diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index da7ea8e..da6f779 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -33465,7 +33465,7 @@ index d43f3b1..870bc36 100644 +/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) +/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if -index 3822072..9fcc183 100644 +index 3822072..270bde3 100644 --- a/policy/modules/system/selinuxutil.if +++ b/policy/modules/system/selinuxutil.if @@ -192,11 +192,22 @@ interface(`seutil_domtrans_newrole',` @@ -33871,7 +33871,7 @@ index 3822072..9fcc183 100644 ## Execute semanage in the semanage domain, and ## allow the specified role the semanage domain, ## and use the caller's terminal. -@@ -1017,11 +1310,66 @@ interface(`seutil_domtrans_semanage',` +@@ -1017,11 +1310,67 @@ interface(`seutil_domtrans_semanage',` # interface(`seutil_run_semanage',` gen_require(` @@ -33937,12 +33937,15 @@ index 3822072..9fcc183 100644 + files_search_etc($1) + list_dirs_pattern($1, selinux_config_t, semanage_store_t) + read_files_pattern($1, semanage_store_t, semanage_store_t) ++ read_lnk_files_pattern($1, semanage_store_t, semanage_store_t) ') ######################################## -@@ -1044,6 +1392,9 @@ interface(`seutil_manage_module_store',` +@@ -1043,7 +1392,11 @@ interface(`seutil_manage_module_store',` + files_search_etc($1) manage_dirs_pattern($1, selinux_config_t, semanage_store_t) manage_files_pattern($1, semanage_store_t, semanage_store_t) ++ manage_lnk_files_pattern($1, semanage_store_t, semanage_store_t) filetrans_pattern($1, selinux_config_t, semanage_store_t, dir, "modules") + filetrans_pattern($1, selinux_config_t, semanage_store_t, dir, "active") + filetrans_pattern($1, selinux_config_t, semanage_store_t, dir, "previous") @@ -33950,7 +33953,7 @@ index 3822072..9fcc183 100644 ') ####################################### -@@ -1137,3 +1488,122 @@ interface(`seutil_dontaudit_libselinux_linked',` +@@ -1137,3 +1490,122 @@ interface(`seutil_dontaudit_libselinux_linked',` selinux_dontaudit_get_fs_mount($1) seutil_dontaudit_read_config($1) ') diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index 1179d3e..4595712 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -48439,7 +48439,7 @@ index 97df768..852d1c6 100644 + admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t) ') diff --git a/nslcd.te b/nslcd.te -index a3e56f0..8903423 100644 +index a3e56f0..f70a784 100644 --- a/nslcd.te +++ b/nslcd.te @@ -1,4 +1,4 @@ @@ -48465,8 +48465,12 @@ index a3e56f0..8903423 100644 allow nslcd_t nslcd_conf_t:file read_file_perms; -@@ -38,12 +38,8 @@ kernel_read_system_state(nslcd_t) +@@ -36,14 +36,12 @@ files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir }) + kernel_read_system_state(nslcd_t) + ++dev_read_sysfs(nslcd_t) ++ corenet_all_recvfrom_unlabeled(nslcd_t) corenet_all_recvfrom_netlabel(nslcd_t) -corenet_tcp_sendrecv_generic_if(nslcd_t) @@ -48479,7 +48483,7 @@ index a3e56f0..8903423 100644 files_read_usr_symlinks(nslcd_t) files_list_tmp(nslcd_t) -@@ -52,10 +48,14 @@ auth_use_nsswitch(nslcd_t) +@@ -52,10 +50,14 @@ auth_use_nsswitch(nslcd_t) logging_send_syslog_msg(nslcd_t) @@ -67679,7 +67683,7 @@ index 951db7f..7736755 100644 + allow $1 mdadm_exec_t:file { getattr_file_perms execute }; ') diff --git a/raid.te b/raid.te -index 2c1730b..8e46216 100644 +index 2c1730b..6f60d73 100644 --- a/raid.te +++ b/raid.te @@ -15,6 +15,12 @@ role mdadm_roles types mdadm_t; @@ -67731,7 +67735,7 @@ index 2c1730b..8e46216 100644 corecmd_exec_bin(mdadm_t) corecmd_exec_shell(mdadm_t) -@@ -49,19 +63,27 @@ corecmd_exec_shell(mdadm_t) +@@ -49,19 +63,28 @@ corecmd_exec_shell(mdadm_t) dev_rw_sysfs(mdadm_t) dev_dontaudit_getattr_all_blk_files(mdadm_t) dev_dontaudit_getattr_all_chr_files(mdadm_t) @@ -67740,6 +67744,7 @@ index 2c1730b..8e46216 100644 dev_read_realtime_clock(mdadm_t) dev_read_raw_memory(mdadm_t) +dev_read_kvm(mdadm_t) ++dev_read_mei(mdadm_t) +dev_read_nvram(mdadm_t) +dev_read_generic_files(mdadm_t) +dev_read_generic_usb_dev(mdadm_t) @@ -67761,7 +67766,7 @@ index 2c1730b..8e46216 100644 mls_file_read_all_levels(mdadm_t) mls_file_write_all_levels(mdadm_t) -@@ -70,15 +92,20 @@ storage_dev_filetrans_fixed_disk(mdadm_t) +@@ -70,15 +93,20 @@ storage_dev_filetrans_fixed_disk(mdadm_t) storage_manage_fixed_disk(mdadm_t) storage_read_scsi_generic(mdadm_t) storage_write_scsi_generic(mdadm_t) @@ -67783,7 +67788,7 @@ index 2c1730b..8e46216 100644 userdom_dontaudit_use_unpriv_user_fds(mdadm_t) userdom_dontaudit_search_user_home_content(mdadm_t) -@@ -97,9 +124,17 @@ optional_policy(` +@@ -97,9 +125,17 @@ optional_policy(` ') optional_policy(` @@ -76522,7 +76527,7 @@ index aee75af..a6bab06 100644 + allow $1 samba_unit_file_t:service all_service_perms; ') diff --git a/samba.te b/samba.te -index 57c034b..aa2be40 100644 +index 57c034b..d48911d 100644 --- a/samba.te +++ b/samba.te @@ -1,4 +1,4 @@ @@ -76708,7 +76713,7 @@ index 57c034b..aa2be40 100644 type swat_t; type swat_exec_t; -@@ -170,27 +154,28 @@ type winbind_exec_t; +@@ -170,27 +154,29 @@ type winbind_exec_t; init_daemon_domain(winbind_t, winbind_exec_t) type winbind_helper_t; @@ -76736,6 +76741,7 @@ index 57c034b..aa2be40 100644 # - allow samba_net_t self:capability { sys_chroot sys_nice dac_read_search dac_override }; ++allow samba_net_t self:capability2 block_suspend; allow samba_net_t self:process { getsched setsched }; -allow samba_net_t self:unix_stream_socket { accept listen }; +allow samba_net_t self:unix_dgram_socket create_socket_perms; @@ -76745,7 +76751,7 @@ index 57c034b..aa2be40 100644 allow samba_net_t samba_etc_t:file read_file_perms; -@@ -206,17 +191,22 @@ manage_files_pattern(samba_net_t, samba_var_t, samba_var_t) +@@ -206,17 +192,22 @@ manage_files_pattern(samba_net_t, samba_var_t, samba_var_t) manage_lnk_files_pattern(samba_net_t, samba_var_t, samba_var_t) files_var_filetrans(samba_net_t, samba_var_t, dir, "samba") @@ -76772,7 +76778,7 @@ index 57c034b..aa2be40 100644 dev_read_urand(samba_net_t) -@@ -229,15 +219,16 @@ auth_manage_cache(samba_net_t) +@@ -229,15 +220,16 @@ auth_manage_cache(samba_net_t) logging_send_syslog_msg(samba_net_t) @@ -76793,7 +76799,7 @@ index 57c034b..aa2be40 100644 ') optional_policy(` -@@ -245,44 +236,56 @@ optional_policy(` +@@ -245,44 +237,56 @@ optional_policy(` ') optional_policy(` @@ -76862,7 +76868,7 @@ index 57c034b..aa2be40 100644 manage_lnk_files_pattern(smbd_t, samba_share_t, samba_share_t) allow smbd_t samba_share_t:filesystem { getattr quotaget }; -@@ -292,6 +295,8 @@ manage_lnk_files_pattern(smbd_t, samba_var_t, samba_var_t) +@@ -292,6 +296,8 @@ manage_lnk_files_pattern(smbd_t, samba_var_t, samba_var_t) manage_sock_files_pattern(smbd_t, samba_var_t, samba_var_t) files_var_filetrans(smbd_t, samba_var_t, dir, "samba") @@ -76871,7 +76877,7 @@ index 57c034b..aa2be40 100644 manage_dirs_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t) manage_files_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t) files_tmp_filetrans(smbd_t, smbd_tmp_t, { file dir }) -@@ -301,11 +306,11 @@ manage_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t) +@@ -301,11 +307,11 @@ manage_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t) manage_sock_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t) files_pid_filetrans(smbd_t, smbd_var_run_t, { dir file }) @@ -76887,7 +76893,7 @@ index 57c034b..aa2be40 100644 kernel_getattr_core_if(smbd_t) kernel_getattr_message_if(smbd_t) -@@ -315,43 +320,33 @@ kernel_read_kernel_sysctls(smbd_t) +@@ -315,43 +321,33 @@ kernel_read_kernel_sysctls(smbd_t) kernel_read_software_raid_state(smbd_t) kernel_read_system_state(smbd_t) @@ -76942,7 +76948,7 @@ index 57c034b..aa2be40 100644 fs_getattr_all_fs(smbd_t) fs_getattr_all_dirs(smbd_t) fs_get_xattr_fs_quotas(smbd_t) -@@ -360,44 +355,54 @@ fs_getattr_rpc_dirs(smbd_t) +@@ -360,44 +356,54 @@ fs_getattr_rpc_dirs(smbd_t) fs_list_inotifyfs(smbd_t) fs_get_all_fs_quotas(smbd_t) @@ -77008,7 +77014,7 @@ index 57c034b..aa2be40 100644 ') tunable_policy(`samba_domain_controller',` -@@ -413,20 +418,10 @@ tunable_policy(`samba_domain_controller',` +@@ -413,20 +419,10 @@ tunable_policy(`samba_domain_controller',` ') tunable_policy(`samba_enable_home_dirs',` @@ -77031,7 +77037,7 @@ index 57c034b..aa2be40 100644 tunable_policy(`samba_share_nfs',` fs_manage_nfs_dirs(smbd_t) fs_manage_nfs_files(smbd_t) -@@ -435,6 +430,7 @@ tunable_policy(`samba_share_nfs',` +@@ -435,6 +431,7 @@ tunable_policy(`samba_share_nfs',` fs_manage_nfs_named_sockets(smbd_t) ') @@ -77039,7 +77045,7 @@ index 57c034b..aa2be40 100644 tunable_policy(`samba_share_fusefs',` fs_manage_fusefs_dirs(smbd_t) fs_manage_fusefs_files(smbd_t) -@@ -442,17 +438,6 @@ tunable_policy(`samba_share_fusefs',` +@@ -442,17 +439,6 @@ tunable_policy(`samba_share_fusefs',` fs_search_fusefs(smbd_t) ') @@ -77057,7 +77063,7 @@ index 57c034b..aa2be40 100644 optional_policy(` ccs_read_config(smbd_t) ') -@@ -473,6 +458,11 @@ optional_policy(` +@@ -473,6 +459,11 @@ optional_policy(` ') optional_policy(` @@ -77069,7 +77075,7 @@ index 57c034b..aa2be40 100644 lpd_exec_lpr(smbd_t) ') -@@ -493,9 +483,33 @@ optional_policy(` +@@ -493,9 +484,33 @@ optional_policy(` udev_read_db(smbd_t) ') @@ -77104,7 +77110,7 @@ index 57c034b..aa2be40 100644 # dontaudit nmbd_t self:capability sys_tty_config; -@@ -506,9 +520,11 @@ allow nmbd_t self:msg { send receive }; +@@ -506,9 +521,11 @@ allow nmbd_t self:msg { send receive }; allow nmbd_t self:msgq create_msgq_perms; allow nmbd_t self:sem create_sem_perms; allow nmbd_t self:shm create_shm_perms; @@ -77119,7 +77125,7 @@ index 57c034b..aa2be40 100644 manage_dirs_pattern(nmbd_t, { smbd_var_run_t nmbd_var_run_t }, nmbd_var_run_t) manage_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t) -@@ -520,20 +536,15 @@ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t) +@@ -520,20 +537,15 @@ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t) read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t) manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t) @@ -77143,7 +77149,7 @@ index 57c034b..aa2be40 100644 kernel_getattr_core_if(nmbd_t) kernel_getattr_message_if(nmbd_t) -@@ -542,52 +553,40 @@ kernel_read_network_state(nmbd_t) +@@ -542,52 +554,40 @@ kernel_read_network_state(nmbd_t) kernel_read_software_raid_state(nmbd_t) kernel_read_system_state(nmbd_t) @@ -77208,7 +77214,7 @@ index 57c034b..aa2be40 100644 ') optional_policy(` -@@ -600,17 +599,24 @@ optional_policy(` +@@ -600,17 +600,24 @@ optional_policy(` ######################################## # @@ -77237,7 +77243,7 @@ index 57c034b..aa2be40 100644 samba_read_config(smbcontrol_t) samba_rw_var_files(smbcontrol_t) samba_search_var(smbcontrol_t) -@@ -620,16 +626,12 @@ domain_use_interactive_fds(smbcontrol_t) +@@ -620,16 +627,12 @@ domain_use_interactive_fds(smbcontrol_t) dev_read_urand(smbcontrol_t) @@ -77255,7 +77261,7 @@ index 57c034b..aa2be40 100644 optional_policy(` ctdbd_stream_connect(smbcontrol_t) -@@ -637,22 +639,23 @@ optional_policy(` +@@ -637,22 +640,23 @@ optional_policy(` ######################################## # @@ -77287,7 +77293,7 @@ index 57c034b..aa2be40 100644 allow smbmount_t samba_secrets_t:file manage_file_perms; -@@ -661,26 +664,22 @@ manage_files_pattern(smbmount_t, samba_var_t, samba_var_t) +@@ -661,26 +665,22 @@ manage_files_pattern(smbmount_t, samba_var_t, samba_var_t) manage_lnk_files_pattern(smbmount_t, samba_var_t, samba_var_t) files_var_filetrans(smbmount_t, samba_var_t, dir, "samba") @@ -77323,7 +77329,7 @@ index 57c034b..aa2be40 100644 fs_getattr_cifs(smbmount_t) fs_mount_cifs(smbmount_t) -@@ -692,58 +691,77 @@ fs_read_cifs_files(smbmount_t) +@@ -692,58 +692,77 @@ fs_read_cifs_files(smbmount_t) storage_raw_read_fixed_disk(smbmount_t) storage_raw_write_fixed_disk(smbmount_t) @@ -77415,7 +77421,7 @@ index 57c034b..aa2be40 100644 manage_dirs_pattern(swat_t, swat_tmp_t, swat_tmp_t) manage_files_pattern(swat_t, swat_tmp_t, swat_tmp_t) -@@ -752,17 +770,13 @@ files_tmp_filetrans(swat_t, swat_tmp_t, { file dir }) +@@ -752,17 +771,13 @@ files_tmp_filetrans(swat_t, swat_tmp_t, { file dir }) manage_files_pattern(swat_t, swat_var_run_t, swat_var_run_t) files_pid_filetrans(swat_t, swat_var_run_t, file) @@ -77439,7 +77445,7 @@ index 57c034b..aa2be40 100644 kernel_read_kernel_sysctls(swat_t) kernel_read_system_state(swat_t) -@@ -770,36 +784,25 @@ kernel_read_network_state(swat_t) +@@ -770,36 +785,25 @@ kernel_read_network_state(swat_t) corecmd_search_bin(swat_t) @@ -77482,7 +77488,7 @@ index 57c034b..aa2be40 100644 auth_domtrans_chk_passwd(swat_t) auth_use_nsswitch(swat_t) -@@ -811,10 +814,11 @@ logging_send_syslog_msg(swat_t) +@@ -811,10 +815,11 @@ logging_send_syslog_msg(swat_t) logging_send_audit_msgs(swat_t) logging_search_logs(swat_t) @@ -77496,7 +77502,7 @@ index 57c034b..aa2be40 100644 optional_policy(` cups_read_rw_config(swat_t) cups_stream_connect(swat_t) -@@ -834,16 +838,19 @@ optional_policy(` +@@ -834,16 +839,19 @@ optional_policy(` # allow winbind_t self:capability { dac_override ipc_lock setuid sys_nice }; @@ -77520,7 +77526,7 @@ index 57c034b..aa2be40 100644 allow winbind_t samba_etc_t:dir list_dir_perms; read_files_pattern(winbind_t, samba_etc_t, samba_etc_t) -@@ -853,9 +860,7 @@ manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t) +@@ -853,9 +861,7 @@ manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t) filetrans_pattern(winbind_t, samba_etc_t, samba_secrets_t, file) manage_dirs_pattern(winbind_t, samba_log_t, samba_log_t) @@ -77531,7 +77537,7 @@ index 57c034b..aa2be40 100644 manage_lnk_files_pattern(winbind_t, samba_log_t, samba_log_t) manage_dirs_pattern(winbind_t, samba_var_t, samba_var_t) -@@ -866,23 +871,21 @@ files_var_filetrans(winbind_t, samba_var_t, dir, "samba") +@@ -866,23 +872,21 @@ files_var_filetrans(winbind_t, samba_var_t, dir, "samba") rw_files_pattern(winbind_t, smbd_tmp_t, smbd_tmp_t) @@ -77561,7 +77567,7 @@ index 57c034b..aa2be40 100644 manage_sock_files_pattern(winbind_t, smbd_var_run_t, smbd_var_run_t) kernel_read_network_state(winbind_t) -@@ -891,13 +894,17 @@ kernel_read_system_state(winbind_t) +@@ -891,13 +895,17 @@ kernel_read_system_state(winbind_t) corecmd_exec_bin(winbind_t) @@ -77582,7 +77588,7 @@ index 57c034b..aa2be40 100644 corenet_tcp_connect_smbd_port(winbind_t) corenet_tcp_connect_epmap_port(winbind_t) corenet_tcp_connect_all_unreserved_ports(winbind_t) -@@ -905,10 +912,6 @@ corenet_tcp_connect_all_unreserved_ports(winbind_t) +@@ -905,10 +913,6 @@ corenet_tcp_connect_all_unreserved_ports(winbind_t) dev_read_sysfs(winbind_t) dev_read_urand(winbind_t) @@ -77593,7 +77599,7 @@ index 57c034b..aa2be40 100644 fs_getattr_all_fs(winbind_t) fs_search_auto_mountpoints(winbind_t) -@@ -917,18 +920,24 @@ auth_domtrans_chk_passwd(winbind_t) +@@ -917,18 +921,24 @@ auth_domtrans_chk_passwd(winbind_t) auth_use_nsswitch(winbind_t) auth_manage_cache(winbind_t) @@ -77620,7 +77626,7 @@ index 57c034b..aa2be40 100644 optional_policy(` ctdbd_stream_connect(winbind_t) -@@ -936,7 +945,12 @@ optional_policy(` +@@ -936,7 +946,12 @@ optional_policy(` ') optional_policy(` @@ -77633,7 +77639,7 @@ index 57c034b..aa2be40 100644 ') optional_policy(` -@@ -952,31 +966,29 @@ optional_policy(` +@@ -952,31 +967,29 @@ optional_policy(` # Winbind helper local policy # @@ -77671,7 +77677,7 @@ index 57c034b..aa2be40 100644 optional_policy(` apache_append_log(winbind_helper_t) -@@ -990,25 +1002,38 @@ optional_policy(` +@@ -990,25 +1003,38 @@ optional_policy(` ######################################## # @@ -86522,7 +86528,7 @@ index 42946bc..741f2f4 100644 + can_exec($1, telepathy_executable) ') diff --git a/telepathy.te b/telepathy.te -index e9c0964..c0fe4c6 100644 +index e9c0964..d4686e6 100644 --- a/telepathy.te +++ b/telepathy.te @@ -1,29 +1,28 @@ @@ -86565,7 +86571,7 @@ index e9c0964..c0fe4c6 100644 telepathy_domain_template(gabble) -@@ -67,176 +66,146 @@ userdom_user_home_content(telepathy_sunshine_home_t) +@@ -67,176 +66,147 @@ userdom_user_home_content(telepathy_sunshine_home_t) ####################################### # @@ -86757,7 +86763,8 @@ index e9c0964..c0fe4c6 100644 -userdom_user_home_dir_filetrans(telepathy_mission_control_t, telepathy_mission_control_home_t, dir, ".mission-control") +userdom_search_user_home_dirs(telepathy_mission_control_t) + -+read_files_pattern(telepathy_mission_control_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t) ++manage_files_pattern(telepathy_mission_control_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t) ++manage_dirs_pattern(telepathy_mission_control_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t) -manage_dirs_pattern(telepathy_mission_control_t, telepathy_mission_control_data_home_t, telepathy_mission_control_data_home_t) +manage_dirs_pattern(telepathy_mission_control_t, { telepathy_data_home_t telepathy_mission_control_data_home_t }, { telepathy_data_home_t telepathy_mission_control_data_home_t }) @@ -86792,7 +86799,7 @@ index e9c0964..c0fe4c6 100644 optional_policy(` dbus_system_bus_client(telepathy_mission_control_t) -@@ -245,59 +214,51 @@ optional_policy(` +@@ -245,59 +215,51 @@ optional_policy(` devicekit_dbus_chat_power(telepathy_mission_control_t) ') optional_policy(` @@ -86867,7 +86874,7 @@ index e9c0964..c0fe4c6 100644 init_read_state(telepathy_msn_t) -@@ -307,18 +268,19 @@ logging_send_syslog_msg(telepathy_msn_t) +@@ -307,18 +269,19 @@ logging_send_syslog_msg(telepathy_msn_t) miscfiles_read_all_certs(telepathy_msn_t) @@ -86892,7 +86899,7 @@ index e9c0964..c0fe4c6 100644 ') optional_policy(` -@@ -329,43 +291,33 @@ optional_policy(` +@@ -329,43 +292,33 @@ optional_policy(` ') ') @@ -86941,7 +86948,7 @@ index e9c0964..c0fe4c6 100644 ') optional_policy(` -@@ -378,73 +330,53 @@ optional_policy(` +@@ -378,73 +331,53 @@ optional_policy(` ####################################### # @@ -87025,7 +87032,7 @@ index e9c0964..c0fe4c6 100644 optional_policy(` xserver_read_xdm_pid(telepathy_sunshine_t) xserver_stream_connect(telepathy_sunshine_t) -@@ -452,31 +384,43 @@ optional_policy(` +@@ -452,31 +385,43 @@ optional_policy(` ####################################### # diff --git a/selinux-policy.spec b/selinux-policy.spec index db82b42..0dc688e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.12.1 -Release: 78%{?dist} +Release: 79%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -570,6 +570,12 @@ SELinux Reference policy mls base module. %endif %changelog +* Mon Sep 9 2013 Miroslav Grepl 3.12.1-79 +- Allow block_suspend cap for samba-net +- Allow t-mission-control to manage gabble cache files +- Allow nslcd to read /sys/devices/system/cpu +- Allow selinux_store to use symlinks + * Mon Sep 9 2013 Miroslav Grepl 3.12.1-78 - Allow xdm_t to transition to itself - Call neutron interfaces instead of quantum