4e5d63 - Fix labeling for /root/\.yubico

Authored and Committed by Miroslav Grepl 10 years ago
    - Fix labeling for /root/\.yubico
    - userdom_search_admin_dir() calling needs to be optional in kernel.te
    - Dontaudit leaked xserver_misc_device_t into plugins
    - Allow all domains to search through all base_file_types, this should be back ported to RHEL7 policy
    - Need to allow sssd_t to manage kernel keyrings in login programs since they don't get labeled with user domains
    - Bootloader wants to look at init state
    - Add MCS/MLS Constraints to kernel keyring, also add MCS Constraints to ipc, sem.msgq, shm
    - init reads kdbump etc files
    - Add support for tcp/9697
    - Fix labeling for /var/run/user/<UID>/gvfs
    - Add support for us_cli ports
    - fix sysnet_use_ldap
    - Allow mysql to execute ifconfig if Red Hat OpenStack
    - ALlow stap-server to get attr on all fs
    - Fix mail_pool_t to mail_spool_t
    - Dontaudit leaked xserver_misc_device_t into plugins
    - Need to allow sssd_t to manage kernel keyrings in login programs since they don't get labeled with user domains
    - Add new labeling for /var/spool/smtpd
    - Allow httpd_t to kill passenger
    - Allow apache cgi scripts to use inherited httpd_t unix_stream_sockets
    - Allow nova-scheduler to read passwd/utmp files
    - Additional rules required by openstack,  needs backport to F20 and RHEL7
    - Additional access required by docker
    - ALlow motion to use tcp/8082 port
    
        
file modified
+338 -281
file modified
+172 -136
file modified
+27 -1