Remove trailing whitespaces

This commit is contained in:
Vit Mojzis 2020-10-12 10:02:20 +02:00
parent e99b0bae28
commit fe20768333
2 changed files with 141 additions and 142 deletions

View File

@ -20,7 +20,7 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib )
origin/rawhide origin/rawhide
$ cd selinux-policy-contrib $ cd selinux-policy-contrib
$ git remote -v $ git remote -v
origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch) origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
$ git branch -r $ git branch -r
@ -38,13 +38,13 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
## Build process ## Build process
1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository 1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
$ cd ~/devel/github $ cd ~/devel/github
$ git clone git@github.com:fedora-selinux/selinux-policy.git $ git clone git@github.com:fedora-selinux/selinux-policy.git
$ cd selinux-policy $ cd selinux-policy
2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository 2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
$ cd ~/devel/github $ cd ~/devel/github
$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git $ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
$ cd selinux-policy-contrib $ cd selinux-policy-contrib
@ -54,7 +54,7 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
4. clone **selinux-policy** dist-git repository 4. clone **selinux-policy** dist-git repository
$ cd ~/devel/dist-git $ cd ~/devel/dist-git
$ fedpkg clone selinux-policy $ fedpkg clone selinux-policy
$ cd selinux-policy $ cd selinux-policy
4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories 4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
@ -63,6 +63,5 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push 5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
6. build the package 6. build the package
$ fedpkg build
$ fedpkg build

View File

@ -79,12 +79,12 @@ Requires: selinux-policy-any = %{version}-%{release}
Provides: selinux-policy-base = %{version}-%{release} Provides: selinux-policy-base = %{version}-%{release}
Suggests: selinux-policy-targeted Suggests: selinux-policy-targeted
%description %description
SELinux core policy package. SELinux core policy package.
Originally based off of reference policy, Originally based off of reference policy,
the policy has been adjusted to provide support for Fedora. the policy has been adjusted to provide support for Fedora.
%files %files
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%dir %{_datadir}/selinux %dir %{_datadir}/selinux
@ -399,7 +399,7 @@ end
%build %build
%prep %prep
%setup -n %{name}-contrib-%{commit1} -q -b 29 %setup -n %{name}-contrib-%{commit1} -q -b 29
tar -xf %{SOURCE35} tar -xf %{SOURCE35}
contrib_path=`pwd` contrib_path=`pwd`
@ -525,13 +525,13 @@ echo "
SELINUX=enforcing SELINUX=enforcing
# SELINUXTYPE= can take one of these three values: # SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected, # targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected. # minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection. # mls - Multi Level Security protection.
SELINUXTYPE=targeted SELINUXTYPE=targeted
" > %{_sysconfdir}/selinux/config " > %{_sysconfdir}/selinux/config
ln -sf ../selinux/config %{_sysconfdir}/sysconfig/selinux ln -sf ../selinux/config %{_sysconfdir}/sysconfig/selinux
%{_sbindir}/restorecon %{_sysconfdir}/selinux/config 2> /dev/null || : %{_sbindir}/restorecon %{_sysconfdir}/selinux/config 2> /dev/null || :
else else
. %{_sysconfdir}/selinux/config . %{_sysconfdir}/selinux/config
@ -630,7 +630,7 @@ exit 0
%files targeted -f %{buildroot}%{_datadir}/selinux/targeted/nonbasemodules.lst %files targeted -f %{buildroot}%{_datadir}/selinux/targeted/nonbasemodules.lst
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u %config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/sysadm_u %config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/sysadm_u
%fileList targeted %fileList targeted
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/targeted/active/modules/100/permissivedomains %verify(not md5 size mtime) %{_sharedstatedir}/selinux/targeted/active/modules/100/permissivedomains
%endif %endif
@ -733,12 +733,12 @@ exit 0
%files minimum -f %{buildroot}%{_datadir}/selinux/minimum/nonbasemodules.lst %files minimum -f %{buildroot}%{_datadir}/selinux/minimum/nonbasemodules.lst
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u
%fileList minimum %fileList minimum
%endif %endif
%if %{BUILD_MLS} %if %{BUILD_MLS}
%package mls %package mls
Summary: SELinux MLS policy Summary: SELinux MLS policy
Provides: selinux-policy-base = %{version}-%{release} Provides: selinux-policy-base = %{version}-%{release}
Obsoletes: selinux-policy-mls-sources < 2 Obsoletes: selinux-policy-mls-sources < 2
@ -750,16 +750,16 @@ Requires: selinux-policy = %{version}-%{release}
Conflicts: seedit Conflicts: seedit
Conflicts: container-selinux <= 1.9.0-9 Conflicts: container-selinux <= 1.9.0-9
%description mls %description mls
SELinux MLS (Multi Level Security) policy package. SELinux MLS (Multi Level Security) policy package.
%pretrans mls -p <lua> %pretrans mls -p <lua>
%backupConfigLua %backupConfigLua
%pre mls %pre mls
%preInstall mls %preInstall mls
%post mls %post mls
%checkConfigConsistency mls %checkConfigConsistency mls
%postInstall $1 mls %postInstall $1 mls
exit 0 exit 0
@ -2620,7 +2620,7 @@ Resolves: rhbz#1683365
* Tue May 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-19 * Tue May 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-19
- Increase dependency versions of policycoreutils and checkpolicy packages - Increase dependency versions of policycoreutils and checkpolicy packages
* Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-18 * Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-18
- Disable secure mode environment cleansing for dirsrv_t - Disable secure mode environment cleansing for dirsrv_t
@ -4883,7 +4883,7 @@ Resolves: rhbz#1314372
- Fix neverallow assertion for sys_module capability for openvswitch. - Fix neverallow assertion for sys_module capability for openvswitch.
- kernel_load_module() needs to be called out of boolean for svirt_lxc_net_t. - kernel_load_module() needs to be called out of boolean for svirt_lxc_net_t.
- Fix neverallow assertion for sys_module capability. - Fix neverallow assertion for sys_module capability.
- Add more attributes for sandbox domains to avoid neverallow assertion issues. - Add more attributes for sandbox domains to avoid neverallow assertion issues.
- Add neverallow asserition fixes related to storage. - Add neverallow asserition fixes related to storage.
- Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS - Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS
- Allow openhpid_t to read system state. - Allow openhpid_t to read system state.
@ -5171,7 +5171,7 @@ Resolves: rhbz#1314372
* Tue Jun 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-128 * Tue Jun 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-128
- Add ipsec_rw_inherited_pipes() interface. - Add ipsec_rw_inherited_pipes() interface.
- Allow ibus-x11 running as xdm_t to connect uder session buses. We already allow to connect to userdomains over unix_stream_socket. - Allow ibus-x11 running as xdm_t to connect uder session buses. We already allow to connect to userdomains over unix_stream_socket.
- Label /usr/libexec/Xorg.wrap as xserver_exec_t. - Label /usr/libexec/Xorg.wrap as xserver_exec_t.
- Allow systemd-networkd to bind dhcpc ports if DHCP=yes in *.network conf file. - Allow systemd-networkd to bind dhcpc ports if DHCP=yes in *.network conf file.
- Add fixes for selinux userspace moving the policy store to /var/lib/selinux. - Add fixes for selinux userspace moving the policy store to /var/lib/selinux.
@ -5179,13 +5179,13 @@ Resolves: rhbz#1314372
- Label all gluster hooks in /var/lib/gluster as bin_t. They are not created on the fly. - Label all gluster hooks in /var/lib/gluster as bin_t. They are not created on the fly.
- Access required to run with unconfine.pp disabled - Access required to run with unconfine.pp disabled
- Fix selinux_search_fs() interface. - Fix selinux_search_fs() interface.
- Update selinux_search_fs(domain) rule to have ability to search /etc/selinuc/ to check if /etc/selinux/config exists. - Update selinux_search_fs(domain) rule to have ability to search /etc/selinuc/ to check if /etc/selinux/config exists.
- Add seutil_search_config() interface. - Add seutil_search_config() interface.
- Make ssh-keygen as nsswitch domain to access SSSD. - Make ssh-keygen as nsswitch domain to access SSSD.
- Label ctdb events scripts as bin_t. - Label ctdb events scripts as bin_t.
- Add support for /usr/sbin/lvmpolld. - Add support for /usr/sbin/lvmpolld.
- Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint. - Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint.
- Add support for ~/.local/share/networkmanagement/certificates and update filename transitions rules. - Add support for ~/.local/share/networkmanagement/certificates and update filename transitions rules.
- Allow login_pgm domains to access kernel keyring for nsswitch domains. - Allow login_pgm domains to access kernel keyring for nsswitch domains.
- Allow hypervkvp to read /dev/urandom and read addition states/config files. - Allow hypervkvp to read /dev/urandom and read addition states/config files.
- Add cgdcbxd policy. - Add cgdcbxd policy.
@ -5200,26 +5200,26 @@ Resolves: rhbz#1314372
- Allow fowner capability for sssd because of selinux_child handling. - Allow fowner capability for sssd because of selinux_child handling.
- Allow pki-tomcat relabel pki_tomcat_etc_rw_t. - Allow pki-tomcat relabel pki_tomcat_etc_rw_t.
- Allow cluster domain to dbus chat with systemd-logind. - Allow cluster domain to dbus chat with systemd-logind.
- Allow tmpreaper_t to manage ntp log content - Allow tmpreaper_t to manage ntp log content
- Allow openvswitch_t to communicate with sssd. - Allow openvswitch_t to communicate with sssd.
- Allow isnsd_t to communicate with sssd. - Allow isnsd_t to communicate with sssd.
- Allow rwho_t to communicate with sssd. - Allow rwho_t to communicate with sssd.
- Allow pkcs_slotd_t to communicate with sssd. - Allow pkcs_slotd_t to communicate with sssd.
- Add httpd_var_lib_t label for roundcubemail - Add httpd_var_lib_t label for roundcubemail
- Allow puppetagent_t to transfer firewalld messages over dbus. - Allow puppetagent_t to transfer firewalld messages over dbus.
- Allow glusterd to have mknod capability. It creates a special file using mknod in a brick. - Allow glusterd to have mknod capability. It creates a special file using mknod in a brick.
- Update rules related to glusterd_brick_t. - Update rules related to glusterd_brick_t.
- Allow glusterd to execute lvm tools in the lvm_t target domain. - Allow glusterd to execute lvm tools in the lvm_t target domain.
- Allow glusterd to execute xfs_growfs in the target domain. - Allow glusterd to execute xfs_growfs in the target domain.
- Allow sysctl to have running under hypervkvp_t domain. - Allow sysctl to have running under hypervkvp_t domain.
- Allow smartdnotify to use user terminals. - Allow smartdnotify to use user terminals.
- Allow pcp domains to create root.socket in /var/lip/pcp directroy. - Allow pcp domains to create root.socket in /var/lip/pcp directroy.
- Allow NM to execute dnssec-trigger-script in dnssec_trigger_t domain. - Allow NM to execute dnssec-trigger-script in dnssec_trigger_t domain.
- Allow rpcbind to create rpcbind.xdr as a temporary file. - Allow rpcbind to create rpcbind.xdr as a temporary file.
- Allow dnssec-trigger connections to the system DBUS. It uses libnm-glib Python bindings. - Allow dnssec-trigger connections to the system DBUS. It uses libnm-glib Python bindings.
- Allow hostapd net_admin capability. hostapd needs to able to set an interface flag. - Allow hostapd net_admin capability. hostapd needs to able to set an interface flag.
- rsync server can be setup to send mail - rsync server can be setup to send mail
- Make "ostree admin upgrade -r" command which suppose to upgrade the system and reboot working again. - Make "ostree admin upgrade -r" command which suppose to upgrade the system and reboot working again.
- Remove ctdbd_manage_var_files() interface which is not used and is declared for the wrong type. - Remove ctdbd_manage_var_files() interface which is not used and is declared for the wrong type.
- Fix samba_load_libgfapi decl in samba.te. - Fix samba_load_libgfapi decl in samba.te.
- Fix typo in nagios_run_sudo() boolean. - Fix typo in nagios_run_sudo() boolean.
@ -5255,19 +5255,19 @@ Resolves: rhbz#1314372
- Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd. - Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd.
- Add glusterd_filetrans_named_pid() interface. - Add glusterd_filetrans_named_pid() interface.
- Allow antivirus_t to read system state info. - Allow antivirus_t to read system state info.
- Dontaudit use console for chrome-sandbox. - Dontaudit use console for chrome-sandbox.
- Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot. - Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot.
- Clamd needs to have fsetid capability. - Clamd needs to have fsetid capability.
- Allow cinder-backup to dbus chat with systemd-logind. - Allow cinder-backup to dbus chat with systemd-logind.
- Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files. - Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files.
- Allow gssd to access kernel keyring for login_pgm domains. - Allow gssd to access kernel keyring for login_pgm domains.
- Add more fixes related to timemaster+ntp+ptp4l. - Add more fixes related to timemaster+ntp+ptp4l.
- Allow docker sandbox domains to search all mountpoiunts - Allow docker sandbox domains to search all mountpoiunts
- update winbind_t rules to allow IPC for winbind. - update winbind_t rules to allow IPC for winbind.
- Add rpm_exec_t labeling for /usr/bin/dnf-automatic,/usr/bin/dnf-2 and /usr/bin/dnf-3. - Add rpm_exec_t labeling for /usr/bin/dnf-automatic,/usr/bin/dnf-2 and /usr/bin/dnf-3.
- Allow inet_gethost called by couchdb to access /proc/net/unix. - Allow inet_gethost called by couchdb to access /proc/net/unix.
- Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so - Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so
- Label /usr/bin/yum-deprecated as rpm_exec_t. - Label /usr/bin/yum-deprecated as rpm_exec_t.
* Tue May 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-127 * Tue May 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-127
- Add missing typealiases in apache_content_template() for script domain/executable. - Add missing typealiases in apache_content_template() for script domain/executable.
@ -5897,9 +5897,9 @@ Resolves: rhbz#1314372
- Allow mdadm to connect to own socket created by mdadm running as kernel_t. - Allow mdadm to connect to own socket created by mdadm running as kernel_t.
- Fix pkcs, Remove pkcs_lock_filetrans and Add files_search_locks - Fix pkcs, Remove pkcs_lock_filetrans and Add files_search_locks
- Allow bacula manage bacula_log_t dirs - Allow bacula manage bacula_log_t dirs
- Allow pkcs_slotd_t read /etc/passwd, Label /var/lock/opencryptoki as pkcs_slotd_lock_t - Allow pkcs_slotd_t read /etc/passwd, Label /var/lock/opencryptoki as pkcs_slotd_lock_t
- Fix mistakes keystone and quantum - Fix mistakes keystone and quantum
- Label neutron var run dir - Label neutron var run dir
- Label keystone var run dir - Label keystone var run dir
- Fix bad labeling for /usr/s?bin/(oo|rhc)-restorer-wrapper.sh in openshift.fc. - Fix bad labeling for /usr/s?bin/(oo|rhc)-restorer-wrapper.sh in openshift.fc.
- Dontaudit attempts to access check cert dirs/files for sssd. - Dontaudit attempts to access check cert dirs/files for sssd.
@ -5910,13 +5910,13 @@ Resolves: rhbz#1314372
- Label also /var/run/glusterd.socket file as gluster_var_run_t - Label also /var/run/glusterd.socket file as gluster_var_run_t
- Fix policy for pkcsslotd from opencryptoki - Fix policy for pkcsslotd from opencryptoki
- Update cockpik policy from cockpit usptream. - Update cockpik policy from cockpit usptream.
- Allow certmonger to exec ldconfig to make ipa-server-install working. - Allow certmonger to exec ldconfig to make ipa-server-install working.
- Added support for Naemon policy - Added support for Naemon policy
- Allow keepalived manage snmp files - Allow keepalived manage snmp files
- Add setpgid process to mip6d - Add setpgid process to mip6d
- remove duplicate rule - remove duplicate rule
- Allow postfix_smtpd to stream connect to antivirus - Allow postfix_smtpd to stream connect to antivirus
- Dontaudit list /tmp for icecast - Dontaudit list /tmp for icecast
- Allow zabbix domains to access /proc//net/dev. - Allow zabbix domains to access /proc//net/dev.
* Wed Jul 23 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-67 * Wed Jul 23 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-67
@ -5938,7 +5938,7 @@ Resolves: rhbz#1314372
* Fri Jul 18 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-65 * Fri Jul 18 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-65
- Allow sysadm to dbus chat with systemd - Allow sysadm to dbus chat with systemd
- Add logging_dontaudit_search_audit_logs() - Add logging_dontaudit_search_audit_logs()
- Add new files_read_all_mountpoint_symlinks() - Add new files_read_all_mountpoint_symlinks()
- Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo. - Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo.
- Allow ndc to read random and urandom device (#1110397) - Allow ndc to read random and urandom device (#1110397)
- Allow zabbix to read system network state - Allow zabbix to read system network state
@ -7176,7 +7176,7 @@ type in docker.te
- Add new attribute to discover confined_admins - Add new attribute to discover confined_admins
- Fix labeling for /etc/strongswan/ipsec.d - Fix labeling for /etc/strongswan/ipsec.d
- systemd_logind seems to pass fd to anyone who dbus communicates with it - systemd_logind seems to pass fd to anyone who dbus communicates with it
- Dontaudit leaked write descriptor to dmesg - Dontaudit leaked write descriptor to dmesg
* Mon Oct 14 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-89 * Mon Oct 14 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-89
- Fix gnome_read_generic_data_home_files() - Fix gnome_read_generic_data_home_files()
@ -7295,7 +7295,7 @@ type in docker.te
- Match upstream labeling - Match upstream labeling
* Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-83 * Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-83
- Do not build sanbox pkg on MLS - Do not build sanbox pkg on MLS
* Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-82 * Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-82
- wine_tmp is no longer needed - wine_tmp is no longer needed
@ -7451,7 +7451,7 @@ type in docker.te
- Add selinux-policy-sandbox pkg - Add selinux-policy-sandbox pkg
* Tue Aug 27 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-73 * Tue Aug 27 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-73
0 0
- Allow rhsmcertd to read init state - Allow rhsmcertd to read init state
- Allow fsetid for pkcsslotd - Allow fsetid for pkcsslotd
- Fix labeling for /usr/lib/systemd/system/pkcsslotd.service - Fix labeling for /usr/lib/systemd/system/pkcsslotd.service
@ -7742,17 +7742,17 @@ type in docker.te
- fix selinuxuser_use_ssh_chroot boolean - fix selinuxuser_use_ssh_chroot boolean
* Fri Jun 28 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-58 * Fri Jun 28 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-58
- Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean. - Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean.
- Allow bootloader to manage generic log files - Allow bootloader to manage generic log files
- Allow ftp to bind to port 989 - Allow ftp to bind to port 989
- Fix label of new gear directory - Fix label of new gear directory
- Add support for new directory /var/lib/openshift/gears/ - Add support for new directory /var/lib/openshift/gears/
- Add openshift_manage_lib_dirs() - Add openshift_manage_lib_dirs()
- allow virtd domains to manage setrans_var_run_t - allow virtd domains to manage setrans_var_run_t
- Allow useradd to manage all openshift content - Allow useradd to manage all openshift content
- Add support so that mozilla_plugin_t can use dri devices - Add support so that mozilla_plugin_t can use dri devices
- Allow chronyd to change the scheduler - Allow chronyd to change the scheduler
- Allow apmd to shut downthe system - Allow apmd to shut downthe system
- Devicekit_disk_t needs to manage /etc/fstab - Devicekit_disk_t needs to manage /etc/fstab
* Wed Jun 26 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-57 * Wed Jun 26 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-57
@ -8143,7 +8143,7 @@ type in docker.te
- label shared libraries in /opt/google/chrome as testrel_shlib_t - label shared libraries in /opt/google/chrome as testrel_shlib_t
* Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-34 * Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-34
- Allow certmonger to dbus communicate with realmd - Allow certmonger to dbus communicate with realmd
- Make realmd working - Make realmd working
* Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-33 * Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-33
@ -8162,7 +8162,7 @@ type in docker.te
- Allow sandbox domains to use inherted terminals - Allow sandbox domains to use inherted terminals
- Allow pscd to use devices labeled svirt_image_t in order to use cat cards. - Allow pscd to use devices labeled svirt_image_t in order to use cat cards.
- Add label for new alsa pid - Add label for new alsa pid
- Alsa now uses a pid file and needs to setsched - Alsa now uses a pid file and needs to setsched
- Fix oracleasmfs_t definition - Fix oracleasmfs_t definition
- Add support for sshd_unit_file_t - Add support for sshd_unit_file_t
- Add oracleasmfs_t - Add oracleasmfs_t
@ -8719,7 +8719,7 @@ type in docker.te
- Allow certwatch to read meminfo - Allow certwatch to read meminfo
- Fix nscd_dontaudit_write_sock_file() interfac - Fix nscd_dontaudit_write_sock_file() interfac
- Fix gnome_filetrans_home_content() to include also "fontconfig" dir as cache_home_t - Fix gnome_filetrans_home_content() to include also "fontconfig" dir as cache_home_t
- llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling - llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling
* Fri Jan 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3 * Fri Jan 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3
- Allow gnomeclock to talk to puppet over dbus - Allow gnomeclock to talk to puppet over dbus
@ -8878,7 +8878,7 @@ type in docker.te
- Allow firewalld to dbus chat with devicekit_power - Allow firewalld to dbus chat with devicekit_power
- Allow tuned to call lsblk - Allow tuned to call lsblk
- Allow tor to read /proc/sys/kernel/random/uuid - Allow tor to read /proc/sys/kernel/random/uuid
- Add tor_can_network_relay boolean - Add tor_can_network_relay boolean
* Wed Dec 5 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-60 * Wed Dec 5 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-60
- Add openshift_initrc_signal() interface - Add openshift_initrc_signal() interface
@ -8983,7 +8983,7 @@ type in docker.te
- Fix filetrans interface definitions - Fix filetrans interface definitions
- Dontaudit xdm_t to getattr on BOINC lib files - Dontaudit xdm_t to getattr on BOINC lib files
- Add systemd_reload_all_services() interface - Add systemd_reload_all_services() interface
- Dontaudit write access on /var/lib/net-snmp/mib_indexes - Dontaudit write access on /var/lib/net-snmp/mib_indexes
- Only stop mcsuntrustedproc from relableing files - Only stop mcsuntrustedproc from relableing files
- Allow accountsd to dbus chat with gdm - Allow accountsd to dbus chat with gdm
- Allow realmd to getattr on all fs - Allow realmd to getattr on all fs
@ -9148,7 +9148,7 @@ type in docker.te
- Clean up for tunable+optional statements - Clean up for tunable+optional statements
- Add labeling for /usr/sbin/mkhomedir_helper - Add labeling for /usr/sbin/mkhomedir_helper
- Allow antivirus domain to managa amavis spool files - Allow antivirus domain to managa amavis spool files
- Allow rpcbind_t to read passwd - Allow rpcbind_t to read passwd
- Allow pyzor running as spamc to manage amavis spool - Allow pyzor running as spamc to manage amavis spool
@ -9295,7 +9295,7 @@ type in docker.te
- Stop using attributes form netlabel_peer and syslog, auth_use_nsswitch setsup netlabel_peer - Stop using attributes form netlabel_peer and syslog, auth_use_nsswitch setsup netlabel_peer
- Move netlable_peer check out of booleans - Move netlable_peer check out of booleans
- Remove call to recvfrom_netlabel for kerberos call - Remove call to recvfrom_netlabel for kerberos call
- Remove use of attributes when calling syslog call - Remove use of attributes when calling syslog call
- Move -miscfiles_read_localization to domain.te to save hundreds of allow rules - Move -miscfiles_read_localization to domain.te to save hundreds of allow rules
- Allow all domains to read locale files. This eliminates around 1500 allow rules- Cleanup nis_use_ypbind_uncond interface - Allow all domains to read locale files. This eliminates around 1500 allow rules- Cleanup nis_use_ypbind_uncond interface
- Allow rndc to block suspend - Allow rndc to block suspend
@ -9375,7 +9375,7 @@ type in docker.te
* Fri Aug 31 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-15 * Fri Aug 31 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-15
- Separate sandbox policy into sandbox and sandboxX, and disable sandbox by default on fresh installs - Separate sandbox policy into sandbox and sandboxX, and disable sandbox by default on fresh installs
- Allow domains that can read etc_t to read etc_runtime_t - Allow domains that can read etc_t to read etc_runtime_t
- Allow all domains to use inherited tmpfiles - Allow all domains to use inherited tmpfiles
* Wed Aug 29 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-14 * Wed Aug 29 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-14
@ -9418,7 +9418,7 @@ type in docker.te
- Allow xserver to communicate with secure_firmware - Allow xserver to communicate with secure_firmware
- Allow fsadm tools (fsck) to read /run/mount contnet - Allow fsadm tools (fsck) to read /run/mount contnet
- Allow sysadm types to read /dev/kmsg - Allow sysadm types to read /dev/kmsg
- -
* Thu Aug 16 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-9 * Thu Aug 16 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-9
- Allow postfix, sssd, rpcd to block_suspend - Allow postfix, sssd, rpcd to block_suspend
@ -9775,7 +9775,7 @@ type in docker.te
- Allow l2tpd_t to read system state - Allow l2tpd_t to read system state
- Allow tuned to run ls /dev - Allow tuned to run ls /dev
- Allow sudo domains to read usr_t files - Allow sudo domains to read usr_t files
- Add label to machine-id - Add label to machine-id
- Fix corecmd_read_bin_symlinks cut and paste error - Fix corecmd_read_bin_symlinks cut and paste error
* Wed May 16 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-125 * Wed May 16 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-125
@ -10094,7 +10094,7 @@ type in docker.te
* Fri Mar 9 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-98 * Fri Mar 9 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-98
- Add policy for nove-cert - Add policy for nove-cert
- Add labeling for nova-openstack systemd unit files - Add labeling for nova-openstack systemd unit files
- Add policy for keystoke - Add policy for keystoke
* Thu Mar 8 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-97 * Thu Mar 8 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-97
- Fix man pages fro domains - Fix man pages fro domains
@ -10266,7 +10266,7 @@ type in docker.te
- Add support for selinux_avcstat munin plugin - Add support for selinux_avcstat munin plugin
- Treat hearbeat with corosync policy - Treat hearbeat with corosync policy
- Allow corosync to read and write to qpidd shared mem - Allow corosync to read and write to qpidd shared mem
- mozilla_plugin is trying to run pulseaudio - mozilla_plugin is trying to run pulseaudio
- Fixes for new sshd patch for running priv sep domains as the users context - Fixes for new sshd patch for running priv sep domains as the users context
- Turn off dontaudit rules when turning on allow_ypbind - Turn off dontaudit rules when turning on allow_ypbind
- udev now reads /etc/modules.d directory - udev now reads /etc/modules.d directory
@ -10322,7 +10322,7 @@ type in docker.te
- Add ubac_constrained rules for chrome_sandbox - Add ubac_constrained rules for chrome_sandbox
- Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra - Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra
- Allow postgresql to be executed by the caller - Allow postgresql to be executed by the caller
- Standardize interfaces of daemons - Standardize interfaces of daemons
- Add new labeling for mm-handler - Add new labeling for mm-handler
- Allow all matahari domains to read network state and etc_runtime_t files - Allow all matahari domains to read network state and etc_runtime_t files
@ -10439,7 +10439,7 @@ type in docker.te
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-57 * Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-57
- Pulseaudio changes - Pulseaudio changes
- Merge patches - Merge patches
* Thu Nov 10 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-56 * Thu Nov 10 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-56
- Merge patches back into git repository. - Merge patches back into git repository.
@ -10484,7 +10484,7 @@ type in docker.te
- Check in fixed for Chrome nacl support - Check in fixed for Chrome nacl support
* Thu Oct 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-51 * Thu Oct 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-51
- Begin removing qemu_t domain, we really no longer need this domain. - Begin removing qemu_t domain, we really no longer need this domain.
- systemd_passwd needs dac_overide to communicate with users TTY's - systemd_passwd needs dac_overide to communicate with users TTY's
- Allow svirt_lxc domains to send kill signals within their container - Allow svirt_lxc domains to send kill signals within their container
@ -10492,7 +10492,7 @@ type in docker.te
- Remove qemu.pp again without causing a crash - Remove qemu.pp again without causing a crash
* Wed Oct 26 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-50.1 * Wed Oct 26 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-50.1
- Remove qemu.pp, everything should use svirt_t or stay in its current domain - Remove qemu.pp, everything should use svirt_t or stay in its current domain
* Wed Oct 26 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-50 * Wed Oct 26 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-50
- Allow policykit to talk to the systemd via dbus - Allow policykit to talk to the systemd via dbus
@ -10572,7 +10572,7 @@ type in docker.te
- Don't check md5 size or mtime on certain config files - Don't check md5 size or mtime on certain config files
* Tue Oct 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.1 * Tue Oct 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.1
- Remove allow_ptrace and replace it with deny_ptrace, which will remove all - Remove allow_ptrace and replace it with deny_ptrace, which will remove all
ptrace from the system ptrace from the system
- Remove 2000 dontaudit rules between confined domains on transition - Remove 2000 dontaudit rules between confined domains on transition
and replace with single and replace with single
@ -10799,7 +10799,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
* Wed Aug 10 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-17 * Wed Aug 10 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-17
- livecd fixes - livecd fixes
- spec file fixes - spec file fixes
* Thu Aug 4 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-16 * Thu Aug 4 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-16
- fetchmail can use kerberos - fetchmail can use kerberos
@ -10876,7 +10876,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
- Allow asterisk to read /dev/random if it uses TLS - Allow asterisk to read /dev/random if it uses TLS
- Allow colord to read ini files which are labeled as bin_t - Allow colord to read ini files which are labeled as bin_t
- Allow dirsrvadmin sys_resource and setrlimit to use ulimit - Allow dirsrvadmin sys_resource and setrlimit to use ulimit
- Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first. - Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first.
- Also lists /var and /var/spool directories - Also lists /var and /var/spool directories
- Add openl2tpd to l2tpd policy - Add openl2tpd to l2tpd policy
- qpidd is reading the sysfs file - qpidd is reading the sysfs file
@ -10917,7 +10917,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
* Wed Jun 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-27 * Wed Jun 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-27
- Fixes for zabbix - Fixes for zabbix
- init script needs to be able to manage sanlock_var_run_... - init script needs to be able to manage sanlock_var_run_...
- Allow sandlock and wdmd to create /var/run directories... - Allow sandlock and wdmd to create /var/run directories...
- mixclip.so has been compiled correctly - mixclip.so has been compiled correctly
- Fix passenger policy module name - Fix passenger policy module name
@ -11014,17 +11014,17 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
- Virt_admin should be allowed to manage images and processes - Virt_admin should be allowed to manage images and processes
* Fri Apr 15 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-15 * Fri Apr 15 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-15
- xdm_t needs getsession for switch user - xdm_t needs getsession for switch user
- Every app that used to exec init is now execing systemdctl - Every app that used to exec init is now execing systemdctl
- Allow squid to manage krb5_host_rcache_t files - Allow squid to manage krb5_host_rcache_t files
- Allow foghorn to connect to agentx port - Fixes for colord policy - Allow foghorn to connect to agentx port - Fixes for colord policy
* Mon Apr 11 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-14 * Mon Apr 11 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-14
- Add Dan's patch to remove 64 bit variants - Add Dan's patch to remove 64 bit variants
- Allow colord to use unix_dgram_socket - Allow colord to use unix_dgram_socket
- Allow apps that search pids to read /var/run if it is a lnk_file - Allow apps that search pids to read /var/run if it is a lnk_file
- iscsid_t creates its own directory - iscsid_t creates its own directory
- Allow init to list var_lock_t dir - Allow init to list var_lock_t dir
- apm needs to verify user accounts auth_use_nsswitch - apm needs to verify user accounts auth_use_nsswitch
- Add labeling for systemd unit files - Add labeling for systemd unit files
- Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added - Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added
@ -11074,7 +11074,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
* Wed Mar 23 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-6 * Wed Mar 23 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-6
- Remove some unconfined domains - Remove some unconfined domains
- Remove permissive domains - Remove permissive domains
- Add policy-term.patch from Dan - Add policy-term.patch from Dan
* Thu Mar 17 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-5 * Thu Mar 17 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-5
- Fix multiple specification for boot.log - Fix multiple specification for boot.log
@ -11212,7 +11212,7 @@ assembled or disassembled.
* Thu Jan 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-6 * Thu Jan 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-6
- Fix xserver_dontaudit_read_xdm_pid - Fix xserver_dontaudit_read_xdm_pid
- Change oracle_port_t to oracledb_port_t to prevent conflict with satellite - Change oracle_port_t to oracledb_port_t to prevent conflict with satellite
- Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. - Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file.
* These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t * These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t
- Allow readahead to manage readahead pid dirs - Allow readahead to manage readahead pid dirs
- Allow readahead to read all mcs levels - Allow readahead to read all mcs levels
@ -11305,7 +11305,7 @@ assembled or disassembled.
- fix name of plymouth log file - fix name of plymouth log file
- teamviewer is a wine app - teamviewer is a wine app
- allow dmesg to read system state - allow dmesg to read system state
- Stop labeling files under /var/lib/mock so restorecon will not go into this - Stop labeling files under /var/lib/mock so restorecon will not go into this
- nsplugin needs to read network state for google talk - nsplugin needs to read network state for google talk
* Thu Dec 23 2010 Dan Walsh <dwalsh@redhat.com> 3.9.12-3 * Thu Dec 23 2010 Dan Walsh <dwalsh@redhat.com> 3.9.12-3
@ -11528,7 +11528,7 @@ assembled or disassembled.
- Fix label on /var/log/wicd.log - Fix label on /var/log/wicd.log
- Transition to initrc_t from init when executing bin_t - Transition to initrc_t from init when executing bin_t
- Add audit_access permissions to file - Add audit_access permissions to file
- Make removable_t a device_node - Make removable_t a device_node
- Fix label on /lib/systemd/* - Fix label on /lib/systemd/*
* Fri Oct 22 2010 Dan Walsh <dwalsh@redhat.com> 3.9.7-6 * Fri Oct 22 2010 Dan Walsh <dwalsh@redhat.com> 3.9.7-6
@ -11604,8 +11604,8 @@ assembled or disassembled.
- Add /etc/localtime as locale file context - Add /etc/localtime as locale file context
* Thu Sep 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-9 * Thu Sep 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-9
- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user - Turn off default transition to mozilla_plugin and telepathy domains from unconfined user
- Turn off iptables from unconfined user - Turn off iptables from unconfined user
- Allow sudo to send signals to any domains the user could have transitioned to. - Allow sudo to send signals to any domains the user could have transitioned to.
- Passwd in single user mode needs to talk to console_device_t - Passwd in single user mode needs to talk to console_device_t
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
@ -11687,7 +11687,7 @@ Bz #637339
Allow iptables to read shorewall tmp files Allow iptables to read shorewall tmp files
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd intd
label vlc as an execmem_exec_t label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages Fix labels on hugepages
@ -11766,7 +11766,7 @@ Add boolean to allow icecast to connect to any port
* Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-10 * Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-10
- Allow pcscd to read sysfs - Allow pcscd to read sysfs
- systemd fixes - systemd fixes
- Fix wine_mmap_zero_ignore boolean - Fix wine_mmap_zero_ignore boolean
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-9 * Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-9
@ -11967,7 +11967,7 @@ Resolves: #585963
- Allow rlogind_t to search /root for .rhosts - Allow rlogind_t to search /root for .rhosts
Resolves: #582760 Resolves: #582760
- Fix path for cached_var_t - Fix path for cached_var_t
- Fix prelink paths /var/lib/prelink - Fix prelink paths /var/lib/prelink
- Allow confined users to direct_dri - Allow confined users to direct_dri
- Allow mls lvm/cryptosetup to work - Allow mls lvm/cryptosetup to work
@ -12025,7 +12025,7 @@ Resolves: #582145
- Fixes for labels during install from livecd - Fixes for labels during install from livecd
* Thu Apr 1 2010 Dan Walsh <dwalsh@redhat.com> 3.7.17-4 * Thu Apr 1 2010 Dan Walsh <dwalsh@redhat.com> 3.7.17-4
- Fix /cgroup file context - Fix /cgroup file context
- Fix broken afs use of unlabled_t - Fix broken afs use of unlabled_t
- Allow getty to use the console for s390 - Allow getty to use the console for s390
@ -12164,7 +12164,7 @@ Resolves: #582145
- Merge with upstream - Merge with upstream
* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-11 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-11
- Allow sandbox to work with MLS - Allow sandbox to work with MLS
* Tue Feb 9 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-9 * Tue Feb 9 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-9
- Make Chrome work with staff user - Make Chrome work with staff user
@ -12188,7 +12188,7 @@ Resolves: #582145
* Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-3 * Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-3
- Allow abrt_helper to getattr on all filesystems - Allow abrt_helper to getattr on all filesystems
- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so - Add label for /opt/real/RealPlayer/plugins/oggfformat\.so
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-2 * Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-2
- Add gstreamer_home_t for ~/.gstreamer - Add gstreamer_home_t for ~/.gstreamer
@ -12304,7 +12304,7 @@ Resolves: #582145
- Fix request_module line to module_request - Fix request_module line to module_request
* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-3 * Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-3
- Fix sandbox policy to allow it to run under firefox. - Fix sandbox policy to allow it to run under firefox.
- Dont audit leaks. - Dont audit leaks.
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-2 * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-2
@ -12342,7 +12342,7 @@ Resolves: #582145
- Allow xserver to use netlink_kobject_uevent_socket - Allow xserver to use netlink_kobject_uevent_socket
* Thu Sep 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-3 * Thu Sep 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-3
- Fixes for sandbox - Fixes for sandbox
* Mon Aug 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-2 * Mon Aug 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-2
- Dontaudit setroubleshootfix looking at /root directory - Dontaudit setroubleshootfix looking at /root directory
@ -12390,7 +12390,7 @@ Resolves: #582145
- Add policycoreutils-python to pre install - Add policycoreutils-python to pre install
* Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-11 * Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-11
- Make all unconfined_domains permissive so we can see what AVC's happen - Make all unconfined_domains permissive so we can see what AVC's happen
* Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-10 * Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-10
- Add pt_chown policy - Add pt_chown policy
@ -12509,7 +12509,7 @@ Resolves: #582145
- Allow setroubleshoot to run mlocate - Allow setroubleshoot to run mlocate
* Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.14-1 * Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.14-1
- Update to upstream - Update to upstream
* Tue Jun 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.13-3 * Tue Jun 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.13-3
- Add fish as a shell - Add fish as a shell
@ -12749,7 +12749,7 @@ Resolves: #582145
- Add git web policy - Add git web policy
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-1 * Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-1
- Add setrans contains from upstream - Add setrans contains from upstream
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-6 * Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-6
- Do transitions outside of the booleans - Do transitions outside of the booleans
@ -12767,7 +12767,7 @@ Resolves: #582145
- More fixes for devicekit - More fixes for devicekit
* Tue Feb 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-1 * Tue Feb 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-1
- Upgrade to latest upstream - Upgrade to latest upstream
* Mon Feb 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-13 * Mon Feb 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-13
- Add boolean to disallow unconfined_t login - Add boolean to disallow unconfined_t login
@ -12782,7 +12782,7 @@ Resolves: #582145
- Fixes for wicd daemon - Fixes for wicd daemon
* Mon Jan 26 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-9 * Mon Jan 26 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-9
- More mls/rpm fixes - More mls/rpm fixes
* Fri Jan 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-8 * Fri Jan 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-8
- Add policy to make dbus/nm-applet work - Add policy to make dbus/nm-applet work
@ -12845,7 +12845,7 @@ Resolves: #582145
* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-7 * Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-7
- Allow iptables to talk to terminals - Allow iptables to talk to terminals
- Fixes for policy kit - Fixes for policy kit
- lots of fixes for booting. - lots of fixes for booting.
* Wed Dec 3 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-4 * Wed Dec 3 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-4
- Cleanup policy - Cleanup policy
@ -12861,7 +12861,7 @@ Resolves: #582145
* Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-17 * Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-17
- Allow lvm to dbus chat with hal - Allow lvm to dbus chat with hal
- Allow rlogind to read nfs_t - Allow rlogind to read nfs_t
* Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-16 * Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-16
- Fix cyphesis file context - Fix cyphesis file context
@ -12884,7 +12884,7 @@ Resolves: #582145
- Add certmaster policy - Add certmaster policy
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11 * Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
- Fix confined users - Fix confined users
- Allow xguest to read/write xguest_dbusd_t - Allow xguest to read/write xguest_dbusd_t
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9 * Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9
@ -12912,7 +12912,7 @@ Resolves: #582145
- Fix dovecot access - Fix dovecot access
* Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-1 * Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-1
- Policy cleanup - Policy cleanup
* Thu Oct 16 2008 Dan Walsh <dwalsh@redhat.com> 3.5.12-3 * Thu Oct 16 2008 Dan Walsh <dwalsh@redhat.com> 3.5.12-3
- Remove Multiple spec - Remove Multiple spec
@ -12929,7 +12929,7 @@ Resolves: #582145
- Update to upstream policy - Update to upstream policy
* Mon Oct 6 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-3 * Mon Oct 6 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-3
- Fixes for confined xwindows and xdm_t - Fixes for confined xwindows and xdm_t
* Fri Oct 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-2 * Fri Oct 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-2
- Allow confined users and xdm to exec wm - Allow confined users and xdm to exec wm
@ -12940,7 +12940,7 @@ Resolves: #582145
- Allow domains to search other domains keys, coverup kernel bug - Allow domains to search other domains keys, coverup kernel bug
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-4 * Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-4
- Fix labeling for oracle - Fix labeling for oracle
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-3 * Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-3
- Allow nsplugin to comminicate with xdm_tmp_t sock_file - Allow nsplugin to comminicate with xdm_tmp_t sock_file
@ -13003,7 +13003,7 @@ Resolves: #582145
- Update to upstream - Update to upstream
* Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 3.5.3-1 * Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 3.5.3-1
- Update to upstream - Update to upstream
* Sat Aug 2 2008 Dan Walsh <dwalsh@redhat.com> 3.5.2-2 * Sat Aug 2 2008 Dan Walsh <dwalsh@redhat.com> 3.5.2-2
- Allow system-config-selinux to work with policykit - Allow system-config-selinux to work with policykit
@ -13075,7 +13075,7 @@ Resolves: #582145
- Add /var/lib/selinux context - Add /var/lib/selinux context
* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-1 * Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-1
- Update to upstream - Update to upstream
* Wed Jun 4 2008 Dan Walsh <dwalsh@redhat.com> 3.4.1-5 * Wed Jun 4 2008 Dan Walsh <dwalsh@redhat.com> 3.4.1-5
- Add livecd policy - Add livecd policy
@ -13152,7 +13152,7 @@ Resolves: #582145
- dontaudit setfiles reading links - dontaudit setfiles reading links
- allow semanage sys_resource - allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean - add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home - Allow privhome apps including dovecot read on nfs and cifs home
dirs if the boolean is set dirs if the boolean is set
* Tue Apr 1 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-27 * Tue Apr 1 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-27
@ -13177,14 +13177,14 @@ dirs if the boolean is set
* Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-22 * Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-22
- Allow stunnel to transition to inetd children domains - Allow stunnel to transition to inetd children domains
- Make unconfined_dbusd_t an unconfined domain - Make unconfined_dbusd_t an unconfined domain
* Mon Mar 17 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-21 * Mon Mar 17 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-21
- Fixes for qemu/virtd - Fixes for qemu/virtd
* Fri Mar 14 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-20 * Fri Mar 14 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-20
- Fix bug in mozilla policy to allow xguest transition - Fix bug in mozilla policy to allow xguest transition
- This will fix the - This will fix the
libsemanage.dbase_llist_query: could not find record value libsemanage.dbase_llist_query: could not find record value
libsemanage.dbase_llist_query: could not query record value (No such file or libsemanage.dbase_llist_query: could not query record value (No such file or
@ -13211,7 +13211,7 @@ directory)
- Allow syslog to connect to mysql - Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files - Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap - Allow bugzilla to use ldap
- More mls fixes - More mls fixes
* Tue Mar 11 2008 Bill Nottingham <notting@redhat.com> 3.3.1-14 * Tue Mar 11 2008 Bill Nottingham <notting@redhat.com> 3.3.1-14
- fixes for init policy (#436988) - fixes for init policy (#436988)
@ -13243,7 +13243,7 @@ directory)
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-5 * Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-5
- Allow nsplugin_config execstack/execmem - Allow nsplugin_config execstack/execmem
- Allow nsplugin_t to read alsa config - Allow nsplugin_t to read alsa config
- Change apache to use user content - Change apache to use user content
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-4 * Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-4
- Add cyphesis policy - Add cyphesis policy
@ -13454,7 +13454,7 @@ directory)
- Fix xguest to be able to connect to sound port - Fix xguest to be able to connect to sound port
* Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-28 * Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-28
- Fixes for hald_mac - Fixes for hald_mac
- Treat unconfined_home_dir_t as a home dir - Treat unconfined_home_dir_t as a home dir
- dontaudit rhgb writes to fonts and root - dontaudit rhgb writes to fonts and root
@ -13526,7 +13526,7 @@ directory)
* Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-8 * Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-8
- Allow also to search var_lib - Allow also to search var_lib
- New context for dbus launcher - New context for dbus launcher
* Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-7 * Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-7
- Allow cupsd_config_t to read/write usb_device_t - Allow cupsd_config_t to read/write usb_device_t
@ -13569,7 +13569,7 @@ directory)
- Allow wine to run in system role - Allow wine to run in system role
* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-5 * Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-5
- Fix java labeling - Fix java labeling
* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-4 * Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-4
- Define user_home_type as home_type - Define user_home_type as home_type
@ -13611,7 +13611,7 @@ directory)
- Fix Makefile for building policy modules - Fix Makefile for building policy modules
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-5 * Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-5
- Fix dhcpc startup of service - Fix dhcpc startup of service
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-4 * Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-4
- Fix dbus chat to not happen for xguest and guest users - Fix dbus chat to not happen for xguest and guest users
@ -13688,7 +13688,7 @@ directory)
- Allow prelink to read kernel sysctls - Allow prelink to read kernel sysctls
* Mon Jul 2 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-5 * Mon Jul 2 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-5
- Default to user_u:system_r:unconfined_t - Default to user_u:system_r:unconfined_t
* Sun Jul 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-4 * Sun Jul 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-4
- fix squid - fix squid
@ -13705,7 +13705,7 @@ directory)
- Remove ifdef strict policy from upstream - Remove ifdef strict policy from upstream
* Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-3 * Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-3
- Remove ifdef strict to allow user_u to login - Remove ifdef strict to allow user_u to login
* Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-2 * Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-2
- Fix for amands - Fix for amands
@ -13721,7 +13721,7 @@ directory)
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-5 * Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-5
- More fixes for alsactl - More fixes for alsactl
- Transition from hal and modutils - Transition from hal and modutils
- Fixes for suspend resume. - Fixes for suspend resume.
- insmod domtrans to alsactl - insmod domtrans to alsactl
- insmod writes to hal log - insmod writes to hal log
@ -13897,7 +13897,7 @@ Resolves: #227237
* Sun Feb 4 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-5 * Sun Feb 4 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-5
- Fix ssh_agent to be marked as an executable - Fix ssh_agent to be marked as an executable
- Allow Hal to rw sound device - Allow Hal to rw sound device
* Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-4 * Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-4
- Fix spamassisin so crond can update spam files - Fix spamassisin so crond can update spam files
@ -13919,7 +13919,7 @@ Resolves: #227237
- Continue fixing, additional user domains - Continue fixing, additional user domains
* Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-4 * Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-4
- Begin adding user confinement to targeted policy - Begin adding user confinement to targeted policy
* Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-2 * Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-2
- Fixes for prelink, ktalkd, netlabel - Fixes for prelink, ktalkd, netlabel
@ -13966,7 +13966,7 @@ Resolves: #220080
Resolves: #219999 Resolves: #219999
* Thu Dec 14 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-14 * Thu Dec 14 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-14
- Allow cron to polyinstatiate - Allow cron to polyinstatiate
- Fix creation of boot flags - Fix creation of boot flags
Resolves: #207433 Resolves: #207433
@ -14020,7 +14020,7 @@ Resolves: #216184
Resolves: #212957 Resolves: #212957
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-1 * Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-1
- Dontaudit appending hal_var_lib files - Dontaudit appending hal_var_lib files
Resolves: #217452 Resolves: #217452
Resolves: #217571 Resolves: #217571
Resolves: #217611 Resolves: #217611
@ -14068,7 +14068,7 @@ Resolves: #217725
- Allow xen to search automount - Allow xen to search automount
* Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-7 * Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-7
- Fix spec of jre files - Fix spec of jre files
* Wed Nov 8 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-6 * Wed Nov 8 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-6
- Fix unconfined access to shadow file - Fix unconfined access to shadow file
@ -14129,7 +14129,7 @@ Resolves: #217725
- Update xen to read nfs files - Update xen to read nfs files
* Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-4 * Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-4
- Allow noxattrfs to associate with other noxattrfs - Allow noxattrfs to associate with other noxattrfs
* Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-3 * Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-3
- Allow hal to use power_device_t - Allow hal to use power_device_t
@ -14222,10 +14222,10 @@ Resolves: #217725
- Update with upstream - Update with upstream
* Mon Sep 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-2 * Mon Sep 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-2
- mls fixes - mls fixes
* Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-1 * Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-1
- Update from upstream - Update from upstream
* Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.14-8 * Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.14-8
- More fixes for mls - More fixes for mls
@ -14262,7 +14262,7 @@ Resolves: #217725
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-3 * Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-3
- Fix location of xel log files - Fix location of xel log files
- Fix handling of sysadm_r -> rpm_exec_t - Fix handling of sysadm_r -> rpm_exec_t
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-2 * Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-2
- Fixes for autofs, lp - Fixes for autofs, lp
@ -14320,7 +14320,7 @@ Resolves: #217725
- More java fixes - More java fixes
* Fri Aug 11 2006 Dan Walsh <dwalsh@redhat.com> 2.3.6-4 * Fri Aug 11 2006 Dan Walsh <dwalsh@redhat.com> 2.3.6-4
- Change allow_execstack to default to on, for RHEL5 Beta. - Change allow_execstack to default to on, for RHEL5 Beta.
This is required because of a Java compiler problem. This is required because of a Java compiler problem.
Hope to turn off for next beta Hope to turn off for next beta
@ -14347,7 +14347,7 @@ Resolves: #217725
* Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-18 * Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-18
- yet more xen rules - yet more xen rules
* Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-17 * Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-17
- more xen rules - more xen rules
@ -14367,7 +14367,7 @@ Resolves: #217725
- fixes for setroubleshoot - fixes for setroubleshoot
* Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11 * Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
- Added Paul Howarth patch to only load policy packages shipped - Added Paul Howarth patch to only load policy packages shipped
with this package with this package
- Allow pidof from initrc to ptrace higher level domains - Allow pidof from initrc to ptrace higher level domains
- Allow firstboot to communicate with hal via dbus - Allow firstboot to communicate with hal via dbus
@ -14763,7 +14763,7 @@ Resolves: #217725
- Fix semoudle polcy - Fix semoudle polcy
* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> 2.2.16-1 * Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> 2.2.16-1
- Update to upstream - Update to upstream
- fix sysconfig/selinux link - fix sysconfig/selinux link
* Wed Feb 15 2006 Dan Walsh <dwalsh@redhat.com> 2.2.15-4 * Wed Feb 15 2006 Dan Walsh <dwalsh@redhat.com> 2.2.15-4
@ -14826,7 +14826,7 @@ Resolves: #217725
- Put back in changes for pup/zen - Put back in changes for pup/zen
* Tue Jan 24 2006 Dan Walsh <dwalsh@redhat.com> 2.2.5-1 * Tue Jan 24 2006 Dan Walsh <dwalsh@redhat.com> 2.2.5-1
- Many changes for MLS - Many changes for MLS
- Turn on strict policy - Turn on strict policy
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 2.2.4-1 * Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 2.2.4-1
@ -14876,7 +14876,7 @@ Resolves: #217725
* Mon Jan 9 2006 Dan Walsh <dwalsh@redhat.com> 2.1.8-1 * Mon Jan 9 2006 Dan Walsh <dwalsh@redhat.com> 2.1.8-1
- Update to upstream - Update to upstream
- Apply - Apply
* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 2.1.7-4 * Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 2.1.7-4
- Add wine and fix hal problems - Add wine and fix hal problems
@ -14947,7 +14947,7 @@ Resolves: #217725
- Fixes to start kernel in s0-s15:c0.c255 - Fixes to start kernel in s0-s15:c0.c255
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-3 * Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-3
- Add java unconfined/execmem policy - Add java unconfined/execmem policy
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-2 * Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-2
- Add file context for /var/cvs - Add file context for /var/cvs
@ -14976,7 +14976,7 @@ Resolves: #217725
- Allow unconfined_t to execmod texrel_shlib_t - Allow unconfined_t to execmod texrel_shlib_t
* Sat Dec 10 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1 * Sat Dec 10 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
- Update to upstream - Update to upstream
- Turn off allow_execmem and allow_execmod booleans - Turn off allow_execmem and allow_execmod booleans
- Add tcpd and automount policies - Add tcpd and automount policies
@ -15024,7 +15024,7 @@ Update from upstream
- Fixes for dovecot and saslauthd - Fixes for dovecot and saslauthd
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 2.0.5-4 * Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 2.0.5-4
- Cleanup pegasus and named - Cleanup pegasus and named
- Fix spec file - Fix spec file
- Fix up passwd changing applications - Fix up passwd changing applications