c0884791ad
- Allow tlp_t domain to ioctl removable devices BZ(1436830) - Allow tlp_t domain domtrans into mount_t BZ(1442571) - Allow lircd_t to read/write to sysfs BZ(1442443) - Fix policy to reflect all changes in new IPA release - Allow virtlogd_t to creating tmp files with virt_tmp_t labels. - Allow sbd_t to read/write fixed disk devices - Add sys_ptrace capability to radiusd_t domain - Allow cockpit_session_t domain connects to ssh tcp ports. - Update tomcat policy to make working ipa install process - Allow pcp_pmcd_t net_admin capability. Allow pcp_pmcd_t read net sysctls Allow system_cronjob_t create /var/run/pcp with pcp_var_run_t - Fix all AVC denials during pkispawn of CA Resolves: rhbz#1436383 - Update pki interfaces and tomcat module - Allow sendmail to search network sysctls - Add interface gssd_noatsecure() - Add interface gssproxy_noatsecure() - Allow chronyd_t net_admin capability to allow support HW timestamping. - Update tomcat policy. - Allow certmonger to start haproxy service - Fix init Module - Make groupadd_t domain as system bus client BZ(1416963) - Make useradd_t domain as system bus client BZ(1442572) - Allow xdm_t to gettattr /dev/loop-control device BZ(1385090) - Dontaudit gdm-session-worker to view key unknown. BZ(1433191) - Allow init noatsecure for gssd and gssproxy - Allow staff user to read fwupd_cache_t files - Remove typo bugs - Remove /proc <<none>> from fedora policy, it's no longer necessary
6.4 KiB
6.4 KiB