rpms / selinux-policy

Clone
Source Code
GIT

7ca2b3 - Allow init_t to setattr/relabelfrom dhcp state files

Authored and Committed by Miroslav Grepl 10 years ago
raw patch tree parent
3 files changed. 597 lines added. 287 lines removed.
policy-rawhide-base.patch
file modified
+113 -77
policy-rawhide-contrib.patch
file modified
+454 -209
selinux-policy.spec
file modified
+30 -1 
    - Allow init_t to setattr/relabelfrom dhcp state files
    - Allow dmesg to read hwdata and memory dev
    - Allow strongswan to create ipsec.secrets with correct labeling in /etc/strongswan
    - Dontaudit antivirus domains read access on all security files by default
    - Add missing alias for old amavis_etc_t type
    - Additional fixes for  instack overcloud
    - Allow block_suspend cap for haproxy
    - Allow OpenStack to read mysqld_db links and connect to MySQL
    - Remove dup filename rules in gnome.te
    - Allow sys_chroot cap for httpd_t and setattr on httpd_log_t
    - Add labeling for /lib/systemd/system/thttpd.service
    - Allow iscsid to handle own unit files
    - Add iscsi_systemctl()
    - Allow mongod also create sock_file with correct labeling in /run
    - Allow aiccu stream connect to pcscd
    - Allow rabbitmq_beam to connect to httpd port
    - Allow httpd to send signull to apache script domains and don't audit leaks
    - Fix labeling in drbd.fc
    - Allow sssd to connect to the smbd port for handing logins using active directory, needs back
    - Allow all freeipmi domains to read/write ipmi devices
    - Allow rabbitmq_epmd to manage rabbit_var_log_t files
    - Allow sblim_sfcbd to use also pegasus-https port
    - Allow chronyd to read /sys/class/hwmon/hwmon1/device/temp2_input
    - Add httpd_run_preupgrade boolean
    - Add interfaces to access preupgrade_data_t
    - Add preupgrade policy
    - Add labeling for puppet helper scripts
file modified
+113 -77
file modified
+454 -209
file modified
+30 -1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation