* Mon Mar 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-13
- allow bluetooth_t domain to create alg_socket bz(1554410)
- allow tor_t domain to execute bin_t files bz(1496274)
- allow iscsid_t domain to mmap kernel modules bz(1553759)
- update minidlna selinux policy bz(1554087)
- allow motion_t domain to read sysfs_t files bz(1554142)
- allow snapperd_t domain to getattr on all files,dirs,sockets,pipes bz(1551738)
- allow l2tp_t domain to read ipsec config files bz(1545348)
- allow colord_t to mmap home user files bz(1551033)
- dontaudit httpd_t creating kobject uevent sockets bz(1552536)
- allow ipmievd_t to mmap kernel modules bz(1552535)
- allow boinc_t domain to read cgroup files bz(1468381)
- backport allow rules from refpolicy upstream repo
- allow gpg_t domain to bind on all unereserved udp ports
- allow systemd to create systemd_rfkill_var_lib_t dirs bz(1502164)
- allow netlabel_mgmt_t domain to read sssd public files, stream connect to sssd_t bz(1483655)
- allow xdm_t domain to sys_ptrace bz(1554150)
- allow application_domain_type also mmap inherited user temp files bz(1552765)
- update ipsec_read_config() interface
- fix broken sysadm selinux module
- allow ipsec_t to search for bind cache bz(1542746)
- allow staff_t to send sigkill to mount_t domain bz(1544272)
- label /run/systemd/resolve/stub-resolv.conf as net_conf_t bz(1471545)
- label ip6tables.init as iptables_exec_t bz(1551463)
- allow hostname_t to use usb ttys bz(1542903)
- add fsetid capability to updpwd_t domain bz(1543375)
- allow systemd machined send signal to all domains bz(1372644)
- dontaudit create netlink selinux sockets for unpriv selinux users bz(1547876)
- allow sysadm_t to create netlink generic sockets bz(1547874)
- allow passwd_t domain chroot
- dontaudit confined unpriviliged users setuid capability
lvrabec
6 years ago