35bcef * Wed Jul 18 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-28

Authored and Committed by Lukas Vrabec 6 years ago
    * Wed Jul 18 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-28
    - Allow cupsd_t domain to mmap cupsd_etc_t files
    - Allow kadmind_t domain to mmap krb5kdc_principal_t
    - Allow virtlogd_t domain to read virt_etc_t link files
    - Allow dirsrv_t domain to read crack db
    - Dontaudit pegasus_t to require sys_admin capability
    - Allow mysqld_t domain to exec mysqld_exec_t binary files
    - Allow abrt_t odmain to read rhsmcertd lib files
    - Allow winbind_t domain to request kernel module loads
    - Allow tomcat_domain to read cgroup_t files
    - Allow varnishlog_t domain to mmap varnishd_var_lib_t files
    - Allow innd_t domain to mmap news_spool_t files
    - Label HOME_DIR/mozilla.pdf file as mozilla_home_t instead of user_home_t
    - Allow fenced_t domain to reboot
    - Allow amanda_t domain to read network system state
    - Allow abrt_t domain to read rhsmcertd logs
    - Fix typo in radius policy
    - Update zoneminder policy to reflect latest features in zoneminder BZ(1592555)
    - Label /usr/bin/esmtp-wrapper as sendmail_exec_t
    - Update raid_access_check_mdadm() interface to dontaudit caller domain to mmap mdadm_exec_t binary files
    - Dontaudit thumb to read mmap_min_addr
    - Allow chronyd_t to send to system_cronjob_t via unix dgram socket BZ(1494904)
    - Allow mpd_t domain to mmap mpd_tmpfs_t files BZ(1585443)
    - Allow collectd_t domain to use ecryptfs files BZ(1592640)
    - Dontaudit mmap home type files for abrt_t domain
    - Allow fprintd_t domain creating own tmp files BZ(1590686)
    - Allow collectd_t domain to bind on bacula_port_t BZ(1590830)
    - Allow fail2ban_t domain to getpgid BZ(1591421)
    - Allow nagios_script_t domain to mmap nagios_log_t files BZ(1593808)
    - Allow pcp_pmcd_t domain to use sys_ptrace usernamespace cap
    - Allow sssd_selinux_manager_t to read/write to systemd sockets BZ(1595458)
    - Allow virt_qemu_ga_t domain to read network state BZ(1592145)
    - Allow radiusd_t domain to mmap radius_etc_rw_t files
    - Allow git_script_t domain to read and mmap gitosis_var_lib_t files BZ(1591729)
    - Add dac_read_search capability to thumb_t domain
    - Add dac_override capability to cups_pdf_t domain BZ(1594271)
    - Add net_admin capability to connntrackd_t domain BZ(1594221)
    - Allow gssproxy_t domain to domtrans into gssd_t domain BZ(1575234)
    - Fix interface init_dbus_chat in oddjob SELinux policy BZ(1590476)
    - Allow motion_t to mmap video devices BZ(1590446)
    - Add dac_override capability to mpd_t domain BZ(1585358)
    - Allow fsdaemon_t domain to write to mta home files BZ(1588212)
    - Allow virtlogd_t domain to chat via dbus with systemd_logind BZ(1589337)
    - Allow sssd_t domain to write to general cert files BZ(1589339)
    - Allow l2tpd_t domain to sends signull to ipsec domains BZ(1589483)
    - Allow cockpit_session_t to read kernel network state BZ(1596941)
    - Allow devicekit_power_t start with nnp systemd security feature with proper SELinux Domain transition BZ(1593817)
    - Update rhcs_rw_cluster_tmpfs() interface to allow caller domain to mmap cluster_tmpfs_t files
    - Allow chronyc_t domain to use nscd shm
    - Label /var/lib/tomcats dir as tomcat_var_lib_t
    
        
file modified
+2 -0
file modified
+87 -3
file modified
+3 -3