Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy
This commit is contained in:
commit
c675c094a2
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.12.1
|
Version: 3.12.1
|
||||||
Release: 23%{?dist}
|
Release: 26%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -526,6 +526,93 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 5 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-26
|
||||||
|
- Try to label on controlC devices up to 30 correctly
|
||||||
|
- Add mount_rw_pid_files() interface
|
||||||
|
- Add additional mount/umount interfaces needed by mock
|
||||||
|
- fsadm_t sends audit messages in reads kernel_ipc_info when doing livecd-iso-to-disk
|
||||||
|
- Fix tabs
|
||||||
|
- Allow initrc_domain to search rgmanager lib files
|
||||||
|
- Add more fixes which make mock working together with confined users
|
||||||
|
* Allow mock_t to manage rpm files
|
||||||
|
* Allow mock_t to read rpm log files
|
||||||
|
* Allow mock to setattr on tmpfs, devpts
|
||||||
|
* Allow mount/umount filesystems
|
||||||
|
- Add rpm_read_log() interface
|
||||||
|
- yum-cron runs rpm from within it.
|
||||||
|
- Allow tuned to transition to dmidecode
|
||||||
|
- Allow firewalld to do net_admin
|
||||||
|
- Allow mock to unmont tmpfs_t
|
||||||
|
- Fix virt_sigkill() interface
|
||||||
|
- Add additional fixes for mock. Mainly caused by mount running in mock_t
|
||||||
|
- Allow mock to write sysfs_t and mount pid files
|
||||||
|
- Add mailman_domain to mailman_template()
|
||||||
|
- Allow openvswitch to execute shell
|
||||||
|
- Allow qpidd to use kerberos
|
||||||
|
- Allow mailman to use fusefs, needs back port to RHEL6
|
||||||
|
- Allow apache and its scripts to use anon_inodefs
|
||||||
|
- Add alias for git_user_content_t and git_sys_content_t so that RHEL6 will update to RHEL7
|
||||||
|
- Realmd needs to connect to samba ports, needs back port to F18 also
|
||||||
|
- Allow colord to read /run/initial-setup-
|
||||||
|
- Allow sanlock-helper to send sigkill to virtd which is registred to sanlock
|
||||||
|
- Add virt_kill() interface
|
||||||
|
- Add rgmanager_search_lib() interface
|
||||||
|
- Allow wdmd to getattr on all filesystems. Back ported from RHEL6
|
||||||
|
|
||||||
|
* Tue Apr 2 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-25
|
||||||
|
- Allow realmd to create tmp files
|
||||||
|
- FIx ircssi_home_t type to irssi_home_t
|
||||||
|
- Allow adcli running as realmd_t to connect to ldap port
|
||||||
|
- Allow NetworkManager to transition to ipsec_t, for running strongswan
|
||||||
|
- Make openshift_initrc_t an lxc_domain
|
||||||
|
- Allow gssd to manage user_tmp_t files
|
||||||
|
- Fix handling of irclogs in users homedir
|
||||||
|
- Fix labeling for drupal an wp-content in subdirs of /var/www/html
|
||||||
|
- Allow abrt to read utmp_t file
|
||||||
|
- Fix openshift policy to transition lnk_file, sock-file an fifo_file when created in a tmpfs_t, needs back port to RHEL6
|
||||||
|
- fix labeling for (oo|rhc)-restorer-wrapper.sh
|
||||||
|
- firewalld needs to be able to write to network sysctls
|
||||||
|
- Fix mozilla_plugin_dontaudit_rw_sem() interface
|
||||||
|
- Dontaudit generic ipc read/write to a mozilla_plugin for sandbox_x domains
|
||||||
|
- Add mozilla_plugin_dontaudit_rw_sem() interface
|
||||||
|
- Allow svirt_lxc_t to transition to openshift domains
|
||||||
|
- Allow condor domains block_suspend and dac_override caps
|
||||||
|
- Allow condor_master to read passd
|
||||||
|
- Allow condor_master to read system state
|
||||||
|
- Allow NetworkManager to transition to ipsec_t, for running strongswan
|
||||||
|
- Lots of access required by lvm_t to created encrypted usb device
|
||||||
|
- Allow xdm_t to dbus communicate with systemd_localed_t
|
||||||
|
- Label strongswan content as ipsec_exec_mgmt_t for now
|
||||||
|
- Allow users to dbus chat with systemd_localed
|
||||||
|
- Fix handling of .xsession-errors in xserver.if, so kde will work
|
||||||
|
- Might be a bug but we are seeing avc's about people status on init_t:service
|
||||||
|
- Make sure we label content under /var/run/lock as <<none>>
|
||||||
|
- Allow daemon and systemprocesses to search init_var_run_t directory
|
||||||
|
- Add boolean to allow xdm to write xauth data to the home directory
|
||||||
|
- Allow mount to write keys for the unconfined domain
|
||||||
|
|
||||||
|
* Tue Mar 26 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-24
|
||||||
|
- Add labeling for /usr/share/pki
|
||||||
|
- Allow programs that read var_run_t symlinks also read var_t symlinks
|
||||||
|
- Add additional ports as mongod_port_t for 27018, 27019, 28017, 28018 and 28019 ports
|
||||||
|
- Fix labeling for /etc/dhcp directory
|
||||||
|
- add missing systemd_stub_unit_file() interface
|
||||||
|
- Add files_stub_var() interface
|
||||||
|
- Add lables for cert_t directories
|
||||||
|
- Make localectl set-x11-keymap working at all
|
||||||
|
- Allow abrt to manage mock build environments to catch build problems.
|
||||||
|
- Allow virt_domains to setsched for running gdb on itself
|
||||||
|
- Allow thumb_t to execute user home content
|
||||||
|
- Allow pulseaudio running as mozilla_plugin_t to read /run/systemd/users/1000
|
||||||
|
- Allow certwatch to execut /usr/bin/httpd
|
||||||
|
- Allow cgred to send signal perms to itself, needs back port to RHEL6
|
||||||
|
- Allow openshift_cron_t to look at quota
|
||||||
|
- Allow cups_t to read inhered tmpfs_t from the kernel
|
||||||
|
- Allow yppasswdd to use NIS
|
||||||
|
- Tuned wants sys_rawio capability
|
||||||
|
- Add ftpd_use_fusefs boolean
|
||||||
|
- Allow dirsrvadmin_t to signal itself
|
||||||
|
|
||||||
* Wed Mar 20 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-23
|
* Wed Mar 20 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-23
|
||||||
- Allow localectl to read /etc/X11/xorg.conf.d directory
|
- Allow localectl to read /etc/X11/xorg.conf.d directory
|
||||||
- Revert "Revert "Fix filetrans rules for kdm creates .xsession-errors""
|
- Revert "Revert "Fix filetrans rules for kdm creates .xsession-errors""
|
||||||
|
Loading…
Reference in New Issue
Block a user