Changelog for
selinux-policy-3.9.7-3.fc14.noarch.rpm :
Fri Oct 15 14:00:00 2010 Dan Walsh
3.9.7-3
- Allow cobblerd to list cobler appache content
Fri Oct 15 14:00:00 2010 Dan Walsh 3.9.7-2
- Fixup for the latest version of upowed
- Dontaudit sandbox sending SIGNULL to desktop apps
Wed Oct 13 14:00:00 2010 Dan Walsh 3.9.7-1
- Update to upstream
Tue Oct 12 14:00:00 2010 Dan Walsh 3.9.6-3
-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access
- dovecot-auth_t needs ipc_lock
- gpm needs to use the user terminal
- Allow system_mail_t to append ~/dead.letter
- Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf
- Add pid file to vnstatd
- Allow mount to communicate with gfs_controld
- Dontaudit hal leaks in setfiles
Fri Oct 8 14:00:00 2010 Dan Walsh 3.9.6-2
- Lots of fixes for systemd
- systemd now executes readahead and tmpwatch type scripts
- Needs to manage random seed
Thu Oct 7 14:00:00 2010 Dan Walsh 3.9.6-1
- Allow smbd to use sys_admin
- Remove duplicate file context for tcfmgr
- Update to upstream
Wed Oct 6 14:00:00 2010 Dan Walsh 3.9.5-11
- Fix fusefs handling
- Do not allow sandbox to manage nsplugin_rw_t
- Allow mozilla_plugin_t to connecto its parent
- Allow init_t to connect to plymouthd running as kernel_t
- Add mediawiki policy
- dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs.
- Disable transition from dbus_session_domain to telepathy for F14
- Allow boinc_project to use shm
- Allow certmonger to search through directories that contain certs
- Allow fail2ban the DAC Override so it can read log files owned by non root users
Mon Oct 4 14:00:00 2010 Dan Walsh 3.9.5-10
- Start adding support for use_fusefs_home_dirs
- Add /var/lib/syslog directory file context
- Add /etc/localtime as locale file context
Thu Sep 30 14:00:00 2010 Dan Walsh 3.9.5-9
- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user
- Turn off iptables from unconfined user
- Allow sudo to send signals to any domains the user could have transitioned to.
- Passwd in single user mode needs to talk to console_device_t
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
- locate tried to read a symbolic link, will dontaudit
- New labels for telepathy-sunshine content in homedir
- Google is storing other binaries under /opt/google/talkplugin
- bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug
- Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15
- modemmanger and bluetooth send dbus messages to devicekit_power
- Samba needs to getquota on filesystems labeld samba_share_t
Wed Sep 29 14:00:00 2010 Dan Walsh 3.9.5-8
- Dontaudit attempts by xdm_t to write to bin_t for kdm
- Allow initrc_t to manage system_conf_t
Mon Sep 27 14:00:00 2010 Dan Walsh 3.9.5-7
- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory.
- Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets
- Allow confined users to read xdm_etc_t files
- Allow xdm_t to transition to xauth_t for lxdm program
Sun Sep 26 14:00:00 2010 Dan Walsh 3.9.5-6
- Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home
- Allow clamd to send signals to itself
- Allow mozilla_plugin_t to read user home content. And unlink pulseaudio shm.
- Allow haze to connect to yahoo chat and messenger port tcp:5050.
Bz #637339
- Allow guest to run ps command on its processes by allowing it to read /proc
- Allow firewallgui to sys_rawio which seems to be required to setup masqerading
- Allow all domains to search through default_t directories, in order to find differnet labels. For example people serring up /foo/bar to be share via samba.
- Add label for /var/log/slim.log
Fri Sep 24 14:00:00 2010 Dan Walsh 3.9.5-5
- Pull in cleanups from dgrift
- Allow mozilla_plugin_t to execute mozilla_home_t
- Allow rpc.quota to do quotamod
Thu Sep 23 14:00:00 2010 Dan Walsh 3.9.5-4
- Cleanup policy via dgrift
- Allow dovecot_deliver to append to inherited log files
- Lots of fixes for consolehelper
Tue Sep 21 14:00:00 2010 Dan Walsh 3.9.5-3
- Fix up Xguest policy
Thu Sep 16 14:00:00 2010 Dan Walsh 3.9.5-2
- Add vnstat policy
- allow libvirt to send audit messages
- Allow chrome-sandbox to search nfs_t
Thu Sep 16 14:00:00 2010 Dan Walsh 3.9.5-1
- Update to upstream
Wed Sep 15 14:00:00 2010 Dan Walsh 3.9.4-3
- Add the ability to send audit messages to confined admin policies
- Remove permissive domain from cmirrord and dontaudit sys_tty_config
- Split out unconfined_domain() calls from other unconfined_ calls so we can d
- virt needs to be able to read processes to clearance for MLS
Tue Sep 14 14:00:00 2010 Dan Walsh 3.9.4-2
- Allow all domains that can use cgroups to search tmpfs_t directory
- Allow init to send audit messages
Wed Sep 8 14:00:00 2010 Dan Walsh 3.9.4-1
- Update to upstream
Wed Sep 8 14:00:00 2010 Dan Walsh 3.9.3-4
- Allow mdadm_t to create files and sock files in /dev/md/
Wed Sep 8 14:00:00 2010 Dan Walsh 3.9.3-3
- Add policy for ajaxterm
Wed Sep 8 14:00:00 2010 Dan Walsh 3.9.3-2
- Handle /var/db/sudo
- Allow pulseaudio to read alsa config
- Allow init to send initrc_t dbus messages
Tue Sep 7 14:00:00 2010 Dan Walsh 3.9.3-1
Allow iptables to read shorewall tmp files
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
Tue Aug 31 14:00:00 2010 Dan Walsh 3.9.2-1
- Merge upstream fix of mmap_zero
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm
Tue Aug 31 14:00:00 2010 Dan Walsh 3.9.1-3
- Allow mdadm_t to read/write hugetlbfs
Mon Aug 30 14:00:00 2010 Dan Walsh 3.9.1-2
- Dominic Grift Cleanup
- Miroslav Grepl policy for jabberd
- Various fixes for mount/livecd and prelink
Mon Aug 30 14:00:00 2010 Dan Walsh 3.9.1-1
- Merge with upstream
Thu Aug 26 14:00:00 2010 Dan Walsh 3.9.0-2
- More access needed for devicekit
- Add dbadm policy
Thu Aug 26 14:00:00 2010 Dan Walsh 3.9.0-1
- Merge with upstream
Tue Aug 24 14:00:00 2010 Dan Walsh 3.8.8-21
- Allow seunshare to fowner
Tue Aug 24 14:00:00 2010 Dan Walsh 3.8.8-20
- Allow cron to look at user_cron_spool links
- Lots of fixes for mozilla_plugin_t
- Add sysv file system
- Turn unconfined domains to permissive to find additional avcs
Mon Aug 23 14:00:00 2010 Dan Walsh 3.8.8-19
- Update policy for mozilla_plugin_t
Mon Aug 23 14:00:00 2010 Dan Walsh 3.8.8-18
- Allow clamscan to read proc_t
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
Wed Aug 18 14:00:00 2010 Dan Walsh 3.8.8-17
- Allow clamscan_t execmem if clamd_use_jit set
- Add policy for firefox plugin-container
Tue Aug 17 14:00:00 2010 Dan Walsh 3.8.8-16
- Fix /root/.forward definition
Tue Aug 17 14:00:00 2010 Dan Walsh 3.8.8-15
- label dead.letter as mail_home_t
Fri Aug 13 14:00:00 2010 Dan Walsh 3.8.8-14
- Allow login programs to search /cgroups
Thu Aug 12 14:00:00 2010 Dan Walsh 3.8.8-13
- Fix cert handling
Tue Aug 10 14:00:00 2010 Dan Walsh 3.8.8-12
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
Thu Aug 5 14:00:00 2010 Dan Walsh 3.8.8-11
- Fix nis calls to allow bind to ports 512-1024
- Fix smartmon
Wed Aug 4 14:00:00 2010 Dan Walsh 3.8.8-10
- Allow pcscd to read sysfs
- systemd fixes
- Fix wine_mmap_zero_ignore boolean
Tue Aug 3 14:00:00 2010 Dan Walsh 3.8.8-9
- Apply Miroslav munin patch
- Turn back on allow_execmem and allow_execmod booleans
Tue Jul 27 14:00:00 2010 Dan Walsh 3.8.8-8
- Merge in fixes from dgrift repository
Tue Jul 27 14:00:00 2010 Dan Walsh 3.8.8-7
- Update boinc policy
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0
Mon Jul 26 14:00:00 2010 Dan Walsh 3.8.8-6
- New paths for upstart
Mon Jul 26 14:00:00 2010 Dan Walsh 3.8.8-5
- New permissions for syslog
- New labels for /lib/upstart
Fri Jul 23 14:00:00 2010 Dan Walsh 3.8.8-4
- Add mojomojo policy
Thu Jul 22 14:00:00 2010 Dan Walsh 3.8.8-3
- Allow systemd to setsockcon on sockets to immitate other services
Wed Jul 21 14:00:00 2010 Dan Walsh 3.8.8-2
- Remove debugfs label
Tue Jul 20 14:00:00 2010 Dan Walsh 3.8.8-1
- Update to latest policy
Wed Jul 14 14:00:00 2010 Dan Walsh 3.8.7-3
- Fix eclipse labeling from IBMSupportAssasstant packageing
Wed Jul 14 14:00:00 2010 Dan Walsh 3.8.7-2
- Make boot with systemd in enforcing mode
Wed Jul 14 14:00:00 2010 Dan Walsh 3.8.7-1
- Update to upstream
Mon Jul 12 14:00:00 2010 Dan Walsh 3.8.6-3
- Add boolean to turn off port forwarding in sshd.
Fri Jul 9 14:00:00 2010 Miroslav Grepl 3.8.6-2
- Add support for ebtables
- Fixes for rhcs and corosync policy
Tue Jun 22 14:00:00 2010 Dan Walsh 3.8.6-1
-Update to upstream
Mon Jun 21 14:00:00 2010 Dan Walsh 3.8.5-1
-Update to upstream
Thu Jun 17 14:00:00 2010 Dan Walsh 3.8.4-1
-Update to upstream
Wed Jun 16 14:00:00 2010 Dan Walsh 3.8.3-4
- Add Zarafa policy
Wed Jun 9 14:00:00 2010 Dan Walsh 3.8.3-3
- Cleanup of aiccu policy
- initial mock policy
Wed Jun 9 14:00:00 2010 Dan Walsh 3.8.3-2
- Lots of random fixes
Tue Jun 8 14:00:00 2010 Dan Walsh 3.8.3-1
- Update to upstream
Fri Jun 4 14:00:00 2010 Dan Walsh 3.8.2-1
- Update to upstream
- Allow prelink script to signal itself
- Cobbler fixes
Wed Jun 2 14:00:00 2010 Dan Walsh 3.8.1-5
- Add xdm_var_run_t to xserver_stream_connect_xdm
- Add cmorrord and mpd policy from Miroslav Grepl
Tue Jun 1 14:00:00 2010 Dan Walsh 3.8.1-4
- Fix sshd creation of krb cc files for users to be user_tmp_t
Thu May 27 14:00:00 2010 Dan Walsh 3.8.1-3
- Fixes for accountsdialog
- Fixes for boinc
Thu May 27 14:00:00 2010 Dan Walsh 3.8.1-2
- Fix label on /var/lib/dokwiki
- Change permissive domains to enforcing
- Fix libvirt policy to allow it to run on mls
Tue May 25 14:00:00 2010 Dan Walsh 3.8.1-1
- Update to upstream
Tue May 25 14:00:00 2010 Dan Walsh 3.7.19-22
- Allow procmail to execute scripts in the users home dir that are labeled home_bin_t
- Fix /var/run/abrtd.lock label
Mon May 24 14:00:00 2010 Dan Walsh 3.7.19-21
- Allow login programs to read krb5_home_t
Resolves: 594833
- Add obsoletes for cachefilesfd-selinux package
Resolves: #575084
Thu May 20 14:00:00 2010 Dan Walsh 3.7.19-20
- Allow mount to r/w abrt fifo file
- Allow svirt_t to getattr on hugetlbfs
- Allow abrt to create a directory under /var/spool
Wed May 19 14:00:00 2010 Dan Walsh 3.7.19-19
- Add labels for /sys
- Allow sshd to getattr on shutdown
- Fixes for munin
- Allow sssd to use the kernel key ring
- Allow tor to send syslog messages
- Allow iptabels to read usr files
- allow policykit to read all domains state
Thu May 13 14:00:00 2010 Dan Walsh 3.7.19-17
- Fix path for /var/spool/abrt
- Allow nfs_t as an entrypoint for http_sys_script_t
- Add policy for piranha
- Lots of fixes for sosreport
Wed May 12 14:00:00 2010 Dan Walsh 3.7.19-16
- Allow xm_t to read network state and get and set capabilities
- Allow policykit to getattr all processes
- Allow denyhosts to connect to tcp port 9911
- Allow pyranha to use raw ip sockets and ptrace itself
- Allow unconfined_execmem_t and gconfsd mechanism to dbus
- Allow staff to kill ping process
- Add additional MLS rules
Mon May 10 14:00:00 2010 Dan Walsh 3.7.19-15
- Allow gdm to edit ~/.gconf dir
Resolves: #590677
- Allow dovecot to create directories in /var/lib/dovecot
Partially resolves 590224
- Allow avahi to dbus chat with NetworkManager
- Fix cobbler labels
- Dontaudit iceauth_t leaks
- fix /var/lib/lxdm file context
- Allow aiccu to use tun tap devices
- Dontaudit shutdown using xserver.log
Thu May 6 14:00:00 2010 Dan Walsh 3.7.19-14
- Fixes for sandbox_x_net_t to match access for sandbox_web_t ++
- Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory
- Add dontaudit interface for bluetooth dbus
- Add chronyd_read_keys, append_keys for initrc_t
- Add log support for ksmtuned
Resolves: #586663
Thu May 6 14:00:00 2010 Dan Walsh 3.7.19-13
- Allow boinc to send mail
Wed May 5 14:00:00 2010 Dan Walsh 3.7.19-12
- Allow initrc_t to remove dhcpc_state_t
- Fix label on sa-update.cron
- Allow dhcpc to restart chrony initrc
- Don\'t allow sandbox to send signals to its parent processes
- Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t
Resolves: #589136
Mon May 3 14:00:00 2010 Dan Walsh 3.7.19-11
- Fix location of oddjob_mkhomedir
Resolves: #587385
- fix labeling on /root/.shosts and ~/.shosts
- Allow ipsec_mgmt_t to manage net_conf_t
Resolves: #586760
Fri Apr 30 14:00:00 2010 Dan Walsh 3.7.19-10
- Dontaudit sandbox trying to connect to netlink sockets
Resolves: #587609
- Add policy for piranha
Thu Apr 29 14:00:00 2010 Dan Walsh 3.7.19-9
- Fixups for xguest policy
- Fixes for running sandbox firefox
Wed Apr 28 14:00:00 2010 Dan Walsh 3.7.19-8
- Allow ksmtuned to use terminals
Resolves: #586663
- Allow lircd to write to generic usb devices
Tue Apr 27 14:00:00 2010 Dan Walsh 3.7.19-7
- Allow sandbox_xserver to connectto unconfined stream
Resolves: #585171
Mon Apr 26 14:00:00 2010 Dan Walsh 3.7.19-6
- Allow initrc_t to read slapd_db_t
Resolves: #585476
- Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf
Resolves: #585963
Thu Apr 22 14:00:00 2010 Dan Walsh 3.7.19-5
- Allow rlogind_t to search /root for .rhosts
Resolves: #582760
- Fix path for cached_var_t
- Fix prelink paths /var/lib/prelink
- Allow confined users to direct_dri
- Allow mls lvm/cryptosetup to work
Wed Apr 21 14:00:00 2010 Dan Walsh 3.7.19-4
- Allow virtd_t to manage firewall/iptables config
Resolves: #573585
Tue Apr 20 14:00:00 2010 Dan Walsh 3.7.19-3
- Fix label on /root/.rhosts
Resolves: #582760
- Add labels for Picasa
- Allow openvpn to read home certs
- Allow plymouthd_t to use tty_device_t
- Run ncftool as iptables_t
- Allow mount to unmount unlabeled_t
- Dontaudit hal leaks
Wed Apr 14 14:00:00 2010 Dan Walsh 3.7.19-2
- Allow livecd to transition to mount
Tue Apr 13 14:00:00 2010 Dan Walsh 3.7.19-1
- Update to upstream
- Allow abrt to delete sosreport
Resolves: #579998
- Allow snmp to setuid and gid
Resolves: #582155
- Allow smartd to use generic scsi devices
Resolves: #582145
Tue Apr 13 14:00:00 2010 Dan Walsh 3.7.18-3
- Allow ipsec_t to create /etc/resolv.conf with the correct label
- Fix reserved port destination
- Allow autofs to transition to showmount
- Stop crashing tuned
Mon Apr 12 14:00:00 2010 Dan Walsh 3.7.18-2
- Add telepathysofiasip policy
Mon Apr 5 14:00:00 2010 Dan Walsh 3.7.18-1
- Update to upstream
- Fix label for /opt/google/chrome/chrome-sandbox
- Allow modemmanager to dbus with policykit
Mon Apr 5 14:00:00 2010 Dan Walsh 3.7.17-6
- Fix allow_httpd_mod_auth_pam to use auth_use_pam(httpd_t)
- Allow accountsd to read shadow file
- Allow apache to send audit messages when using pam
- Allow asterisk to bind and connect to sip tcp ports
- Fixes for dovecot 2.0
- Allow initrc_t to setattr on milter directories
- Add procmail_home_t for .procmailrc file
Thu Apr 1 14:00:00 2010 Dan Walsh 3.7.17-5
- Fixes for labels during install from livecd
Thu Apr 1 14:00:00 2010 Dan Walsh 3.7.17-4
- Fix /cgroup file context
- Fix broken afs use of unlabled_t
- Allow getty to use the console for s390
Wed Mar 31 14:00:00 2010 Dan Walsh 3.7.17-3
- Fix cgroup handling adding policy for /cgroup
- Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set
Tue Mar 30 14:00:00 2010 Dan Walsh 3.7.17-2
- Merge patches from dgrift
Mon Mar 29 14:00:00 2010 Dan Walsh 3.7.17-1
- Update upstream
- Allow abrt to write to the /proc under any process
Fri Mar 26 13:00:00 2010 Dan Walsh 3.7.16-2
- Fix ~/.fontconfig label
- Add /root/.cert label
- Allow reading of the fixed_file_disk_t:lnk_file if you can read file
- Allow qemu_exec_t as an entrypoint to svirt_t
Tue Mar 23 13:00:00 2010 Dan Walsh 3.7.16-1
- Update to upstream
- Allow tmpreaper to delete sandbox sock files
- Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems
- Fixes for gitosis
- No transition on livecd to passwd or chfn
- Fixes for denyhosts
Tue Mar 23 13:00:00 2010 Dan Walsh 3.7.15-4
- Add label for /var/lib/upower
- Allow logrotate to run sssd
- dontaudit readahead on tmpfs blk files
- Allow tmpreaper to setattr on sandbox files
- Allow confined users to execute dos files
- Allow sysadm_t to kill processes running within its clearance
- Add accountsd policy
- Fixes for corosync policy
- Fixes from crontab policy
- Allow svirt to manage svirt_image_t chr files
- Fixes for qdisk policy
- Fixes for sssd policy
- Fixes for newrole policy
Thu Mar 18 13:00:00 2010 Dan Walsh 3.7.15-3
- make libvirt work on an MLS platform
Thu Mar 18 13:00:00 2010 Dan Walsh 3.7.15-2
- Add qpidd policy
Thu Mar 18 13:00:00 2010 Dan Walsh 3.7.15-1
- Update to upstream
Tue Mar 16 13:00:00 2010 Dan Walsh 3.7.14-5
- Allow boinc to read kernel sysctl
- Fix snmp port definitions
- Allow apache to read anon_inodefs
Sun Mar 14 13:00:00 2010 Dan Walsh 3.7.14-4
- Allow shutdown dac_override
Sat Mar 13 13:00:00 2010 Dan Walsh 3.7.14-3
- Add device_t as a file system
- Fix sysfs association
Fri Mar 12 13:00:00 2010 Dan Walsh 3.7.14-2
- Dontaudit ipsec_mgmt sys_ptrace
- Allow at to mail its spool files
- Allow nsplugin to search in .pulse directory
Fri Mar 12 13:00:00 2010 Dan Walsh 3.7.14-1
- Update to upstream
Fri Mar 12 13:00:00 2010 Dan Walsh 3.7.13-4
- Allow users to dbus chat with xdm
- Allow users to r/w wireless_device_t
- Dontaudit reading of process states by ipsec_mgmt
Thu Mar 11 13:00:00 2010 Dan Walsh 3.7.13-3
- Fix openoffice from unconfined_t
Wed Mar 10 13:00:00 2010 Dan Walsh 3.7.13-2
- Add shutdown policy so consolekit can shutdown system
Tue Mar 9 13:00:00 2010 Dan Walsh 3.7.13-1
- Update to upstream
Thu Mar 4 13:00:00 2010 Dan Walsh 3.7.12-1
- Update to upstream
Thu Mar 4 13:00:00 2010 Dan Walsh 3.7.11-1
- Update to upstream - These are merges of my patches
- Remove 389 labeling conflicts
- Add MLS fixes found in RHEL6 testing
- Allow pulseaudio to run as a service
- Add label for mssql and allow apache to connect to this database port if boolean set
- Dontaudit searches of debugfs mount point
- Allow policykit_auth to send signals to itself
- Allow modcluster to call getpwnam
- Allow swat to signal winbind
- Allow usbmux to run as a system role
- Allow svirt to create and use devpts
Mon Mar 1 13:00:00 2010 Dan Walsh 3.7.10-5
- Add MLS fixes found in RHEL6 testing
- Allow domains to append to rpm_tmp_t
- Add cachefilesfd policy
- Dontaudit leaks when transitioning
Tue Feb 23 13:00:00 2010 Dan Walsh 3.7.10-4
- Change allow_execstack and allow_execmem booleans to on
- dontaudit acct using console
- Add label for fping
- Allow tmpreaper to delete sandbox_file_t
- Fix wine dontaudit mmap_zero
- Allow abrt to read var_t symlinks
Mon Feb 22 13:00:00 2010 Dan Walsh 3.7.10-3
- Additional policy for rgmanager
Mon Feb 22 13:00:00 2010 Dan Walsh 3.7.10-2
- Allow sshd to setattr on pseudo terms
Mon Feb 22 13:00:00 2010 Dan Walsh 3.7.10-1
- Update to upstream
Thu Feb 18 13:00:00 2010 Dan Walsh 3.7.9-4
- Allow policykit to send itself signals
Wed Feb 17 13:00:00 2010 Dan Walsh 3.7.9-3
- Fix duplicate cobbler definition
Wed Feb 17 13:00:00 2010 Dan Walsh 3.7.9-2
- Fix file context of /var/lib/avahi-autoipd
Fri Feb 12 13:00:00 2010 Dan Walsh 3.7.9-1
- Merge with upstream
Thu Feb 11 13:00:00 2010 Dan Walsh 3.7.8-11
- Allow sandbox to work with MLS
Tue Feb 9 13:00:00 2010 Dan Walsh 3.7.8-9
- Make Chrome work with staff user
Thu Feb 4 13:00:00 2010 Dan Walsh 3.7.8-8
- Add icecast policy
- Cleanup spec file
Wed Feb 3 13:00:00 2010 Dan Walsh 3.7.8-7
- Add mcelog policy
Mon Feb 1 13:00:00 2010 Dan Walsh 3.7.8-6
- Lots of fixes found in F12
Wed Jan 27 13:00:00 2010 Dan Walsh 3.7.8-5
- Fix rpm_dontaudit_leaks
Wed Jan 27 13:00:00 2010 Dan Walsh 3.7.8-4
- Add getsched to hald_t
- Add file context for Fedora/Redhat Directory Server
Mon Jan 25 13:00:00 2010 Dan Walsh 3.7.8-3
- Allow abrt_helper to getattr on all filesystems
- Add label for /opt/real/RealPlayer/plugins/oggfformat\\.so
Thu Jan 21 13:00:00 2010 Dan Walsh 3.7.8-2
- Add gstreamer_home_t for ~/.gstreamer
Mon Jan 18 13:00:00 2010 Dan Walsh 3.7.8-1
- Update to upstream
Fri Jan 15 13:00:00 2010 Dan Walsh 3.7.7-3
- Fix git
Thu Jan 7 13:00:00 2010 Dan Walsh 3.7.7-2
- Turn on puppet policy
- Update to dgrift git policy
Thu Jan 7 13:00:00 2010 Dan Walsh 3.7.7-1
- Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
Thu Jan 7 13:00:00 2010 Dan Walsh 3.7.6-1
- Update to upstream
Wed Jan 6 13:00:00 2010 Dan Walsh 3.7.5-8
- Remove most of the permissive domains from F12.
Tue Jan 5 13:00:00 2010 Dan Walsh 3.7.5-7
- Add cobbler policy from dgrift
Mon Jan 4 13:00:00 2010 Dan Walsh 3.7.5-6
- add usbmon device
- Add allow rulse for devicekit_disk
Wed Dec 30 13:00:00 2009 Dan Walsh 3.7.5-5
- Lots of fixes found in F12, fixes from Tom London
Wed Dec 23 13:00:00 2009 Dan Walsh 3.7.5-4
- Cleanups from dgrift
Tue Dec 22 13:00:00 2009 Dan Walsh 3.7.5-3
- Add back xserver_manage_home_fonts
Mon Dec 21 13:00:00 2009 Dan Walsh 3.7.5-2
- Dontaudit sandbox trying to read nscd and sssd
Fri Dec 18 13:00:00 2009 Dan Walsh 3.7.5-1
- Update to upstream
Thu Dec 17 13:00:00 2009 Dan Walsh 3.7.4-4
- Rename udisks-daemon back to devicekit_disk_t policy
Wed Dec 16 13:00:00 2009 Dan Walsh 3.7.4-3
- Fixes for abrt calls
Fri Dec 11 13:00:00 2009 Dan Walsh 3.7.4-2
- Add tgtd policy
Fri Dec 4 13:00:00 2009 Dan Walsh 3.7.4-1
- Update to upstream release
Mon Nov 16 13:00:00 2009 Dan Walsh 3.7.3-1
- Add asterisk policy back in
- Update to upstream release 2.20091117
Mon Nov 16 13:00:00 2009 Dan Walsh 3.7.1-1
- Update to upstream release 2.20091117
Mon Nov 16 13:00:00 2009 Dan Walsh 3.6.33-2
- Fixup nut policy
Thu Nov 12 13:00:00 2009 Dan Walsh 3.6.33-1
- Update to upstream
Thu Oct 1 14:00:00 2009 Dan Walsh 3.6.32-17
- Allow vpnc request the kernel to load modules
Wed Sep 30 14:00:00 2009 Dan Walsh 3.6.32-16
- Fix minimum policy installs
- Allow udev and rpcbind to request the kernel to load modules
Wed Sep 30 14:00:00 2009 Dan Walsh 3.6.32-15
- Add plymouth policy
- Allow local_login to sys_admin
Tue Sep 29 14:00:00 2009 Dan Walsh 3.6.32-13
- Allow cupsd_config to read user tmp
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
Fri Sep 25 14:00:00 2009 Dan Walsh 3.6.32-12
- Update rhcs policy
Thu Sep 24 14:00:00 2009 Dan Walsh 3.6.32-11
- Allow users to exec restorecond
Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-10
- Allow sendmail to request kernel modules load
Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-9
- Fix all kernel_request_load_module domains
Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-8
- Fix all kernel_request_load_module domains
Sun Sep 20 14:00:00 2009 Dan Walsh 3.6.32-7
- Remove allow_exec
* booleans for confined users. Only available for unconfined_t
Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-6
- More fixes for sandbox_web_t
Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-5
- Allow sshd to create .ssh directory and content
Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-4
- Fix request_module line to module_request
Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-3
- Fix sandbox policy to allow it to run under firefox.
- Dont audit leaks.
Thu Sep 17 14:00:00 2009 Dan Walsh 3.6.32-2
- Fixes for sandbox
Thu Sep 17 14:00:00 2009 Dan Walsh 3.6.32-1
- Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
Tue Sep 15 14:00:00 2009 Dan Walsh 3.6.31-5
- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
- Remove policycoreutils-python requirement except for minimum
Mon Sep 14 14:00:00 2009 Dan Walsh 3.6.31-4
- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)
Thu Sep 10 14:00:00 2009 Dan Walsh 3.6.31-3
- Add wordpress/wp-content/uploads label
- Fixes for sandbox when run from staff_t
Thu Sep 10 14:00:00 2009 Dan Walsh 3.6.31-2
- Update to upstream
- Fixes for devicekit_disk
Tue Sep 8 14:00:00 2009 Dan Walsh 3.6.30-6
- More fixes
Tue Sep 8 14:00:00 2009 Dan Walsh 3.6.30-5
- Lots of fixes for initrc and other unconfined domains
Fri Sep 4 14:00:00 2009 Dan Walsh 3.6.30-4
- Allow xserver to use netlink_kobject_uevent_socket
Thu Sep 3 14:00:00 2009 Dan Walsh 3.6.30-3
- Fixes for sandbox
Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.30-2
- Dontaudit setroubleshootfix looking at /root directory
Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.30-1
- Update to upsteam
Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.29-2
- Allow gssd to send signals to users
- Fix duplicate label for apache content
Fri Aug 28 14:00:00 2009 Dan Walsh 3.6.29-1
- Update to upstream
Fri Aug 28 14:00:00 2009 Dan Walsh 3.6.28-9
- Remove polkit_auth on upgrades
Wed Aug 26 14:00:00 2009 Dan Walsh 3.6.28-8
- Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare
Tue Aug 25 14:00:00 2009 Dan Walsh 3.6.28-7
- Fixes for cdrecord, mdadm, and others
Sat Aug 22 14:00:00 2009 Dan Walsh 3.6.28-6
- Add capability setting to dhcpc and gpm
Sat Aug 22 14:00:00 2009 Dan Walsh 3.6.28-5
- Allow cronjobs to read exim_spool_t
Fri Aug 21 14:00:00 2009 Dan Walsh 3.6.28-4
- Add ABRT policy
Thu Aug 20 14:00:00 2009 Dan Walsh 3.6.28-3
- Fix system-config-services policy
Wed Aug 19 14:00:00 2009 Dan Walsh 3.6.28-2
- Allow libvirt to change user componant of virt_domain
Tue Aug 18 14:00:00 2009 Dan Walsh 3.6.28-1
- Allow cupsd_config_t to be started by dbus
- Add smoltclient policy
Fri Aug 14 14:00:00 2009 Dan Walsh 3.6.27-1
- Add policycoreutils-python to pre install
Thu Aug 13 14:00:00 2009 Dan Walsh 3.6.26-11
- Make all unconfined_domains permissive so we can see what AVC\'s happen
Mon Aug 10 14:00:00 2009 Dan Walsh 3.6.26-10
- Add pt_chown policy
Mon Aug 10 14:00:00 2009 Dan Walsh 3.6.26-9
- Add kdump policy for Miroslav Grepl
- Turn off execstack boolean
Fri Aug 7 14:00:00 2009 Bill Nottingham 3.6.26-8
- Turn on execstack on a temporary basis (#512845)
Thu Aug 6 14:00:00 2009 Dan Walsh 3.6.26-7
- Allow nsplugin to connecto the session bus
- Allow samba_net to write to coolkey data
Wed Aug 5 14:00:00 2009 Dan Walsh 3.6.26-6
- Allow devicekit_disk to list inotify
Wed Aug 5 14:00:00 2009 Dan Walsh 3.6.26-5
- Allow svirt images to create sock_file in svirt_var_run_t
Tue Aug 4 14:00:00 2009 Dan Walsh 3.6.26-4
- Allow exim to getattr on mountpoints
- Fixes for pulseaudio
Fri Jul 31 14:00:00 2009 Dan Walsh 3.6.26-3
- Allow svirt_t to stream_connect to virtd_t
Fri Jul 31 14:00:00 2009 Dan Walsh 3.6.26-2
- Allod hald_dccm_t to create sock_files in /tmp
Thu Jul 30 14:00:00 2009 Dan Walsh 3.6.26-1
- More fixes from upstream
Tue Jul 28 14:00:00 2009 Dan Walsh 3.6.25-1
- Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
Tue Jul 28 14:00:00 2009 Dan Walsh 3.6.24-1
- Update to upstream
Mon Jul 27 14:00:00 2009 Dan Walsh 3.6.23-2
- Allow certmaster to override dac permissions
Wed Jul 22 14:00:00 2009 Dan Walsh 3.6.23-1
- Update to upstream
Mon Jul 20 14:00:00 2009 Dan Walsh 3.6.22-3
- Fix context for VirtualBox
Tue Jul 14 14:00:00 2009 Dan Walsh 3.6.22-1
- Update to upstream
Fri Jul 10 14:00:00 2009 Dan Walsh 3.6.21-4
- Allow clamscan read amavis spool files
Wed Jul 8 14:00:00 2009 Dan Walsh 3.6.21-3
- Fixes for xguest
Tue Jul 7 14:00:00 2009 Tom \"spot\" Callaway 3.6.21-2
- fix multiple directory ownership of mandirs
Wed Jul 1 14:00:00 2009 Dan Walsh 3.6.21-1
- Update to upstream
Tue Jun 30 14:00:00 2009 Dan Walsh 3.6.20-2
- Add rules for rtkit-daemon
Thu Jun 25 14:00:00 2009 Dan Walsh 3.6.20-1
- Update to upstream
- Fix nlscd_stream_connect
Thu Jun 25 14:00:00 2009 Dan Walsh 3.6.19-5
- Add rtkit policy
Wed Jun 24 14:00:00 2009 Dan Walsh 3.6.19-4
- Allow rpcd_t to stream connect to rpcbind
Tue Jun 23 14:00:00 2009 Dan Walsh 3.6.19-3
- Allow kpropd to create tmp files
Tue Jun 23 14:00:00 2009 Dan Walsh 3.6.19-2
- Fix last duplicate /var/log/rpmpkgs
Mon Jun 22 14:00:00 2009 Dan Walsh 3.6.19-1
- Update to upstream
* add sssd
Sat Jun 20 14:00:00 2009 Dan Walsh 3.6.18-1
- Update to upstream
* cleanup
Fri Jun 19 14:00:00 2009 Dan Walsh 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
Thu Jun 18 14:00:00 2009 Dan Walsh 3.6.16-4
- Fix mcs rules to include chr_file and blk_file
Tue Jun 16 14:00:00 2009 Dan Walsh 3.6.16-3
- Add label for udev-acl
Mon Jun 15 14:00:00 2009 Dan Walsh 3.6.16-2
- Additional rules for consolekit/udev, privoxy and various other fixes
Fri Jun 12 14:00:00 2009 Dan Walsh 3.6.16-1
- New version for upstream
Thu Jun 11 14:00:00 2009 Dan Walsh 3.6.14-3
- Allow NetworkManager to read inotifyfs
Wed Jun 10 14:00:00 2009 Dan Walsh 3.6.14-2
- Allow setroubleshoot to run mlocate
Mon Jun 8 14:00:00 2009 Dan Walsh 3.6.14-1
- Update to upstream
Tue Jun 2 14:00:00 2009 Dan Walsh 3.6.13-3
- Add fish as a shell
- Allow fprintd to list usbfs_t
- Allow consolekit to search mountpoints
- Add proper labeling for shorewall
Tue May 26 14:00:00 2009 Dan Walsh 3.6.13-2
- New log file for vmware
- Allow xdm to setattr on user_tmp_t
Thu May 21 14:00:00 2009 Dan Walsh 3.6.13-1
- Upgrade to upstream
Wed May 20 14:00:00 2009 Dan Walsh 3.6.12-39
- Allow fprintd to access sys_ptrace
- Add sandbox policy
Mon May 18 14:00:00 2009 Dan Walsh 3.6.12-38
- Add varnishd policy
Thu May 14 14:00:00 2009 Dan Walsh 3.6.12-37
- Fixes for kpropd
Tue May 12 14:00:00 2009 Dan Walsh 3.6.12-36
- Allow brctl to r/w tun_tap_device_t
Mon May 11 14:00:00 2009 Dan Walsh 3.6.12-35
- Add /usr/share/selinux/packages
Mon May 11 14:00:00 2009 Dan Walsh 3.6.12-34
- Allow rpcd_t to send signals to kernel threads
Thu May 7 14:00:00 2009 Dan Walsh 3.6.12-33
- Fix upgrade for F10 to F11
Thu May 7 14:00:00 2009 Dan Walsh 3.6.12-31
- Add policy for /var/lib/fprint
Tue May 5 14:00:00 2009 Dan Walsh 3.6.12-30
-Remove duplicate line
Tue May 5 14:00:00 2009 Dan Walsh 3.6.12-29
- Allow svirt to manage pci and other sysfs device data
Mon May 4 14:00:00 2009 Dan Walsh 3.6.12-28
