rpms / selinux-policy

Clone
Source Code
GIT

fac3fc * Wed Mar 30 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-180

Authored and Committed by Lukas Vrabec 8 years ago
raw patch tree parent
4 files changed. 4722 lines added. 1790 lines removed.
docker-selinux.tgz
file modified
+0 -0
policy-rawhide-base.patch
file modified
+4217 -1476
policy-rawhide-contrib.patch
file modified
+466 -313
selinux-policy.spec
file modified
+39 -1 
    * Wed Mar 30 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-180
    - Allow dovecot_auth_t domain to manage also dovecot_var_run_t fifo files. BZ(1320415)
    - Allow colord to read /etc/udev/hwdb.bin. rhzb#1316514
    - sandboxX.te: Allow sandbox domain to have entrypoint access only for executables and mountpoints.
    - Allow sandbox domain to have entrypoint access only for executables and mountpoints.
    - Allow bitlee to create bitlee_var_t dirs.
    - Allow CIM provider to read sssd public files.
    - Fix some broken interfaces in distro policy.
    - Allow power button to shutdown the laptop.
    - Allow lsm plugins to create named fixed disks. rhbz#1238066
    - Allow hyperv domains to rw hyperv devices. rhbz#1241636
    - Label /var/www/html(/.*)?/wp_backups(/.*)? as httpd_sys_rw_content_t.
    - Create conman_unconfined_script_t type for conman script stored in /use/share/conman/exec/
    - Allow rsync_export_all_ro boolean to read also non_auth_dirs/files/symlinks.
    - Allow pmdaapache labeled as pcp_pmcd_t access to port 80 for apache diagnostics
    - Label nagios scripts as httpd_sys_script_exec_t.
    - Allow nsd_t to bind on nsf_control tcp port. Allow nsd_crond_t to read nsd pid.
    - Fix couple of cosmetic thing in new virtlogd_t policy. rhbz #1311576
    - Merge pull request #104 from berrange/rawhide-contrib-virtlogd
    - Label /var/run/ecblp0 as cupsd_var_run_t due to this fifo_file is used by epson drivers. rhbz#1310336
    - Dontaudit logrotate to setrlimit itself. rhbz#1309604
    - Add filename transition that /etc/princap will be created with cupsd_rw_etc_t label in cups_filetrans_named_content() interface.
    - Allow pcp_pmie and pcp_pmlogger to read all domains state.
    - Allow systemd-gpt-generator to create and manage systemd gpt generator unit files. BZ(1319446)
    - Merge pull request #115 from rhatdan/nvidea
    - Label all nvidia binaries as xserver_exec_t
    - Add new systemd_hwdb_read_config() interface. rhbz#1316514
    - Add back corecmd_read_all_executables() interface.
    - Call files_type() instead of file_type() for unlabeled_t.
    - Add files_entrypoint_all_mountpoint() interface.
    - Make unlabeled only as a file_type type. It is a type for fallback if there is an issue with labeling.
    - Add corecmd_entrypoint_all_executables() interface.
    - Create hyperv* devices and create rw interfaces for this devices. rhbz#1309361
    - Add neverallow assertion for unlabaled_t to increase policy security.
    - Allow systemd-rfkill to create /var/lib/systemd/rfkill dir. rhbz#1319499
    - Label 8952 tcp port as nsd_control.
    - Allow to log out to gdm after screen was resized in session via vdagent. Resolves: rhbz#1249020
file modified
+0 -0
file modified
+4217 -1476
file modified
+466 -313
file modified
+39 -1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation