a8da13 * Wed Mar 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-4

Authored and Committed by Lukas Vrabec 5 years ago
    * Wed Mar 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-4
    - Update vmtools policy
    - Allow virt_qemu_ga_t domain to read udev_var_run_t files
    - Update nagios_run_sudo boolean with few allow rules related to accessing sssd
    - Update travis CI to install selinux-policy dependencies without checking for gpg check
    - Allow journalctl_t domain to mmap syslogd_var_run_t files
    - Allow smokeping process to mmap own var lib files and allow set process group. Resolves: rhbz#1661046
    - Allow sbd_t domain to bypass permission checks for sending signals
    - Allow sbd_t domain read/write all sysctls
    - Allow kpatch_t domain to communicate with policykit_t domsin over dbus
    - Allow boltd_t to stream connect to sytem dbus
    - Allow zabbix_t domain to create sockets labeled as zabbix_var_run_t BZ(1683820)
    - Allow all domains to send dbus msgs to vmtools_unconfined_t processes
    - Label /dev/pkey as crypt_device_t
    - Allow sudodomains to write to systemd_logind_sessions_t pipes.
    - Label /usr/lib64/libcuda.so.XX.XX library as textrel_shlib_t.
    - Allow ifconfig_t domain to read /dev/random BZ(1687516)
    - Fix interface modutils_run_kmod() where was used old interface modutils_domtrans_insmod instead of new one modutils_domtrans_kmod() Resolves: rhbz#1686660
    - Update travis CI to install selinux-policy dependencies without checking for gpg check
    - Label /usr/sbin/nodm as xdm_exec_t same as other display managers
    - Update userdom_admin_user_template() and init_prog_run_bpf() interfaces to make working bpftool for confined admin
    - Label /usr/sbin/e2mmpstatus as fsadm_exec_t Resolves: rhbz#1684221
    - Update unconfined_dbus_send() interface to allow both direction communication over dbus with unconfined process.
    
        
file modified
+2 -0
file modified
+27 -3
file modified
+3 -3