9fcbb6 * Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-11

Authored and Committed by Lukas Vrabec 6 years ago
    * Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-11
    - Add nnp transition rule for vnstatd_t domain using NoNewPrivileges systemd feature BZ(1643063)
    - Allow l2tpd_t domain to mmap /etc/passwd file BZ(1638948)
    - Add dac_override capability to ftpd_t domain
    - Allow gpg_t to create own tmpfs dirs and sockets
    - Allow rhsmcertd_t domain to relabel cert_t files
    - Add SELinux policy for kpatch
    - Allow nova_t domain to use pam
    - sysstat: grant sysstat_t the search_dir_perms set
    - Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313)
    - Allow systemd_logind_t to read fixed dist device BZ(1645631)
    - Allow systemd_logind_t domain to read nvme devices BZ(1645567)
    - Allow systemd_rfkill_t domain to comunicate via dgram sockets with syslogd BZ(1638981)
    - kernel/files.fc: Label /run/motd.d(/.*)? as etc_t
    - Allow ipsec_mgmt_t process to send signals other than SIGKILL, SIGSTOP, or SIGCHLD to the ipsec_t domains BZ(1638949)
    - Allow X display manager to check status and reload services which are part of x_domain attribute
    - Add interface miscfiles_relabel_generic_cert()
    - Make kpatch policy active
    - Fix userdom_write_user_tmp_dirs() to allow caller domain also read/write user_tmp_t dirs
    - Dontaudit sys_admin capability for netutils_t domain
    - Label tcp and udp ports 2611 as qpasa_agent_port_t
    
        
file modified
+25 -3
file modified
+3 -3