[ol7_latest_archive] selinux-policy-targeted-3.13.1-23.0.1.el7_1.18.noarch

Name:	selinux-policy-targeted
Version:	3.13.1
Release:	23.0.1.el7_1.18
Architecture:	noarch
Group:	System Environment/Base
Size:	10533706
License:	GPLv2+
RPM:	selinux-policy-targeted-3.13.1-23.0.1.el7_1.18.noarch.rpm
Source RPM:	selinux-policy-3.13.1-23.0.1.el7_1.18.src.rpm
Build Date:	Tue Sep 15 2015
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://oss.tresys.com/repos/refpolicy/
Summary:	SELinux targeted base policy
Description:	SELinux Reference policy targeted base module.

Changelog (Show File list) (Show related packages)

Tue Sep 15 2015 Natalya Naumova <natalya.naumova@oracle.com> 3.13.1-23.0.1.el7_1.18
```
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
```
Thu Sep 03 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23.el7_1.18
```
- Allow qpidd access to /proc/<pid>/net/psched
Resolves: #1254318
```
Fri Aug 28 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23.el7_1.17
```
- Dontaudit chrome to read passwd file.
Resolves:#1257816
```

Wed Aug 26 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-23.el7_1.16

- Revert Allow qpidd access to /proc/<pid>/net/psched
Resolves: #1254318

Wed Aug 19 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-23.el7_1.15
```
-Allow qpidd access to /proc/<pid>/net/psched
Resolves: #1254318
```
Tue Aug 18 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-23.el7_1.14
```
- Allow chrome setcap to itself.
Resolves: #1254565
```

Tue Jul 28 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23.el7_1.13

- glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes.
-  Allow glusterd to communicate with cluster domains over stream socket.
Resolves:#1238963

Tue Jul 21 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23.el7_1.12
```
- Allow iptables to read ctdbd lib files.
Resolves:#1238965
```

Mon Jul 20 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23.el7_1.11

- Allow glusterd to manage nfsd and rpcd services.
- Allow samba_t net_admin capability to make CIFS mount working.
Resolves:#1238965
- Dontaudit smbd_t block_suspend capability.

Fri Jul 17 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23.el7_1.10

- Allow gluster to connect to all ports. It is required by random services executed by gluster.
- Allow glusterd to execute showmount in the showmount domain.
- Add samba_signull_unconfined_net()
- Add samba_signull_winbind()
Resolves:#1232755
- Add logging_syslogd_run_nagios_plugins boolean for rsyslog to allow transition to nagios unconfined plugins.
Resolves:#1238963
- Label gluster python hooks also as bin_t.
Resolves:#1238965
- We allow can_exec() on ssh_keygen on gluster. But there is a transition defined by init_initrc_domain() because we need to allow execute unconfined services by glusterd. So ssh-keygen ends up with ssh_keygen_t and we need to allow to manage /var/lib/glusterd/geo-replication/secret.pem.