046756 * Tue Aug 28 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-1

Authored and Committed by Lukas Vrabec 6 years ago
    * Tue Aug 28 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-1
    - Allow ovs-vswitchd labeled as openvswitch_t domain communicate with qemu-kvm via UNIX stream socket
    - Add interface devicekit_mounton_var_lib()
    - Allow httpd_t domain to mmap tmp files
    - Allow tcsd_t domain to have dac_override capability
    - Allow cupsd_t to rename cupsd_etc_t files
    - Allow iptables_t domain to create rawip sockets
    - Allow amanda_t domain to mmap own tmpfs files
    - Allow fcoemon_t domain to write to sysfs_t dirs
    - Allow dovecot_auth_t domain to have dac_override capability
    - Allow geoclue_t domain to mmap own tmp files
    - Allow chronyc_t domain to read network state
    - Allow apcupsd_t domain to execute itself
    - Allow modemmanager_t domain to stream connect to sssd
    - Allow chonyc_t domain to rw userdomain pipes
    - Update dirsrvadmin_script_t policy to allow read httpd_tmp_t symlinks
    - Update dirsrv_read_share() interface to allow caller domain to mmap dirsrv_share_t files
    - Allow nagios_script_t domain to mmap nagios_spool_t files
    - Allow geoclue_t domain to mmap geoclue_var_lib_t files
    - Allow geoclue_t domain to map generic certs
    - Update munin_manage_var_lib_files to allow manage also dirs
    - Allow nsd_t domain to create new socket file in /var/run/nsd.ctl
    - Fix typo in virt SELinux policy module
    - Allow virtd_t domain to create netlink_socket
    - Allow rpm_t domain to write to audit
    - Allow nagios_script_t domain to mmap nagios_etc_t files
    - Update nscd_socket_use() to allow caller domain to stream connect to nscd_t
    - Allow kdumpctl_t domain to getattr fixed disk device in mls
    - Fix typo in stapserver policy
    - Dontaudit abrt_t domain to write to usr_t dirs
    - Revert "Allow rpcbind to bind on all unreserved udp ports"
    - Allow rpcbind to bind on all unreserved udp ports
    - Allow virtlogd to execute itself
    - Allow stapserver several actions: - execute own tmp files - mmap stapserver_var_lib_t files - create stapserver_tmpfs_t files
    - Allow ypxfr_t domain to stream connect to rpcbind and allos search sssd libs
    - Allos systemd to socket activate ibacm service
    - Allow dirsrv_t domain to mmap user_t files
    - Allow kdumpctl_t domain to manage kdumpctl_tmp_t fifo files
    - Allow kdumpctl to write to files on all levels
    - Allow httpd_t domain to mmap httpd_config_t files
    - Allow sanlock_t domain to connectto to unix_stream_socket
    - Revert "Add same context for symlink as binary"
    - Allow mysql execute rsync
    - Update nfsd_t policy because of ganesha features
    - Allow conman to getattr devpts_t
    - Allow tomcat_domain to connect to smtp ports
    - Allow tomcat_t domain to mmap tomcat_var_lib_t files
    - Allow nagios_t domain to mmap nagios_log_t files
    - Allow kpropd_t domain to mmap krb5kdc_principal_t files
    - Allow kdumpctl_t domain to read fixed disk storage
    
        
file modified
+2 -0
file modified
+86 -4
file modified
+3 -3