4ce765 * Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-18

Authored and Committed by Lukas Vrabec 5 years ago
    * Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-18
    - Fix typo in gpg SELinux module
    - Update gpg policy to make ti working with confined users
    - Add domain transition that systemd labeled as init_t can execute spamd_update_exec_t binary to run newly created process as spamd_update_t
    - Remove allow rule for virt_qemu_ga_t to write/append user_tmp_t files
    - Label /var/run/user/*/dbus-1 as session_dbusd_tmp_t
    - Add dac_override capability to namespace_init_t domain
    - Label /usr/sbin/corosync-qdevice as cluster_exec_t
    - Allow NetworkManager_ssh_t domain to open communication channel with system dbus. BZ(1677484)
    - Label /usr/libexec/dnf-utils as debuginfo_exec_t
    - Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on
    - Allow nrpe_t domain to be dbus cliennt
    - Add interface sssd_signull()
    - Label /usr/bin/tshark as wireshark_exec_t
    - Update userdomains to allow confined users to create gpg keys
    - Allow associate all filesystem_types with fs_t
    - Dontaudit syslogd_t using kill in unamespaces BZ(1711122)
    - Allow init_t to manage session_dbusd_tmp_t dirs
    - Allow systemd_gpt_generator_t to read/write to clearance
    - Allow su_domain_type to getattr to /dev/gpmctl
    - Update userdom_login_user_template() template to make working systemd user session for guest and xguest SELinux users
    
        
file modified
+2 -0
file modified
+25 -3
file modified
+3 -3