* Fri Apr 01 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-181

- Label /usr/libexec/rpm-ostreed as rpm_exec_t. BZ(1309075)
- /bin/mailx is labeled sendmail_exec_t, and enters the sendmail_t domain on execution.  If /usr/sbin/sendmail does not have its own domain to transition to, and is not one of several products whose behavior is allowed by the sendmail_t policy, execution will fail. In this case we need to label /bin/mailx as bin_t. BZ(1323224)
- Label all run tgtd files, not just socket files.
- Allow prosody to stream connect to sasl. This will allow using cyrus authentication in prosody.
- Allow prosody to listen on port 5000 for mod_proxy65. BZ(1322815)
- Allow targetd to read/write to /dev/mapper/control device. BZ(1241415)
- Label /etc/selinux/(minimum|mls|targeted)/active/ as semanage_store_t.
- Allow systemd_resolved to read systemd_networkd run files. BZ(1322921)
- New cgroup2 file system in Rawhide
This commit is contained in:
Lukas Vrabec 2016-04-01 18:15:00 +02:00
parent fac3fc97fa
commit c1300100ed
4 changed files with 54 additions and 31 deletions

Binary file not shown.

View File

@ -20639,7 +20639,7 @@ index 8416beb..99002ca 100644
+ read_files_pattern($1, efivarfs_t, efivarfs_t) + read_files_pattern($1, efivarfs_t, efivarfs_t)
+') +')
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index e7d1738..b00be59 100644 index e7d1738..7e37941 100644
--- a/policy/modules/kernel/filesystem.te --- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te
@@ -26,14 +26,19 @@ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0); @@ -26,14 +26,19 @@ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
@ -20670,7 +20670,7 @@ index e7d1738..b00be59 100644
type bdev_t; type bdev_t;
fs_type(bdev_t) fs_type(bdev_t)
@@ -63,12 +69,18 @@ fs_type(binfmt_misc_fs_t) @@ -63,16 +69,23 @@ fs_type(binfmt_misc_fs_t)
files_mountpoint(binfmt_misc_fs_t) files_mountpoint(binfmt_misc_fs_t)
genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0) genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
@ -20690,7 +20690,12 @@ index e7d1738..b00be59 100644
fs_type(cgroup_t) fs_type(cgroup_t)
files_mountpoint(cgroup_t) files_mountpoint(cgroup_t)
dev_associate_sysfs(cgroup_t) dev_associate_sysfs(cgroup_t)
@@ -88,6 +100,11 @@ fs_noxattr_type(ecryptfs_t) genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
+genfscon cgroup2 / gen_context(system_u:object_r:cgroup_t,s0)
type configfs_t;
fs_type(configfs_t)
@@ -88,6 +101,11 @@ fs_noxattr_type(ecryptfs_t)
files_mountpoint(ecryptfs_t) files_mountpoint(ecryptfs_t)
genfscon ecryptfs / gen_context(system_u:object_r:ecryptfs_t,s0) genfscon ecryptfs / gen_context(system_u:object_r:ecryptfs_t,s0)
@ -20702,7 +20707,7 @@ index e7d1738..b00be59 100644
type futexfs_t; type futexfs_t;
fs_type(futexfs_t) fs_type(futexfs_t)
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0) genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
@@ -96,6 +113,7 @@ type hugetlbfs_t; @@ -96,6 +114,7 @@ type hugetlbfs_t;
fs_type(hugetlbfs_t) fs_type(hugetlbfs_t)
files_mountpoint(hugetlbfs_t) files_mountpoint(hugetlbfs_t)
fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0); fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
@ -20710,7 +20715,7 @@ index e7d1738..b00be59 100644
type ibmasmfs_t; type ibmasmfs_t;
fs_type(ibmasmfs_t) fs_type(ibmasmfs_t)
@@ -111,6 +129,12 @@ type inotifyfs_t; @@ -111,6 +130,12 @@ type inotifyfs_t;
fs_type(inotifyfs_t) fs_type(inotifyfs_t)
genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0) genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
@ -20723,7 +20728,7 @@ index e7d1738..b00be59 100644
type mvfs_t; type mvfs_t;
fs_noxattr_type(mvfs_t) fs_noxattr_type(mvfs_t)
allow mvfs_t self:filesystem associate; allow mvfs_t self:filesystem associate;
@@ -118,13 +142,18 @@ genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0) @@ -118,13 +143,18 @@ genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
type nfsd_fs_t; type nfsd_fs_t;
fs_type(nfsd_fs_t) fs_type(nfsd_fs_t)
@ -20743,7 +20748,7 @@ index e7d1738..b00be59 100644
fs_type(pstore_t) fs_type(pstore_t)
files_mountpoint(pstore_t) files_mountpoint(pstore_t)
dev_associate_sysfs(pstore_t) dev_associate_sysfs(pstore_t)
@@ -150,17 +179,16 @@ fs_type(spufs_t) @@ -150,17 +180,16 @@ fs_type(spufs_t)
genfscon spufs / gen_context(system_u:object_r:spufs_t,s0) genfscon spufs / gen_context(system_u:object_r:spufs_t,s0)
files_mountpoint(spufs_t) files_mountpoint(spufs_t)
@ -20765,7 +20770,7 @@ index e7d1738..b00be59 100644
type vmblock_t; type vmblock_t;
fs_noxattr_type(vmblock_t) fs_noxattr_type(vmblock_t)
files_mountpoint(vmblock_t) files_mountpoint(vmblock_t)
@@ -172,6 +200,8 @@ type vxfs_t; @@ -172,6 +201,8 @@ type vxfs_t;
fs_noxattr_type(vxfs_t) fs_noxattr_type(vxfs_t)
files_mountpoint(vxfs_t) files_mountpoint(vxfs_t)
genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0) genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
@ -20774,7 +20779,7 @@ index e7d1738..b00be59 100644
# #
# tmpfs_t is the type for tmpfs filesystems # tmpfs_t is the type for tmpfs filesystems
@@ -182,6 +212,8 @@ fs_type(tmpfs_t) @@ -182,6 +213,8 @@ fs_type(tmpfs_t)
files_type(tmpfs_t) files_type(tmpfs_t)
files_mountpoint(tmpfs_t) files_mountpoint(tmpfs_t)
files_poly_parent(tmpfs_t) files_poly_parent(tmpfs_t)
@ -20783,7 +20788,7 @@ index e7d1738..b00be59 100644
# Use a transition SID based on the allocating task SID and the # Use a transition SID based on the allocating task SID and the
# filesystem SID to label inodes in the following filesystem types, # filesystem SID to label inodes in the following filesystem types,
@@ -261,6 +293,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0) @@ -261,6 +294,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
type removable_t; type removable_t;
allow removable_t noxattrfs:filesystem associate; allow removable_t noxattrfs:filesystem associate;
fs_noxattr_type(removable_t) fs_noxattr_type(removable_t)
@ -20792,7 +20797,7 @@ index e7d1738..b00be59 100644
files_mountpoint(removable_t) files_mountpoint(removable_t)
# #
@@ -280,6 +314,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0) @@ -280,6 +315,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0) genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon panfs / gen_context(system_u:object_r:nfs_t,s0) genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0) genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
@ -20800,7 +20805,7 @@ index e7d1738..b00be59 100644
######################################## ########################################
# #
@@ -301,9 +336,10 @@ fs_associate_noxattr(noxattrfs) @@ -301,9 +337,10 @@ fs_associate_noxattr(noxattrfs)
# Unconfined access to this module # Unconfined access to this module
# #
@ -43490,10 +43495,10 @@ index cbbda4a..d7c67bc 100644
+userdom_use_inherited_user_terminals(netlabel_mgmt_t) +userdom_use_inherited_user_terminals(netlabel_mgmt_t)
+ +
diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc
index d43f3b1..04743dc 100644 index d43f3b1..c5053db 100644
--- a/policy/modules/system/selinuxutil.fc --- a/policy/modules/system/selinuxutil.fc
+++ b/policy/modules/system/selinuxutil.fc +++ b/policy/modules/system/selinuxutil.fc
@@ -6,13 +6,14 @@ @@ -6,13 +6,15 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0) /etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0) /etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0) /etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
@ -43504,6 +43509,7 @@ index d43f3b1..04743dc 100644
-/etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,mls_systemhigh) -/etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,mls_systemhigh)
+/etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,s0) +/etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/selinux/(minimum|mls|targeted)/active(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
/etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK -- gen_context(system_u:object_r:semanage_read_lock_t,s0) /etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK -- gen_context(system_u:object_r:semanage_read_lock_t,s0)
/etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK -- gen_context(system_u:object_r:semanage_trans_lock_t,s0) /etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK -- gen_context(system_u:object_r:semanage_trans_lock_t,s0)
-/etc/selinux/([^/]*/)?users(/.*)? -- gen_context(system_u:object_r:selinux_config_t,mls_systemhigh) -/etc/selinux/([^/]*/)?users(/.*)? -- gen_context(system_u:object_r:selinux_config_t,mls_systemhigh)
@ -43511,7 +43517,7 @@ index d43f3b1..04743dc 100644
# #
# /root # /root
@@ -35,19 +36,30 @@ @@ -35,19 +37,30 @@
/usr/lib/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0) /usr/lib/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0)
/usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) /usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0)
@ -48017,10 +48023,10 @@ index 0000000..3380372
+') +')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644 new file mode 100644
index 0000000..45fcf4c index 0000000..d8fdd7b
--- /dev/null --- /dev/null
+++ b/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te
@@ -0,0 +1,919 @@ @@ -0,0 +1,920 @@
+policy_module(systemd, 1.0.0) +policy_module(systemd, 1.0.0)
+ +
+####################################### +#######################################
@ -48889,6 +48895,7 @@ index 0000000..45fcf4c
+init_pid_filetrans(systemd_resolved_t, systemd_resolved_var_run_t, dir) +init_pid_filetrans(systemd_resolved_t, systemd_resolved_var_run_t, dir)
+ +
+list_dirs_pattern(systemd_resolved_t, systemd_networkd_var_run_t, systemd_networkd_var_run_t) +list_dirs_pattern(systemd_resolved_t, systemd_networkd_var_run_t, systemd_networkd_var_run_t)
+read_files_pattern(systemd_resolved_t, systemd_networkd_var_run_t, systemd_networkd_var_run_t)
+ +
+kernel_dgram_send(systemd_resolved_t) +kernel_dgram_send(systemd_resolved_t)
+ +

View File

@ -2540,10 +2540,10 @@ index 16d0d66..60abfd0 100644
optional_policy(` optional_policy(`
nscd_dontaudit_search_pid(amtu_t) nscd_dontaudit_search_pid(amtu_t)
diff --git a/anaconda.fc b/anaconda.fc diff --git a/anaconda.fc b/anaconda.fc
index b098089..37d428c 100644 index b098089..fe35beb 100644
--- a/anaconda.fc --- a/anaconda.fc
+++ b/anaconda.fc +++ b/anaconda.fc
@@ -1 +1,12 @@ @@ -1 +1,13 @@
# No file context specifications. # No file context specifications.
+ +
+/usr/libexec/anaconda/anaconda-yum -- gen_context(system_u:object_r:install_exec_t,s0) +/usr/libexec/anaconda/anaconda-yum -- gen_context(system_u:object_r:install_exec_t,s0)
@ -2552,6 +2552,7 @@ index b098089..37d428c 100644
+/usr/bin/initial-setup -- gen_context(system_u:object_r:install_exec_t,s0) +/usr/bin/initial-setup -- gen_context(system_u:object_r:install_exec_t,s0)
+/usr/bin/ostree -- gen_context(system_u:object_r:install_exec_t,s0) +/usr/bin/ostree -- gen_context(system_u:object_r:install_exec_t,s0)
+/usr/bin/rpm-ostree -- gen_context(system_u:object_r:install_exec_t,s0) +/usr/bin/rpm-ostree -- gen_context(system_u:object_r:install_exec_t,s0)
+/usr/libexec/rpm-ostreed -- gen_context(system_u:object_r:install_exec_t,s0)
+ +
+/usr/bin/preupg.* -- gen_context(system_u:object_r:preupgrade_exec_t,s0) +/usr/bin/preupg.* -- gen_context(system_u:object_r:preupgrade_exec_t,s0)
+/var/lib/preupgrade(/.*)? gen_context(system_u:object_r:preupgrade_data_t,s0) +/var/lib/preupgrade(/.*)? gen_context(system_u:object_r:preupgrade_data_t,s0)
@ -52603,10 +52604,10 @@ index 65a246a..fa86320 100644
netutils_domtrans_ping(mrtg_t) netutils_domtrans_ping(mrtg_t)
diff --git a/mta.fc b/mta.fc diff --git a/mta.fc b/mta.fc
index f42896c..bd1eb52 100644 index f42896c..2cf0c23 100644
--- a/mta.fc --- a/mta.fc
+++ b/mta.fc +++ b/mta.fc
@@ -1,34 +1,44 @@ @@ -1,34 +1,41 @@
-HOME_DIR/\.esmtp_queue -- gen_context(system_u:object_r:mail_home_t,s0) -HOME_DIR/\.esmtp_queue -- gen_context(system_u:object_r:mail_home_t,s0)
HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0)
HOME_DIR/dead\.letter -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/dead\.letter -- gen_context(system_u:object_r:mail_home_t,s0)
@ -52618,10 +52619,8 @@ index f42896c..bd1eb52 100644
+HOME_DIR/.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) +HOME_DIR/.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
-/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) -/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
-
-/etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0) -/etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0)
+/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+
+/etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0) +/etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0)
/etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0) /etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0)
-/etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0) -/etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0)
@ -76605,10 +76604,10 @@ index 0000000..8231f4f
+') +')
diff --git a/prosody.te b/prosody.te diff --git a/prosody.te b/prosody.te
new file mode 100644 new file mode 100644
index 0000000..d531fa5 index 0000000..3ef4a99
--- /dev/null --- /dev/null
+++ b/prosody.te +++ b/prosody.te
@@ -0,0 +1,92 @@ @@ -0,0 +1,97 @@
+policy_module(prosody, 1.0.0) +policy_module(prosody, 1.0.0)
+ +
+######################################## +########################################
@ -76684,6 +76683,7 @@ index 0000000..d531fa5
+corenet_tcp_bind_jabber_client_port(prosody_t) +corenet_tcp_bind_jabber_client_port(prosody_t)
+corenet_tcp_bind_jabber_interserver_port(prosody_t) +corenet_tcp_bind_jabber_interserver_port(prosody_t)
+corenet_tcp_bind_jabber_router_port(prosody_t) +corenet_tcp_bind_jabber_router_port(prosody_t)
+corenet_tcp_bind_commplex_main_port(prosody_t)
+ +
+tunable_policy(`prosody_bind_http_port',` +tunable_policy(`prosody_bind_http_port',`
+ corenet_tcp_bind_http_port(prosody_t) + corenet_tcp_bind_http_port(prosody_t)
@ -76701,6 +76701,10 @@ index 0000000..d531fa5
+logging_send_syslog_msg(prosody_t) +logging_send_syslog_msg(prosody_t)
+ +
+miscfiles_read_localization(prosody_t) +miscfiles_read_localization(prosody_t)
+
+optional_policy(`
+ sasl_connect(prosody_t)
+')
diff --git a/psad.if b/psad.if diff --git a/psad.if b/psad.if
index d4dcf78..3cce82e 100644 index d4dcf78..3cce82e 100644
--- a/psad.if --- a/psad.if
@ -104430,10 +104434,10 @@ index 0000000..a6e216c
+ +
diff --git a/targetd.te b/targetd.te diff --git a/targetd.te b/targetd.te
new file mode 100644 new file mode 100644
index 0000000..6768bda index 0000000..e372bd7
--- /dev/null --- /dev/null
+++ b/targetd.te +++ b/targetd.te
@@ -0,0 +1,62 @@ @@ -0,0 +1,63 @@
+policy_module(targetd, 1.0.0) +policy_module(targetd, 1.0.0)
+ +
+######################################## +########################################
@ -104477,6 +104481,7 @@ index 0000000..6768bda
+ +
+dev_read_sysfs(targetd_t) +dev_read_sysfs(targetd_t)
+dev_read_urand(targetd_t) +dev_read_urand(targetd_t)
+dev_rw_lvm_control(targetd_t)
+ +
+libs_exec_ldconfig(targetd_t) +libs_exec_ldconfig(targetd_t)
+ +
@ -106127,7 +106132,7 @@ index cfaa2a1..a9bc6f1 100644
optional_policy(` optional_policy(`
diff --git a/tgtd.fc b/tgtd.fc diff --git a/tgtd.fc b/tgtd.fc
index 38389e6..4847b43 100644 index 38389e6..ae0f9ab 100644
--- a/tgtd.fc --- a/tgtd.fc
+++ b/tgtd.fc +++ b/tgtd.fc
@@ -1,7 +1,4 @@ @@ -1,7 +1,4 @@
@ -106141,7 +106146,7 @@ index 38389e6..4847b43 100644
+/etc/rc\.d/init\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t,s0)
+/usr/sbin/tgtd -- gen_context(system_u:object_r:tgtd_exec_t,s0) +/usr/sbin/tgtd -- gen_context(system_u:object_r:tgtd_exec_t,s0)
+/var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t,s0) +/var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t,s0)
+/var/run/tgtd.* -s gen_context(system_u:object_r:tgtd_var_run_t,s0) +/var/run/tgtd.* gen_context(system_u:object_r:tgtd_var_run_t,s0)
diff --git a/tgtd.if b/tgtd.if diff --git a/tgtd.if b/tgtd.if
index 5406b6e..dc5b46e 100644 index 5406b6e..dc5b46e 100644
--- a/tgtd.if --- a/tgtd.if

View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.13.1 Version: 3.13.1
Release: 180%{?dist} Release: 181%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -653,6 +653,17 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Apr 01 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-181
- Label /usr/libexec/rpm-ostreed as rpm_exec_t. BZ(1309075)
- /bin/mailx is labeled sendmail_exec_t, and enters the sendmail_t domain on execution. If /usr/sbin/sendmail does not have its own domain to transition to, and is not one of several products whose behavior is allowed by the sendmail_t policy, execution will fail. In this case we need to label /bin/mailx as bin_t. BZ(1323224)
- Label all run tgtd files, not just socket files.
- Allow prosody to stream connect to sasl. This will allow using cyrus authentication in prosody.
- Allow prosody to listen on port 5000 for mod_proxy65. BZ(1322815)
- Allow targetd to read/write to /dev/mapper/control device. BZ(1241415)
- Label /etc/selinux/(minimum|mls|targeted)/active/ as semanage_store_t.
- Allow systemd_resolved to read systemd_networkd run files. BZ(1322921)
- New cgroup2 file system in Rawhide
* Wed Mar 30 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-180 * Wed Mar 30 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-180
- Allow dovecot_auth_t domain to manage also dovecot_var_run_t fifo files. BZ(1320415) - Allow dovecot_auth_t domain to manage also dovecot_var_run_t fifo files. BZ(1320415)
- Allow colord to read /etc/udev/hwdb.bin. rhzb#1316514 - Allow colord to read /etc/udev/hwdb.bin. rhzb#1316514