* Mon Jun 09 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-167
- Allow keystone to connect to additional ports to make OpenStack
working
- Allow thumb_t to connect to the xserver port when you are runnin it
via an ssh tunnel
- Allow certmonger to manage all certs
- rhsmcertd seems to need these accesses.
- Add cups_execmem boolean
- Allow cups to execute its rw_etc_t files, for brothers printers
- Need these privs inorder to watch videon
- Allow locate to list directories without labels
- Allow staff_t to communicate and run docker
- Add fixes to make munin and munin-cgi working. Allow munin-cgit to
create files/dirs in /tmp, list munin conf dir
- Allow bitlbee to use tcp/7778 port
- /etc/cron.daily/logrotate to execute fail2ban-client.
- Allow keepalives to connect to SNMP port. Support to do SNMP stuff
- Allow also fowner cap for varnishd
- Allow keepalived to execute bin_t/shell_exec_t
- Fix bitlbee policy
- Fix rabbitmq.te
- Fix labels on rabbitmq_var_run_t on file/dir creation
- Allow neutron to create sock files
- Allow postfix domains to getattr on all file systems
- Add fixes for squid which is configured to run with more than one
worker.
- Allow certmonger to manage all certs
- Fix *_ecryptfs_home_dirs booleans
- Fix typoes in userdomain.if and libraries.te
- Allow ldconfig_t to read/write inherited user tmp pipes
- Use proper calling in ssh.te for userdom_home_manager attribute
- Fix decl for cockip port