361693 * Fri Sep 20 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-4

Authored and Committed by Lukas Vrabec 5 years ago
    * Fri Sep 20 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-4
    - Run ipa-custodia as ipa_custodia_t
    - Update webalizer_t SELinux policy
    - Dontaudit thumb_t domain to getattr of nsfs_t files BZ(1753598)
    - Allow rhsmcertd_t domain to read rtas_errd lock files
    - Add new interface rtas_errd_read_lock()
    - Update allow rules set for nrpe_t domain
    - Update timedatex SELinux policy to to sychronizate time with GNOME and add new macro chronyd_service_status to chronyd.if
    - Allow avahi_t to send msg to lpr_t
    - Label /dev/shm/dirsrv/ with dirsrv_tmpfs_t label
    - Allow dlm_controld_t domain to read random device
    - Label libvirt drivers as virtd_exec_t
    - Add sys_ptrace capability to pcp_pmlogger_t domain BZ(1751816)
    - Allow gssproxy_t domain read state of all processes on system
    - Add new macro systemd_timedated_status to systemd.if to get timedated service status
    - Introduce xdm_manage_bootloader booelan
    - Revert "Unconfined domains, need to create content with the correct labels"
    - Allow xdm_t domain to read sssd pid files BZ(1753240)
    - Move open, audit_access, and execmod to common file perms
    
        
file modified
+2 -0
file modified
+23 -3
file modified
+3 -3