rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy

Browse Source
This commit is contained in:
Dan Walsh 2014-01-24 11:20:15 -05:00
commit c8df556a5f
4 changed files with 1183 additions and 976 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules-targeted-contrib.conf
View File

@ -2471,3 +2471,10 @@ snapper = module
# pcp policy # pcp policy
# #
pcp = module pcp = module
# Layer: contrib
# Module: geoclue
#
# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information
#
geoclue = module

1394
policy-rawhide-base.patch
View File

File diff suppressed because it is too large Load Diff

723
policy-rawhide-contrib.patch
View File

File diff suppressed because it is too large Load Diff

35
selinux-policy.spec
View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.13.1 Version: 3.13.1
Release: 15%{?dist} Release: 17%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -456,7 +456,6 @@ Obsoletes: mod_fcgid-selinux <= %{version}-%{release}
Obsoletes: cachefilesd-selinux <= 0.10-1 Obsoletes: cachefilesd-selinux <= 0.10-1
Conflicts: seedit Conflicts: seedit
Conflicts: 389-ds-base < 1.2.7, 389-admin < 1.1.12 Conflicts: 389-ds-base < 1.2.7, 389-admin < 1.1.12
Conflicts: pki-selinux < 10-0.0-0.45.b1
%description targeted %description targeted
SELinux Reference policy targeted base module. SELinux Reference policy targeted base module.
@ -579,6 +578,38 @@ SELinux Reference policy mls base module.
%endif %endif
%changelog %changelog
* Thu Jan 23 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-17
- init calling needs to be optional in domain.te
- Allow docker and mount on devpts chr_file
- Allow docker to transition to unconfined_t if boolean set
- Label also /usr/libexec/WebKitPluginProcess as mozilla_plugin_exec_t
- Fix type in docker.te
- Add mozilla_plugin_exec_t labeling for /usr/lib/firefox/plugin-container
- Allow docker to use the network and build images
- Allow docker to read selinux files for labeling, and mount on devpts chr_file
- Allow domains that transition to svirt_sandbox to send it signals
- Allow docker to transition to unconfined_t if boolean set
* Wed Jan 22 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-16
- New access needed to allow docker + lxc +SELinux to work together
- Allow apache to write to the owncloud data directory in /var/www/html...
- Cleanup sandbox X AVC's
- Allow consolekit to create log dir
- Add support for icinga CGI scripts
- Add support for icinga
- Allow kdumpctl_t to create kdump lock file
- Allow kdump to create lnk lock file
- Allow ABRT write core_pattern
- Allwo ABRT to read core_pattern
- Add policy for Geoclue. Geoclue is a D-Bus service that provides location information
- Allow nscd_t block_suspen capability
- Allow unconfined domain types to manage own transient unit file
- Allow systemd domains to handle transient init unit files
- No longer need the rpm_script_roles line since rpm_transition_script now does this for us
- Add/fix interfaces for usermodehelper_t
- Add interfaces to handle transient
- Fixes for new usermodehelper and proc_securit_t types, added to increase security on /proc and /sys file systems
* Mon Jan 20 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-15 * Mon Jan 20 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-15
- Add cron unconfined role support for uncofined SELinux user - Add cron unconfined role support for uncofined SELinux user
- Call kernel_rw_usermodehelper_state() in init.te - Call kernel_rw_usermodehelper_state() in init.te