Commit - rpms/selinux-policy - 03527520dec0ea8d02b91a6eca30b6c785beec5d

    firstboot is leaking a netlink_route socket into iptables.  We need to dontaudit
    tmpfs_t/devpts_t files can be stored on device_t file system
    unconfined_mono_t can pass file descriptors to chrome_sandbox, so need transition from all unoconfined users types
    Hald can connect to user processes over streams
    xdm_t now changes the brightness level on the system
    mdadm needs to manage hugetlbfs filesystems

policy/modules/admin/firstboot.te

file modified

+4 -0

policy/modules/kernel/devices.fc

file modified

+2 -0

policy/modules/kernel/filesystem.te

file modified

+1 -0

policy/modules/kernel/terminal.te

file modified

+1 -0

policy/modules/roles/unconfineduser.te

file modified

+1 -1

policy/modules/services/hal.te

file modified

+1 -0

policy/modules/services/xserver.te

file modified

+1 -1

policy/modules/system/fstools.te

file modified

+1 -0

rpms / selinux-policy

Source Code

035275 firstboot is leaking a netlink_route socket into iptables. We need to dontaudit

Authored and Committed by Dan Walsh 14 years ago

`035275` firstboot is leaking a netlink_route socket into iptables. We need to dontaudit