c4065f * Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7

Authored and Committed by Lukas Vrabec 5 years ago
    * Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
    - Allow fontconfig file transition for xguest_u user
    - Add gnome_filetrans_fontconfig_home_content interface
    - Add permissions needed by systemd's machinectl shell/login
    - Update SELinux policy for xen services
    - Add dac_override capability for kdumpctl_t process domain
    - Allow chronyd_t domain to exec shell
    - Fix varnisncsa typo
    - Allow init start freenx-server BZ(1678025)
    - Create logrotate_use_fusefs boolean
    - Add tcpd_wrapped_domain for telnetd BZ(1676940)
    - Allow tcpd bind to services ports BZ(1676940)
    - Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t
    - Make shell_exec_t type as entrypoint for vmtools_unconfined_t.
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
    - Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
    - Allow esmtp access .esmtprc BZ(1691149)
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
    - Allow tlp_t domain to read nvme block devices BZ(1692154)
    - Add support for smart card authentication in cockpit BZ(1690444)
    - Add permissions needed by systemd's machinectl shell/login
    - Allow kmod_t domain to mmap modules_dep_t files.
    - Allow systemd_machined_t dac_override capability BZ(1670787)
    - Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files
    - Allow unconfined_domain_type to use bpf tools BZ(1694115)
    - Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)"
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
    - Allow unconfined_domain_type to use bpf tools BZ(1694115)
    - Allow init_t read mnt_t symlinks BZ(1637070)
    - Update dev_filetrans_all_named_dev() interface
    - Allow xdm_t domain to execmod temp files BZ(1686675)
    - Revert "Allow xdm_t domain to create own tmp files BZ(1686675)"
    - Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582)
    - Allow confined users labeled as staff_t to run iptables.
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
    - Allow xdm_t domain to create own tmp files BZ(1686675)
    - Add miscfiles_dontaudit_map_generic_certs interface.
    
        
file modified
+3 -0
file modified
+41 -3
file modified
+4 -3