RPM Search

Changelog for selinux-policy-2.4.6-255.SEL5_4.noarch.rpm :
Fri Sep 18 00:00:00 2009 Anatoly Metetes
- Rebuild for StartCom Linux 5.0.x

Tue Jul 28 00:00:00 2009 Dan Walsh 2.4.6-255
- Allow samba as domain controller to change passwords
Resolves: #475562

Wed Jul 22 00:00:00 2009 Dan Walsh 2.4.6-254
- Add ipsec_match_default_spd back into userdomain
- Allow sysadm_t to execute setkey and racoon executables
- Dontaudit write of logwatch to etc_t
- Allow samba as domain controller to change passwords
Resolves: #475562

Tue Jul 21 00:00:00 2009 Dan Walsh 2.4.6-253
- Allow windbind to create directroies in samba_var_t
Resolves: #509174

Wed Jul 8 00:00:00 2009 Dan Walsh 2.4.6-252
- Change mmap_low boolean to effect unconfined_t
- Allow ipsec_t to read its init script
Resolves: #511359

Wed Jul 8 00:00:00 2009 Dan Walsh 2.4.6-251
- Remove transition from initrc_t to qemu_t
Resolves: #504805

Tue Jul 7 00:00:00 2009 Dan Walsh 2.4.6-250
- Need to transition from initrc_t to qemu_t
Resolves: #504805

Sat Jun 20 00:00:00 2009 Dan Walsh 2.4.6-249
- Fix sbin==bin
Resolves: #504805

Sat Jun 20 00:00:00 2009 Dan Walsh 2.4.6-248
- Allow cyrus to bind to port 3905
Resolves: #504805

Tue Jun 16 00:00:00 2009 Dan Walsh 2.4.6-247
- Additional privs for privoxy, kpropd found in other dists
- iscsi wants to look at the process state of all domains
Resolves: #506057

Sat Jun 13 00:00:00 2009 Dan Walsh 2.4.6-246
- Allow semanage_t to transition to initrc_t in order to restart mcstrans
Resolves: #460970
- Additional rules for ipsec
Resolves: #443646

Fri Jun 12 00:00:00 2009 Dan Walsh 2.4.6-245
- Allow qemu to use full networking
Resolves: #504238

Wed Jun 10 00:00:00 2009 Dan Walsh 2.4.6-244
- Allow qemu to append virt_log_t
Resolves: #504238

Tue Jun 9 00:00:00 2009 Dan Walsh 2.4.6-243
- Add policy for /dev/ksm
Resolves: #504238

Fri Jun 5 00:00:00 2009 Dan Walsh 2.4.6-242
- Allow all domains to search bin_t and sbin_t
- Allow qemu to write to /var/run/svirt/qemu
Resolves: #499701

Fri Jun 5 00:00:00 2009 Dan Walsh 2.4.6-241
- Allow xm_ssh_t to search /root
Resolves: #499888

Fri Jun 5 00:00:00 2009 Dan Walsh 2.4.6-240
- Don\'t execute semanage command in post install
Resolves: #499701

Thu Jun 4 00:00:00 2009 Dan Walsh 2.4.6-239
- Allow rsync_t to read nfs and samba shares
Resolves: #499701

Tue Jun 2 00:00:00 2009 Dan Walsh 2.4.6-238
- Turn on qemu for Ovirt
Resolves: #499701

Fri May 22 00:00:00 2009 Dan Walsh 2.4.6-237
- Fix iptables labeling
Resolves: #499888

Fri May 15 00:00:00 2009 Dan Walsh 2.4.6-236
- Allow xm to execute ssh
Resolves: #499888

Wed May 13 00:00:00 2009 Dan Walsh 2.4.6-234
- Dontaudit sendmail leaked file descriptor
Resolves: #486187

Tue May 12 00:00:00 2009 Dan Walsh 2.4.6-233
- Add rsync_client for Fedora Infrastructure
- Allow spamd to exec itself when it gets a hup signal
Resolves: #499701

Sat May 9 00:00:00 2009 Dan Walsh 2.4.6-232
- Allow spamd to exec itself when it gets a hup signal
- Add Minimum policy for Ovirt to RHEL5
Resolves: #499701

Wed May 6 00:00:00 2009 Dan Walsh 2.4.6-231
- Add postgrey policy
- Allow xm_t in xen to list sysfs
Resolves: #499249

Sat May 2 00:00:00 2009 Dan Walsh 2.4.6-230
- Allow amanda to signal fsadm
- Add context for /var/cache/cgit
- Dontaudit apache leaked tcp_sockets
- Fixes for cvs service
-allow initrc_t and inetd_t siginh over their children
- add privoxy_connect_any boolean
- Allow smbd_t to signal nmbd_t
Resolves: #498596

Sat Apr 25 00:00:00 2009 Dan Walsh 2.4.6-229
- Fix sepolgen error regression
- Fix milter implementaion
- Additional rules required for update to automount
Resolves: #497273

Fri Apr 24 00:00:00 2009 Dan Walsh 2.4.6-228
- Additional rules required for update to automount
Resolves: #497273

Thu Apr 23 00:00:00 2009 Dan Walsh 2.4.6-227
- Allow nfs to share removable devices
- Allow ipsec additional privs for FIPS compliance
Resolves: #497168

Wed Apr 22 00:00:00 2009 Dan Walsh 2.4.6-226
- Fix dnsmasq labeling for libvirt
Resolves: #496867

Fri Apr 17 00:00:00 2009 Dan Walsh 2.4.6-225
- add context for rpc.quoatad
- Allow spamassassin to append to user_home_t for log files
Resolves: #481387
Resolves: #486187

Fri Apr 10 00:00:00 2009 Dan Walsh 2.4.6-224
Allow ioctl to cron fifo pipes
Resolves: #481628

Thu Apr 9 00:00:00 2009 Dan Walsh 2.4.6-222
- Allow spamc to append to user_home_t
Resolves: #486187
- Allow dbus to send message back to all services
Resolves: #481628

Sat Apr 4 00:00:00 2009 Dan Walsh 2.4.6-221
- Allow procmail to domtrans to spamassassin
Resolves: #486187

Sat Apr 4 00:00:00 2009 Dan Walsh 2.4.6-220
- Allow procmail to domtrans to spamassassin
Resolves: #492567

Fri Mar 27 23:00:00 2009 Dan Walsh 2.4.6-219
- Add labeling for /var/named/chroot/proc
Resolves: #492567

Fri Mar 13 23:00:00 2009 Dan Walsh 2.4.6-218
- dnsmasq needs to read proc
- Allow nscd to reexec itself
Resolves: #429726

Tue Mar 10 23:00:00 2009 Dan Walsh 2.4.6-217
- Allow saslauthd access to kerberos host rcache
- Allow dbus to read all domains states
Resolves: #489899

Thu Feb 26 23:00:00 2009 Dan Walsh 2.4.6-216
- Dontaudit leaked descriptor to apache
- Fixes for strict policy
Resolves: #486354

Mon Feb 23 23:00:00 2009 Dan Walsh 2.4.6-215
- Label all matlab libraries as textrel_shlib_t
Resolves: #486965

Mon Feb 23 23:00:00 2009 Dan Walsh 2.4.6-214
- Allow init_t to transition to rpm_script_t
Resolves: #480163

Fri Feb 20 23:00:00 2009 Dan Walsh 2.4.6-213
- Allow postfix_virtual_t to use private steam sock_file
- Fix java shared library in IBM package
Resolves: #486608

Fri Feb 13 23:00:00 2009 Dan Walsh 2.4.6-212
- More fixes for strict policy
Resolves: #485111

Wed Feb 11 23:00:00 2009 Dan Walsh 2.4.6-211
- Allow samba to edit apache files in home dir
Resolves: #485111
- Allow procmail to transition to spamassassin domains
Resolves: #485107

Wed Feb 11 23:00:00 2009 Dan Walsh 2.4.6-210
- Fix labeling on sysstat package
Resolves: #485078

Mon Feb 9 23:00:00 2009 Dan Walsh 2.4.6-209
- Fix duplicate /var/turboprint
Resolves: #477123

Fri Feb 6 23:00:00 2009 Dan Walsh 2.4.6-208
- Allow samba to manage ALL files in home dir if boolean set
- Fix typos in man pages
Resolves: #477123

Wed Jan 28 23:00:00 2009 Dan Walsh 2.4.6-207
- Remove lusterfs fs_use_xattr line
Resolves: #481628

Mon Jan 26 23:00:00 2009 Dan Walsh 2.4.6-205
- Allow dbus to send message back to all services
Resolves: #481628

Fri Dec 19 23:00:00 2008 Dan Walsh 2.4.6-204
- Allow ipsec_mgmt to exec sbin_t files (/sbin/lsmod)
Resolves: #469943

Wed Dec 17 23:00:00 2008 Dan Walsh 2.4.6-203
- Allow samba to rw/shadow
Resolves: #474854

Mon Dec 15 23:00:00 2008 Dan Walsh 2.4.6-202
- Additional winbind and samba_net issues caused by coolkey
Resolves: #474854

Wed Dec 10 23:00:00 2008 Dan Walsh 2.4.6-200
- Allow ldap to connect to sasl
- avc denials during samba active directory join
Resolves: #474852
- samba - winbind - periodic avc denials
Resolves: #474854
- \"Syntax error on line 1 \' [type=SQUOTE]\" upgrading selinux-policy-devel
Resolves: #474868
- missing policy
Resolves: #475273

Fri Dec 5 23:00:00 2008 Dan Walsh 2.4.6-199
- Allow apps that check password to write to faillog
audisp_remote needs to bind to audit ports
Resolves: #474481
- Allow xm to stream connect to virt
Resolves: #472903

Tue Dec 2 23:00:00 2008 Dan Walsh 2.4.6-197
- Dontaudit search of /root for init daemons
- Fixes for ricci
- Allow xm to manage virt_image_t
Resolves: #472903

Mon Dec 1 23:00:00 2008 Dan Walsh 2.4.6-195
- Fixes for networkmanager
- Allow xm to manage virt_image_t
Resolves: #472903

Tue Nov 25 23:00:00 2008 Dan Walsh 2.4.6-194
- Fix ipsec management label
- Allow xm to manage virt_image_t
Resolves: #472903

Thu Nov 20 23:00:00 2008 Dan Walsh 2.4.6-193
- Fixes for networkmanager
- Eliminte import polgen
Resolves: #440151

Thu Nov 20 23:00:00 2008 Dan Walsh 2.4.6-192
- Allow named to use kerberos keytabs
Resolves: #440151

Wed Nov 19 23:00:00 2008 Dan Walsh 2.4.6-191
- Fixes for Fedora Infrastructure
- Stop transition to unconfined_t from init_t
Resolves: #440151

Mon Nov 17 23:00:00 2008 Dan Walsh 2.4.6-189
- Fixes for Fedora Infrastructure
Resolves: #440151

Fri Nov 14 23:00:00 2008 Dan Walsh 2.4.6-188
- Fixes for Fedora Infrastructure
- Make pegasus an unconfined_domain
- Add pki policy
Resolves: #440151

Mon Nov 10 23:00:00 2008 Dan Walsh 2.4.6-185
- Fixes for Fedora Infrastructure
- Allow cups to signal hplip_t
Resolves: #470621

Mon Nov 10 23:00:00 2008 Dan Walsh 2.4.6-183
- Allow cups to signal hplip_t
Resolves: #470621
- Allow dnsmasq to use libvirt files

Thu Nov 6 23:00:00 2008 Dan Walsh 2.4.6-182
- Change apache httpd_use_nfs to mean managing nfs shares
- From Fedora Infrastructure
Resolves: #469943

Thu Nov 6 23:00:00 2008 Dan Walsh 2.4.6-181
- Change apache httpd_use_nfs to mean managing nfs shares
- From Fedora Infrastructure
Resolves: #469943

Wed Nov 5 23:00:00 2008 Dan Walsh 2.4.6-180
- Fix label on /usr/sbin/ipsec
Resolves: #469943

Mon Nov 3 23:00:00 2008 Dan Walsh 2.4.6-179
- Allow restorecon to read locale_t
Resolves: #469402
- Allow hal/pm-utils to look at /var/run/video.rom

Sat Oct 25 00:00:00 2008 Dan Walsh 2.4.6-178
- Allow dnsmasq reading of pid files
Resolves: #442028

Sat Oct 25 00:00:00 2008 Dan Walsh 2.4.6-177
- More fixes for NetworkManager
Resolves: #442028

Wed Oct 22 00:00:00 2008 Dan Walsh 2.4.6-173
- Allow samba to read crack_db
Resolves: #467905

Wed Oct 22 00:00:00 2008 Dan Walsh 2.4.6-171
- Allow ssh_keygen_t to read fips_enabled
Resolves: #467720

Tue Oct 21 00:00:00 2008 Dan Walsh 2.4.6-170
- Allow confined domains to read fips_enabled
Resolves: #467720

Tue Oct 21 00:00:00 2008 Dan Walsh 2.4.6-168
- Add zosremote policy
- Allow confined domains to read fips_enabled
Resolves: #467720

Thu Oct 16 00:00:00 2008 Dan Walsh 2.4.6-167
- Fix relabel to not output so many avcs
Resolves: #467229

Thu Oct 16 00:00:00 2008 Dan Walsh 2.4.6-166
- Allow snmp to getsched
Resolves: #466470

Thu Oct 9 00:00:00 2008 Dan Walsh 2.4.6-165
- New policy to allow fsdaemon to create correctly labeled devices
Resolves: #456471

Thu Oct 9 00:00:00 2008 Dan Walsh 2.4.6-164
- Fix labeling on dhclient-lease files
- Allow portmap_helper to bind to rpc ports
Resolves: #451805

Fri Oct 3 00:00:00 2008 Dan Walsh 2.4.6-162
- Allow domains to read etc_runtime for access to modified denyhosts
- Allow dhcpc_t to list dbusd_etc_t directory
Resolves: #459888

Wed Sep 24 00:00:00 2008 Dan Walsh 2.4.6-161
- More fixes for NetworkManager
Resolves: #442028

Wed Sep 24 00:00:00 2008 Dan Walsh 2.4.6-160
- Upgrade dbus policy to match new package
Resolves: #463267

Wed Sep 17 00:00:00 2008 Dan Walsh 2.4.6-158
- Proper labeling on wsgi
Resolves: #461323

Fri Sep 12 00:00:00 2008 Dan Walsh 2.4.6-157
- Allow postdrop rw sendmail unix_stream sockets
- Additional snmp
Resolves: #461323

Fri Sep 12 00:00:00 2008 Dan Walsh 2.4.6-156
- Add racoon/ipsec policy
Resolves: #247510

Fri Sep 12 00:00:00 2008 Dan Walsh 2.4.6-155
- Complete backport of logging/audit policy
- Allow pegasus to look at kernel xen information
Resolves: #461624

Sat Sep 6 00:00:00 2008 Dan Walsh 2.4.6-154
- Allow portmak to read kernel state
- Allow ricci to figure out if cluster services are running
Resolve: #461769

Fri Sep 5 00:00:00 2008 Dan Walsh 2.4.6-153
- Make stunnel work with psieved and other python scripts
Resolve: #460733

Thu Sep 4 00:00:00 2008 Dan Walsh 2.4.6-152
- Allow freeradius to connect to snmp port
Resolve: #461040

Wed Sep 3 00:00:00 2008 Dan Walsh 2.4.6-151
- allow mailman_t signull
- Fix location of sepolgen-ifgen
Resolves: #460398

Sat Aug 30 00:00:00 2008 Dan Walsh 2.4.6-150
- Allow iscsi net_raw
Resolves: #460398

Wed Aug 27 00:00:00 2008 Dan Walsh 2.4.6-149
- Fix file context to install on strict/mls policy
- Allow hal to modify input device
Resolves: #442623

Fri Aug 8 00:00:00 2008 Dan Walsh 2.4.6-145
- Policy does not allow ifpolgen-if to work properly
Resolves: #444133

Fri Aug 8 00:00:00 2008 Dan Walsh 2.4.6-144
- add mmap_low boolean
Resolves: #444133

Wed Jul 30 00:00:00 2008 Dan Walsh 2.4.6-143
- Allow smbd_t to chown files
Resolves: #456674

Thu Jul 17 00:00:00 2008 Dan Walsh 2.4.6-142
- add mmap_low boolean
- Upgrade to latest networkmanager policy
- Add kpropd policy
- update nscd policy
- Update ntp policy
- Update openvpn policy
- Fix ppp_read_read interface
- fix portmapper to allow it to connect to all <1024 ports
- Fix ricci_modstorage to be able to start clvmd
Resolves: #442028
Resolves: #447014
Resolves: #455784

Tue Jun 17 00:00:00 2008 Dan Walsh 2.4.6-141
- Allow squid to listen to port 3401
Resolves: #452787
Resolves: #450390

Tue Jun 17 00:00:00 2008 Dan Walsh 2.4.6-139
- Add infiniband support
Resolves: #447854

Tue May 6 00:00:00 2008 Dan Walsh 2.4.6-138
- Allow pam_console to setattr on cpu_device_t
Resolves: #447403
- selinux-policy support for virtio block devices
Resolves: #446229

Wed Apr 30 00:00:00 2008 Dan Walsh 2.4.6-137.1
- Allow named to bind to any udp port
Resolves: #451970

Wed Apr 30 00:00:00 2008 Dan Walsh 2.4.6-137
- Allow mdadm to read /dev/.udev directory
Resolves: #248467

Tue Apr 29 00:00:00 2008 Dan Walsh 2.4.6-136
- Allow mdadm to read /dev/.udev directory
- Allow Radiusd to access mysql
Resolves: #248467

Tue Apr 22 00:00:00 2008 Dan Walsh 2.4.6-135
- Fixes for radiousd access in SELinux
Resolves: #248467

Sun Apr 20 00:00:00 2008 Dan Walsh 2.4.6-134
- Allow kerberos daemons to create log files
- Resolves: 442981
- Fix label on /usr/libexec/hal_lpadmin
Resolves: #442951

Fri Apr 18 00:00:00 2008 Dan Walsh 2.4.6-133
- Allow netutils to read kernel and net sysctls
Resolves: #439018

Tue Apr 15 00:00:00 2008 Dan Walsh 2.4.6-131
- Allow rpc apps to manage coolkey directory
Resolves: #440685

Fri Apr 11 00:00:00 2008 Dan Walsh 2.4.6-130
- Fix regression
Resolves: #440260

Thu Apr 10 00:00:00 2008 Dan Walsh 2.4.6-129
- Fix regression
Resolves: #440260

Mon Apr 7 00:00:00 2008 Dan Walsh 2.4.6-128
- Allow dhcpc to read dbus config
Resolves: #440260

Sat Apr 5 00:00:00 2008 Dan Walsh 2.4.6-127
- Allow deliver to manage homedir content, and
Resolves: #414891

Tue Mar 11 23:00:00 2008 Dan Walsh 2.4.6-126
- Allow lvm to create fifo_file
- Fix building of policy modules with Makefile
Resolves: #438234

Wed Feb 27 23:00:00 2008 Dan Walsh 2.4.6-125
- Dontaudit leaked httpd file descriptor
Resolves: #430702

Tue Feb 26 23:00:00 2008 Dan Walsh 2.4.6-124
- Fix deletion of dovecot files in strict/mls policy Resolves 434843
- Allow hal to setsched on kernel
Resolves: #435197

Fri Feb 22 23:00:00 2008 Dan Walsh 2.4.6-123
- Fix labeling of exim log files
Resolves: #429843

Tue Feb 19 23:00:00 2008 Dan Walsh 2.4.6-122
- Allow vpnc to bind to ipsecnat port
Resolves: #433363

Thu Feb 7 23:00:00 2008 Dan Walsh 2.4.6-121
- Fix transition rules on creation of nfs files in homedir.
Resolves: #430577

Wed Feb 6 23:00:00 2008 Dan Walsh 2.4.6-120
- Fix transition rules on creation of nfs files in homedir.
Resolves: #430577

Mon Feb 4 23:00:00 2008 Dan Walsh 2.4.6-119
- Revert previous version of policygentool
- Remove snmpd_etc_t
Resolves: #247461

Thu Jan 31 23:00:00 2008 Dan Walsh 2.4.6-118
- Allow xdm_xserver_t to domain_mmap_low
Resolves: #431023

Tue Jan 29 23:00:00 2008 Dan Walsh 2.4.6-117
- Allow mailman to signal itself
Resolves: #430639
- Allow iscsid to setrlimit
Resolves: #430669
- Additional fix to allow setroubleshoot to talk to dbus
Resolves: #224351

Mon Jan 21 23:00:00 2008 Dan Walsh 2.4.6-116
- Allow sysstat to read sysfs
Resolves: #429554

Thu Jan 17 23:00:00 2008 Dan Walsh 2.4.6-115
- Update selinux-policy to handle setroubleshoot
Resolves: #224351

Tue Jan 15 23:00:00 2008 Dan Walsh 2.4.6-114
- Allow restorecond to read homedir sym links
- Allow mailservers/postfix to use nfs file systems
Resolves: #245605

Thu Jan 10 23:00:00 2008 Dan Walsh 2.4.6-112
- Turn off domain fd for MLS
Resolves: #427517

Thu Jan 10 23:00:00 2008 Dan Walsh 2.4.6-111
- Fix passing of fds, test regression
Resolves: #427517

Tue Jan 8 23:00:00 2008 Dan Walsh 2.4.6-110
- Add access for oddjob
Resolves: #427517

Tue Dec 18 23:00:00 2007 Dan Walsh 2.4.6-108
- Allow kudzu to domtrans to unconfined_t
- Allow audit to send mail
- Allow mailman and postfix to interact
Resolves: #425806:

Tue Dec 11 23:00:00 2007 Dan Walsh 2.4.6-107
- Remove badly labeled pegasus directory
- Allow postfix to work with NFS homedirs
- Allow iptables to connect to ldap
- Allow apache scripts to run nice
- Allow ntpd to use /dev/ptmx for setting the time
- Allow automount to read /dev/random
- Allow samba to use kerberos
- Allow squid to access to port 2048
- Allow amanda to talk to ldap
- Allow yppasswd to run pwupdate
- Allow automount to mount squashfs
- Add new nscd permissions
-
Resolves: #245605
Resolves: #248838
Resolves: #251841
Resolves: #253999
Resolves: #316011
Resolves: #326631
Resolves: #350511
Resolves: #366461
Resolves: #390771
Resolves: #247814
Resolves: #238347
Resolves: #351051
Resolves: #254199
Resolves: #288771
Resolves: #294671
Resolves: #317281
Resolves: #340311
Resolves: #340321
Resolves: #386481
Resolves: #327121
Resolves: #416541
Resolves: #416561
Resolves: #414891

Resolves: 383231
Resolves: 254197
Resolves: 266341
Resolves: 248835
Resolves: 326721
Resolves: 319791
Resolves: 359701
Resolves: 374431
Resolves: 403241
Resolves: 251712
Resolves: 283971
Resolves: 284361
Resolves: 300391
Resolves: 339651
Resolves: 383191
Resolves: 279261

Wed Oct 24 00:00:00 2007 Dan Walsh 2.4.6-106.EL5_1.3
- Allow NetworkManager and rpm_t to dbus chat
- Rebuilding for errata tool
Resolves: 345991

Wed Oct 3 00:00:00 2007 Dan Walsh 2.4.6-106.1
- dontaudit consoletype talking to hotplug
- allow hotplug to signal ifconfig
Resolves: 328211
Resolves: 328251

Wed Oct 3 00:00:00 2007 Dan Walsh 2.4.6-106
- Remove additional avc\'s caused by pm-tools
Resolves: #282421

Wed Oct 3 00:00:00 2007 Dan Walsh 2.4.6-104
- Fix salsa context to create alsa.sound correctly
Resolves: #315341

Tue Oct 2 00:00:00 2007 Dan Walsh 2.4.6-102
- Allow multipathd to connect to itself
Resolves: #245268

Fri Sep 28 00:00:00 2007 Dan Walsh 2.4.6-101
- Dontaudit postfix_smtpd_t getattr on /home
- Fix ftp
Resolves: #245268

Wed Sep 26 00:00:00 2007 Dan Walsh 2.4.6-99
- Introduced a minor bug when fixing replay cache, blowing up strict policy
Resolves: #284831

Tue Sep 25 00:00:00 2007 Dan Walsh 2.4.6-97
- Fixup clmvd to allow creation of fixed devices
- Fixes telnet/rlogin using replay cache
Resolves: #284831

Fri Sep 14 00:00:00 2007 Dan Walsh 2.4.6-93
- Allow hal to write to pm-tools directories
Resolves: #282421

Thu Sep 13 00:00:00 2007 Dan Walsh 2.4.6-92
- Many fixes for Kerberos Replay Cache.
Resolves: #282421

Wed Sep 12 00:00:00 2007 Dan Walsh 2.4.6-91
- Many fixes for Kerberos Replay Cache.
- Allow xfs to listen on port 7100
Resolves: #282421

Sat Sep 8 00:00:00 2007 Dan Walsh 2.4.6-90
- Additional perms for xen
Resolves: #249895

Thu Sep 6 00:00:00 2007 Dan Walsh 2.4.6-89
- Allow postfix to read master proc info
- Allow unix_update to talk to nsswitch
- Allow dmidecode to search sysfs_t
Resolves: #263141

Wed Sep 5 00:00:00 2007 Dan Walsh 2.4.6-88
- Fix relabel of /var/run dir
- Allow snmp to read any directory
- Allow cimserver to create pegasus_data directories
Resolves: #213809
- Change to context on /var/run/libvirt
Resolves: #249069

Wed Aug 22 00:00:00 2007 Dan Walsh 2.4.6-86
- More fixes for snmp
Resolves: #246431

Wed Aug 22 00:00:00 2007 Dan Walsh 2.4.6-85
- Fix duplicate /etc/asound.state
- Allow auditctl to getattr on all files
Resolves: #249754

Tue Aug 21 00:00:00 2007 Dan Walsh 2.4.6-84
- Allow dovecot read of /tmp files for kerberos
- Fix apache policy for virtual hosting
- Allow Xen to run on nfs
Resolves: #253744

Fri Aug 17 00:00:00 2007 Steve Grubb 2.4.6-83
- Add set_loginuid permission to ftpd_t
Resolves:#220085

Wed Aug 8 00:00:00 2007 Dan Walsh 2.4.6-82
- Fix java specifications for IBM
- Fix xen startup problems
Resolves:#249895

Sat Jul 28 00:00:00 2007 Dan Walsh 2.4.6-81
- Allow auditctl dac_override and dac_read_search
Resolves:#249754

Thu Jul 12 00:00:00 2007 Dan Walsh 2.4.6-80
- New devices
- Allow fsadm to use xen images and log files

Sun Jul 8 00:00:00 2007 Dan Walsh 2.4.6-79
- Allow hal to write to pm-suspend
Resolves:#245926

Mon Jul 2 00:00:00 2007 Dan Walsh 2.4.6-78
- Added fixes for gfs init script
Resolves:#246194

Tue Jun 12 00:00:00 2007 Dan Walsh 2.4.6-77
- More fixes add mmap_zero for new kernel
Resolves:#244690

Tue Jun 12 00:00:00 2007 Dan Walsh 2.4.6-76
- Allow xenconsole to manage xen log files
- add mmap_zero for new kernel
- Fixes for RHEL5
Resolves:#244690

Tue Jun 12 00:00:00 2007 Dan Walsh 2.4.6-75
- Allow lvm to connecto unix_stream_socket
Resolves: #241621

Wed May 30 00:00:00 2007 Dan Walsh 2.4.6-74
- Fix location of ypxfr on 64 bit platforms
- Fixes for nagios, postfix, procmail, saslauthd, arpwatch, avahi, dovecot
Resolves: #241621

Wed May 23 00:00:00 2007 Dan Walsh 2.4.6-72
- Allow prelink sys_resource, Add transition rule to allow apps to run java in different context

Wed May 16 00:00:00 2007 Dan Walsh 2.4.6-71
- Allow netlable to read etc and work with init terminals
- Change file context to have all of policy at SystemLow
Resolves: #239079

Wed May 16 00:00:00 2007 Dan Walsh 2.4.6-70
- Back out Useradd change
Resolves: #239079

Tue May 8 00:00:00 2007 Dan Walsh 2.4.6-69
- Useradd causes files to lower sensitivity
Resolves: #239079

Fri May 4 00:00:00 2007 Dan Walsh 2.4.6-68
- Cleanup handling of audit messages
Resolves: #238189

Wed Apr 25 00:00:00 2007 Dan Walsh 2.4.6-67
- Allow logging into the console on s390
Resolves: #237703
- Additional avc\'s caused by change in unix_update
Resolves: #236316

Wed Apr 25 00:00:00 2007 Dan Walsh 2.4.6-64
- Fix crond avc when trying to read shadow
Resolves: #236316

Wed Apr 25 00:00:00 2007 Dan Walsh 2.4.6-63
- Handle password experation
Resolves: #236316

Sat Apr 21 00:00:00 2007 Dan Walsh 2.4.6-62
- Revert patch to stop secadm and sysadm from having audit_control
Resolves: #236855

Fri Apr 20 00:00:00 2007 Dan Walsh 2.4.6-61
- Fix admin_domain_template to allow custom user types
Resolves: #237133
-Allow lvm to create/delete generic device_t direcories/files under /dev
Resolves: #237128

Thu Apr 19 00:00:00 2007 Dan Walsh 2.4.6-60
- Fixes for AIDE at SystemHigh
- Stop secadm and sysadm from having audit_control
Resolves: #236855

Tue Apr 17 00:00:00 2007 Dan Walsh 2.4.6-59
- Allow racoon to send audit messages
Resolves: #232508

Tue Apr 17 00:00:00 2007 Dan Walsh 2.4.6-58
- Fix aide specification
Resolves: #234885

Sat Apr 14 00:00:00 2007 Dan Walsh 2.4.6-57
- Allow ssh to read passwd crack database
Resolves: #236316

Thu Apr 12 00:00:00 2007 Dan Walsh 2.4.6-56
- Allow lvm mls_file_read_up to look at Fixed disks
Resolves: #236060

Wed Apr 11 00:00:00 2007 Dan Walsh 2.4.6-55
- kudzu Needs to ptrace init
Resolves: #225443

Wed Apr 11 00:00:00 2007 Dan Walsh 2.4.6-54
- syslog needs to be run as SystemHigh
- Fix file context mapping
Resolves: #235725

Fri Apr 6 00:00:00 2007 Dan Walsh 2.4.6-52
- Allow netutils to read sysfs
Resolves: #235357
- Allow samba to work as a PDC
Resolves: #235360
- Allow ypserv to bind to ports 600-1024
Resolves: #235363
- Fix kudzu to be able to telinit
Resolves: #225443

Wed Apr 4 00:00:00 2007 Dan Walsh 2.4.6-51
- Allow nscd setcap privs

Tue Apr 3 00:00:00 2007 Dan Walsh 2.4.6-50
- More work to allow kudzu to setup init correctly so getty will work
Resolves: #225443
- Allow pegasus to execute ifconfig
Resolves: #227485
- Allow Aide to look at lnk_files and other fixes
Resolves: #234885
- querying cups jobs with sysadm_r needs override mls restrictions
Resolves: #234889

Wed Mar 28 00:00:00 2007 Dan Walsh 2.4.6-49
- Change init_daemon_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t)
- to init_system_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t)
Resolves: #233313

Tue Mar 20 23:00:00 2007 Dan Walsh 2.4.6-47
- Allow sysadm_r to transition to netlabel_mgmt
Resolves: #233313
- Allow kudzu to setup init correctly so getty will work
Resolves: #225443

Tue Mar 20 23:00:00 2007 Dan Walsh 2.4.6-46
- Allow cyrus_t to user kerberos
- Allow cyrus_t to send mail
- Allow saslauthd_t to user kerberos

Fri Mar 9 23:00:00 2007 Dan Walsh 2.4.6-45
- Allow setkey to search racoon_conf
- Allow ccs to create tmp files
Resolves: #231021

Fri Mar 9 23:00:00 2007 Dan Walsh 2.4.6-44
- Fix use of hi_reserved_port_t

Tue Mar 6 23:00:00 2007 Dan Walsh 2.4.6-43
- Add amtu policy for MLS
Resolves: #231021
-Additional paths for cups

Thu Mar 1 23:00:00 2007 Dan Walsh 2.4.6-42
- Dontaudit restorecon writing to cron pipes
- Fix filespec for /dev/ub
*
- Allow ftp and telnet to use kerberos key files
- Allow syslog to use alternate ports
- Allow radious to look at the routing table
- Allow pyzor to getattr on autofs

Thu Feb 22 23:00:00 2007 Dan Walsh 2.4.6-41
- Allow samba to run as domain controller - execute useradd

Fri Feb 16 23:00:00 2007 Dan Walsh 2.4.6-40
- Fix bugzilla file context.

Thu Feb 15 23:00:00 2007 Dan Walsh 2.4.6-39
- Add bugzilla policy
- Allow procmail to create tmp files so spamassisin will work
- Some fixes for pyzor

Wed Feb 14 23:00:00 2007 Dan Walsh 2.4.6-38
- Removing dangling inlcud symlink if devel not installed
Resolves: #220085

Mon Feb 12 23:00:00 2007 Dan Walsh 2.4.6-37
- Allow kudzu to signal init to restart
Resolves: #225443

Mon Feb 5 23:00:00 2007 Dan Walsh 2.4.6-36
- Allow xen to work properly on ia64, needs to be able to read dosfs_t
Resolves: #217362
- Allow mozilla, evolution and thunderbird to read dev_random.
Resolves: FC6-227002
- Allow spamd to connect to smtp port
Resolves: FC6-227184
- Fixes to make ypxfr work
Resolves: FC6-227237
- Allow audit fsetsid capability
Resolves: FC6-227423
- Allow syslog (syslog-ng) to tcp_connect to other syslog servers
Resolves: FC6-218978

Fri Jan 26 23:00:00 2007 Dan Walsh 2.4.6-35
- Fixes to make setrans work properly on MLS
Resolves: #224441

Fri Jan 26 23:00:00 2007 Dan Walsh 2.4.6-34
- Fixes to make setrans work properly on MLS
Resolves: #224441

Fri Jan 26 23:00:00 2007 Dan Walsh 2.4.6-33
- Additional fixes for ricci_modstorage, lvm
- Fixes for mls policy net label
Resolves: #224441

Wed Jan 24 23:00:00 2007 Dan Walsh 2.4.6-31
- Fix clvmd policy
- Fix squid cgi script to run with correct context.
- Maintain proper context on /etc/lvm/.cache file
- Lots of fixes for ricci and friends
- mount.nfs needs sys_resource
- Change gstreamer context for only i386
- Fix libXcomp file_context
Resolves: #224441

Tue Jan 23 23:00:00 2007 Dan Walsh 2.4.6-30
- Fixes for ricci_modservice
Resolves: #217519

Mon Jan 22 23:00:00 2007 Dan Walsh 2.4.6-29
- remove swapfile avc
- Fix rpcsvcgssd
Resolves: #217519

Wed Jan 17 23:00:00 2007 Dan Walsh 2.4.6-28
- Allow logwatch to use ypbind
- Allow system_crond_t to create cron_var_run_t files (prelink files)
- dontaudit postfix-smtp reading /boot, fix file context on lmtp
Resolves: #215722

Mon Jan 15 23:00:00 2007 Dan Walsh 2.4.6-27
- Fix senmail avc trying to read /root
- More fixes for ssh transitions to userspace
Resolves: #221608
Resolves: #222548

Fri Jan 12 23:00:00 2007 Dan Walsh 2.4.6-26
- automounter needs setuid
- prelink needs to be able to rw_dir_perms on usr_t
- pcscd_t needs to be able to search sysfs_t
- Lots of fixes to run sshd under xinetd
Resolves: #219999

Wed Jan 10 23:00:00 2007 Dan Walsh 2.4.6-25
- Allow pcscd to use dac_search_override capability
Resolves: #222064

Mon Jan 8 23:00:00 2007 Dan Walsh 2.4.6-24
- Allow prelink when run from rpm to create tmp files
Resolves: #221865
- Remove file_context for exportfs
Resolves: #221181
- Allow spamassassin to create ~/.spamassissin
Resolves: #203290
- Allow netlabel packets to flow.
Resolves: #210426

Fri Jan 5 23:00:00 2007 Dan Walsh 2.4.6-23
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty
Resolves: #200110

Wed Jan 3 23:00:00 2007 Dan Walsh 2.4.6-22
- Fixes to run prelink in MLS machine
Resolves: #221233

Tue Jan 2 23:00:00 2007 Dan Walsh 2.4.6-21
- Allow spamassassin to read var_lib_t dir
Resolves: #219234

Fri Dec 29 23:00:00 2006 Dan Walsh 2.4.6-20
- fix mplayer to work under strict policy
- Allow iptables to use nscd
Resolves: #220794

Thu Dec 28 23:00:00 2006 Dan Walsh 2.4.6-19
- Add gconf policy and make it work with strict

Sat Dec 23 23:00:00 2006 Dan Walsh 2.4.6-18
- Many fixes for strict policy and by extension mls.

Fri Dec 22 23:00:00 2006 Dan Walsh 2.4.6-17
- Fix to allow ftp to bind to ports > 1024
Resolves: #219349

Tue Dec 19 23:00:00 2006 Dan Walsh 2.4.6-16
- Allow semanage to exec it self. Label genhomedircon as semanage_exec_t
Resolves: #219421
- Allow sysadm_lpr_t to manage other print spool jobs
Resolves: #220080

Mon Dec 18 23:00:00 2006 Dan Walsh 2.4.6-15
- allow automount to setgid
Resolves: #219999

Thu Dec 14 23:00:00 2006 Dan Walsh 2.4.6-14
- Allow cron to polyinstatiate
- Fix creation of boot flags
Resolves: #207433

Thu Dec 14 23:00:00 2006 Dan Walsh 2.4.6-13
- Fixes for irqbalance
Resolves: #219606

Thu Dec 14 23:00:00 2006 Dan Walsh 2.4.6-12
- Fix vixie-cron to work on mls
Resolves: #207433

Wed Dec 13 23:00:00 2006 Dan Walsh 2.4.6-11
Resolves: #218978

Tue Dec 12 23:00:00 2006 Dan Walsh 2.4.6-10
- Allow initrc to create files in /var directories
Resolves: #219227

Fri Dec 8 23:00:00 2006 Dan Walsh 2.4.6-9
- More fixes for MLS
Resolves: #181566

Wed Dec 6 23:00:00 2006 Dan Walsh 2.4.6-8
- More Fixes polyinstatiation
Resolves: #216184

Wed Dec 6 23:00:00 2006 Dan Walsh 2.4.6-7
- More Fixes polyinstatiation
- Fix handling of keyrings
Resolves: #216184

Mon Dec 4 23:00:00 2006 Dan Walsh 2.4.6-6
- Fix polyinstatiation
- Fix pcscd handling of terminal
Resolves: #218149
Resolves: #218350

Fri Dec 1 23:00:00 2006 Dan Walsh 2.4.6-5
- More fixes for quota
Resolves: #212957

Fri Dec 1 23:00:00 2006 Dan Walsh 2.4.6-4
- ncsd needs to use avahi sockets
Resolves: #217640
Resolves: #218014

Tue Nov 28 23:00:00 2006 Dan Walsh 2.4.6-3
- Allow login programs to polyinstatiate homedirs
Resolves: #216184
- Allow quotacheck to create database files
Resolves: #212957

Tue Nov 28 23:00:00 2006 Dan Walsh 2.4.6-1
- Dontaudit appending hal_var_lib files
Resolves: #217452
Resolves: #217571
Resolves: #217611
Resolves: #217640
Resolves: #217725

Tue Nov 21 23:00:00 2006 Dan Walsh 2.4.5-4
- Fix context for helix players file_context #216942

Mon Nov 20 23:00:00 2006 Dan Walsh 2.4.5-3
- Fix load_policy to be able to mls_write_down so it can talk to the terminal

Mon Nov 20 23:00:00 2006 Dan Walsh 2.4.5-2
- Fixes for hwclock, clamav, ftp

Wed Nov 15 23:00:00 2006 Dan Walsh 2.4.5-1
- Move to upstream version which accepted my patches

Wed Nov 15 23:00:00 2006 Dan Walsh 2.4.4-2
- Fixes for nvidia driver

Tue Nov 14 23:00:00 2006 Dan Walsh 2.4.4-2
- Allow semanage to signal mcstrans

Tue Nov 14 23:00:00 2006 Dan Walsh 2.4.4-1
- Update to upstream

Mon Nov 13 23:00:00 2006 Dan Walsh 2.4.3-13
- Allow modstorage to edit /etc/fstab file

Mon Nov 13 23:00:00 2006 Dan Walsh 2.4.3-12
- Fix for qemu, /dev/

Mon Nov 13 23:00:00 2006 Dan Walsh 2.4.3-11
- Fix path to realplayer.bin

Fri Nov 10 23:00:00 2006 Dan Walsh 2.4.3-10
- Allow xen to connect to xen port

Fri Nov 10 23:00:00 2006 Dan Walsh 2.4.3-9
- Allow cups to search samba_etc_t directory
- Allow xend_t to list auto_mountpoints

Thu Nov 9 23:00:00 2006 Dan Walsh 2.4.3-8
- Allow xen to search automount

Thu Nov 9 23:00:00 2006 Dan Walsh 2.4.3-7
- Fix spec of jre files

Wed Nov 8 23:00:00 2006 Dan Walsh 2.4.3-6
- Fix unconfined access to shadow file

Wed Nov 8 23:00:00 2006 Dan Walsh 2.4.3-5
- Allow xend to create files in xen_image_t directories

Wed Nov 8 23:00:00 2006 Dan Walsh 2.4.3-4
- Fixes for /var/lib/hal

Tue Nov 7 23:00:00 2006 Dan Walsh 2.4.3-3
- Remove ability for sysadm_t to look at audit.log

Tue Nov 7 23:00:00 2006 Dan Walsh 2.4.3-2
- Fix rpc_port_types
- Add aide policy for mls

Mon Nov 6 23:00:00 2006 Dan Walsh 2.4.3-1
- Merge with upstream

Fri Nov 3 23:00:00 2006 Dan Walsh 2.4.2-8
- Lots of fixes for ricci

Fri Nov 3 23:00:00 2006 Dan Walsh 2.4.2-7
- Allow xen to read/write fixed devices with a boolean
- Allow apache to search /var/log

Thu Nov 2 23:00:00 2006 James Antill 2.4.2-6
- Fix policygentool specfile problem.
- Allow apache to send signals to it\'s logging helpers.
- Resolves: rhbz#212731

Wed Nov 1 23:00:00 2006 Dan Walsh 2.4.2-5
- Add perms for swat

Tue Oct 31 23:00:00 2006 Dan Walsh 2.4.2-4
- Add perms for swat

Mon Oct 30 23:00:00 2006 Dan Walsh 2.4.2-3
- Allow daemons to dump core files to /

Sat Oct 28 00:00:00 2006 Dan Walsh 2.4.2-2
- Fixes for ricci

Sat Oct 28 00:00:00 2006 Dan Walsh 2.4.2-1
- Allow mount.nfs to work

Sat Oct 28 00:00:00 2006 Dan Walsh 2.4.1-5
- Allow ricci-modstorage to look at lvm_etc_t

Tue Oct 24 00:00:00 2006 Dan Walsh 2.4.1-4
- Fixes for ricci using saslauthd

Tue Oct 24 00:00:00 2006 Dan Walsh 2.4.1-3
- Allow mountpoint on home_dir_t and home_t

Tue Oct 24 00:00:00 2006 Dan Walsh 2.4.1-2
- Update xen to read nfs files

Tue Oct 24 00:00:00 2006 Dan Walsh 2.4-4
- Allow noxattrfs to associate with other noxattrfs

Tue Oct 24 00:00:00 2006 Dan Walsh 2.4-3
- Allow hal to use power_device_t

Sat Oct 21 00:00:00 2006 Dan Walsh 2.4-2
- Allow procemail to look at autofs_t
- Allow xen_image_t to work as a fixed device

Fri Oct 20 00:00:00 2006 Dan Walsh 2.4-1
- Refupdate from upstream

Fri Oct 20 00:00:00 2006 Dan Walsh 2.3.19-4
- Add lots of fixes for mls cups

Thu Oct 19 00:00:00 2006 Dan Walsh 2.3.19-3
- Lots of fixes for ricci

Tue Oct 17 00:00:00 2006 Dan Walsh 2.3.19-2
- Fix number of cats

Tue Oct 17 00:00:00 2006 Dan Walsh 2.3.19-1
- Update to upstream

Fri Oct 13 00:00:00 2006 James Antill 2.3.18-10
- More iSCSI changes for #209854

Wed Oct 11 00:00:00 2006 James Antill 2.3.18-9
- Test ISCSI fixes for #209854

Mon Oct 9 00:00:00 2006 Dan Walsh 2.3.18-8
- allow semodule to rmdir selinux_config_t dir

Sat Oct 7 00:00:00 2006 Dan Walsh 2.3.18-7
- Fix boot_runtime_t problem on ppc. Should not be creating these files.

Fri Oct 6 00:00:00 2006 Dan Walsh 2.3.18-6
- Fix context mounts on reboot
- Fix ccs creation of directory in /var/log

Fri Oct 6 00:00:00 2006 Dan Walsh 2.3.18-5
- Update for tallylog

Fri Oct 6 00:00:00 2006 Dan Walsh 2.3.18-4
- Allow xend to rewrite dhcp conf files
- Allow mgetty sys_admin capability

Thu Oct 5 00:00:00 2006 Dan Walsh 2.3.18-3
- Make xentapctrl work

Wed Oct 4 00:00:00 2006 Dan Walsh 2.3.18-2
- Don\'t transition unconfined_t to bootloader_t
- Fix label in /dev/xen/blktap

Wed Oct 4 00:00:00 2006 Dan Walsh 2.3.18-1
- Patch for labeled networking

Tue Oct 3 00:00:00 2006 Dan Walsh 2.3.17-2
- Fix crond handling for mls

Fri Sep 29 00:00:00 2006 Dan Walsh 2.3.17-1
- Update to upstream

Fri Sep 29 00:00:00 2006 Dan Walsh 2.3.16-9
- Remove bluetooth-helper transition
- Add selinux_validate for semanage
- Require new version of libsemanage

Fri Sep 29 00:00:00 2006 Dan Walsh 2.3.16-8
- Fix prelink

Fri Sep 29 00:00:00 2006 Dan Walsh 2.3.16-7
- Fix rhgb

Thu Sep 28 00:00:00 2006 Dan Walsh 2.3.16-6
- Fix setrans handling on MLS and useradd

Thu Sep 28 00:00:00 2006 Dan Walsh 2.3.16-5
- Support for fuse
- fix vigr

Thu Sep 28 00:00:00 2006 Dan Walsh 2.3.16-4
- Fix dovecot, amanda
- Fix mls

Tue Sep 26 00:00:00 2006 Dan Walsh 2.3.16-2
- Allow java execheap for itanium

Tue Sep 26 00:00:00 2006 Dan Walsh 2.3.16-1
- Update with upstream

Tue Sep 26 00:00:00 2006 Dan Walsh 2.3.15-2
- mls fixes

Sat Sep 23 00:00:00 2006 Dan Walsh 2.3.15-1
- Update from upstream

Sat Sep 23 00:00:00 2006 Dan Walsh 2.3.14-8
- More fixes for mls
- Revert change on automount transition to mount

Thu Sep 21 00:00:00 2006 Dan Walsh 2.3.14-7
- Fix cron jobs to run under the correct context

Wed Sep 20 00:00:00 2006 Dan Walsh 2.3.14-6
- Fixes to make pppd work

Tue Sep 19 00:00:00 2006 Dan Walsh 2.3.14-4
- Multiple policy fixes
- Change max categories to 1023

Sun Sep 17 00:00:00 2006 Dan Walsh 2.3.14-3
- Fix transition on mcstransd

Sat Sep 16 00:00:00 2006 Dan Walsh 2.3.14-2
- Add /dev/em8300 defs

Sat Sep 16 00:00:00 2006 Dan Walsh 2.3.14-1
- Upgrade to upstream

Fri Sep 15 00:00:00 2006 Dan Walsh 2.3.13-6
- Fix ppp connections from network manager

Thu Sep 14 00:00:00 2006 Dan Walsh 2.3.13-5
- Add tty access to all domains boolean
- Fix gnome-pty-helper context for ia64

Tue Sep 12 00:00:00 2006 Dan Walsh 2.3.13-4
- Fixed typealias of firstboot_rw_t

Fri Sep 8 00:00:00 2006 Dan Walsh 2.3.13-3
- Fix location of xel log files
- Fix handling of sysadm_r -> rpm_exec_t

Fri Sep 8 00:00:00 2006 Dan Walsh 2.3.13-2
- Fixes for autofs, lp

Thu Sep 7 00:00:00 2006 Dan Walsh 2.3.13-1
- Update from upstream

Wed Sep 6 00:00:00 2006 Dan Walsh 2.3.12-2
- Fixup for test6

Wed Sep 6 00:00:00 2006 Dan Walsh 2.3.12-1
- Update to upstream

Sat Sep 2 00:00:00 2006 Dan Walsh 2.3.11-1
- Update to upstream

Sat Sep 2 00:00:00 2006 Dan Walsh 2.3.10-7
- Fix suspend to disk problems

Fri Sep 1 00:00:00 2006 Dan Walsh 2.3.10-6
- Lots of fixes for restarting daemons at the console.

Thu Aug 31 00:00:00 2006 Dan Walsh 2.3.10-3
- Fix audit line
- Fix requires line

Wed Aug 30 00:00:00 2006 Dan Walsh 2.3.10-1
- Upgrade to upstream

Tue Aug 29 00:00:00 2006 Dan Walsh 2.3.9-6
- Fix install problems

Sat Aug 26 00:00:00 2006 Dan Walsh 2.3.9-5
- Allow setroubleshoot to getattr on all dirs to gather RPM data

Fri Aug 25 00:00:00 2006 Dan Walsh 2.3.9-4
- Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform
- Fix spec for /dev/adsp

Fri Aug 25 00:00:00 2006 Dan Walsh 2.3.9-3
- Fix xen tty devices

Fri Aug 25 00:00:00 2006 Dan Walsh 2.3.9-2
- Fixes for setroubleshoot

Thu Aug 24 00:00:00 2006 Dan Walsh 2.3.9-1
- Update to upstream

Mon Aug 21 00:00:00 2006 Dan Walsh 2.3.8-2
- Fixes for stunnel and postgresql
- Update from upstream

Fri Aug 11 00:00:00 2006 Dan Walsh 2.3.7-1
- Update from upstream
- More java fixes

Fri Aug 11 00:00:00 2006 Dan Walsh 2.3.6-4
- Change allow_execstack to default to on, for RHEL5 Beta.
This is required because of a Java compiler problem.
Hope to turn off for next beta

Fri Aug 11 00:00:00 2006 Dan Walsh 2.3.6-3
- Misc fixes

Thu Aug 10 00:00:00 2006 Dan Walsh 2.3.6-2
- More fixes for strict policy

Wed Aug 9 00:00:00 2006 Dan Walsh 2.3.6-1
- Quiet down anaconda audit messages

Tue Aug 8 00:00:00 2006 Dan Walsh 2.3.5-1
- Fix setroubleshootd

Fri Aug 4 00:00:00 2006 Dan Walsh 2.3.4-1
- Update to the latest from upstream

Fri Aug 4 00:00:00 2006 Dan Walsh 2.3.3-20
- More fixes for xen

Fri Aug 4 00:00:00 2006 Dan Walsh 2.3.3-19
- Fix anaconda transitions

Thu Aug 3 00:00:00 2006 Dan Walsh 2.3.3-18
- yet more xen rules

Wed Aug 2 00:00:00 2006 Dan Walsh 2.3.3-17
- more xen rules

Tue Aug 1 00:00:00 2006 Dan Walsh 2.3.3-16
- Fixes for Samba

Sun Jul 30 00:00:00 2006 Dan Walsh 2.3.3-15
- Fixes for xen

Sat Jul 29 00:00:00 2006 Dan Walsh 2.3.3-14
- Allow setroubleshootd to send mail

Thu Jul 27 00:00:00 2006 Dan Walsh 2.3.3-13
- Add nagios policy

Thu Jul 27 00:00:00 2006 Dan Walsh 2.3.3-12
- fixes for setroubleshoot

Thu Jul 27 00:00:00 2006 Dan Walsh 2.3.3-11
- Added Paul Howarth patch to only load policy packages shipped
with this package
- Allow pidof from initrc to ptrace higher level domains
- Allow firstboot to communicate with hal via dbus

Tue Jul 25 00:00:00 2006 Dan Walsh 2.3.3-10
- Add policy for /var/run/ldapi

Sun Jul 23 00:00:00 2006 Dan Walsh 2.3.3-9
- Fix setroubleshoot policy

Sat Jul 22 00:00:00 2006 Dan Walsh 2.3.3-8
- Fixes for mls use of ssh
- named has a new conf file

Sat Jul 22 00:00:00 2006 Dan Walsh 2.3.3-7
- Fixes to make setroubleshoot work

Thu Jul 20 00:00:00 2006 Dan Walsh 2.3.3-6
- Cups needs to be able to read domain state off of printer client

Thu Jul 20 00:00:00 2006 Dan Walsh 2.3.3-5
- add boolean to allow zebra to write config files

Wed Jul 19 00:00:00 2006 Dan Walsh 2.3.3-4
- setroubleshootd fixes

Tue Jul 18 00:00:00 2006 Dan Walsh 2.3.3-3
- Allow prelink to read bin_t symlink
- allow xfs to read random devices
- Change gfs to support xattr

Tue Jul 18 00:00:00 2006 Dan Walsh 2.3.3-2
- Remove spamassassin_can_network boolean

Sat Jul 15 00:00:00 2006 Dan Walsh 2.3.3-1
- Update to upstream
- Fix lpr domain for mls

Sat Jul 15 00:00:00 2006 Dan Walsh 2.3.2-4
- Add setroubleshoot policy

Sat Jul 8 00:00:00 2006 Dan Walsh 2.3.2-3
- Turn off auditallow on setting booleans

Sat Jul 8 00:00:00 2006 Dan Walsh 2.3.2-2
- Multiple fixes

Sat Jul 8 00:00:00 2006 Dan Walsh 2.3.2-1
- Update to upstream

Fri Jun 23 00:00:00 2006 Dan Walsh 2.3.1-1
- Update to upstream
- Add new class for kernel key ring

Thu Jun 22 00:00:00 2006 Dan Walsh 2.2.49-1
- Update to upstream

Wed Jun 21 00:00:00 2006 Dan Walsh 2.2.48-1
- Update to upstream

Wed Jun 21 00:00:00 2006 Dan Walsh 2.2.47-5
- Break out selinux-devel package

Sat Jun 17 00:00:00 2006 Dan Walsh 2.2.47-4
- Add ibmasmfs

Fri Jun 16 00:00:00 2006 Dan Walsh 2.2.47-3
- Fix policygentool gen_requires

Wed Jun 14 00:00:00 2006 Dan Walsh 2.2.47-1
- Update from Upstream

Wed Jun 14 00:00:00 2006 Dan Walsh 2.2.46-2
- Fix spec of realplay

Wed Jun 14 00:00:00 2006 Dan Walsh 2.2.46-1
- Update to upstream

Tue Jun 13 00:00:00 2006 Dan Walsh 2.2.45-3
- Fix semanage

Tue Jun 13 00:00:00 2006 Dan Walsh 2.2.45-2
- Allow useradd to create_home_dir in MLS environment

Fri Jun 9 00:00:00 2006 Dan Walsh 2.2.45-1
- Update from upstream

Wed Jun 7 00:00:00 2006 Dan Walsh 2.2.44-1
- Update from upstream

Wed Jun 7 00:00:00 2006 Dan Walsh 2.2.43-4
- Add oprofilefs

Mon May 29 00:00:00 2006 Dan Walsh 2.2.43-3
- Fix for hplip and Picasus

Sun May 28 00:00:00 2006 Dan Walsh 2.2.43-2
- Update to upstream

Sat May 27 00:00:00 2006 Dan Walsh 2.2.43-1
- Update to upstream

Sat May 27 00:00:00 2006 Dan Walsh 2.2.42-4
- fixes for spamd

Thu May 25 00:00:00 2006 Dan Walsh 2.2.42-3
- fixes for java, openldap and webalizer

Tue May 23 00:00:00 2006 Dan Walsh 2.2.42-2
- Xen fixes

Fri May 19 00:00:00 2006 Dan Walsh 2.2.42-1
- Upgrade to upstream

Fri May 19 00:00:00 2006 Dan Walsh 2.2.41-1
- allow hal to read boot_t files
- Upgrade to upstream

Thu May 18 00:00:00 2006 Dan Walsh 2.2.40-2
- allow hal to read boot_t files

Wed May 17 00:00:00 2006 Dan Walsh 2.2.40-1
- Update from upstream

Tue May 16 00:00:00 2006 Dan Walsh 2.2.39-2
- Fixes for amavis

Tue May 16 00:00:00 2006 Dan Walsh 2.2.39-1
- Update from upstream

Sat May 13 00:00:00 2006 Dan Walsh 2.2.38-6
- Allow auditctl to search all directories

Fri May 12 00:00:00 2006 Dan Walsh 2.2.38-5
- Add acquire service for mono.

Fri May 12 00:00:00 2006 Dan Walsh 2.2.38-4
- Turn off allow_execmem boolean
- Allow ftp dac_override when allowed to access users homedirs

Thu May 11 00:00:00 2006 Dan Walsh 2.2.38-3
- Clean up spec file
- Transition from unconfined_t to prelink_t

Tue May 9 00:00:00 2006 Dan Walsh 2.2.38-2
- Allow execution of cvs command

Sat May 6 00:00:00 2006 Dan Walsh 2.2.38-1
- Update to upstream

Thu May 4 00:00:00 2006 Dan Walsh 2.2.37-1
- Update to upstream

Tue May 2 00:00:00 2006 Dan Walsh 2.2.36-2
- Fix libjvm spec

Wed Apr 26 00:00:00 2006 Dan Walsh 2.2.36-1
- Update to upstream

Wed Apr 26 00:00:00 2006 James Antill 2.2.35-2
- Add xm policy
- Fix policygentool

Tue Apr 25 00:00:00 2006 Dan Walsh 2.2.35-1
- Update to upstream
- Fix postun to only disable selinux on full removal of the packages

Sat Apr 22 00:00:00 2006 Dan Walsh 2.2.34-3
- Allow mono to chat with unconfined

Fri Apr 21 00:00:00 2006 Dan Walsh 2.2.34-2
- Allow procmail to sendmail
- Allow nfs to share dosfs

Fri Apr 21 00:00:00 2006 Dan Walsh 2.2.34-1
- Update to latest from upstream
- Allow selinux-policy to be removed and kernel not to crash

Wed Apr 19 00:00:00 2006 Dan Walsh 2.2.33-1
- Update to latest from upstream
- Add James Antill patch for xen
- Many fixes for pegasus

Sun Apr 16 00:00:00 2006 Dan Walsh 2.2.32-2
- Add unconfined_mount_t
- Allow privoxy to connect to httpd_cache
- fix cups labeleing on /var/cache/cups

Sat Apr 15 00:00:00 2006 Dan Walsh 2.2.32-1
- Update to latest from upstream

Sat Apr 15 00:00:00 2006 Dan Walsh 2.2.31-1
- Update to latest from upstream
- Allow mono and unconfined to talk to initrc_t dbus objects

Wed Apr 12 00:00:00 2006 Dan Walsh 2.2.30-2
- Change libraries.fc to stop shlib_t form overriding texrel_shlib_t

Wed Apr 12 00:00:00 2006 Dan Walsh 2.2.30-1
- Fix samba creating dirs in homedir
- Fix NFS so its booleans would work

Tue Apr 11 00:00:00 2006 Dan Walsh 2.2.29-6
- Allow secadm_t ability to relabel all files
- Allow ftp to search xferlog_t directories
- Allow mysql to communicate with ldap
- Allow rsync to bind to rsync_port_t

Tue Apr 11 00:00:00 2006 Russell Coker 2.2.29-5
- Fixed mailman with Postfix #183928
- Allowed semanage to create file_context files.
- Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t
to bind to reserved ports. #149030
- Don\'t allow devpts_t to be associated with tmp_t.
- Allow hald_t to stat all mountpoints.
- Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts.
- Make mount run in mount_t domain from unconfined_t to prevent mislabeling of
/etc/mtab.
- Changed the file_contexts to not have a regex before the first ^/[a-z]/
whenever possible, makes restorecon slightly faster.
- Correct the label of /etc/named.caching-nameserver.conf
- Now label /usr/src/kernels/.+/lib(/.
*)? as usr_t instead of
/usr/src(/.
*)?/lib(/.
*)? - I don\'t think we need anything else under /usr/src
hit by this.
- Granted xen access to /boot, allowed mounting on xend_var_lib_t, and allowed
xenstored_t rw access to the xen device node.

Wed Apr 5 00:00:00 2006 Dan Walsh 2.2.29-4
- More textrel_shlib_t file path fixes
- Add ada support

Tue Apr 4 00:00:00 2006 Dan Walsh 2.2.29-3
- Get auditctl working in MLS policy

Tue Apr 4 00:00:00 2006 Dan Walsh 2.2.29-2
- Add mono dbus support
- Lots of file_context fixes for textrel_shlib_t in FC5
- Turn off execmem auditallow since they are filling log files

Fri Mar 31 00:00:00 2006 Dan Walsh 2.2.29-1
- Update to upstream

Fri Mar 31 00:00:00 2006 Dan Walsh 2.2.28-3
- Allow automount and dbus to read cert files

Fri Mar 31 00:00:00 2006 Dan Walsh 2.2.28-2
- Fix ftp policy
- Fix secadm running of auditctl

Tue Mar 28 00:00:00 2006 Dan Walsh 2.2.28-1
- Update to upstream

Wed Mar 22 23:00:00 2006 Dan Walsh 2.2.27-1
- Update to upstream

Wed Mar 22 23:00:00 2006 Dan Walsh 2.2.25-3
- Fix policyhelp

Wed Mar 22 23:00:00 2006 Dan Walsh 2.2.25-2
- Fix pam_console handling of usb_device
- dontaudit logwatch reading /mnt dir

Fri Mar 17 23:00:00 2006 Dan Walsh 2.2.24-1
- Update to upstream

Wed Mar 15 23:00:00 2006 Dan Walsh 2.2.23-19
- Get transition rules to create policy.20 at SystemHigh

Tue Mar 14 23:00:00 2006 Dan Walsh