-
Wed May 07 2014 Jingdong Lu <jingdong.lu@oracle.com> 3.12.1-153.0.1.el7
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
-
Mon Apr 07 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-153
- Change hsperfdata_root to have as user_tmp_t
Resolves:#1076523
-
Fri Apr 04 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-152
- Fix Multiple same specifications for /var/named/chroot/dev/zero
- Add labels for /var/named/chroot_sdb/dev devices
- Add support for strongimcv
- Use kerberos_keytab_domains in auth_use_nsswitch
- Update auth_use_nsswitch to make all these types as kerberos_keytab_domain to
- Allow net_raw cap for neutron_t and send sigkill to dnsmasq
- Fix ntp_filetrans_named_content for sntp-kod file
- Add httpd_dbus_sssd boolean
- Dontaudit exec insmod in boinc policy
- Rename kerberos_keytab_domain to kerberos_keytab_domains
- Add kerberos_keytab_domain()
- Fix kerberos_keytab_template()
- Make all domains which use kerberos as kerberos_keytab_domain
Resolves:#1083670
- Allow kill capability to winbind_t
-
Wed Apr 02 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-151
- varnishd wants chown capability
- update ntp_filetrans_named_content() interface
- Add additional fixes for neutron_t. #1083335
- Dontaudit getattr on proc_kcore_t
- Allow pki_tomcat_t to read ipa lib files
- Allow named_filetrans_domain to create /var/cache/ibus with correct labelign
- Allow init_t run /sbin/augenrules
- Add dev_unmount_sysfs_fs and sysnet_manage_ifconfig_run interfaces
- Allow unpriv SELinux user to use sandbox
- Add default label for /tmp/hsperfdata_root
-
Tue Apr 01 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-149
- Add file subs also for /var/home
-
Mon Mar 31 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-149
- Allow xauth_t to read user_home_dir_t lnk_file
- Add labeling for lightdm-data
- Allow certmonger to manage ipa lib files
- Add support for /var/lib/ipa
- Allow pegasus to getattr virt_content
- Added some new rules to pcp policy
- Allow chrome_sandbox to execute config_home_t
- Add support for ABRT FAF
-
Fri Mar 28 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-148
- Allow kdm to send signull to remote_login_t process
- Add gear policy
- Turn on gear_port_t
- Allow cgit to read gitosis lib files by default
- Allow vdagent to read xdm state
- Allow NM and fcoeadm to talk together over unix_dgram_socket
-
Thu Mar 27 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-147
- Back port fixes for pegasus_openlmi_admin_t from rawhide
Resolves:#1080973
- Add labels for ostree
- Add SELinux awareness for NM
- Label /usr/sbin/pwhistory_helper as updpwd_exec_t
-
Wed Mar 26 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-146
- add gnome_append_home_config()
- Allow thumb to append GNOME config home files
- Allow rasdaemon to rw /dev/cpu//msr
- fix /var/log/pki file spec
- make bacula_t as auth_nsswitch domain
- Identify pki_tomcat_cert_t as a cert_type
- Define speech-dispater_exec_t as an application executable
- Add a new file context for /var/named/chroot/run directory
- update storage_filetrans_all_named_dev for sg* devices
- Allow auditctl_t to getattr on all removeable devices
- Allow nsswitch_domains to stream connect to nmbd
- Allow unprivusers to connect to memcached
- label /var/lib/dirsrv/scripts-INSTANCE as bin_t
-
Mon Mar 24 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-145
- Allow also unpriv user to run vmtools
- Allow secadm to read /dev/urandom and meminfo
Resolves:#1079250
- Add booleans to allow docker processes to use nfs and samba
- Add mdadm_tmpfs support
- Dontaudit net_amdin for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51-2.4.5.1.el7.x86_64/jre-abrt/bin/java running as pki_tomcat_t
- Allow vmware-user-sui to use user ttys
- Allow talk 2 users logged via console too
- Allow ftp services to manage xferlog_t
- Make all pcp domanis as unconfined for RHEL7.0 beucause of new policies
- allow anaconda to dbus chat with systemd-localed