
|
||||||
+
|
+
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 129%{?dist}
|
Release: 130%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -602,6 +602,34 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 18 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-130
|
||||||
|
- Allow glusterd to interact with gluster tools running in a user domain
|
||||||
|
- rpm_transition_script() is called from rpm_run. Update cloud-init rules.
|
||||||
|
- Call rpm_transition_script() from rpm_run() interface.
|
||||||
|
- Allow radvd has setuid and it requires dac_override. BZ(1224403)
|
||||||
|
- Add glusterd_manage_lib_files() interface.
|
||||||
|
- Allow samba_t net_admin capability to make CIFS mount working.
|
||||||
|
- S30samba-start gluster hooks wants to search audit logs. Dontaudit it.
|
||||||
|
- Reflect logrotate change which moves /var/lib/logrotate.status to /var/lib/logrotate/logrotate.status. BZ(1228531)
|
||||||
|
- ntop reads /var/lib/ntop/macPrefix.db and it needs dac_override. It has setuid/setgid. BZ(1058822)
|
||||||
|
- Allow cloud-init to run rpm scriptlets to install packages. BZ(1227484)
|
||||||
|
- Allow nagios to generate charts.
|
||||||
|
- Allow glusterd to send generic signals to systemd_passwd_agent processes.
|
||||||
|
- Allow glusterd to run init scripts.
|
||||||
|
- Allow glusterd to execute /usr/sbin/xfs_dbin glusterd_t domain.
|
||||||
|
- Calling cron_system_entry() in pcp_domain_template needs to be a part of optional_policy block.
|
||||||
|
- Allow samba-net to access /var/lib/ctdbd dirs/files.
|
||||||
|
- Allow glusterd to send a signal to smbd.
|
||||||
|
- Make ctdbd as home manager to access also FUSE.
|
||||||
|
- Allow glusterd to use geo-replication gluster tool.
|
||||||
|
- Allow glusterd to execute ssh-keygen.
|
||||||
|
- Allow glusterd to interact with cluster services.
|
||||||
|
- Add rhcs_dbus_chat_cluster()
|
||||||
|
- systemd-logind accesses /dev/shm. BZ(1230443)
|
||||||
|
- Label gluster python hooks also as bin_t.
|
||||||
|
- Allow sshd to execute gnome-keyring if there is configured pam_gnome_keyring.so.
|
||||||
|
- Allow gnome-keyring executed by passwd to access /run/user/UID/keyring to change a password.
|
||||||
|
|
||||||
* Tue Jun 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-129
|
* Tue Jun 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-129
|
||||||
- We need to restore contexts on /etc/passwd*,/etc/group*,/etc/*shadow* during install phase to get proper labeling for these files until selinux-policy pkgs are installed. BZ(1228489)
|
- We need to restore contexts on /etc/passwd*,/etc/group*,/etc/*shadow* during install phase to get proper labeling for these files until selinux-policy pkgs are installed. BZ(1228489)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user