psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

9e60f7a * Tue Oct 24 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-283.12

Authored and Committed by lvrabec 6 years ago
raw patch tree parent
4 files changed. 326 lines added. 163 lines removed.
container-selinux.tgz
file modified
+0 -0
policy-f27-base.patch
file modified
+40 -8
policy-f27-contrib.patch
file modified
+251 -154
selinux-policy.spec
file modified
+35 -1 
    * Tue Oct 24 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-283.12
    - Allow chronyd_t do request kernel module and block_suspend capability
    - Allow system_cronjob_t to create /var/lib/letsencrypt dir with right label
    - Allow dnssec_trigger_t domain to execute binaries with dnssec_trigeer_exec_t BZ(1487912)
    - Allow l2tpd_t domain to send SIGKILL to ipsec_mgmt_t domains BZ(1505220)
    - Allow thumb_t creating thumb_home_t files in user_home_dir_t direcotry BZ(1474110)
    - Allow httpd_t also read httpd_user_content_type dirs when httpd_enable_homedirs is enables
    - Allow svnserve to use kerberos
    - Allow conman to use ptmx. Add conman_use_nfs boolean
    - Allow nnp transition for amavis and tmpreaper SELinux domains
    - Add dac_read_search capability to openvswitch_t domain
    - Allow svnserve to manage own svnserve_log_t files/dirs
    - Allow keepalived_t to search network sysctls
    - Allow puppetagent_t domain dbus chat with rhsmcertd_t domain
    - Add kill capability to openvswitch_t domain
    - Label also compressed logs in /var/log for different services
    - Allow proper transition when systems starting pdns to pdns_t domain. BZ(1305522)
    - Allow haproxy daemon to reexec itself. BZ(1447800)
    - Allow conmand to use usb ttys.
    - Allow openvswitch to run setfiles in setfiles_t domain.
    - Allow openvswitch_t domain to read process data of neutron_t domains
    - Fix typo in ipa_cert_filetrans_named_content() interface
    - Fix typo bug in summary of xguest SELinux module
    - Allow virtual machine with svirt_t label to stream connect to openvswitch.
    - Label qemu-pr-helper script as virt_exec_t so this script won't run as unconfined_service_t
    - Fixed typo httpd_sys_content_type should be httpd_user_content_type
    - Fix for Snapper file context definitions for home directory. bz(1465729)
    - Allow httpd_t domain to mmap httpd_user_content_t files. BZ(1494852)
    - Add support for running certbot(letsencrypt) in crontab
    - Allow nnp trasintion for unconfined_service_t
    - Allow systemd_machined to read mock lib files. BZ(1504493)
    - Allow systemd_resolved_t to dbusd chat with NetworkManager_t BZ(1505081)
    - Add map permission into dev_rw_infiniband_dev() interface to allow caller domain mmap infiniband chr device BZ(1500923)
file modified
+0 -0
file modified
+40 -8
file modified
+251 -154
file modified
+35 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.