Remove trailing whitespaces
This commit is contained in:
parent
e99b0bae28
commit
fe20768333
11
README.md
11
README.md
@ -20,7 +20,7 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib )
|
|||||||
origin/rawhide
|
origin/rawhide
|
||||||
|
|
||||||
$ cd selinux-policy-contrib
|
$ cd selinux-policy-contrib
|
||||||
$ git remote -v
|
$ git remote -v
|
||||||
origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
|
origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
|
||||||
|
|
||||||
$ git branch -r
|
$ git branch -r
|
||||||
@ -38,13 +38,13 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
|
|||||||
## Build process
|
## Build process
|
||||||
|
|
||||||
1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
|
1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
|
||||||
|
|
||||||
$ cd ~/devel/github
|
$ cd ~/devel/github
|
||||||
$ git clone git@github.com:fedora-selinux/selinux-policy.git
|
$ git clone git@github.com:fedora-selinux/selinux-policy.git
|
||||||
$ cd selinux-policy
|
$ cd selinux-policy
|
||||||
|
|
||||||
2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
|
2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
|
||||||
|
|
||||||
$ cd ~/devel/github
|
$ cd ~/devel/github
|
||||||
$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
|
$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
|
||||||
$ cd selinux-policy-contrib
|
$ cd selinux-policy-contrib
|
||||||
@ -54,7 +54,7 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
|
|||||||
4. clone **selinux-policy** dist-git repository
|
4. clone **selinux-policy** dist-git repository
|
||||||
|
|
||||||
$ cd ~/devel/dist-git
|
$ cd ~/devel/dist-git
|
||||||
$ fedpkg clone selinux-policy
|
$ fedpkg clone selinux-policy
|
||||||
$ cd selinux-policy
|
$ cd selinux-policy
|
||||||
|
|
||||||
4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
|
4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
|
||||||
@ -63,6 +63,5 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
|
|||||||
|
|
||||||
5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
|
5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
|
||||||
6. build the package
|
6. build the package
|
||||||
|
|
||||||
$ fedpkg build
|
|
||||||
|
|
||||||
|
$ fedpkg build
|
||||||
|
@ -79,12 +79,12 @@ Requires: selinux-policy-any = %{version}-%{release}
|
|||||||
Provides: selinux-policy-base = %{version}-%{release}
|
Provides: selinux-policy-base = %{version}-%{release}
|
||||||
Suggests: selinux-policy-targeted
|
Suggests: selinux-policy-targeted
|
||||||
|
|
||||||
%description
|
%description
|
||||||
SELinux core policy package.
|
SELinux core policy package.
|
||||||
Originally based off of reference policy,
|
Originally based off of reference policy,
|
||||||
the policy has been adjusted to provide support for Fedora.
|
the policy has been adjusted to provide support for Fedora.
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%dir %{_datadir}/selinux
|
%dir %{_datadir}/selinux
|
||||||
@ -399,7 +399,7 @@ end
|
|||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -n %{name}-contrib-%{commit1} -q -b 29
|
%setup -n %{name}-contrib-%{commit1} -q -b 29
|
||||||
tar -xf %{SOURCE35}
|
tar -xf %{SOURCE35}
|
||||||
contrib_path=`pwd`
|
contrib_path=`pwd`
|
||||||
@ -525,13 +525,13 @@ echo "
|
|||||||
SELINUX=enforcing
|
SELINUX=enforcing
|
||||||
# SELINUXTYPE= can take one of these three values:
|
# SELINUXTYPE= can take one of these three values:
|
||||||
# targeted - Targeted processes are protected,
|
# targeted - Targeted processes are protected,
|
||||||
# minimum - Modification of targeted policy. Only selected processes are protected.
|
# minimum - Modification of targeted policy. Only selected processes are protected.
|
||||||
# mls - Multi Level Security protection.
|
# mls - Multi Level Security protection.
|
||||||
SELINUXTYPE=targeted
|
SELINUXTYPE=targeted
|
||||||
|
|
||||||
" > %{_sysconfdir}/selinux/config
|
" > %{_sysconfdir}/selinux/config
|
||||||
|
|
||||||
ln -sf ../selinux/config %{_sysconfdir}/sysconfig/selinux
|
ln -sf ../selinux/config %{_sysconfdir}/sysconfig/selinux
|
||||||
%{_sbindir}/restorecon %{_sysconfdir}/selinux/config 2> /dev/null || :
|
%{_sbindir}/restorecon %{_sysconfdir}/selinux/config 2> /dev/null || :
|
||||||
else
|
else
|
||||||
. %{_sysconfdir}/selinux/config
|
. %{_sysconfdir}/selinux/config
|
||||||
@ -630,7 +630,7 @@ exit 0
|
|||||||
|
|
||||||
%files targeted -f %{buildroot}%{_datadir}/selinux/targeted/nonbasemodules.lst
|
%files targeted -f %{buildroot}%{_datadir}/selinux/targeted/nonbasemodules.lst
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
|
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/sysadm_u
|
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/sysadm_u
|
||||||
%fileList targeted
|
%fileList targeted
|
||||||
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/targeted/active/modules/100/permissivedomains
|
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/targeted/active/modules/100/permissivedomains
|
||||||
%endif
|
%endif
|
||||||
@ -733,12 +733,12 @@ exit 0
|
|||||||
|
|
||||||
%files minimum -f %{buildroot}%{_datadir}/selinux/minimum/nonbasemodules.lst
|
%files minimum -f %{buildroot}%{_datadir}/selinux/minimum/nonbasemodules.lst
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
|
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u
|
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u
|
||||||
%fileList minimum
|
%fileList minimum
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{BUILD_MLS}
|
%if %{BUILD_MLS}
|
||||||
%package mls
|
%package mls
|
||||||
Summary: SELinux MLS policy
|
Summary: SELinux MLS policy
|
||||||
Provides: selinux-policy-base = %{version}-%{release}
|
Provides: selinux-policy-base = %{version}-%{release}
|
||||||
Obsoletes: selinux-policy-mls-sources < 2
|
Obsoletes: selinux-policy-mls-sources < 2
|
||||||
@ -750,16 +750,16 @@ Requires: selinux-policy = %{version}-%{release}
|
|||||||
Conflicts: seedit
|
Conflicts: seedit
|
||||||
Conflicts: container-selinux <= 1.9.0-9
|
Conflicts: container-selinux <= 1.9.0-9
|
||||||
|
|
||||||
%description mls
|
%description mls
|
||||||
SELinux MLS (Multi Level Security) policy package.
|
SELinux MLS (Multi Level Security) policy package.
|
||||||
|
|
||||||
%pretrans mls -p <lua>
|
%pretrans mls -p <lua>
|
||||||
%backupConfigLua
|
%backupConfigLua
|
||||||
|
|
||||||
%pre mls
|
%pre mls
|
||||||
%preInstall mls
|
%preInstall mls
|
||||||
|
|
||||||
%post mls
|
%post mls
|
||||||
%checkConfigConsistency mls
|
%checkConfigConsistency mls
|
||||||
%postInstall $1 mls
|
%postInstall $1 mls
|
||||||
exit 0
|
exit 0
|
||||||
@ -2620,7 +2620,7 @@ Resolves: rhbz#1683365
|
|||||||
|
|
||||||
|
|
||||||
* Tue May 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-19
|
* Tue May 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-19
|
||||||
- Increase dependency versions of policycoreutils and checkpolicy packages
|
- Increase dependency versions of policycoreutils and checkpolicy packages
|
||||||
|
|
||||||
* Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-18
|
* Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-18
|
||||||
- Disable secure mode environment cleansing for dirsrv_t
|
- Disable secure mode environment cleansing for dirsrv_t
|
||||||
@ -4883,7 +4883,7 @@ Resolves: rhbz#1314372
|
|||||||
- Fix neverallow assertion for sys_module capability for openvswitch.
|
- Fix neverallow assertion for sys_module capability for openvswitch.
|
||||||
- kernel_load_module() needs to be called out of boolean for svirt_lxc_net_t.
|
- kernel_load_module() needs to be called out of boolean for svirt_lxc_net_t.
|
||||||
- Fix neverallow assertion for sys_module capability.
|
- Fix neverallow assertion for sys_module capability.
|
||||||
- Add more attributes for sandbox domains to avoid neverallow assertion issues.
|
- Add more attributes for sandbox domains to avoid neverallow assertion issues.
|
||||||
- Add neverallow asserition fixes related to storage.
|
- Add neverallow asserition fixes related to storage.
|
||||||
- Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS
|
- Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS
|
||||||
- Allow openhpid_t to read system state.
|
- Allow openhpid_t to read system state.
|
||||||
@ -5171,7 +5171,7 @@ Resolves: rhbz#1314372
|
|||||||
|
|
||||||
* Tue Jun 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-128
|
* Tue Jun 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-128
|
||||||
- Add ipsec_rw_inherited_pipes() interface.
|
- Add ipsec_rw_inherited_pipes() interface.
|
||||||
- Allow ibus-x11 running as xdm_t to connect uder session buses. We already allow to connect to userdomains over unix_stream_socket.
|
- Allow ibus-x11 running as xdm_t to connect uder session buses. We already allow to connect to userdomains over unix_stream_socket.
|
||||||
- Label /usr/libexec/Xorg.wrap as xserver_exec_t.
|
- Label /usr/libexec/Xorg.wrap as xserver_exec_t.
|
||||||
- Allow systemd-networkd to bind dhcpc ports if DHCP=yes in *.network conf file.
|
- Allow systemd-networkd to bind dhcpc ports if DHCP=yes in *.network conf file.
|
||||||
- Add fixes for selinux userspace moving the policy store to /var/lib/selinux.
|
- Add fixes for selinux userspace moving the policy store to /var/lib/selinux.
|
||||||
@ -5179,13 +5179,13 @@ Resolves: rhbz#1314372
|
|||||||
- Label all gluster hooks in /var/lib/gluster as bin_t. They are not created on the fly.
|
- Label all gluster hooks in /var/lib/gluster as bin_t. They are not created on the fly.
|
||||||
- Access required to run with unconfine.pp disabled
|
- Access required to run with unconfine.pp disabled
|
||||||
- Fix selinux_search_fs() interface.
|
- Fix selinux_search_fs() interface.
|
||||||
- Update selinux_search_fs(domain) rule to have ability to search /etc/selinuc/ to check if /etc/selinux/config exists.
|
- Update selinux_search_fs(domain) rule to have ability to search /etc/selinuc/ to check if /etc/selinux/config exists.
|
||||||
- Add seutil_search_config() interface.
|
- Add seutil_search_config() interface.
|
||||||
- Make ssh-keygen as nsswitch domain to access SSSD.
|
- Make ssh-keygen as nsswitch domain to access SSSD.
|
||||||
- Label ctdb events scripts as bin_t.
|
- Label ctdb events scripts as bin_t.
|
||||||
- Add support for /usr/sbin/lvmpolld.
|
- Add support for /usr/sbin/lvmpolld.
|
||||||
- Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint.
|
- Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint.
|
||||||
- Add support for ~/.local/share/networkmanagement/certificates and update filename transitions rules.
|
- Add support for ~/.local/share/networkmanagement/certificates and update filename transitions rules.
|
||||||
- Allow login_pgm domains to access kernel keyring for nsswitch domains.
|
- Allow login_pgm domains to access kernel keyring for nsswitch domains.
|
||||||
- Allow hypervkvp to read /dev/urandom and read addition states/config files.
|
- Allow hypervkvp to read /dev/urandom and read addition states/config files.
|
||||||
- Add cgdcbxd policy.
|
- Add cgdcbxd policy.
|
||||||
@ -5200,26 +5200,26 @@ Resolves: rhbz#1314372
|
|||||||
- Allow fowner capability for sssd because of selinux_child handling.
|
- Allow fowner capability for sssd because of selinux_child handling.
|
||||||
- Allow pki-tomcat relabel pki_tomcat_etc_rw_t.
|
- Allow pki-tomcat relabel pki_tomcat_etc_rw_t.
|
||||||
- Allow cluster domain to dbus chat with systemd-logind.
|
- Allow cluster domain to dbus chat with systemd-logind.
|
||||||
- Allow tmpreaper_t to manage ntp log content
|
- Allow tmpreaper_t to manage ntp log content
|
||||||
- Allow openvswitch_t to communicate with sssd.
|
- Allow openvswitch_t to communicate with sssd.
|
||||||
- Allow isnsd_t to communicate with sssd.
|
- Allow isnsd_t to communicate with sssd.
|
||||||
- Allow rwho_t to communicate with sssd.
|
- Allow rwho_t to communicate with sssd.
|
||||||
- Allow pkcs_slotd_t to communicate with sssd.
|
- Allow pkcs_slotd_t to communicate with sssd.
|
||||||
- Add httpd_var_lib_t label for roundcubemail
|
- Add httpd_var_lib_t label for roundcubemail
|
||||||
- Allow puppetagent_t to transfer firewalld messages over dbus.
|
- Allow puppetagent_t to transfer firewalld messages over dbus.
|
||||||
- Allow glusterd to have mknod capability. It creates a special file using mknod in a brick.
|
- Allow glusterd to have mknod capability. It creates a special file using mknod in a brick.
|
||||||
- Update rules related to glusterd_brick_t.
|
- Update rules related to glusterd_brick_t.
|
||||||
- Allow glusterd to execute lvm tools in the lvm_t target domain.
|
- Allow glusterd to execute lvm tools in the lvm_t target domain.
|
||||||
- Allow glusterd to execute xfs_growfs in the target domain.
|
- Allow glusterd to execute xfs_growfs in the target domain.
|
||||||
- Allow sysctl to have running under hypervkvp_t domain.
|
- Allow sysctl to have running under hypervkvp_t domain.
|
||||||
- Allow smartdnotify to use user terminals.
|
- Allow smartdnotify to use user terminals.
|
||||||
- Allow pcp domains to create root.socket in /var/lip/pcp directroy.
|
- Allow pcp domains to create root.socket in /var/lip/pcp directroy.
|
||||||
- Allow NM to execute dnssec-trigger-script in dnssec_trigger_t domain.
|
- Allow NM to execute dnssec-trigger-script in dnssec_trigger_t domain.
|
||||||
- Allow rpcbind to create rpcbind.xdr as a temporary file.
|
- Allow rpcbind to create rpcbind.xdr as a temporary file.
|
||||||
- Allow dnssec-trigger connections to the system DBUS. It uses libnm-glib Python bindings.
|
- Allow dnssec-trigger connections to the system DBUS. It uses libnm-glib Python bindings.
|
||||||
- Allow hostapd net_admin capability. hostapd needs to able to set an interface flag.
|
- Allow hostapd net_admin capability. hostapd needs to able to set an interface flag.
|
||||||
- rsync server can be setup to send mail
|
- rsync server can be setup to send mail
|
||||||
- Make "ostree admin upgrade -r" command which suppose to upgrade the system and reboot working again.
|
- Make "ostree admin upgrade -r" command which suppose to upgrade the system and reboot working again.
|
||||||
- Remove ctdbd_manage_var_files() interface which is not used and is declared for the wrong type.
|
- Remove ctdbd_manage_var_files() interface which is not used and is declared for the wrong type.
|
||||||
- Fix samba_load_libgfapi decl in samba.te.
|
- Fix samba_load_libgfapi decl in samba.te.
|
||||||
- Fix typo in nagios_run_sudo() boolean.
|
- Fix typo in nagios_run_sudo() boolean.
|
||||||
@ -5255,19 +5255,19 @@ Resolves: rhbz#1314372
|
|||||||
- Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd.
|
- Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd.
|
||||||
- Add glusterd_filetrans_named_pid() interface.
|
- Add glusterd_filetrans_named_pid() interface.
|
||||||
- Allow antivirus_t to read system state info.
|
- Allow antivirus_t to read system state info.
|
||||||
- Dontaudit use console for chrome-sandbox.
|
- Dontaudit use console for chrome-sandbox.
|
||||||
- Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot.
|
- Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot.
|
||||||
- Clamd needs to have fsetid capability.
|
- Clamd needs to have fsetid capability.
|
||||||
- Allow cinder-backup to dbus chat with systemd-logind.
|
- Allow cinder-backup to dbus chat with systemd-logind.
|
||||||
- Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files.
|
- Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files.
|
||||||
- Allow gssd to access kernel keyring for login_pgm domains.
|
- Allow gssd to access kernel keyring for login_pgm domains.
|
||||||
- Add more fixes related to timemaster+ntp+ptp4l.
|
- Add more fixes related to timemaster+ntp+ptp4l.
|
||||||
- Allow docker sandbox domains to search all mountpoiunts
|
- Allow docker sandbox domains to search all mountpoiunts
|
||||||
- update winbind_t rules to allow IPC for winbind.
|
- update winbind_t rules to allow IPC for winbind.
|
||||||
- Add rpm_exec_t labeling for /usr/bin/dnf-automatic,/usr/bin/dnf-2 and /usr/bin/dnf-3.
|
- Add rpm_exec_t labeling for /usr/bin/dnf-automatic,/usr/bin/dnf-2 and /usr/bin/dnf-3.
|
||||||
- Allow inet_gethost called by couchdb to access /proc/net/unix.
|
- Allow inet_gethost called by couchdb to access /proc/net/unix.
|
||||||
- Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so
|
- Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so
|
||||||
- Label /usr/bin/yum-deprecated as rpm_exec_t.
|
- Label /usr/bin/yum-deprecated as rpm_exec_t.
|
||||||
|
|
||||||
* Tue May 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-127
|
* Tue May 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-127
|
||||||
- Add missing typealiases in apache_content_template() for script domain/executable.
|
- Add missing typealiases in apache_content_template() for script domain/executable.
|
||||||
@ -5897,9 +5897,9 @@ Resolves: rhbz#1314372
|
|||||||
- Allow mdadm to connect to own socket created by mdadm running as kernel_t.
|
- Allow mdadm to connect to own socket created by mdadm running as kernel_t.
|
||||||
- Fix pkcs, Remove pkcs_lock_filetrans and Add files_search_locks
|
- Fix pkcs, Remove pkcs_lock_filetrans and Add files_search_locks
|
||||||
- Allow bacula manage bacula_log_t dirs
|
- Allow bacula manage bacula_log_t dirs
|
||||||
- Allow pkcs_slotd_t read /etc/passwd, Label /var/lock/opencryptoki as pkcs_slotd_lock_t
|
- Allow pkcs_slotd_t read /etc/passwd, Label /var/lock/opencryptoki as pkcs_slotd_lock_t
|
||||||
- Fix mistakes keystone and quantum
|
- Fix mistakes keystone and quantum
|
||||||
- Label neutron var run dir
|
- Label neutron var run dir
|
||||||
- Label keystone var run dir
|
- Label keystone var run dir
|
||||||
- Fix bad labeling for /usr/s?bin/(oo|rhc)-restorer-wrapper.sh in openshift.fc.
|
- Fix bad labeling for /usr/s?bin/(oo|rhc)-restorer-wrapper.sh in openshift.fc.
|
||||||
- Dontaudit attempts to access check cert dirs/files for sssd.
|
- Dontaudit attempts to access check cert dirs/files for sssd.
|
||||||
@ -5910,13 +5910,13 @@ Resolves: rhbz#1314372
|
|||||||
- Label also /var/run/glusterd.socket file as gluster_var_run_t
|
- Label also /var/run/glusterd.socket file as gluster_var_run_t
|
||||||
- Fix policy for pkcsslotd from opencryptoki
|
- Fix policy for pkcsslotd from opencryptoki
|
||||||
- Update cockpik policy from cockpit usptream.
|
- Update cockpik policy from cockpit usptream.
|
||||||
- Allow certmonger to exec ldconfig to make ipa-server-install working.
|
- Allow certmonger to exec ldconfig to make ipa-server-install working.
|
||||||
- Added support for Naemon policy
|
- Added support for Naemon policy
|
||||||
- Allow keepalived manage snmp files
|
- Allow keepalived manage snmp files
|
||||||
- Add setpgid process to mip6d
|
- Add setpgid process to mip6d
|
||||||
- remove duplicate rule
|
- remove duplicate rule
|
||||||
- Allow postfix_smtpd to stream connect to antivirus
|
- Allow postfix_smtpd to stream connect to antivirus
|
||||||
- Dontaudit list /tmp for icecast
|
- Dontaudit list /tmp for icecast
|
||||||
- Allow zabbix domains to access /proc//net/dev.
|
- Allow zabbix domains to access /proc//net/dev.
|
||||||
|
|
||||||
* Wed Jul 23 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-67
|
* Wed Jul 23 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-67
|
||||||
@ -5938,7 +5938,7 @@ Resolves: rhbz#1314372
|
|||||||
* Fri Jul 18 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-65
|
* Fri Jul 18 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-65
|
||||||
- Allow sysadm to dbus chat with systemd
|
- Allow sysadm to dbus chat with systemd
|
||||||
- Add logging_dontaudit_search_audit_logs()
|
- Add logging_dontaudit_search_audit_logs()
|
||||||
- Add new files_read_all_mountpoint_symlinks()
|
- Add new files_read_all_mountpoint_symlinks()
|
||||||
- Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo.
|
- Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo.
|
||||||
- Allow ndc to read random and urandom device (#1110397)
|
- Allow ndc to read random and urandom device (#1110397)
|
||||||
- Allow zabbix to read system network state
|
- Allow zabbix to read system network state
|
||||||
@ -7176,7 +7176,7 @@ type in docker.te
|
|||||||
- Add new attribute to discover confined_admins
|
- Add new attribute to discover confined_admins
|
||||||
- Fix labeling for /etc/strongswan/ipsec.d
|
- Fix labeling for /etc/strongswan/ipsec.d
|
||||||
- systemd_logind seems to pass fd to anyone who dbus communicates with it
|
- systemd_logind seems to pass fd to anyone who dbus communicates with it
|
||||||
- Dontaudit leaked write descriptor to dmesg
|
- Dontaudit leaked write descriptor to dmesg
|
||||||
|
|
||||||
* Mon Oct 14 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-89
|
* Mon Oct 14 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-89
|
||||||
- Fix gnome_read_generic_data_home_files()
|
- Fix gnome_read_generic_data_home_files()
|
||||||
@ -7295,7 +7295,7 @@ type in docker.te
|
|||||||
- Match upstream labeling
|
- Match upstream labeling
|
||||||
|
|
||||||
* Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-83
|
* Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-83
|
||||||
- Do not build sanbox pkg on MLS
|
- Do not build sanbox pkg on MLS
|
||||||
|
|
||||||
* Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-82
|
* Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-82
|
||||||
- wine_tmp is no longer needed
|
- wine_tmp is no longer needed
|
||||||
@ -7451,7 +7451,7 @@ type in docker.te
|
|||||||
- Add selinux-policy-sandbox pkg
|
- Add selinux-policy-sandbox pkg
|
||||||
|
|
||||||
* Tue Aug 27 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-73
|
* Tue Aug 27 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-73
|
||||||
0
|
0
|
||||||
- Allow rhsmcertd to read init state
|
- Allow rhsmcertd to read init state
|
||||||
- Allow fsetid for pkcsslotd
|
- Allow fsetid for pkcsslotd
|
||||||
- Fix labeling for /usr/lib/systemd/system/pkcsslotd.service
|
- Fix labeling for /usr/lib/systemd/system/pkcsslotd.service
|
||||||
@ -7742,17 +7742,17 @@ type in docker.te
|
|||||||
- fix selinuxuser_use_ssh_chroot boolean
|
- fix selinuxuser_use_ssh_chroot boolean
|
||||||
|
|
||||||
* Fri Jun 28 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-58
|
* Fri Jun 28 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-58
|
||||||
- Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean.
|
- Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean.
|
||||||
- Allow bootloader to manage generic log files
|
- Allow bootloader to manage generic log files
|
||||||
- Allow ftp to bind to port 989
|
- Allow ftp to bind to port 989
|
||||||
- Fix label of new gear directory
|
- Fix label of new gear directory
|
||||||
- Add support for new directory /var/lib/openshift/gears/
|
- Add support for new directory /var/lib/openshift/gears/
|
||||||
- Add openshift_manage_lib_dirs()
|
- Add openshift_manage_lib_dirs()
|
||||||
- allow virtd domains to manage setrans_var_run_t
|
- allow virtd domains to manage setrans_var_run_t
|
||||||
- Allow useradd to manage all openshift content
|
- Allow useradd to manage all openshift content
|
||||||
- Add support so that mozilla_plugin_t can use dri devices
|
- Add support so that mozilla_plugin_t can use dri devices
|
||||||
- Allow chronyd to change the scheduler
|
- Allow chronyd to change the scheduler
|
||||||
- Allow apmd to shut downthe system
|
- Allow apmd to shut downthe system
|
||||||
- Devicekit_disk_t needs to manage /etc/fstab
|
- Devicekit_disk_t needs to manage /etc/fstab
|
||||||
|
|
||||||
* Wed Jun 26 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-57
|
* Wed Jun 26 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-57
|
||||||
@ -8143,7 +8143,7 @@ type in docker.te
|
|||||||
- label shared libraries in /opt/google/chrome as testrel_shlib_t
|
- label shared libraries in /opt/google/chrome as testrel_shlib_t
|
||||||
|
|
||||||
* Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-34
|
* Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-34
|
||||||
- Allow certmonger to dbus communicate with realmd
|
- Allow certmonger to dbus communicate with realmd
|
||||||
- Make realmd working
|
- Make realmd working
|
||||||
|
|
||||||
* Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-33
|
* Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-33
|
||||||
@ -8162,7 +8162,7 @@ type in docker.te
|
|||||||
- Allow sandbox domains to use inherted terminals
|
- Allow sandbox domains to use inherted terminals
|
||||||
- Allow pscd to use devices labeled svirt_image_t in order to use cat cards.
|
- Allow pscd to use devices labeled svirt_image_t in order to use cat cards.
|
||||||
- Add label for new alsa pid
|
- Add label for new alsa pid
|
||||||
- Alsa now uses a pid file and needs to setsched
|
- Alsa now uses a pid file and needs to setsched
|
||||||
- Fix oracleasmfs_t definition
|
- Fix oracleasmfs_t definition
|
||||||
- Add support for sshd_unit_file_t
|
- Add support for sshd_unit_file_t
|
||||||
- Add oracleasmfs_t
|
- Add oracleasmfs_t
|
||||||
@ -8719,7 +8719,7 @@ type in docker.te
|
|||||||
- Allow certwatch to read meminfo
|
- Allow certwatch to read meminfo
|
||||||
- Fix nscd_dontaudit_write_sock_file() interfac
|
- Fix nscd_dontaudit_write_sock_file() interfac
|
||||||
- Fix gnome_filetrans_home_content() to include also "fontconfig" dir as cache_home_t
|
- Fix gnome_filetrans_home_content() to include also "fontconfig" dir as cache_home_t
|
||||||
- llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling
|
- llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling
|
||||||
|
|
||||||
* Fri Jan 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3
|
* Fri Jan 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3
|
||||||
- Allow gnomeclock to talk to puppet over dbus
|
- Allow gnomeclock to talk to puppet over dbus
|
||||||
@ -8878,7 +8878,7 @@ type in docker.te
|
|||||||
- Allow firewalld to dbus chat with devicekit_power
|
- Allow firewalld to dbus chat with devicekit_power
|
||||||
- Allow tuned to call lsblk
|
- Allow tuned to call lsblk
|
||||||
- Allow tor to read /proc/sys/kernel/random/uuid
|
- Allow tor to read /proc/sys/kernel/random/uuid
|
||||||
- Add tor_can_network_relay boolean
|
- Add tor_can_network_relay boolean
|
||||||
|
|
||||||
* Wed Dec 5 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-60
|
* Wed Dec 5 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-60
|
||||||
- Add openshift_initrc_signal() interface
|
- Add openshift_initrc_signal() interface
|
||||||
@ -8983,7 +8983,7 @@ type in docker.te
|
|||||||
- Fix filetrans interface definitions
|
- Fix filetrans interface definitions
|
||||||
- Dontaudit xdm_t to getattr on BOINC lib files
|
- Dontaudit xdm_t to getattr on BOINC lib files
|
||||||
- Add systemd_reload_all_services() interface
|
- Add systemd_reload_all_services() interface
|
||||||
- Dontaudit write access on /var/lib/net-snmp/mib_indexes
|
- Dontaudit write access on /var/lib/net-snmp/mib_indexes
|
||||||
- Only stop mcsuntrustedproc from relableing files
|
- Only stop mcsuntrustedproc from relableing files
|
||||||
- Allow accountsd to dbus chat with gdm
|
- Allow accountsd to dbus chat with gdm
|
||||||
- Allow realmd to getattr on all fs
|
- Allow realmd to getattr on all fs
|
||||||
@ -9148,7 +9148,7 @@ type in docker.te
|
|||||||
- Clean up for tunable+optional statements
|
- Clean up for tunable+optional statements
|
||||||
- Add labeling for /usr/sbin/mkhomedir_helper
|
- Add labeling for /usr/sbin/mkhomedir_helper
|
||||||
- Allow antivirus domain to managa amavis spool files
|
- Allow antivirus domain to managa amavis spool files
|
||||||
- Allow rpcbind_t to read passwd
|
- Allow rpcbind_t to read passwd
|
||||||
- Allow pyzor running as spamc to manage amavis spool
|
- Allow pyzor running as spamc to manage amavis spool
|
||||||
|
|
||||||
|
|
||||||
@ -9295,7 +9295,7 @@ type in docker.te
|
|||||||
- Stop using attributes form netlabel_peer and syslog, auth_use_nsswitch setsup netlabel_peer
|
- Stop using attributes form netlabel_peer and syslog, auth_use_nsswitch setsup netlabel_peer
|
||||||
- Move netlable_peer check out of booleans
|
- Move netlable_peer check out of booleans
|
||||||
- Remove call to recvfrom_netlabel for kerberos call
|
- Remove call to recvfrom_netlabel for kerberos call
|
||||||
- Remove use of attributes when calling syslog call
|
- Remove use of attributes when calling syslog call
|
||||||
- Move -miscfiles_read_localization to domain.te to save hundreds of allow rules
|
- Move -miscfiles_read_localization to domain.te to save hundreds of allow rules
|
||||||
- Allow all domains to read locale files. This eliminates around 1500 allow rules- Cleanup nis_use_ypbind_uncond interface
|
- Allow all domains to read locale files. This eliminates around 1500 allow rules- Cleanup nis_use_ypbind_uncond interface
|
||||||
- Allow rndc to block suspend
|
- Allow rndc to block suspend
|
||||||
@ -9375,7 +9375,7 @@ type in docker.te
|
|||||||
|
|
||||||
* Fri Aug 31 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-15
|
* Fri Aug 31 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-15
|
||||||
- Separate sandbox policy into sandbox and sandboxX, and disable sandbox by default on fresh installs
|
- Separate sandbox policy into sandbox and sandboxX, and disable sandbox by default on fresh installs
|
||||||
- Allow domains that can read etc_t to read etc_runtime_t
|
- Allow domains that can read etc_t to read etc_runtime_t
|
||||||
- Allow all domains to use inherited tmpfiles
|
- Allow all domains to use inherited tmpfiles
|
||||||
|
|
||||||
* Wed Aug 29 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-14
|
* Wed Aug 29 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-14
|
||||||
@ -9418,7 +9418,7 @@ type in docker.te
|
|||||||
- Allow xserver to communicate with secure_firmware
|
- Allow xserver to communicate with secure_firmware
|
||||||
- Allow fsadm tools (fsck) to read /run/mount contnet
|
- Allow fsadm tools (fsck) to read /run/mount contnet
|
||||||
- Allow sysadm types to read /dev/kmsg
|
- Allow sysadm types to read /dev/kmsg
|
||||||
-
|
-
|
||||||
|
|
||||||
* Thu Aug 16 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-9
|
* Thu Aug 16 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-9
|
||||||
- Allow postfix, sssd, rpcd to block_suspend
|
- Allow postfix, sssd, rpcd to block_suspend
|
||||||
@ -9775,7 +9775,7 @@ type in docker.te
|
|||||||
- Allow l2tpd_t to read system state
|
- Allow l2tpd_t to read system state
|
||||||
- Allow tuned to run ls /dev
|
- Allow tuned to run ls /dev
|
||||||
- Allow sudo domains to read usr_t files
|
- Allow sudo domains to read usr_t files
|
||||||
- Add label to machine-id
|
- Add label to machine-id
|
||||||
- Fix corecmd_read_bin_symlinks cut and paste error
|
- Fix corecmd_read_bin_symlinks cut and paste error
|
||||||
|
|
||||||
* Wed May 16 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-125
|
* Wed May 16 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-125
|
||||||
@ -10094,7 +10094,7 @@ type in docker.te
|
|||||||
* Fri Mar 9 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-98
|
* Fri Mar 9 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-98
|
||||||
- Add policy for nove-cert
|
- Add policy for nove-cert
|
||||||
- Add labeling for nova-openstack systemd unit files
|
- Add labeling for nova-openstack systemd unit files
|
||||||
- Add policy for keystoke
|
- Add policy for keystoke
|
||||||
|
|
||||||
* Thu Mar 8 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-97
|
* Thu Mar 8 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-97
|
||||||
- Fix man pages fro domains
|
- Fix man pages fro domains
|
||||||
@ -10266,7 +10266,7 @@ type in docker.te
|
|||||||
- Add support for selinux_avcstat munin plugin
|
- Add support for selinux_avcstat munin plugin
|
||||||
- Treat hearbeat with corosync policy
|
- Treat hearbeat with corosync policy
|
||||||
- Allow corosync to read and write to qpidd shared mem
|
- Allow corosync to read and write to qpidd shared mem
|
||||||
- mozilla_plugin is trying to run pulseaudio
|
- mozilla_plugin is trying to run pulseaudio
|
||||||
- Fixes for new sshd patch for running priv sep domains as the users context
|
- Fixes for new sshd patch for running priv sep domains as the users context
|
||||||
- Turn off dontaudit rules when turning on allow_ypbind
|
- Turn off dontaudit rules when turning on allow_ypbind
|
||||||
- udev now reads /etc/modules.d directory
|
- udev now reads /etc/modules.d directory
|
||||||
@ -10322,7 +10322,7 @@ type in docker.te
|
|||||||
- Add ubac_constrained rules for chrome_sandbox
|
- Add ubac_constrained rules for chrome_sandbox
|
||||||
- Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra
|
- Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra
|
||||||
- Allow postgresql to be executed by the caller
|
- Allow postgresql to be executed by the caller
|
||||||
- Standardize interfaces of daemons
|
- Standardize interfaces of daemons
|
||||||
- Add new labeling for mm-handler
|
- Add new labeling for mm-handler
|
||||||
- Allow all matahari domains to read network state and etc_runtime_t files
|
- Allow all matahari domains to read network state and etc_runtime_t files
|
||||||
|
|
||||||
@ -10439,7 +10439,7 @@ type in docker.te
|
|||||||
|
|
||||||
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-57
|
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-57
|
||||||
- Pulseaudio changes
|
- Pulseaudio changes
|
||||||
- Merge patches
|
- Merge patches
|
||||||
|
|
||||||
* Thu Nov 10 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-56
|
* Thu Nov 10 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-56
|
||||||
- Merge patches back into git repository.
|
- Merge patches back into git repository.
|
||||||
@ -10484,7 +10484,7 @@ type in docker.te
|
|||||||
- Check in fixed for Chrome nacl support
|
- Check in fixed for Chrome nacl support
|
||||||
|
|
||||||
* Thu Oct 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-51
|
* Thu Oct 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-51
|
||||||
- Begin removing qemu_t domain, we really no longer need this domain.
|
- Begin removing qemu_t domain, we really no longer need this domain.
|
||||||
- systemd_passwd needs dac_overide to communicate with users TTY's
|
- systemd_passwd needs dac_overide to communicate with users TTY's
|
||||||
- Allow svirt_lxc domains to send kill signals within their container
|
- Allow svirt_lxc domains to send kill signals within their container
|
||||||
|
|
||||||
@ -10492,7 +10492,7 @@ type in docker.te
|
|||||||
- Remove qemu.pp again without causing a crash
|
- Remove qemu.pp again without causing a crash
|
||||||
|
|
||||||
* Wed Oct 26 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-50.1
|
* Wed Oct 26 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-50.1
|
||||||
- Remove qemu.pp, everything should use svirt_t or stay in its current domain
|
- Remove qemu.pp, everything should use svirt_t or stay in its current domain
|
||||||
|
|
||||||
* Wed Oct 26 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-50
|
* Wed Oct 26 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-50
|
||||||
- Allow policykit to talk to the systemd via dbus
|
- Allow policykit to talk to the systemd via dbus
|
||||||
@ -10572,7 +10572,7 @@ type in docker.te
|
|||||||
- Don't check md5 size or mtime on certain config files
|
- Don't check md5 size or mtime on certain config files
|
||||||
|
|
||||||
* Tue Oct 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.1
|
* Tue Oct 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.1
|
||||||
- Remove allow_ptrace and replace it with deny_ptrace, which will remove all
|
- Remove allow_ptrace and replace it with deny_ptrace, which will remove all
|
||||||
ptrace from the system
|
ptrace from the system
|
||||||
- Remove 2000 dontaudit rules between confined domains on transition
|
- Remove 2000 dontaudit rules between confined domains on transition
|
||||||
and replace with single
|
and replace with single
|
||||||
@ -10799,7 +10799,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
|
|||||||
|
|
||||||
* Wed Aug 10 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-17
|
* Wed Aug 10 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-17
|
||||||
- livecd fixes
|
- livecd fixes
|
||||||
- spec file fixes
|
- spec file fixes
|
||||||
|
|
||||||
* Thu Aug 4 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-16
|
* Thu Aug 4 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-16
|
||||||
- fetchmail can use kerberos
|
- fetchmail can use kerberos
|
||||||
@ -10876,7 +10876,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
|
|||||||
- Allow asterisk to read /dev/random if it uses TLS
|
- Allow asterisk to read /dev/random if it uses TLS
|
||||||
- Allow colord to read ini files which are labeled as bin_t
|
- Allow colord to read ini files which are labeled as bin_t
|
||||||
- Allow dirsrvadmin sys_resource and setrlimit to use ulimit
|
- Allow dirsrvadmin sys_resource and setrlimit to use ulimit
|
||||||
- Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first.
|
- Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first.
|
||||||
- Also lists /var and /var/spool directories
|
- Also lists /var and /var/spool directories
|
||||||
- Add openl2tpd to l2tpd policy
|
- Add openl2tpd to l2tpd policy
|
||||||
- qpidd is reading the sysfs file
|
- qpidd is reading the sysfs file
|
||||||
@ -10917,7 +10917,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
|
|||||||
* Wed Jun 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-27
|
* Wed Jun 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-27
|
||||||
- Fixes for zabbix
|
- Fixes for zabbix
|
||||||
- init script needs to be able to manage sanlock_var_run_...
|
- init script needs to be able to manage sanlock_var_run_...
|
||||||
- Allow sandlock and wdmd to create /var/run directories...
|
- Allow sandlock and wdmd to create /var/run directories...
|
||||||
- mixclip.so has been compiled correctly
|
- mixclip.so has been compiled correctly
|
||||||
- Fix passenger policy module name
|
- Fix passenger policy module name
|
||||||
|
|
||||||
@ -11014,17 +11014,17 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
|
|||||||
- Virt_admin should be allowed to manage images and processes
|
- Virt_admin should be allowed to manage images and processes
|
||||||
|
|
||||||
* Fri Apr 15 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-15
|
* Fri Apr 15 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-15
|
||||||
- xdm_t needs getsession for switch user
|
- xdm_t needs getsession for switch user
|
||||||
- Every app that used to exec init is now execing systemdctl
|
- Every app that used to exec init is now execing systemdctl
|
||||||
- Allow squid to manage krb5_host_rcache_t files
|
- Allow squid to manage krb5_host_rcache_t files
|
||||||
- Allow foghorn to connect to agentx port - Fixes for colord policy
|
- Allow foghorn to connect to agentx port - Fixes for colord policy
|
||||||
|
|
||||||
* Mon Apr 11 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-14
|
* Mon Apr 11 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-14
|
||||||
- Add Dan's patch to remove 64 bit variants
|
- Add Dan's patch to remove 64 bit variants
|
||||||
- Allow colord to use unix_dgram_socket
|
- Allow colord to use unix_dgram_socket
|
||||||
- Allow apps that search pids to read /var/run if it is a lnk_file
|
- Allow apps that search pids to read /var/run if it is a lnk_file
|
||||||
- iscsid_t creates its own directory
|
- iscsid_t creates its own directory
|
||||||
- Allow init to list var_lock_t dir
|
- Allow init to list var_lock_t dir
|
||||||
- apm needs to verify user accounts auth_use_nsswitch
|
- apm needs to verify user accounts auth_use_nsswitch
|
||||||
- Add labeling for systemd unit files
|
- Add labeling for systemd unit files
|
||||||
- Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added
|
- Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added
|
||||||
@ -11074,7 +11074,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
|
|||||||
* Wed Mar 23 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-6
|
* Wed Mar 23 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-6
|
||||||
- Remove some unconfined domains
|
- Remove some unconfined domains
|
||||||
- Remove permissive domains
|
- Remove permissive domains
|
||||||
- Add policy-term.patch from Dan
|
- Add policy-term.patch from Dan
|
||||||
|
|
||||||
* Thu Mar 17 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-5
|
* Thu Mar 17 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-5
|
||||||
- Fix multiple specification for boot.log
|
- Fix multiple specification for boot.log
|
||||||
@ -11212,7 +11212,7 @@ assembled or disassembled.
|
|||||||
* Thu Jan 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-6
|
* Thu Jan 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-6
|
||||||
- Fix xserver_dontaudit_read_xdm_pid
|
- Fix xserver_dontaudit_read_xdm_pid
|
||||||
- Change oracle_port_t to oracledb_port_t to prevent conflict with satellite
|
- Change oracle_port_t to oracledb_port_t to prevent conflict with satellite
|
||||||
- Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file.
|
- Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file.
|
||||||
* These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t
|
* These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t
|
||||||
- Allow readahead to manage readahead pid dirs
|
- Allow readahead to manage readahead pid dirs
|
||||||
- Allow readahead to read all mcs levels
|
- Allow readahead to read all mcs levels
|
||||||
@ -11305,7 +11305,7 @@ assembled or disassembled.
|
|||||||
- fix name of plymouth log file
|
- fix name of plymouth log file
|
||||||
- teamviewer is a wine app
|
- teamviewer is a wine app
|
||||||
- allow dmesg to read system state
|
- allow dmesg to read system state
|
||||||
- Stop labeling files under /var/lib/mock so restorecon will not go into this
|
- Stop labeling files under /var/lib/mock so restorecon will not go into this
|
||||||
- nsplugin needs to read network state for google talk
|
- nsplugin needs to read network state for google talk
|
||||||
|
|
||||||
* Thu Dec 23 2010 Dan Walsh <dwalsh@redhat.com> 3.9.12-3
|
* Thu Dec 23 2010 Dan Walsh <dwalsh@redhat.com> 3.9.12-3
|
||||||
@ -11528,7 +11528,7 @@ assembled or disassembled.
|
|||||||
- Fix label on /var/log/wicd.log
|
- Fix label on /var/log/wicd.log
|
||||||
- Transition to initrc_t from init when executing bin_t
|
- Transition to initrc_t from init when executing bin_t
|
||||||
- Add audit_access permissions to file
|
- Add audit_access permissions to file
|
||||||
- Make removable_t a device_node
|
- Make removable_t a device_node
|
||||||
- Fix label on /lib/systemd/*
|
- Fix label on /lib/systemd/*
|
||||||
|
|
||||||
* Fri Oct 22 2010 Dan Walsh <dwalsh@redhat.com> 3.9.7-6
|
* Fri Oct 22 2010 Dan Walsh <dwalsh@redhat.com> 3.9.7-6
|
||||||
@ -11604,8 +11604,8 @@ assembled or disassembled.
|
|||||||
- Add /etc/localtime as locale file context
|
- Add /etc/localtime as locale file context
|
||||||
|
|
||||||
* Thu Sep 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-9
|
* Thu Sep 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-9
|
||||||
- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user
|
- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user
|
||||||
- Turn off iptables from unconfined user
|
- Turn off iptables from unconfined user
|
||||||
- Allow sudo to send signals to any domains the user could have transitioned to.
|
- Allow sudo to send signals to any domains the user could have transitioned to.
|
||||||
- Passwd in single user mode needs to talk to console_device_t
|
- Passwd in single user mode needs to talk to console_device_t
|
||||||
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
|
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
|
||||||
@ -11687,7 +11687,7 @@ Bz #637339
|
|||||||
Allow iptables to read shorewall tmp files
|
Allow iptables to read shorewall tmp files
|
||||||
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
|
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
|
||||||
intd
|
intd
|
||||||
label vlc as an execmem_exec_t
|
label vlc as an execmem_exec_t
|
||||||
Lots of fixes for mozilla_plugin to run google vidio chat
|
Lots of fixes for mozilla_plugin to run google vidio chat
|
||||||
Allow telepath_msn to execute ldconfig and its own tmp files
|
Allow telepath_msn to execute ldconfig and its own tmp files
|
||||||
Fix labels on hugepages
|
Fix labels on hugepages
|
||||||
@ -11766,7 +11766,7 @@ Add boolean to allow icecast to connect to any port
|
|||||||
|
|
||||||
* Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-10
|
* Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-10
|
||||||
- Allow pcscd to read sysfs
|
- Allow pcscd to read sysfs
|
||||||
- systemd fixes
|
- systemd fixes
|
||||||
- Fix wine_mmap_zero_ignore boolean
|
- Fix wine_mmap_zero_ignore boolean
|
||||||
|
|
||||||
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-9
|
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-9
|
||||||
@ -11967,7 +11967,7 @@ Resolves: #585963
|
|||||||
- Allow rlogind_t to search /root for .rhosts
|
- Allow rlogind_t to search /root for .rhosts
|
||||||
Resolves: #582760
|
Resolves: #582760
|
||||||
- Fix path for cached_var_t
|
- Fix path for cached_var_t
|
||||||
- Fix prelink paths /var/lib/prelink
|
- Fix prelink paths /var/lib/prelink
|
||||||
- Allow confined users to direct_dri
|
- Allow confined users to direct_dri
|
||||||
- Allow mls lvm/cryptosetup to work
|
- Allow mls lvm/cryptosetup to work
|
||||||
|
|
||||||
@ -12025,7 +12025,7 @@ Resolves: #582145
|
|||||||
- Fixes for labels during install from livecd
|
- Fixes for labels during install from livecd
|
||||||
|
|
||||||
* Thu Apr 1 2010 Dan Walsh <dwalsh@redhat.com> 3.7.17-4
|
* Thu Apr 1 2010 Dan Walsh <dwalsh@redhat.com> 3.7.17-4
|
||||||
- Fix /cgroup file context
|
- Fix /cgroup file context
|
||||||
- Fix broken afs use of unlabled_t
|
- Fix broken afs use of unlabled_t
|
||||||
- Allow getty to use the console for s390
|
- Allow getty to use the console for s390
|
||||||
|
|
||||||
@ -12164,7 +12164,7 @@ Resolves: #582145
|
|||||||
- Merge with upstream
|
- Merge with upstream
|
||||||
|
|
||||||
* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-11
|
* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-11
|
||||||
- Allow sandbox to work with MLS
|
- Allow sandbox to work with MLS
|
||||||
|
|
||||||
* Tue Feb 9 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-9
|
* Tue Feb 9 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-9
|
||||||
- Make Chrome work with staff user
|
- Make Chrome work with staff user
|
||||||
@ -12188,7 +12188,7 @@ Resolves: #582145
|
|||||||
|
|
||||||
* Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-3
|
* Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-3
|
||||||
- Allow abrt_helper to getattr on all filesystems
|
- Allow abrt_helper to getattr on all filesystems
|
||||||
- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so
|
- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so
|
||||||
|
|
||||||
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-2
|
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-2
|
||||||
- Add gstreamer_home_t for ~/.gstreamer
|
- Add gstreamer_home_t for ~/.gstreamer
|
||||||
@ -12304,7 +12304,7 @@ Resolves: #582145
|
|||||||
- Fix request_module line to module_request
|
- Fix request_module line to module_request
|
||||||
|
|
||||||
* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-3
|
* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-3
|
||||||
- Fix sandbox policy to allow it to run under firefox.
|
- Fix sandbox policy to allow it to run under firefox.
|
||||||
- Dont audit leaks.
|
- Dont audit leaks.
|
||||||
|
|
||||||
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-2
|
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-2
|
||||||
@ -12342,7 +12342,7 @@ Resolves: #582145
|
|||||||
- Allow xserver to use netlink_kobject_uevent_socket
|
- Allow xserver to use netlink_kobject_uevent_socket
|
||||||
|
|
||||||
* Thu Sep 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-3
|
* Thu Sep 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-3
|
||||||
- Fixes for sandbox
|
- Fixes for sandbox
|
||||||
|
|
||||||
* Mon Aug 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-2
|
* Mon Aug 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-2
|
||||||
- Dontaudit setroubleshootfix looking at /root directory
|
- Dontaudit setroubleshootfix looking at /root directory
|
||||||
@ -12390,7 +12390,7 @@ Resolves: #582145
|
|||||||
- Add policycoreutils-python to pre install
|
- Add policycoreutils-python to pre install
|
||||||
|
|
||||||
* Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-11
|
* Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-11
|
||||||
- Make all unconfined_domains permissive so we can see what AVC's happen
|
- Make all unconfined_domains permissive so we can see what AVC's happen
|
||||||
|
|
||||||
* Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-10
|
* Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-10
|
||||||
- Add pt_chown policy
|
- Add pt_chown policy
|
||||||
@ -12509,7 +12509,7 @@ Resolves: #582145
|
|||||||
- Allow setroubleshoot to run mlocate
|
- Allow setroubleshoot to run mlocate
|
||||||
|
|
||||||
* Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.14-1
|
* Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.14-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
|
|
||||||
* Tue Jun 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.13-3
|
* Tue Jun 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.13-3
|
||||||
- Add fish as a shell
|
- Add fish as a shell
|
||||||
@ -12749,7 +12749,7 @@ Resolves: #582145
|
|||||||
- Add git web policy
|
- Add git web policy
|
||||||
|
|
||||||
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-1
|
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-1
|
||||||
- Add setrans contains from upstream
|
- Add setrans contains from upstream
|
||||||
|
|
||||||
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-6
|
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-6
|
||||||
- Do transitions outside of the booleans
|
- Do transitions outside of the booleans
|
||||||
@ -12767,7 +12767,7 @@ Resolves: #582145
|
|||||||
- More fixes for devicekit
|
- More fixes for devicekit
|
||||||
|
|
||||||
* Tue Feb 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-1
|
* Tue Feb 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-1
|
||||||
- Upgrade to latest upstream
|
- Upgrade to latest upstream
|
||||||
|
|
||||||
* Mon Feb 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-13
|
* Mon Feb 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-13
|
||||||
- Add boolean to disallow unconfined_t login
|
- Add boolean to disallow unconfined_t login
|
||||||
@ -12782,7 +12782,7 @@ Resolves: #582145
|
|||||||
- Fixes for wicd daemon
|
- Fixes for wicd daemon
|
||||||
|
|
||||||
* Mon Jan 26 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-9
|
* Mon Jan 26 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-9
|
||||||
- More mls/rpm fixes
|
- More mls/rpm fixes
|
||||||
|
|
||||||
* Fri Jan 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-8
|
* Fri Jan 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-8
|
||||||
- Add policy to make dbus/nm-applet work
|
- Add policy to make dbus/nm-applet work
|
||||||
@ -12845,7 +12845,7 @@ Resolves: #582145
|
|||||||
* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-7
|
* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-7
|
||||||
- Allow iptables to talk to terminals
|
- Allow iptables to talk to terminals
|
||||||
- Fixes for policy kit
|
- Fixes for policy kit
|
||||||
- lots of fixes for booting.
|
- lots of fixes for booting.
|
||||||
|
|
||||||
* Wed Dec 3 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-4
|
* Wed Dec 3 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-4
|
||||||
- Cleanup policy
|
- Cleanup policy
|
||||||
@ -12861,7 +12861,7 @@ Resolves: #582145
|
|||||||
|
|
||||||
* Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-17
|
* Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-17
|
||||||
- Allow lvm to dbus chat with hal
|
- Allow lvm to dbus chat with hal
|
||||||
- Allow rlogind to read nfs_t
|
- Allow rlogind to read nfs_t
|
||||||
|
|
||||||
* Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-16
|
* Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-16
|
||||||
- Fix cyphesis file context
|
- Fix cyphesis file context
|
||||||
@ -12884,7 +12884,7 @@ Resolves: #582145
|
|||||||
- Add certmaster policy
|
- Add certmaster policy
|
||||||
|
|
||||||
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
|
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
|
||||||
- Fix confined users
|
- Fix confined users
|
||||||
- Allow xguest to read/write xguest_dbusd_t
|
- Allow xguest to read/write xguest_dbusd_t
|
||||||
|
|
||||||
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9
|
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9
|
||||||
@ -12912,7 +12912,7 @@ Resolves: #582145
|
|||||||
- Fix dovecot access
|
- Fix dovecot access
|
||||||
|
|
||||||
* Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-1
|
* Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-1
|
||||||
- Policy cleanup
|
- Policy cleanup
|
||||||
|
|
||||||
* Thu Oct 16 2008 Dan Walsh <dwalsh@redhat.com> 3.5.12-3
|
* Thu Oct 16 2008 Dan Walsh <dwalsh@redhat.com> 3.5.12-3
|
||||||
- Remove Multiple spec
|
- Remove Multiple spec
|
||||||
@ -12929,7 +12929,7 @@ Resolves: #582145
|
|||||||
- Update to upstream policy
|
- Update to upstream policy
|
||||||
|
|
||||||
* Mon Oct 6 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-3
|
* Mon Oct 6 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-3
|
||||||
- Fixes for confined xwindows and xdm_t
|
- Fixes for confined xwindows and xdm_t
|
||||||
|
|
||||||
* Fri Oct 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-2
|
* Fri Oct 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-2
|
||||||
- Allow confined users and xdm to exec wm
|
- Allow confined users and xdm to exec wm
|
||||||
@ -12940,7 +12940,7 @@ Resolves: #582145
|
|||||||
- Allow domains to search other domains keys, coverup kernel bug
|
- Allow domains to search other domains keys, coverup kernel bug
|
||||||
|
|
||||||
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-4
|
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-4
|
||||||
- Fix labeling for oracle
|
- Fix labeling for oracle
|
||||||
|
|
||||||
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-3
|
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-3
|
||||||
- Allow nsplugin to comminicate with xdm_tmp_t sock_file
|
- Allow nsplugin to comminicate with xdm_tmp_t sock_file
|
||||||
@ -13003,7 +13003,7 @@ Resolves: #582145
|
|||||||
- Update to upstream
|
- Update to upstream
|
||||||
|
|
||||||
* Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 3.5.3-1
|
* Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 3.5.3-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
|
|
||||||
* Sat Aug 2 2008 Dan Walsh <dwalsh@redhat.com> 3.5.2-2
|
* Sat Aug 2 2008 Dan Walsh <dwalsh@redhat.com> 3.5.2-2
|
||||||
- Allow system-config-selinux to work with policykit
|
- Allow system-config-selinux to work with policykit
|
||||||
@ -13075,7 +13075,7 @@ Resolves: #582145
|
|||||||
- Add /var/lib/selinux context
|
- Add /var/lib/selinux context
|
||||||
|
|
||||||
* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-1
|
* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
|
|
||||||
* Wed Jun 4 2008 Dan Walsh <dwalsh@redhat.com> 3.4.1-5
|
* Wed Jun 4 2008 Dan Walsh <dwalsh@redhat.com> 3.4.1-5
|
||||||
- Add livecd policy
|
- Add livecd policy
|
||||||
@ -13152,7 +13152,7 @@ Resolves: #582145
|
|||||||
- dontaudit setfiles reading links
|
- dontaudit setfiles reading links
|
||||||
- allow semanage sys_resource
|
- allow semanage sys_resource
|
||||||
- add allow_httpd_mod_auth_ntlm_winbind boolean
|
- add allow_httpd_mod_auth_ntlm_winbind boolean
|
||||||
- Allow privhome apps including dovecot read on nfs and cifs home
|
- Allow privhome apps including dovecot read on nfs and cifs home
|
||||||
dirs if the boolean is set
|
dirs if the boolean is set
|
||||||
|
|
||||||
* Tue Apr 1 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-27
|
* Tue Apr 1 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-27
|
||||||
@ -13177,14 +13177,14 @@ dirs if the boolean is set
|
|||||||
|
|
||||||
* Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-22
|
* Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-22
|
||||||
- Allow stunnel to transition to inetd children domains
|
- Allow stunnel to transition to inetd children domains
|
||||||
- Make unconfined_dbusd_t an unconfined domain
|
- Make unconfined_dbusd_t an unconfined domain
|
||||||
|
|
||||||
* Mon Mar 17 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-21
|
* Mon Mar 17 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-21
|
||||||
- Fixes for qemu/virtd
|
- Fixes for qemu/virtd
|
||||||
|
|
||||||
* Fri Mar 14 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-20
|
* Fri Mar 14 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-20
|
||||||
- Fix bug in mozilla policy to allow xguest transition
|
- Fix bug in mozilla policy to allow xguest transition
|
||||||
- This will fix the
|
- This will fix the
|
||||||
|
|
||||||
libsemanage.dbase_llist_query: could not find record value
|
libsemanage.dbase_llist_query: could not find record value
|
||||||
libsemanage.dbase_llist_query: could not query record value (No such file or
|
libsemanage.dbase_llist_query: could not query record value (No such file or
|
||||||
@ -13211,7 +13211,7 @@ directory)
|
|||||||
- Allow syslog to connect to mysql
|
- Allow syslog to connect to mysql
|
||||||
- Allow lvm to manage its own fifo_files
|
- Allow lvm to manage its own fifo_files
|
||||||
- Allow bugzilla to use ldap
|
- Allow bugzilla to use ldap
|
||||||
- More mls fixes
|
- More mls fixes
|
||||||
|
|
||||||
* Tue Mar 11 2008 Bill Nottingham <notting@redhat.com> 3.3.1-14
|
* Tue Mar 11 2008 Bill Nottingham <notting@redhat.com> 3.3.1-14
|
||||||
- fixes for init policy (#436988)
|
- fixes for init policy (#436988)
|
||||||
@ -13243,7 +13243,7 @@ directory)
|
|||||||
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-5
|
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-5
|
||||||
- Allow nsplugin_config execstack/execmem
|
- Allow nsplugin_config execstack/execmem
|
||||||
- Allow nsplugin_t to read alsa config
|
- Allow nsplugin_t to read alsa config
|
||||||
- Change apache to use user content
|
- Change apache to use user content
|
||||||
|
|
||||||
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-4
|
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-4
|
||||||
- Add cyphesis policy
|
- Add cyphesis policy
|
||||||
@ -13454,7 +13454,7 @@ directory)
|
|||||||
- Fix xguest to be able to connect to sound port
|
- Fix xguest to be able to connect to sound port
|
||||||
|
|
||||||
* Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-28
|
* Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-28
|
||||||
- Fixes for hald_mac
|
- Fixes for hald_mac
|
||||||
- Treat unconfined_home_dir_t as a home dir
|
- Treat unconfined_home_dir_t as a home dir
|
||||||
- dontaudit rhgb writes to fonts and root
|
- dontaudit rhgb writes to fonts and root
|
||||||
|
|
||||||
@ -13526,7 +13526,7 @@ directory)
|
|||||||
|
|
||||||
* Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-8
|
* Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-8
|
||||||
- Allow also to search var_lib
|
- Allow also to search var_lib
|
||||||
- New context for dbus launcher
|
- New context for dbus launcher
|
||||||
|
|
||||||
* Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-7
|
* Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-7
|
||||||
- Allow cupsd_config_t to read/write usb_device_t
|
- Allow cupsd_config_t to read/write usb_device_t
|
||||||
@ -13569,7 +13569,7 @@ directory)
|
|||||||
- Allow wine to run in system role
|
- Allow wine to run in system role
|
||||||
|
|
||||||
* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-5
|
* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-5
|
||||||
- Fix java labeling
|
- Fix java labeling
|
||||||
|
|
||||||
* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-4
|
* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-4
|
||||||
- Define user_home_type as home_type
|
- Define user_home_type as home_type
|
||||||
@ -13611,7 +13611,7 @@ directory)
|
|||||||
- Fix Makefile for building policy modules
|
- Fix Makefile for building policy modules
|
||||||
|
|
||||||
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-5
|
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-5
|
||||||
- Fix dhcpc startup of service
|
- Fix dhcpc startup of service
|
||||||
|
|
||||||
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-4
|
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-4
|
||||||
- Fix dbus chat to not happen for xguest and guest users
|
- Fix dbus chat to not happen for xguest and guest users
|
||||||
@ -13688,7 +13688,7 @@ directory)
|
|||||||
- Allow prelink to read kernel sysctls
|
- Allow prelink to read kernel sysctls
|
||||||
|
|
||||||
* Mon Jul 2 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-5
|
* Mon Jul 2 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-5
|
||||||
- Default to user_u:system_r:unconfined_t
|
- Default to user_u:system_r:unconfined_t
|
||||||
|
|
||||||
* Sun Jul 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-4
|
* Sun Jul 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-4
|
||||||
- fix squid
|
- fix squid
|
||||||
@ -13705,7 +13705,7 @@ directory)
|
|||||||
- Remove ifdef strict policy from upstream
|
- Remove ifdef strict policy from upstream
|
||||||
|
|
||||||
* Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-3
|
* Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-3
|
||||||
- Remove ifdef strict to allow user_u to login
|
- Remove ifdef strict to allow user_u to login
|
||||||
|
|
||||||
* Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-2
|
* Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-2
|
||||||
- Fix for amands
|
- Fix for amands
|
||||||
@ -13721,7 +13721,7 @@ directory)
|
|||||||
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-5
|
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-5
|
||||||
- More fixes for alsactl
|
- More fixes for alsactl
|
||||||
- Transition from hal and modutils
|
- Transition from hal and modutils
|
||||||
- Fixes for suspend resume.
|
- Fixes for suspend resume.
|
||||||
- insmod domtrans to alsactl
|
- insmod domtrans to alsactl
|
||||||
- insmod writes to hal log
|
- insmod writes to hal log
|
||||||
|
|
||||||
@ -13897,7 +13897,7 @@ Resolves: #227237
|
|||||||
|
|
||||||
* Sun Feb 4 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-5
|
* Sun Feb 4 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-5
|
||||||
- Fix ssh_agent to be marked as an executable
|
- Fix ssh_agent to be marked as an executable
|
||||||
- Allow Hal to rw sound device
|
- Allow Hal to rw sound device
|
||||||
|
|
||||||
* Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-4
|
* Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-4
|
||||||
- Fix spamassisin so crond can update spam files
|
- Fix spamassisin so crond can update spam files
|
||||||
@ -13919,7 +13919,7 @@ Resolves: #227237
|
|||||||
- Continue fixing, additional user domains
|
- Continue fixing, additional user domains
|
||||||
|
|
||||||
* Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-4
|
* Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-4
|
||||||
- Begin adding user confinement to targeted policy
|
- Begin adding user confinement to targeted policy
|
||||||
|
|
||||||
* Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-2
|
* Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-2
|
||||||
- Fixes for prelink, ktalkd, netlabel
|
- Fixes for prelink, ktalkd, netlabel
|
||||||
@ -13966,7 +13966,7 @@ Resolves: #220080
|
|||||||
Resolves: #219999
|
Resolves: #219999
|
||||||
|
|
||||||
* Thu Dec 14 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-14
|
* Thu Dec 14 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-14
|
||||||
- Allow cron to polyinstatiate
|
- Allow cron to polyinstatiate
|
||||||
- Fix creation of boot flags
|
- Fix creation of boot flags
|
||||||
Resolves: #207433
|
Resolves: #207433
|
||||||
|
|
||||||
@ -14020,7 +14020,7 @@ Resolves: #216184
|
|||||||
Resolves: #212957
|
Resolves: #212957
|
||||||
|
|
||||||
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-1
|
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-1
|
||||||
- Dontaudit appending hal_var_lib files
|
- Dontaudit appending hal_var_lib files
|
||||||
Resolves: #217452
|
Resolves: #217452
|
||||||
Resolves: #217571
|
Resolves: #217571
|
||||||
Resolves: #217611
|
Resolves: #217611
|
||||||
@ -14068,7 +14068,7 @@ Resolves: #217725
|
|||||||
- Allow xen to search automount
|
- Allow xen to search automount
|
||||||
|
|
||||||
* Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-7
|
* Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-7
|
||||||
- Fix spec of jre files
|
- Fix spec of jre files
|
||||||
|
|
||||||
* Wed Nov 8 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-6
|
* Wed Nov 8 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-6
|
||||||
- Fix unconfined access to shadow file
|
- Fix unconfined access to shadow file
|
||||||
@ -14129,7 +14129,7 @@ Resolves: #217725
|
|||||||
- Update xen to read nfs files
|
- Update xen to read nfs files
|
||||||
|
|
||||||
* Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-4
|
* Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-4
|
||||||
- Allow noxattrfs to associate with other noxattrfs
|
- Allow noxattrfs to associate with other noxattrfs
|
||||||
|
|
||||||
* Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-3
|
* Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-3
|
||||||
- Allow hal to use power_device_t
|
- Allow hal to use power_device_t
|
||||||
@ -14222,10 +14222,10 @@ Resolves: #217725
|
|||||||
- Update with upstream
|
- Update with upstream
|
||||||
|
|
||||||
* Mon Sep 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-2
|
* Mon Sep 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-2
|
||||||
- mls fixes
|
- mls fixes
|
||||||
|
|
||||||
* Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-1
|
* Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-1
|
||||||
- Update from upstream
|
- Update from upstream
|
||||||
|
|
||||||
* Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.14-8
|
* Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.14-8
|
||||||
- More fixes for mls
|
- More fixes for mls
|
||||||
@ -14262,7 +14262,7 @@ Resolves: #217725
|
|||||||
|
|
||||||
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-3
|
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-3
|
||||||
- Fix location of xel log files
|
- Fix location of xel log files
|
||||||
- Fix handling of sysadm_r -> rpm_exec_t
|
- Fix handling of sysadm_r -> rpm_exec_t
|
||||||
|
|
||||||
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-2
|
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-2
|
||||||
- Fixes for autofs, lp
|
- Fixes for autofs, lp
|
||||||
@ -14320,7 +14320,7 @@ Resolves: #217725
|
|||||||
- More java fixes
|
- More java fixes
|
||||||
|
|
||||||
* Fri Aug 11 2006 Dan Walsh <dwalsh@redhat.com> 2.3.6-4
|
* Fri Aug 11 2006 Dan Walsh <dwalsh@redhat.com> 2.3.6-4
|
||||||
- Change allow_execstack to default to on, for RHEL5 Beta.
|
- Change allow_execstack to default to on, for RHEL5 Beta.
|
||||||
This is required because of a Java compiler problem.
|
This is required because of a Java compiler problem.
|
||||||
Hope to turn off for next beta
|
Hope to turn off for next beta
|
||||||
|
|
||||||
@ -14347,7 +14347,7 @@ Resolves: #217725
|
|||||||
|
|
||||||
* Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-18
|
* Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-18
|
||||||
- yet more xen rules
|
- yet more xen rules
|
||||||
|
|
||||||
* Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-17
|
* Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-17
|
||||||
- more xen rules
|
- more xen rules
|
||||||
|
|
||||||
@ -14367,7 +14367,7 @@ Resolves: #217725
|
|||||||
- fixes for setroubleshoot
|
- fixes for setroubleshoot
|
||||||
|
|
||||||
* Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
|
* Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
|
||||||
- Added Paul Howarth patch to only load policy packages shipped
|
- Added Paul Howarth patch to only load policy packages shipped
|
||||||
with this package
|
with this package
|
||||||
- Allow pidof from initrc to ptrace higher level domains
|
- Allow pidof from initrc to ptrace higher level domains
|
||||||
- Allow firstboot to communicate with hal via dbus
|
- Allow firstboot to communicate with hal via dbus
|
||||||
@ -14763,7 +14763,7 @@ Resolves: #217725
|
|||||||
- Fix semoudle polcy
|
- Fix semoudle polcy
|
||||||
|
|
||||||
* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> 2.2.16-1
|
* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> 2.2.16-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
- fix sysconfig/selinux link
|
- fix sysconfig/selinux link
|
||||||
|
|
||||||
* Wed Feb 15 2006 Dan Walsh <dwalsh@redhat.com> 2.2.15-4
|
* Wed Feb 15 2006 Dan Walsh <dwalsh@redhat.com> 2.2.15-4
|
||||||
@ -14826,7 +14826,7 @@ Resolves: #217725
|
|||||||
- Put back in changes for pup/zen
|
- Put back in changes for pup/zen
|
||||||
|
|
||||||
* Tue Jan 24 2006 Dan Walsh <dwalsh@redhat.com> 2.2.5-1
|
* Tue Jan 24 2006 Dan Walsh <dwalsh@redhat.com> 2.2.5-1
|
||||||
- Many changes for MLS
|
- Many changes for MLS
|
||||||
- Turn on strict policy
|
- Turn on strict policy
|
||||||
|
|
||||||
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 2.2.4-1
|
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 2.2.4-1
|
||||||
@ -14876,7 +14876,7 @@ Resolves: #217725
|
|||||||
|
|
||||||
* Mon Jan 9 2006 Dan Walsh <dwalsh@redhat.com> 2.1.8-1
|
* Mon Jan 9 2006 Dan Walsh <dwalsh@redhat.com> 2.1.8-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
- Apply
|
- Apply
|
||||||
* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 2.1.7-4
|
* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 2.1.7-4
|
||||||
- Add wine and fix hal problems
|
- Add wine and fix hal problems
|
||||||
|
|
||||||
@ -14947,7 +14947,7 @@ Resolves: #217725
|
|||||||
- Fixes to start kernel in s0-s15:c0.c255
|
- Fixes to start kernel in s0-s15:c0.c255
|
||||||
|
|
||||||
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-3
|
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-3
|
||||||
- Add java unconfined/execmem policy
|
- Add java unconfined/execmem policy
|
||||||
|
|
||||||
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-2
|
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-2
|
||||||
- Add file context for /var/cvs
|
- Add file context for /var/cvs
|
||||||
@ -14976,7 +14976,7 @@ Resolves: #217725
|
|||||||
- Allow unconfined_t to execmod texrel_shlib_t
|
- Allow unconfined_t to execmod texrel_shlib_t
|
||||||
|
|
||||||
* Sat Dec 10 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
|
* Sat Dec 10 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
- Turn off allow_execmem and allow_execmod booleans
|
- Turn off allow_execmem and allow_execmod booleans
|
||||||
- Add tcpd and automount policies
|
- Add tcpd and automount policies
|
||||||
|
|
||||||
@ -15024,7 +15024,7 @@ Update from upstream
|
|||||||
- Fixes for dovecot and saslauthd
|
- Fixes for dovecot and saslauthd
|
||||||
|
|
||||||
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 2.0.5-4
|
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 2.0.5-4
|
||||||
- Cleanup pegasus and named
|
- Cleanup pegasus and named
|
||||||
- Fix spec file
|
- Fix spec file
|
||||||
- Fix up passwd changing applications
|
- Fix up passwd changing applications
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user