diff --git a/SOURCES/policy-rhel-7.6.z-contrib.patch b/SOURCES/policy-rhel-7.6.z-contrib.patch index 3f343db..4f47591 100644 --- a/SOURCES/policy-rhel-7.6.z-contrib.patch +++ b/SOURCES/policy-rhel-7.6.z-contrib.patch @@ -358,6 +358,27 @@ index 7804cbaf4..2bcedd014 100644 rpc_domtrans_rpcd(glusterd_t) rpc_manage_nfs_state_data(glusterd_t) rpc_manage_nfs_state_data_dir(glusterd_t) +diff --git a/nova.te b/nova.te +index 2259a5192..af8dd5527 100644 +--- a/nova.te ++++ b/nova.te +@@ -124,6 +124,7 @@ corenet_sendrecv_dns_server_packets(nova_domain) + corenet_sendrecv_dhcpd_server_packets(nova_domain) + + auth_use_nsswitch(nova_t) ++auth_use_pam(nova_t) + auth_read_passwd(nova_domain) + + dev_read_sysfs(nova_domain) +@@ -132,7 +133,7 @@ dev_read_rand(nova_domain) + + fs_getattr_all_fs(nova_domain) + +-init_read_utmp(nova_domain) ++init_rw_utmp(nova_domain) + + libs_exec_ldconfig(nova_domain) + diff --git a/rhcs.te b/rhcs.te index 0e8b031bb..c029ccd71 100644 --- a/rhcs.te @@ -490,3 +511,15 @@ index f4df4fda2..f585a7fb5 100644 optional_policy(` mount_exec(nfsd_t) mount_manage_pid_files(nfsd_t) +diff --git a/sysstat.te b/sysstat.te +index a2690e315..efb2f855c 100644 +--- a/sysstat.te ++++ b/sysstat.te +@@ -44,6 +44,7 @@ dev_read_urand(sysstat_t) + + files_search_var(sysstat_t) + files_read_etc_runtime_files(sysstat_t) ++files_search_all_mountpoints(sysstat_t) + + fs_getattr_all_fs(sysstat_t) + fs_list_inotifyfs(sysstat_t) diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 7cef457..40d3140 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 229%{?dist}.5 +Release: 229%{?dist}.6 License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -657,6 +657,12 @@ fi %endif %changelog +* Fri Nov 02 2018 Lukas Vrabec - 3.13.1-229.6 +- Allow nova_t domain to use pam +Resolves: rhbz:#1645270 +- sysstat: grant sysstat_t the search_dir_perms set +Resolves: rhbz#1645271 + * Fri Oct 12 2018 Lukas Vrabec - 3.13.1-229.5 - Remove disabling ganesha module in pre install phase of installation new selinux-policy package where ganesha is again standalone module Resolves: rhbz#1638257