Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy

This commit is contained in:
Dan Walsh 2011-09-15 08:58:51 -04:00
commit a59df1059d
2 changed files with 871 additions and 326 deletions

File diff suppressed because it is too large Load Diff

View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.10.0 Version: 3.10.0
Release: 26%{?dist} Release: 28%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -466,6 +466,26 @@ SELinux Reference policy mls base module.
%endif %endif
%changelog %changelog
* Tue Sep 13 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-28
- Allow systemd-tmpfiles to set the correct labels on /var/run, /tmp and other files
- We want any file type that is created in /tmp by a process running as initrc_t to be labeled initrc_tmp_t
* Tue Sep 13 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-27
- Allow collectd to read hardware state information
- Add loop_control_device_t
- Allow mdadm to request kernel to load module
- Allow domains that start other domains via systemctl to search unit dir
- systemd_tmpfiles, needs to list any file systems mounted on /tmp
- No one can explain why radius is listing the contents of /tmp, so we will dontaudit
- If I can manage etc_runtime files, I should be able to read the links
- Dontaudit hostname writing to mock library chr_files
- Have gdm_t setup labeling correctly in users home dir
- Label content unde /var/run/user/NAME/dconf as config_home_t
- Allow sa-update to execute shell
- Make ssh-keygen working with fips_enabled
- Make mock work for staff_t user
- Tighten security on mock_t
* Fri Sep 9 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-26 * Fri Sep 9 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-26
- removing unconfined_notrans_t no longer necessary - removing unconfined_notrans_t no longer necessary
- Clean up handling of secure_mode_insmod and secure_mode_policyload - Clean up handling of secure_mode_insmod and secure_mode_policyload