- Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it

- Allow all postfix domains to use the fifo_file - Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t - Allow apmd_t to read grub.cfg - Let firewallgui read the selinux config - Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp - Fix devicekit_manage_pid_files() interface - Allow squid to check the network state - Dontaudit colord getattr on file systems - Allow ping domains to read zabbix_tmp_t files
2011-11-29 14:16:11 +01:00 · 2011-11-29 14:16:11 +01:00 · e5768e0fb6
parent 51bad8c183
commit e5768e0fb6
2 changed files with 290 additions and 142 deletions
--- a/policy-F16.patch
+++ b/policy-F16.patch
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 61%{?dist}
+Release: 63%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -470,6 +470,18 @@ SELinux Reference policy mls base module.
 %endif

 %changelog
+* Tue Nov 29 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-63
+- Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it
+- Allow all postfix domains to use the fifo_file
+- Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t
+- Allow apmd_t to read grub.cfg
+- Let firewallgui read the selinux config
+- Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp
+- Fix devicekit_manage_pid_files() interface
+- Allow squid to check the network state
+- Dontaudit colord getattr on file systems
+- Allow ping domains to read zabbix_tmp_t files
+
 * Wed Nov 23 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-59
 - Allow mcelog_t to create dir and file in /var/run and label it correctly
 - Allow dbus to manage fusefs