-
Thu Mar 05 2015 Kevin Lyons <kevin.x.lyons@oracle.com> 3.13.1-23.0.1
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
-
Fri Jan 30 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23
- Update seutil_manage_config() interface.
Resolves:#1185962
- Allow pki-tomcat relabel pki_tomcat_etc_rw_t.
- Turn on docker_transition_unconfined by default
-
Wed Jan 28 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-22
- Allow virtd to list all mountpoints.
Resolves:#1180713
-
Wed Jan 28 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-21
- pkcsslotd_lock_t should be an alias for pkcs_slotd_lock_t.
- Allow fowner capability for sssd because of selinux_child handling.
- ALlow bind to read/write inherited ipsec pipes
- Allow hypervkvp to read /dev/urandom and read addition states/config files.
- Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd.
- Add glusterd_filetrans_named_pid() interface
- Allow radiusd to connect to radsec ports.
- Allow setuid/setgid for selinux_child
- Allow lsmd plugin to connect to tcp/5988 by default.
- Allow lsmd plugin to connect to tcp/5989 by default.
- Update ipsec_manage_pid() interface.
Resolves:#1184978
-
Fri Jan 23 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-20
- Update ipsec_manage_pid() interface.
Resolves:#1184978
-
Wed Jan 21 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-19
- Allow ntlm_auth running in winbind_helper_t to access /dev/urandom.
-
Wed Jan 21 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-18
- Add auditing support for ipsec.
Resolves:#1182524
- Label /ostree/deploy/rhel-atomic-host/deploy directory as system_conf_t
- Allow netutils chown capability to make tcpdump working with -w
-
Tue Jan 20 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-17
- Allow ipsec to execute _updown.netkey script to run unbound-control.
- Allow neutron to read rpm DB.
- Add additional fixes for hyperkvp
* creates new ifcfg-{name} file
* Runs hv_set_ifconfig.sh, which does the following
* Copies ifcfg-{name} to /etc/sysconfig/network-scripts
- Allow svirt to read symbolic links in /sys/fs/cgroups labeled as tmpfs_t
- Add labeling for pacemaker.log.
- Allow radius to connect/bind radsec ports.
- Allow pm-suspend running as virt_qemu_ga to read /var/log/pm-suspend.log
- Allow virt_qemu_ga to dbus chat with rpm.
- Update virt_read_content() interface to allow read also char devices.
- Allow glance-registry to connect to keystone port.
Resolves:#1181818
-
Mon Jan 12 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-16
- Allow sssd to send dbus all user domains.
Resolves:#1172291
- Allow lsm plugin to read certificates.
- Fix labeling for keystone CGI scripts.
- Make snapperd back as unconfined domain.
-
Fri Jan 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-15
- Fix bugs in interfaces discovered by sepolicy.
- Allow slapd to read /usr/share/cracklib/pw_dict.hwm.
- Allow lsm plugins to connect to tcp/18700 by default.
- Allow brltty mknod capability to allow create /var/run/brltty/vcsa.
- Fix pcp_domain_template() interface.
- Fix conman.te.
- Allow mon_fsstatd to read /proc/sys/fs/binfmt_misc
- Allow glance-scrubber to connect tcp/9191.
- Add missing setuid capability for sblim-sfcbd.
- Allow pegasus ioctl() on providers.
- Add conman_can_network.
- Allow chronyd to read chrony conf files located in /run/timemaster/.
- Allow radius to bind on tcp/1813 port.
- dontaudit block suspend access for openvpn_t
- Allow conman to create files/dirs in /tmp.
- Update xserver_rw_xdm_keys() interface to have 'setattr'.
Resolves:#1172291
- Allow sulogin to read /dev/urandom and /dev/random.
- Update radius port definition to have also tcp/18121
- Label prandom as random_device_t.
- Allow charon to manage files in /etc/strongimcv labeled as ipsec_conf_t.