psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

7455354 * Thu Sep 15 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-214

Authored and Committed by lvrabec 7 years ago
raw patch tree parent
4 files changed. 1005 lines added. 805 lines removed.
docker-selinux.tgz
file modified
+0 -0
policy-rawhide-base.patch
file modified
+355 -311
policy-rawhide-contrib.patch
file modified
+603 -492
selinux-policy.spec
file modified
+47 -2 
    * Thu Sep 15 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-214
    - Allow attach usb device to virtual machine BZ(1276873)
    - Dontaudit mozilla_plugin to sys_ptrace
    - Allow nut_upsdrvctl_t domain to read udev db BZ(1375636)
    - Fix typo
    - Allow geoclue to send msgs to syslog. BZ(1371818)
    - Allow abrt to read rpm_tmp_t dirs
    - Add interface rpm_read_tmp_files()
    - Remove labels for somr docker sandbox files for now. This needs to be reverted after fixes in docker-selinux
    - Update oracleasm SELinux module that can manage oracleasmfs_t blk files. Add dac_override cap to oracleasm_t domain.
    - Add few rules to pcp SELinux module to make ti able to start pcp_pmlogger service
    - Revert "label /var/lib/kubelet as svirt_sandbox_file_t"
    - Remove file context for /var/lib/kubelet. This filecontext is part of docker now
    - Add oracleasm_conf_t type and allow oracleasm_t to create /dev/oracleasm
    - Label /usr/share/pcp/lib/pmie as pmie_exec_t and /usr/share/pcp/lib/pmlogger as pmlogger_exec_t
    - Allow mdadm_t to getattr all device nodes
    - Dontaudit gkeyringd_domain to connect to system_dbusd_t
    - Add interface dbus_dontaudit_stream_connect_system_dbusd()
    - Allow guest-set-user-passwd to set users password.
    - Allow domains using kerberos to read also kerberos config dirs
    - Add kdymp_t domain sys_admin capability BZ(1357949)
    - Allow dnssec_trigger to exec ldconfig
    - Label /var/lib/docker-latest/vfs as svirt_sandbox_file_t
    - Fix typo bugs in rsync and inetd SELinux modules
    - Label /var/lib/docker/vfs as svirt_sandbox_file_t in virt SELinux module
    - Merge pull request #147 from rhatdan/virt
    - Merge pull request #149 from rhatdan/daemon_contrib
    - Merge pull request #151 from rhatdan/msg
    - Allow add new interface to new namespace BZ(1375124)
    - Allow systemd to relalbel files stored in /run/systemd/inaccessible/
    -  Add interface fs_getattr_tmpfs_blk_file()
    - Dontaudit domain to create any file in /proc. This is kernel bug.
    - Improve regexp for power_unit_file_t files. To catch just systemd power unit files.
    - Add new interface fs_getattr_oracleasmfs_fs()
    - Add interface fs_manage_oracleasm()
    - Label /dev/kfd as hsa_device_t
    - Update seutil_manage_file_contexts() interface that caller domain can also manage file_context_t dirs
    - Add transition rule that caller domain can create resolv.conf link file with correct label in sysnet_filetrans_named_content() interface
    - Add systemd_machined_t kill capability
    - Allow systemd_machined_t to read nsfs_t files
    - Allow run sulogin_t in range mls_systemlow-mls_systemhigh.
    
    * Thu Sep 15 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-213
    - Bump release
file modified
+0 -0
file modified
+355 -311
file modified
+603 -492
file modified
+47 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.