2faa5c * Wed Feb 24 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-4

Authored and Committed by Zdenek Pytela 3 years ago
    * Wed Feb 24 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-4
    - iptables.fc: Add missing legacy entries
    - iptables.fc: Remove some duplicate entries
    - iptables.fc: Remove duplicate file context entries
    - Allow libvirtd to create generic netlink sockets
    - Allow libvirtd the fsetid capability
    - Allow libvirtd to read /run/utmp
    - Dontaudit sys_ptrace capability when calling systemctl
    - Allow udisksd to read /dev/random
    - Allow udisksd to watch files under /run/mount
    - Allow udisksd to watch /etc
    - Allow crond to watch user_cron_spool_t directories
    - Allow accountsd watch xdm config directories
    - Label /etc/avahi with avahi_conf_t
    - Allow sssd get cgroup filesystems attributes and search cgroup dirs
    - Allow systemd-hostnamed read udev runtime data
    - Remove dev_getattr_sysfs_fs() interface calls for particular domains
    - Allow domain stat the /sys filesystem
    - Dontaudit NetworkManager write to initrc_tmp_t pipes
    - policykit.te: Clean up watch rule for policykit_auth_t
    - Revert further unnecessary watch rules
    - Revert "Allow getty watch its private runtime files"
    - Allow systemd watch generic /var directories
    - Allow init watch network config files and lnk_files
    - Allow systemd-sleep get attributes of fixed disk device nodes
    - Complete initial policy for systemd-coredump
    - Label SDC(scini) Dell Driver
    - Allow upowerd to send syslog messages
    - Remove the disk write permissions from tlp_t
    - Label NVMe devices as fixed_disk_device_t
    - Allow rhsmcertd bind tcp sockets to a generic node
    - Allow systemd-importd manage machines.lock file
    
        
file modified
+35 -2
file modified
+2 -2