833e31 * Thu Sep 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-2

Authored and Committed by Lukas Vrabec 6 years ago
    * Thu Sep 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-2
    - Allow tomcat services create link file in /tmp
    - Label /etc/shorewall6 as shorewall_etc_t
    - Allow winbind_t domain kill in user namespaces
    - Allow firewalld_t domain to read random device
    - Allow abrt_t domain to do execmem
    - Allow geoclue_t domain to execute own var_lib_t files
    - Allow openfortivpn_t domain to read system network state
    - Allow dnsmasq_t domain to read networkmanager lib files
    - sssd: Allow to limit capabilities using libcap
    - sssd: Remove unnecessary capability
    - sssd: Do not audit usage of lib nss_systemd.so
    - Fix bug in nsd.fc, /var/run/nsd.ctl is socket file not file
    - Add correct namespace_init_exec_t context to /etc/security/namespace.d/*
    - Update nscd_socket_use to allow caller domain to mmap nscd_var_run_t files
    - Allow exim_t domain to mmap bin files
    - Allow mysqld_t domain to executed with nnp transition
    - Allow svirt_t domain to mmap svirt_image_t block files
    - Add caps dac_read_search and dav_override to pesign_t domain
    - Allow iscsid_t domain to mmap userio chr files
    - Add read interfaces for mysqld_log_t that was added in commit df832bf
    - Allow boltd_t to dbus chat with xdm_t
    - Conntrackd need to load kernel module to work
    - Allow mysqld sys_nice capability
    - Update boltd policy based on SELinux denials from rhbz#1607974
    - Allow systemd to create symlinks in for /var/lib
    - Add comment to show that template call also allows changing shells
    - Document userdom_change_password_template() behaviour
    - update files_mounton_kernel_symbol_table() interface to allow caller domain also mounton system_map_t file
    - Fix typo in logging SELinux module
    - Allow usertype to mmap user_tmp_type files
    - In domain_transition_pattern there is no permission allowing caller domain to execu_no_trans on entrypoint, this patch fixing this issue
    - Revert "Add execute_no_trans permission to mmap_exec_file_perms pattern"
    - Add boolean: domain_can_mmap_files.
    - Allow ipsec_t domian to mmap own tmp files
    - Add .gitignore file
    - Add execute_no_trans permission to mmap_exec_file_perms pattern
    - Allow sudodomain to search caller domain proc info
    - Allow audisp_remote_t domain to read auditd_etc_t
    - netlabel: Remove unnecessary sssd nsswitch related macros
    - Allow to use sss module in auth_use_nsswitch
    - Limit communication with init_t over dbus
    - Add actual modules.conf to the git repo
    - Add few interfaces to optional block
    - Allow sysadm_t and staff_t domain to manage systemd unit files
    - Add interface dev_map_userio_dev()
    
        
file modified
+2 -0
file modified
+50 -3
file modified
+3 -3