* Mon Jul 23 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-12

- Add interface to dontaudit getattr access on sysctls - Allow sshd to execute /bin/login - Looks like xdm is recreating the xdm directory in ~/.cache/ on login - Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jou - Fix semanage to work with unconfined domain disabled on F18 - Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls - Virt seems to be using lock files - Dovecot seems to be searching directories of every mountpoint - Allow jockey to read random/urandom, execute shell and install third-part - Add aditional params to allow cachedfiles to manage its content - gpg agent needs to read /dev/random - The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd w - Add a bunch of dontaudit rules to quiet svirt_lxc domains - Additional perms needed to run svirt_lxc domains - Allow cgclear to read cgconfig - Allow sys_ptrace capability for snmp - Allow freshclam to read /proc - Allow procmail to manage /home/user/Maildir content - Allow NM to execute wpa_cli - Allow amavis to read clamd system state - Regenerate man page
2012-07-23 17:47:41 +02:00 · 2012-07-23 17:47:41 +02:00 · 9ba137b17b
commit 9ba137b17b
parent 355c11db63
4 changed files with 7937 additions and 4769 deletions
--- a/genman.py
+++ b/genman.py
@ -275,7 +275,7 @@ The following process types are defined for %(domainname)s:
        self.fd.write("""
 .PP
 Note: 
-.B semanage permississive -a PROCESS_TYPE 
+.B semanage permissive -a PROCESS_TYPE 
 can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
 """)
--- a/policy-rawhide.patch
+++ b/policy-rawhide.patch
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.11.0
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -491,6 +491,29 @@ SELinux Reference policy mls base module.
 %endif
 %changelog
 * Mon Jul 23 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-12
 - Add interface to dontaudit getattr access on sysctls
 - Allow sshd to execute /bin/login
 - Looks like xdm is recreating the xdm directory in ~/.cache/ on login
 - Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jounald
 -  Fix semanage to work with unconfined domain disabled on F18
 - Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls
 - Virt seems to be using lock files
 - Dovecot seems to be searching directories of every mountpoint
 - Allow jockey to read random/urandom, execute shell and install third-party drivers
 - Add aditional params to allow cachedfiles to manage its content
 - gpg agent needs to read /dev/random
 - The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd wants to read and write
 - Add a bunch of dontaudit rules to quiet svirt_lxc domains
 - Additional perms needed to run svirt_lxc domains
 - Allow cgclear to read cgconfig
 - Allow sys_ptrace capability for snmp
 - Allow freshclam to read /proc
 - Allow procmail to manage /home/user/Maildir content
 - Allow NM to execute wpa_cli
 - Allow amavis to read clamd system state
 - Regenerate man pages
 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.11.0-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild