[ol7_latest_archive] selinux-policy-3.13.1-102.0.2.el7.noarch

Name:	selinux-policy
Version:	3.13.1
Release:	102.0.2.el7
Architecture:	noarch
Group:	System Environment/Base
Size:	2694
License:	GPLv2+
RPM:	selinux-policy-3.13.1-102.0.2.el7.noarch.rpm
Source RPM:	selinux-policy-3.13.1-102.0.2.el7.src.rpm
Build Date:	Tue Nov 08 2016
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	http://oss.tresys.com/repos/refpolicy/
Summary:	SELinux policy configuration
Description:	SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117

Changelog (Show File list) (Show related packages)

Mon Nov 07 2016 Livy Ge <livy.ge@oracle.com> - 3.13.1-102.0.2

- selinux-policy includes updated docker selinux policy [Orabug 24697785] (thomas.tanaka)

Thu Nov 03 2016 EL Errata <el-errata_ww@oracle.com> - 3.13.1-102.0.1
```
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
```

Tue Sep 27 2016 Dan Walsh <dwalsh@redhat.com> - 3.13.1-102

- Add virt_sandbox_use_nfs -> virt_use_nfs boolean substitution.
Resolves: rhbz#1355783

Tue Sep 27 2016 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-101

- Allow pcp_pmcd_t domain transition to lvm_t Add capability kill and sys_ptrace to pcp_pmlogger_t
Resolves: rhbz#1309883

Wed Sep 21 2016 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-100

- Allow ftp daemon to manage apache_user_content
Resolves: rhbz#1097775
- Label /etc/sysconfig/oracleasm as oracleasm_conf_t
Resolves: rhbz#1331383
- Allow oracleasm to rw inherited fixed disk device
Resolves: rhbz#1331383
- Allow collectd to connect on unix_stream_socket
Resolves: rhbz#1377259

Wed Sep 14 2016 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-99

- Allow iscsid create netlink iscsid sockets.
Resolves: rhbz#1358266
- Improve regexp for power_unit_file_t files. To catch just systemd power unit files.
Resolves: rhbz#1375462

Tue Sep 13 2016 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-98

- Update oracleasm SELinux module that can manage oracleasmfs_t blk files. Add dac_override cap to oracleasm_t domain.
Resolves: rhbz#1331383
- Add few rules to pcp SELinux module to make ti able to start pcp_pmlogger service
Resolves: rhbz#1206525

Tue Sep 06 2016 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-97

- Add oracleasm_conf_t type and allow oracleasm_t to create /dev/oracleasm
Resolves: rhbz#1331383
- Label /usr/share/pcp/lib/pmie as pmie_exec_t and /usr/share/pcp/lib/pmlogger as pmlogger_exec_t
Resolves: rhbz#1206525
- Allow mdadm_t to getattr all device nodes
Resolves: rhbz#1365171
- Add interface dbus_dontaudit_stream_connect_system_dbusd()
Resolves:rhbz#1052880
- Add virt_stub_* interfaces for docker policy which is no longer a part of our base policy.
Resolves: rhbz#1372705
- Allow guest-set-user-passwd to set users password.
Resolves: rhbz#1369693
- Allow samdbox domains to use msg class
Resolves: rhbz#1372677
- Allow domains using kerberos to read also kerberos config dirs
Resolves: rhbz#1368492
- Allow svirt_sandbox_domains to r/w onload sockets
Resolves: rhbz#1342930
- Add interface fs_manage_oracleasm()
Resolves: rhbz#1331383
- Label /dev/kfd as hsa_device_t
Resolves: rhbz#1373488
- Update seutil_manage_file_contexts() interface that caller domain can also manage file_context_t dirs
Resolves: rhbz#1368097
- Add interface to write to nsfs inodes
Resolves: rhbz#1372705
- Allow systemd services to use PrivateNetwork feature
Resolves: rhbz#1372705
- Add a type and genfscon for nsfs.
Resolves: rhbz#1372705
- Allow run sulogin_t in range mls_systemlow-mls_systemhigh.
Resolves: rhbz#1290400

Wed Aug 31 2016 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-96

- Allow arpwatch to create netlink netfilter sockets. Resolves: rhbz#1358261
- Fix file context for /etc/pki/pki-tomcat/ca/
- new interface oddjob_mkhomedir_entrypoint()
- Move label for /var/lib/docker/vfs/ to proper SELinux module
- Allow mdadm to get attributes from all devices.
- Label /etc/puppetlabs as puppet_etc_t.
- Allow systemd-machined to communicate to lxc container using dbus
- Allow systemd_resolved to send dbus msgs to userdomains Resolves: rhbz#1236579
- Allow systemd-resolved to read network sysctls Resolves: rhbz#1236579
- Allow systemd_resolved to connect on system bus. Resolves: rhbz#1236579
- Make entrypoint oddjob_mkhomedir_exec_t for unconfined_t
- Label all files in /dev/oracleasmfs/ as oracleasmfs_t Resolves: rhbz#1331383

Tue Aug 23 2016 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-95

- Label /etc/pki/pki-tomcat/ca/ as pki_tomcat_cert_t
Resolves:rhbz#1366915
- Allow certmonger to manage all systemd unit files
Resolves:rhbz#1366915
- Grant certmonger "chown" capability
Resolves:rhbz#1366915
- Allow ipa_helper_t stream connect to dirsrv_t domain
Resolves: rhbz#1368418
- Update oracleasm SELinux module
Resolves: rhbz#1331383
- label /var/lib/kubelet as svirt_sandbox_file_t
Resolves: rhbz#1369159
- Add few interfaces to cloudform.if file
Resolves: rhbz#1367834
- Label /var/run/corosync-qnetd and /var/run/corosync-qdevice as cluster_var_run_t. Note: corosync policy is now par of rhcs module
Resolves: rhbz#1347514
- Allow krb5kdc_t to read krb4kdc_conf_t dirs.
Resolves: rhbz#1368492
- Update networkmanager_filetrans_named_content() interface to allow source domain to create also temad dir in /var/run.
Resolves: rhbz#1365653
- Allow teamd running as NetworkManager_t to access netlink_generic_socket to allow multiple network interfaces to be teamed together.
Resolves: rhbz#1365653
- Label /dev/oracleasmfs as oracleasmfs_t. Add few interfaces related to oracleasmfs_t type
Resolves: rhbz#1331383
- A new version of cloud-init that supports the effort to provision RHEL Atomic on Microsoft Azure requires some a new rules that allows dhclient/dhclient hooks to call cloud-init.
Resolves: rhbz#1367834
- Allow iptables to creating netlink generic sockets.
Resolves: rhbz#1364359