Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy

2012-06-20 14:33:29 -04:00 · 2012-06-20 14:33:29 -04:00 · a3e9dc0c92
parent 7f9b7d5c03 c74d194317
commit a3e9dc0c92
4 changed files with 1653 additions and 697 deletions
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@ -2542,3 +2542,10 @@ svnserve =  module
 #  policy for man2html apps
 # 
 man2html =  module
+
+# Layer: contrib
+# Module: glusterd
+#  
+#  policy for glusterd service
+#
+glusterd =  module
--- a/policy-rawhide.patch
+++ b/policy-rawhide.patch
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.11.0
-Release: 2%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -491,6 +491,57 @@ SELinux Reference policy mls base module.
 %endif

 %changelog
+* Tue Jun 19 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-5
+- apcupsd needs to read /etc/passwd
+- Sanlock allso sends sigkill
+- Allow glance_registry to connect to the mysqld port
+- Dontaudit mozilla_plugin trying to getattr on /dev/gpmctl
+- Allow firefox plugins/flash to connect to port 1234
+- Allow mozilla plugins to delete user_tmp_t files
+- Add transition name rule for printers.conf.O
+- Allow virt_lxc_t to read urand
+- Allow systemd_loigind to list gstreamer_home_dirs
+- Fix labeling for /usr/bin
+- Fixes for cloudform services
+  * support FIPS
+- Allow polipo to work as web caching
+- Allow chfn to execute tmux
+
+* Fri Jun 15 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-4
+- Add support for ecryptfs
+  * ecryptfs does not support xattr
+  * we need labeling for HOMEDIR
+- Add policy for (u)mount.ecryptfs*
+- Fix labeling of kerbero host cache files, allow rpc.svcgssd to manage host cache
+- Allow dovecot to manage Maildir content, fix transitions to Maildir
+- Allow postfix_local to transition to dovecot_deliver
+- Dontaudit attempts to setattr on xdm_tmp_t, looks like bogus code
+- Cleanup interface definitions
+- Allow apmd to change with the logind daemon
+- Changes required for sanlock in rhel6
+- Label /run/user/apache as httpd_tmp_t
+- Allow thumb to use lib_t as execmod if boolean turned on
+- Allow squid to create the squid directory in /var with the correct labe
+- Add a new policy for glusterd from Bryan Bickford (bbickfor@redhat.com)
+- Allow virtd to exec xend_exec_t without transition
+- Allow virtd_lxc_t to unmount all file systems
+
+* Tue Jun 12 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-3
+- PolicyKit path has changed
+- Allow httpd connect to dirsrv socket
+- Allow tuned to write generic kernel sysctls
+- Dontaudit logwatch to gettr on /dev/dm-2
+- Allow policykit-auth to manage kerberos files
+- Make condor_startd and rgmanager as initrc domain
+- Allow virsh to read /etc/passwd
+- Allow mount to mount on user_tmp_t for /run/user/dwalsh/gvfs
+- xdm now needs to execute xsession_exec_t
+- Need labels for /var/lib/gdm
+- Fix files_filetrans_named_content() interface
+- Add new attribute - initrc_domain
+- Allow systemd_logind_t to signal, signull, sigkill all processes
+- Add filetrans rules for etc_runtime files
+
 * Sat Jun 9 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-2
 - Rename boolean names to remove allow_