Commit - rpms/selinux-policy - dcec63d64d226982748991fcef3cc29a889d9062

    * Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-283.29
    - Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795)
    - Allow nagios to exec itself and mmap nagios spool files BZ(1559683)
    - Allow nagios to mmap nagios config files BZ(1559683)
    - Add a policy for conntrackd
    - Fix typo in NetworkManager module
    - Fix bug in gssproxy SELinux module
    - Allow networkmanager to be run ssh client BZ(1558441)
    - Allow pcp domains to do dc override BZ(1557913)
    - Dontaudit pcp_pmie_t to reaquest lost kernel module
    - Allow pcp_pmcd_t to manage unpriv userdomains semaphores BZ(1554955)
    - Allow httpd_t to read httpd_log_t dirs BZ(1554912)
    - Allow fail2ban_t to read system network state BZ(1557752)
    - Allow dac override capability to mandb_t domain BZ(1529399)
    - Add Domain transition from gssproxy_t to httpd_t domains BZ(1548439)
    - Allow httpd_t to mmap user_home_type files if boolean httpd_read_user_content is enabled BZ(1555359)
    - Allow snapperd to relabel snapperd_data_t
    - Add allow to map for pki_tomcat_t
    - Allow rpm domain to mmap rpm_var_lib_t files
    - Allow tor_t domain to execute bin_t files BZ(1496274)
    - Allow iscsid_t domain to mmap kernel modules BZ(1553759)
    - Update minidlna SELinux policy BZ(1554087)
    - Allow motion_t domain to read sysfs_t files BZ(1554142
    - Allow systemd create stream socket permissions BZ(1560195)
    - Allow insmod_t to load modules BZ(1544189)
    - Allow systemd_rfkill_t domain sys_admin capability BZ(1557595)
    - Label also /run/systemd/resolved/ as systemd_resolved_var_run_t BZ(1556862)
    - Improve userdom_mmap_user_home_content_files
    - Allow systemd_logind_t domain to setattributes on fixed disk devices BZ(1555414)
    - Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module
    - Dontaudit kernel bug when systemd requesting load kernel module BZ(1547227)
    - Allow secadm_t domain to mmap audit config and log files
    - Update init_abstract_socket_activation() to allow also creating tcp sockets
    - getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain.
    - Create new type bpf_t and label /sys/fs/bpf with this type
    - Allow systemd to create systemd_rfkill_var_lib_t dirs BZ(1502164)
    - Allow netlabel_mgmt_t domain to read sssd public files, stream connect to sssd_t BZ(1483655)
    - Allow xdm_t domain to sys_ptrace BZ(1554150)
    - Allow application_domain_type also mmap inherited user temp files BZ(1552765)

container-selinux.tgz

file modified

+0 -0

policy-f27-base.patch

file modified

+177 -146

policy-f27-contrib.patch

file modified

+116 -89

selinux-policy.spec

file modified

+41 -1

psss / rpms / selinux-policy

Source Code

dcec63d * Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-283.29

Authored and Committed by lvrabec 6 years ago

`dcec63d` * Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-283.29