RPM Search

Changelog for selinux-policy-3.7.19-10.fc13.noarch.rpm :
Fri Apr 30 14:00:00 2010 Dan Walsh 3.7.19-10
- Dontaudit sandbox trying to connect to netlink sockets
Resolves: #587609
- Add policy for piranha

Thu Apr 29 14:00:00 2010 Dan Walsh 3.7.19-9
- Fixups for xguest policy
- Fixes for running sandbox firefox

Wed Apr 28 14:00:00 2010 Dan Walsh 3.7.19-8
- Allow ksmtuned to use terminals
Resolves: #586663
- Allow lircd to write to generic usb devices

Tue Apr 27 14:00:00 2010 Dan Walsh 3.7.19-7
- Allow sandbox_xserver to connectto unconfined stream
Resolves: #585171

Mon Apr 26 14:00:00 2010 Dan Walsh 3.7.19-6
- Allow initrc_t to read slapd_db_t
Resolves: #585476
- Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf
Resolves: #585963

Thu Apr 22 14:00:00 2010 Dan Walsh 3.7.19-5
- Allow rlogind_t to search /root for .rhosts
Resolves: #582760
- Fix path for cached_var_t
- Fix prelink paths /var/lib/prelink
- Allow confined users to direct_dri
- Allow mls lvm/cryptosetup to work

Wed Apr 21 14:00:00 2010 Dan Walsh 3.7.19-4
- Allow virtd_t to manage firewall/iptables config
Resolves: #573585

Tue Apr 20 14:00:00 2010 Dan Walsh 3.7.19-3
- Fix label on /root/.rhosts
Resolves: #582760
- Add labels for Picasa
- Allow openvpn to read home certs
- Allow plymouthd_t to use tty_device_t
- Run ncftool as iptables_t
- Allow mount to unmount unlabeled_t
- Dontaudit hal leaks

Wed Apr 14 14:00:00 2010 Dan Walsh 3.7.19-2
- Allow livecd to transition to mount

Tue Apr 13 14:00:00 2010 Dan Walsh 3.7.19-1
- Update to upstream
- Allow abrt to delete sosreport
Resolves: #579998
- Allow snmp to setuid and gid
Resolves: #582155
- Allow smartd to use generic scsi devices
Resolves: #582145

Tue Apr 13 14:00:00 2010 Dan Walsh 3.7.18-3
- Allow ipsec_t to create /etc/resolv.conf with the correct label
- Fix reserved port destination
- Allow autofs to transition to showmount
- Stop crashing tuned

Mon Apr 12 14:00:00 2010 Dan Walsh 3.7.18-2
- Add telepathysofiasip policy

Mon Apr 5 14:00:00 2010 Dan Walsh 3.7.18-1
- Update to upstream
- Fix label for /opt/google/chrome/chrome-sandbox
- Allow modemmanager to dbus with policykit

Mon Apr 5 14:00:00 2010 Dan Walsh 3.7.17-6
- Fix allow_httpd_mod_auth_pam to use auth_use_pam(httpd_t)
- Allow accountsd to read shadow file
- Allow apache to send audit messages when using pam
- Allow asterisk to bind and connect to sip tcp ports
- Fixes for dovecot 2.0
- Allow initrc_t to setattr on milter directories
- Add procmail_home_t for .procmailrc file

Thu Apr 1 14:00:00 2010 Dan Walsh 3.7.17-5
- Fixes for labels during install from livecd

Thu Apr 1 14:00:00 2010 Dan Walsh 3.7.17-4
- Fix /cgroup file context
- Fix broken afs use of unlabled_t
- Allow getty to use the console for s390

Wed Mar 31 14:00:00 2010 Dan Walsh 3.7.17-3
- Fix cgroup handling adding policy for /cgroup
- Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set

Tue Mar 30 14:00:00 2010 Dan Walsh 3.7.17-2
- Merge patches from dgrift

Mon Mar 29 14:00:00 2010 Dan Walsh 3.7.17-1
- Update upstream
- Allow abrt to write to the /proc under any process

Fri Mar 26 13:00:00 2010 Dan Walsh 3.7.16-2
- Fix ~/.fontconfig label
- Add /root/.cert label
- Allow reading of the fixed_file_disk_t:lnk_file if you can read file
- Allow qemu_exec_t as an entrypoint to svirt_t

Tue Mar 23 13:00:00 2010 Dan Walsh 3.7.16-1
- Update to upstream
- Allow tmpreaper to delete sandbox sock files
- Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems
- Fixes for gitosis
- No transition on livecd to passwd or chfn
- Fixes for denyhosts

Tue Mar 23 13:00:00 2010 Dan Walsh 3.7.15-4
- Add label for /var/lib/upower
- Allow logrotate to run sssd
- dontaudit readahead on tmpfs blk files
- Allow tmpreaper to setattr on sandbox files
- Allow confined users to execute dos files
- Allow sysadm_t to kill processes running within its clearance
- Add accountsd policy
- Fixes for corosync policy
- Fixes from crontab policy
- Allow svirt to manage svirt_image_t chr files
- Fixes for qdisk policy
- Fixes for sssd policy
- Fixes for newrole policy

Thu Mar 18 13:00:00 2010 Dan Walsh 3.7.15-3
- make libvirt work on an MLS platform

Thu Mar 18 13:00:00 2010 Dan Walsh 3.7.15-2
- Add qpidd policy

Thu Mar 18 13:00:00 2010 Dan Walsh 3.7.15-1
- Update to upstream

Tue Mar 16 13:00:00 2010 Dan Walsh 3.7.14-5
- Allow boinc to read kernel sysctl
- Fix snmp port definitions
- Allow apache to read anon_inodefs

Sun Mar 14 13:00:00 2010 Dan Walsh 3.7.14-4
- Allow shutdown dac_override

Sat Mar 13 13:00:00 2010 Dan Walsh 3.7.14-3
- Add device_t as a file system
- Fix sysfs association

Fri Mar 12 13:00:00 2010 Dan Walsh 3.7.14-2
- Dontaudit ipsec_mgmt sys_ptrace
- Allow at to mail its spool files
- Allow nsplugin to search in .pulse directory

Fri Mar 12 13:00:00 2010 Dan Walsh 3.7.14-1
- Update to upstream

Fri Mar 12 13:00:00 2010 Dan Walsh 3.7.13-4
- Allow users to dbus chat with xdm
- Allow users to r/w wireless_device_t
- Dontaudit reading of process states by ipsec_mgmt

Thu Mar 11 13:00:00 2010 Dan Walsh 3.7.13-3
- Fix openoffice from unconfined_t

Wed Mar 10 13:00:00 2010 Dan Walsh 3.7.13-2
- Add shutdown policy so consolekit can shutdown system

Tue Mar 9 13:00:00 2010 Dan Walsh 3.7.13-1
- Update to upstream

Thu Mar 4 13:00:00 2010 Dan Walsh 3.7.12-1
- Update to upstream

Thu Mar 4 13:00:00 2010 Dan Walsh 3.7.11-1
- Update to upstream - These are merges of my patches
- Remove 389 labeling conflicts
- Add MLS fixes found in RHEL6 testing
- Allow pulseaudio to run as a service
- Add label for mssql and allow apache to connect to this database port if boolean set
- Dontaudit searches of debugfs mount point
- Allow policykit_auth to send signals to itself
- Allow modcluster to call getpwnam
- Allow swat to signal winbind
- Allow usbmux to run as a system role
- Allow svirt to create and use devpts

Mon Mar 1 13:00:00 2010 Dan Walsh 3.7.10-5
- Add MLS fixes found in RHEL6 testing
- Allow domains to append to rpm_tmp_t
- Add cachefilesfd policy
- Dontaudit leaks when transitioning

Tue Feb 23 13:00:00 2010 Dan Walsh 3.7.10-4
- Change allow_execstack and allow_execmem booleans to on
- dontaudit acct using console
- Add label for fping
- Allow tmpreaper to delete sandbox_file_t
- Fix wine dontaudit mmap_zero
- Allow abrt to read var_t symlinks

Mon Feb 22 13:00:00 2010 Dan Walsh 3.7.10-3
- Additional policy for rgmanager

Mon Feb 22 13:00:00 2010 Dan Walsh 3.7.10-2
- Allow sshd to setattr on pseudo terms

Mon Feb 22 13:00:00 2010 Dan Walsh 3.7.10-1
- Update to upstream

Thu Feb 18 13:00:00 2010 Dan Walsh 3.7.9-4
- Allow policykit to send itself signals

Wed Feb 17 13:00:00 2010 Dan Walsh 3.7.9-3
- Fix duplicate cobbler definition

Wed Feb 17 13:00:00 2010 Dan Walsh 3.7.9-2
- Fix file context of /var/lib/avahi-autoipd

Fri Feb 12 13:00:00 2010 Dan Walsh 3.7.9-1
- Merge with upstream

Thu Feb 11 13:00:00 2010 Dan Walsh 3.7.8-11
- Allow sandbox to work with MLS

Tue Feb 9 13:00:00 2010 Dan Walsh 3.7.8-9
- Make Chrome work with staff user

Thu Feb 4 13:00:00 2010 Dan Walsh 3.7.8-8
- Add icecast policy
- Cleanup spec file

Wed Feb 3 13:00:00 2010 Dan Walsh 3.7.8-7
- Add mcelog policy

Mon Feb 1 13:00:00 2010 Dan Walsh 3.7.8-6
- Lots of fixes found in F12

Wed Jan 27 13:00:00 2010 Dan Walsh 3.7.8-5
- Fix rpm_dontaudit_leaks

Wed Jan 27 13:00:00 2010 Dan Walsh 3.7.8-4
- Add getsched to hald_t
- Add file context for Fedora/Redhat Directory Server

Mon Jan 25 13:00:00 2010 Dan Walsh 3.7.8-3
- Allow abrt_helper to getattr on all filesystems
- Add label for /opt/real/RealPlayer/plugins/oggfformat\\.so

Thu Jan 21 13:00:00 2010 Dan Walsh 3.7.8-2
- Add gstreamer_home_t for ~/.gstreamer

Mon Jan 18 13:00:00 2010 Dan Walsh 3.7.8-1
- Update to upstream

Fri Jan 15 13:00:00 2010 Dan Walsh 3.7.7-3
- Fix git

Thu Jan 7 13:00:00 2010 Dan Walsh 3.7.7-2
- Turn on puppet policy
- Update to dgrift git policy

Thu Jan 7 13:00:00 2010 Dan Walsh 3.7.7-1
- Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t

Thu Jan 7 13:00:00 2010 Dan Walsh 3.7.6-1
- Update to upstream

Wed Jan 6 13:00:00 2010 Dan Walsh 3.7.5-8
- Remove most of the permissive domains from F12.

Tue Jan 5 13:00:00 2010 Dan Walsh 3.7.5-7
- Add cobbler policy from dgrift

Mon Jan 4 13:00:00 2010 Dan Walsh 3.7.5-6
- add usbmon device
- Add allow rulse for devicekit_disk

Wed Dec 30 13:00:00 2009 Dan Walsh 3.7.5-5
- Lots of fixes found in F12, fixes from Tom London

Wed Dec 23 13:00:00 2009 Dan Walsh 3.7.5-4
- Cleanups from dgrift

Tue Dec 22 13:00:00 2009 Dan Walsh 3.7.5-3
- Add back xserver_manage_home_fonts

Mon Dec 21 13:00:00 2009 Dan Walsh 3.7.5-2
- Dontaudit sandbox trying to read nscd and sssd

Fri Dec 18 13:00:00 2009 Dan Walsh 3.7.5-1
- Update to upstream

Thu Dec 17 13:00:00 2009 Dan Walsh 3.7.4-4
- Rename udisks-daemon back to devicekit_disk_t policy

Wed Dec 16 13:00:00 2009 Dan Walsh 3.7.4-3
- Fixes for abrt calls

Fri Dec 11 13:00:00 2009 Dan Walsh 3.7.4-2
- Add tgtd policy

Fri Dec 4 13:00:00 2009 Dan Walsh 3.7.4-1
- Update to upstream release

Mon Nov 16 13:00:00 2009 Dan Walsh 3.7.3-1
- Add asterisk policy back in
- Update to upstream release 2.20091117

Mon Nov 16 13:00:00 2009 Dan Walsh 3.7.1-1
- Update to upstream release 2.20091117

Mon Nov 16 13:00:00 2009 Dan Walsh 3.6.33-2
- Fixup nut policy

Thu Nov 12 13:00:00 2009 Dan Walsh 3.6.33-1
- Update to upstream

Thu Oct 1 14:00:00 2009 Dan Walsh 3.6.32-17
- Allow vpnc request the kernel to load modules

Wed Sep 30 14:00:00 2009 Dan Walsh 3.6.32-16
- Fix minimum policy installs
- Allow udev and rpcbind to request the kernel to load modules

Wed Sep 30 14:00:00 2009 Dan Walsh 3.6.32-15
- Add plymouth policy
- Allow local_login to sys_admin

Tue Sep 29 14:00:00 2009 Dan Walsh 3.6.32-13
- Allow cupsd_config to read user tmp
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t

Fri Sep 25 14:00:00 2009 Dan Walsh 3.6.32-12
- Update rhcs policy

Thu Sep 24 14:00:00 2009 Dan Walsh 3.6.32-11
- Allow users to exec restorecond

Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-10
- Allow sendmail to request kernel modules load

Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-9
- Fix all kernel_request_load_module domains

Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-8
- Fix all kernel_request_load_module domains

Sun Sep 20 14:00:00 2009 Dan Walsh 3.6.32-7
- Remove allow_exec
* booleans for confined users. Only available for unconfined_t

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-6
- More fixes for sandbox_web_t

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-5
- Allow sshd to create .ssh directory and content

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-4
- Fix request_module line to module_request

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-3
- Fix sandbox policy to allow it to run under firefox.
- Dont audit leaks.

Thu Sep 17 14:00:00 2009 Dan Walsh 3.6.32-2
- Fixes for sandbox

Thu Sep 17 14:00:00 2009 Dan Walsh 3.6.32-1
- Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice

Tue Sep 15 14:00:00 2009 Dan Walsh 3.6.31-5
- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
- Remove policycoreutils-python requirement except for minimum

Mon Sep 14 14:00:00 2009 Dan Walsh 3.6.31-4
- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)

Thu Sep 10 14:00:00 2009 Dan Walsh 3.6.31-3
- Add wordpress/wp-content/uploads label
- Fixes for sandbox when run from staff_t

Thu Sep 10 14:00:00 2009 Dan Walsh 3.6.31-2
- Update to upstream
- Fixes for devicekit_disk

Tue Sep 8 14:00:00 2009 Dan Walsh 3.6.30-6
- More fixes

Tue Sep 8 14:00:00 2009 Dan Walsh 3.6.30-5
- Lots of fixes for initrc and other unconfined domains

Fri Sep 4 14:00:00 2009 Dan Walsh 3.6.30-4
- Allow xserver to use netlink_kobject_uevent_socket

Thu Sep 3 14:00:00 2009 Dan Walsh 3.6.30-3
- Fixes for sandbox

Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.30-2
- Dontaudit setroubleshootfix looking at /root directory

Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.30-1
- Update to upsteam

Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.29-2
- Allow gssd to send signals to users
- Fix duplicate label for apache content

Fri Aug 28 14:00:00 2009 Dan Walsh 3.6.29-1
- Update to upstream

Fri Aug 28 14:00:00 2009 Dan Walsh 3.6.28-9
- Remove polkit_auth on upgrades

Wed Aug 26 14:00:00 2009 Dan Walsh 3.6.28-8
- Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare

Tue Aug 25 14:00:00 2009 Dan Walsh 3.6.28-7
- Fixes for cdrecord, mdadm, and others

Sat Aug 22 14:00:00 2009 Dan Walsh 3.6.28-6
- Add capability setting to dhcpc and gpm

Sat Aug 22 14:00:00 2009 Dan Walsh 3.6.28-5
- Allow cronjobs to read exim_spool_t

Fri Aug 21 14:00:00 2009 Dan Walsh 3.6.28-4
- Add ABRT policy

Thu Aug 20 14:00:00 2009 Dan Walsh 3.6.28-3
- Fix system-config-services policy

Wed Aug 19 14:00:00 2009 Dan Walsh 3.6.28-2
- Allow libvirt to change user componant of virt_domain

Tue Aug 18 14:00:00 2009 Dan Walsh 3.6.28-1
- Allow cupsd_config_t to be started by dbus
- Add smoltclient policy

Fri Aug 14 14:00:00 2009 Dan Walsh 3.6.27-1
- Add policycoreutils-python to pre install

Thu Aug 13 14:00:00 2009 Dan Walsh 3.6.26-11
- Make all unconfined_domains permissive so we can see what AVC\'s happen

Mon Aug 10 14:00:00 2009 Dan Walsh 3.6.26-10
- Add pt_chown policy

Mon Aug 10 14:00:00 2009 Dan Walsh 3.6.26-9
- Add kdump policy for Miroslav Grepl
- Turn off execstack boolean

Fri Aug 7 14:00:00 2009 Bill Nottingham 3.6.26-8
- Turn on execstack on a temporary basis (#512845)

Thu Aug 6 14:00:00 2009 Dan Walsh 3.6.26-7
- Allow nsplugin to connecto the session bus
- Allow samba_net to write to coolkey data

Wed Aug 5 14:00:00 2009 Dan Walsh 3.6.26-6
- Allow devicekit_disk to list inotify

Wed Aug 5 14:00:00 2009 Dan Walsh 3.6.26-5
- Allow svirt images to create sock_file in svirt_var_run_t

Tue Aug 4 14:00:00 2009 Dan Walsh 3.6.26-4
- Allow exim to getattr on mountpoints
- Fixes for pulseaudio

Fri Jul 31 14:00:00 2009 Dan Walsh 3.6.26-3
- Allow svirt_t to stream_connect to virtd_t

Fri Jul 31 14:00:00 2009 Dan Walsh 3.6.26-2
- Allod hald_dccm_t to create sock_files in /tmp

Thu Jul 30 14:00:00 2009 Dan Walsh 3.6.26-1
- More fixes from upstream

Tue Jul 28 14:00:00 2009 Dan Walsh 3.6.25-1
- Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries

Tue Jul 28 14:00:00 2009 Dan Walsh 3.6.24-1
- Update to upstream

Mon Jul 27 14:00:00 2009 Dan Walsh 3.6.23-2
- Allow certmaster to override dac permissions

Wed Jul 22 14:00:00 2009 Dan Walsh 3.6.23-1
- Update to upstream

Mon Jul 20 14:00:00 2009 Dan Walsh 3.6.22-3
- Fix context for VirtualBox

Tue Jul 14 14:00:00 2009 Dan Walsh 3.6.22-1
- Update to upstream

Fri Jul 10 14:00:00 2009 Dan Walsh 3.6.21-4
- Allow clamscan read amavis spool files

Wed Jul 8 14:00:00 2009 Dan Walsh 3.6.21-3
- Fixes for xguest

Tue Jul 7 14:00:00 2009 Tom \"spot\" Callaway 3.6.21-2
- fix multiple directory ownership of mandirs

Wed Jul 1 14:00:00 2009 Dan Walsh 3.6.21-1
- Update to upstream

Tue Jun 30 14:00:00 2009 Dan Walsh 3.6.20-2
- Add rules for rtkit-daemon

Thu Jun 25 14:00:00 2009 Dan Walsh 3.6.20-1
- Update to upstream
- Fix nlscd_stream_connect

Thu Jun 25 14:00:00 2009 Dan Walsh 3.6.19-5
- Add rtkit policy

Wed Jun 24 14:00:00 2009 Dan Walsh 3.6.19-4
- Allow rpcd_t to stream connect to rpcbind

Tue Jun 23 14:00:00 2009 Dan Walsh 3.6.19-3
- Allow kpropd to create tmp files

Tue Jun 23 14:00:00 2009 Dan Walsh 3.6.19-2
- Fix last duplicate /var/log/rpmpkgs

Mon Jun 22 14:00:00 2009 Dan Walsh 3.6.19-1
- Update to upstream

* add sssd

Sat Jun 20 14:00:00 2009 Dan Walsh 3.6.18-1
- Update to upstream

* cleanup

Fri Jun 19 14:00:00 2009 Dan Walsh 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt

Thu Jun 18 14:00:00 2009 Dan Walsh 3.6.16-4
- Fix mcs rules to include chr_file and blk_file

Tue Jun 16 14:00:00 2009 Dan Walsh 3.6.16-3
- Add label for udev-acl

Mon Jun 15 14:00:00 2009 Dan Walsh 3.6.16-2
- Additional rules for consolekit/udev, privoxy and various other fixes

Fri Jun 12 14:00:00 2009 Dan Walsh 3.6.16-1
- New version for upstream

Thu Jun 11 14:00:00 2009 Dan Walsh 3.6.14-3
- Allow NetworkManager to read inotifyfs

Wed Jun 10 14:00:00 2009 Dan Walsh 3.6.14-2
- Allow setroubleshoot to run mlocate

Mon Jun 8 14:00:00 2009 Dan Walsh 3.6.14-1
- Update to upstream

Tue Jun 2 14:00:00 2009 Dan Walsh 3.6.13-3
- Add fish as a shell
- Allow fprintd to list usbfs_t
- Allow consolekit to search mountpoints
- Add proper labeling for shorewall

Tue May 26 14:00:00 2009 Dan Walsh 3.6.13-2
- New log file for vmware
- Allow xdm to setattr on user_tmp_t

Thu May 21 14:00:00 2009 Dan Walsh 3.6.13-1
- Upgrade to upstream

Wed May 20 14:00:00 2009 Dan Walsh 3.6.12-39
- Allow fprintd to access sys_ptrace
- Add sandbox policy

Mon May 18 14:00:00 2009 Dan Walsh 3.6.12-38
- Add varnishd policy

Thu May 14 14:00:00 2009 Dan Walsh 3.6.12-37
- Fixes for kpropd

Tue May 12 14:00:00 2009 Dan Walsh 3.6.12-36
- Allow brctl to r/w tun_tap_device_t

Mon May 11 14:00:00 2009 Dan Walsh 3.6.12-35
- Add /usr/share/selinux/packages

Mon May 11 14:00:00 2009 Dan Walsh 3.6.12-34
- Allow rpcd_t to send signals to kernel threads

Thu May 7 14:00:00 2009 Dan Walsh 3.6.12-33
- Fix upgrade for F10 to F11

Thu May 7 14:00:00 2009 Dan Walsh 3.6.12-31
- Add policy for /var/lib/fprint

Tue May 5 14:00:00 2009 Dan Walsh 3.6.12-30
-Remove duplicate line

Tue May 5 14:00:00 2009 Dan Walsh 3.6.12-29
- Allow svirt to manage pci and other sysfs device data

Mon May 4 14:00:00 2009 Dan Walsh 3.6.12-28
- Fix package selection handling

Fri May 1 14:00:00 2009 Dan Walsh 3.6.12-27
- Fix /sbin/ip6tables-save context
- Allod udev to transition to mount
- Fix loading of mls policy file

Thu Apr 30 14:00:00 2009 Dan Walsh 3.6.12-26
- Add shorewall policy

Wed Apr 29 14:00:00 2009 Dan Walsh 3.6.12-25
- Additional rules for fprintd and sssd

Tue Apr 28 14:00:00 2009 Dan Walsh 3.6.12-24
- Allow nsplugin to unix_read unix_write sem for unconfined_java

Tue Apr 28 14:00:00 2009 Dan Walsh 3.6.12-23
- Fix uml files to be owned by users

Tue Apr 28 14:00:00 2009 Dan Walsh 3.6.12-22
- Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less

Mon Apr 27 14:00:00 2009 Dan Walsh 3.6.12-21
- Allow confined users to manage virt_content_t, since this is home dir content
- Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection

Mon Apr 27 14:00:00 2009 Dan Walsh 3.6.12-20
- Fix labeling on /var/lib/misc/prelink
*
- Allow xserver to rw_shm_perms with all x_clients
- Allow prelink to execute files in the users home directory

Fri Apr 24 14:00:00 2009 Dan Walsh 3.6.12-19
- Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead

Fri Apr 24 14:00:00 2009 Dan Walsh 3.6.12-16
- Update to latest milter code from Paul Howarth

Thu Apr 23 14:00:00 2009 Dan Walsh 3.6.12-15
- Additional perms for readahead

Thu Apr 23 14:00:00 2009 Dan Walsh 3.6.12-14
- Allow pulseaudio to acquire_svc on session bus
- Fix readahead labeling

Thu Apr 23 14:00:00 2009 Dan Walsh 3.6.12-13
- Allow sysadm_t to run rpm directly
- libvirt needs fowner

Wed Apr 22 14:00:00 2009 Dan Walsh 3.6.12-12
- Allow sshd to read var_lib symlinks for freenx

Tue Apr 21 14:00:00 2009 Dan Walsh 3.6.12-11
- Allow nsplugin unix_read and write on users shm and sem
- Allow sysadm_t to execute su

Tue Apr 21 14:00:00 2009 Dan Walsh 3.6.12-10
- Dontaudit attempts to getattr user_tmpfs_t by lvm
- Allow nfs to share removable media

Mon Apr 20 14:00:00 2009 Dan Walsh 3.6.12-9
- Add ability to run postdrop from confined users

Sat Apr 18 14:00:00 2009 Dan Walsh 3.6.12-8
- Fixes for podsleuth

Fri Apr 17 14:00:00 2009 Dan Walsh 3.6.12-7
- Turn off nsplugin transition
- Remove Konsole leaked file descriptors for release

Fri Apr 17 14:00:00 2009 Dan Walsh 3.6.12-6
- Allow cupsd_t to create link files in print_spool_t
- Fix iscsi_stream_connect typo
- Fix labeling on /etc/acpi/actions
- Don\'t reinstall unconfine and unconfineuser on upgrade if they are not installed

Tue Apr 14 14:00:00 2009 Dan Walsh 3.6.12-5
- Allow audioentroy to read etc files

Mon Apr 13 14:00:00 2009 Dan Walsh 3.6.12-4
- Add fail2ban_var_lib_t
- Fixes for devicekit_power_t

Thu Apr 9 14:00:00 2009 Dan Walsh 3.6.12-3
- Separate out the ucnonfined user from the unconfined.pp package

Tue Apr 7 14:00:00 2009 Dan Walsh 3.6.12-2
- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.

Tue Apr 7 14:00:00 2009 Dan Walsh 3.6.12-1
- Upgrade to latest upstream
- Allow devicekit_disk sys_rawio

Mon Apr 6 14:00:00 2009 Dan Walsh 3.6.11-1
- Dontaudit binds to ports < 1024 for named
- Upgrade to latest upstream

Fri Apr 3 14:00:00 2009 Dan Walsh 3.6.10-9
- Allow podsleuth to use tmpfs files

Fri Apr 3 14:00:00 2009 Dan Walsh 3.6.10-8
- Add customizable_types for svirt

Fri Apr 3 14:00:00 2009 Dan Walsh 3.6.10-7
- Allow setroubelshoot exec
* privs to prevent crash from bad libraries
- add cpufreqselector

Thu Apr 2 14:00:00 2009 Dan Walsh 3.6.10-6
- Dontaudit listing of /root directory for cron system jobs

Mon Mar 30 14:00:00 2009 Dan Walsh 3.6.10-5
- Fix missing ld.so.cache label

Fri Mar 27 13:00:00 2009 Dan Walsh 3.6.10-4
- Add label for ~/.forward and /root/.forward

Thu Mar 26 13:00:00 2009 Dan Walsh 3.6.10-3
- Fixes for svirt

Thu Mar 19 13:00:00 2009 Dan Walsh 3.6.10-2
- Fixes to allow svirt read iso files in homedir

Thu Mar 19 13:00:00 2009 Dan Walsh 3.6.10-1
- Add xenner and wine fixes from mgrepl

Wed Mar 18 13:00:00 2009 Dan Walsh 3.6.9-4
- Allow mdadm to read/write mls override

Tue Mar 17 13:00:00 2009 Dan Walsh 3.6.9-3
- Change to svirt to only access svirt_image_t

Thu Mar 12 13:00:00 2009 Dan Walsh 3.6.9-2
- Fix libvirt policy

Thu Mar 12 13:00:00 2009 Dan Walsh 3.6.9-1
- Upgrade to latest upstream

Tue Mar 10 13:00:00 2009 Dan Walsh 3.6.8-4
- Fixes for iscsid and sssd
- More cleanups for upgrade from F10 to Rawhide.

Mon Mar 9 13:00:00 2009 Dan Walsh 3.6.8-3
- Add pulseaudio, sssd policy
- Allow networkmanager to exec udevadm

Sat Mar 7 13:00:00 2009 Dan Walsh 3.6.8-2
- Add pulseaudio context

Wed Mar 4 13:00:00 2009 Dan Walsh 3.6.8-1
- Upgrade to latest patches

Wed Mar 4 13:00:00 2009 Dan Walsh 3.6.7-2
- Fixes for libvirt

Mon Mar 2 13:00:00 2009 Dan Walsh 3.6.7-1
- Update to Latest upstream

Sat Feb 28 13:00:00 2009 Dan Walsh 3.6.6-9
- Fix setrans.conf to show SystemLow for s0

Fri Feb 27 13:00:00 2009 Dan Walsh 3.6.6-8
- Further confinement of qemu images via svirt

Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 3.6.6-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Thu Feb 19 13:00:00 2009 Dan Walsh 3.6.6-6
- Allow NetworkManager to manage /etc/NetworkManager/system-connections

Wed Feb 18 13:00:00 2009 Dan Walsh 3.6.6-5
- add virtual_image_context and virtual_domain_context files

Tue Feb 17 13:00:00 2009 Dan Walsh 3.6.6-4
- Allow rpcd_t to send signal to mount_t
- Allow libvirtd to run ranged

Tue Feb 17 13:00:00 2009 Dan Walsh 3.6.6-3
- Fix sysnet/net_conf_t

Tue Feb 17 13:00:00 2009 Dan Walsh 3.6.6-2
- Fix squidGuard labeling

Wed Feb 11 13:00:00 2009 Dan Walsh 3.6.6-1
- Re-add corenet_in_generic_if(unlabeled_t)

Wed Feb 11 13:00:00 2009 Dan Walsh 3.6.5-3

* Tue Feb 10 2009 Dan Walsh 3.6.5-2
- Add git web policy

Mon Feb 9 13:00:00 2009 Dan Walsh 3.6.5-1
- Add setrans contains from upstream

Mon Feb 9 13:00:00 2009 Dan Walsh 3.6.4-6
- Do transitions outside of the booleans

Sun Feb 8 13:00:00 2009 Dan Walsh 3.6.4-5
- Allow xdm to create user_tmp_t sockets for switch user to work

Thu Feb 5 13:00:00 2009 Dan Walsh 3.6.4-4
- Fix staff_t domain

Thu Feb 5 13:00:00 2009 Dan Walsh 3.6.4-3
- Grab remainder of network_peer_controls patch

Wed Feb 4 13:00:00 2009 Dan Walsh 3.6.4-2
- More fixes for devicekit

Tue Feb 3 13:00:00 2009 Dan Walsh 3.6.4-1
- Upgrade to latest upstream

Mon Feb 2 13:00:00 2009 Dan Walsh 3.6.3-13
- Add boolean to disallow unconfined_t login

Fri Jan 30 13:00:00 2009 Dan Walsh 3.6.3-12
- Add back transition from xguest to mozilla

Fri Jan 30 13:00:00 2009 Dan Walsh 3.6.3-11
- Add virt_content_ro_t and labeling for isos directory

Tue Jan 27 13:00:00 2009 Dan Walsh 3.6.3-10
- Fixes for wicd daemon

Mon Jan 26 13:00:00 2009 Dan Walsh 3.6.3-9
- More mls/rpm fixes

Fri Jan 23 13:00:00 2009 Dan Walsh 3.6.3-8
- Add policy to make dbus/nm-applet work

Thu Jan 22 13:00:00 2009 Dan Walsh 3.6.3-7
- Remove polgen-ifgen from post and add trigger to policycoreutils-python

Wed Jan 21 13:00:00 2009 Dan Walsh 3.6.3-6
- Add wm policy
- Make mls work in graphics mode

Tue Jan 20 13:00:00 2009 Dan Walsh 3.6.3-3
- Fixed for DeviceKit

Mon Jan 19 13:00:00 2009 Dan Walsh 3.6.3-2
- Add devicekit policy

Mon Jan 19 13:00:00 2009 Dan Walsh 3.6.3-1
- Update to upstream

Thu Jan 15 13:00:00 2009 Dan Walsh 3.6.2-5
- Define openoffice as an x_domain

Mon Jan 12 13:00:00 2009 Dan Walsh 3.6.2-4
- Fixes for reading xserver_tmp_t

Thu Jan 8 13:00:00 2009 Dan Walsh 3.6.2-3
- Allow cups_pdf_t write to nfs_t

Tue Jan 6 13:00:00 2009 Dan Walsh 3.6.2-2
- Remove audio_entropy policy

Mon Jan 5 13:00:00 2009 Dan Walsh 3.6.2-1
- Update to upstream

Sun Jan 4 13:00:00 2009 Dan Walsh 3.6.1-15
- Allow hal_acl_t to getattr/setattr fixed_disk

Sat Dec 27 13:00:00 2008 Dan Walsh 3.6.1-14
- Change userdom_read_all_users_state to include reading symbolic links in /proc

Mon Dec 22 13:00:00 2008 Dan Walsh 3.6.1-13
- Fix dbus reading /proc information

Thu Dec 18 13:00:00 2008 Dan Walsh 3.6.1-12
- Add missing alias for home directory content

Wed Dec 17 13:00:00 2008 Dan Walsh 3.6.1-11
- Fixes for IBM java location

Thu Dec 11 13:00:00 2008 Dan Walsh 3.6.1-10
- Allow unconfined_r unconfined_java_t

Tue Dec 9 13:00:00 2008 Dan Walsh 3.6.1-9
- Add cron_role back to user domains

Mon Dec 8 13:00:00 2008 Dan Walsh 3.6.1-8
- Fix sudo setting of user keys

Thu Dec 4 13:00:00 2008 Dan Walsh 3.6.1-7
- Allow iptables to talk to terminals
- Fixes for policy kit
- lots of fixes for booting.

Wed Dec 3 13:00:00 2008 Dan Walsh 3.6.1-4
- Cleanup policy

Mon Dec 1 13:00:00 2008 Ignacio Vazquez-Abrams - 3.6.1-2
- Rebuild for Python 2.6

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-19
- Fix labeling on /var/spool/rsyslog

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-18
- Allow postgresl to bind to udp nodes

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-17
- Allow lvm to dbus chat with hal
- Allow rlogind to read nfs_t

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-16
- Fix cyphesis file context

Mon Nov 3 13:00:00 2008 Dan Walsh 3.5.13-15
- Allow hal/pm-utils to look at /var/run/video.rom
- Add ulogd policy

Mon Nov 3 13:00:00 2008 Dan Walsh 3.5.13-14
- Additional fixes for cyphesis
- Fix certmaster file context
- Add policy for system-config-samba
- Allow hal to read /var/run/video.rom

Mon Nov 3 13:00:00 2008 Dan Walsh 3.5.13-13
- Allow dhcpc to restart ypbind
- Fixup labeling in /var/run

Thu Oct 30 13:00:00 2008 Dan Walsh 3.5.13-12
- Add certmaster policy

Wed Oct 29 13:00:00 2008 Dan Walsh 3.5.13-11
- Fix confined users
- Allow xguest to read/write xguest_dbusd_t

Mon Oct 27 13:00:00 2008 Dan Walsh 3.5.13-9
- Allow openoffice execstack/execmem privs

Fri Oct 24 14:00:00 2008 Dan Walsh 3.5.13-8
- Allow mozilla to run with unconfined_execmem_t

Thu Oct 23 14:00:00 2008 Dan Walsh 3.5.13-7
- Dontaudit domains trying to write to .xsession-errors

Thu Oct 23 14:00:00 2008 Dan Walsh 3.5.13-6
- Allow nsplugin to look at autofs_t directory

Wed Oct 22 14:00:00 2008 Dan Walsh 3.5.13-5
- Allow kerneloops to create tmp files

Wed Oct 22 14:00:00 2008 Dan Walsh 3.5.13-4
- More alias for fastcgi

Tue Oct 21 14:00:00 2008 Dan Walsh 3.5.13-3
- Remove mod_fcgid-selinux package

Mon Oct 20 14:00:00 2008 Dan Walsh 3.5.13-2
- Fix dovecot access

Fri Oct 17 14:00:00 2008 Dan Walsh 3.5.13-1
- Policy cleanup

Thu Oct 16 14:00:00 2008 Dan Walsh 3.5.12-3
- Remove Multiple spec
- Add include
- Fix makefile to not call per_role_expansion

Wed Oct 15 14:00:00 2008 Dan Walsh 3.5.12-2
- Fix labeling of libGL

Fri Oct 10 14:00:00 2008 Dan Walsh 3.5.12-1
- Update to upstream

Wed Oct 8 14:00:00 2008 Dan Walsh 3.5.11-1
- Update to upstream policy

Mon Oct 6 14:00:00 2008 Dan Walsh 3.5.10-3
- Fixes for confined xwindows and xdm_t

Fri Oct 3 14:00:00 2008 Dan Walsh 3.5.10-2
- Allow confined users and xdm to exec wm
- Allow nsplugin to talk to fifo files on nfs

Fri Oct 3 14:00:00 2008 Dan Walsh 3.5.10-1
- Allow NetworkManager to transition to avahi and iptables
- Allow domains to search other domains keys, coverup kernel bug

Wed Oct 1 14:00:00 2008 Dan Walsh 3.5.9-4
- Fix labeling for oracle

Wed Oct 1 14:00:00 2008 Dan Walsh 3.5.9-3
- Allow nsplugin to comminicate with xdm_tmp_t sock_file

Mon Sep 29 14:00:00 2008 Dan Walsh 3.5.9-2
- Change all user tmpfs_t files to be labeled user_tmpfs_t
- Allow radiusd to create sock_files

Wed Sep 24 14:00:00 2008 Dan Walsh 3.5.9-1
- Upgrade to upstream

Tue Sep 23 14:00:00 2008 Dan Walsh 3.5.8-7
- Allow confined users to login with dbus

Mon Sep 22 14:00:00 2008 Dan Walsh 3.5.8-6
- Fix transition to nsplugin

Mon Sep 22 14:00:00 2008 Dan Walsh 3.5.8-5
- Add file context for /dev/mspblk.
*

Sun Sep 21 14:00:00 2008 Dan Walsh 3.5.8-4
- Fix transition to nsplugin
\'

Thu Sep 18 14:00:00 2008 Dan Walsh 3.5.8-3
- Fix labeling on new pm
*log
- Allow ssh to bind to all nodes

Thu Sep 11 14:00:00 2008 Dan Walsh 3.5.8-1
- Merge upstream changes
- Add Xavier Toth patches

Wed Sep 10 14:00:00 2008 Dan Walsh 3.5.7-2
- Add qemu_cache_t for /var/cache/libvirt

Fri Sep 5 14:00:00 2008 Dan Walsh 3.5.7-1
- Remove gamin policy

Thu Sep 4 14:00:00 2008 Dan Walsh 3.5.6-2
- Add tinyxs-max file system support

Wed Sep 3 14:00:00 2008 Dan Walsh 3.5.6-1
- Update to upstream
- New handling of init scripts

Fri Aug 29 14:00:00 2008 Dan Walsh 3.5.5-4
- Allow pcsd to dbus
- Add memcache policy

Fri Aug 29 14:00:00 2008 Dan Walsh 3.5.5-3
- Allow audit dispatcher to kill his children

Tue Aug 26 14:00:00 2008 Dan Walsh 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user

Tue Aug 12 14:00:00 2008 Dan Walsh 3.5.4-2
- Allow ifconfig_t to read dhcpc_state_t

Mon Aug 11 14:00:00 2008 Dan Walsh 3.5.4-1
- Update to upstream

Thu Aug 7 14:00:00 2008 Dan Walsh 3.5.3-1
- Update to upstream

Sat Aug 2 14:00:00 2008 Dan Walsh 3.5.2-2
- Allow system-config-selinux to work with policykit

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-5
- Fix novel labeling

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-4
- Consolodate pyzor,spamassassin, razor into one security domain
- Fix xdm requiring additional perms.

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-3
- Fixes for logrotate, alsa

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-2
- Eliminate vbetool duplicate entry

Wed Jul 16 14:00:00 2008 Dan Walsh 3.5.1-1
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
- Change dhclient to be able to red networkmanager_var_run

Tue Jul 15 14:00:00 2008 Dan Walsh 3.5.0-1
- Update to latest refpolicy
- Fix libsemanage initial install bug

Wed Jul 9 14:00:00 2008 Dan Walsh 3.4.2-14
- Add inotify support to nscd

Tue Jul 8 14:00:00 2008 Dan Walsh 3.4.2-13
- Allow unconfined_t to setfcap

Mon Jul 7 14:00:00 2008 Dan Walsh 3.4.2-12
- Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems

Thu Jul 3 14:00:00 2008 Dan Walsh 3.4.2-11
- Allow ypbind apps to net_bind_service

Wed Jul 2 14:00:00 2008 Dan Walsh 3.4.2-10
- Allow all system domains and application domains to append to any log file

Sun Jun 29 14:00:00 2008 Dan Walsh 3.4.2-9
- Allow gdm to read rpm database
- Allow nsplugin to read mplayer config files

Thu Jun 26 14:00:00 2008 Dan Walsh 3.4.2-8
- Allow vpnc to run ifconfig

Tue Jun 24 14:00:00 2008 Dan Walsh 3.4.2-7
- Allow confined users to use postgres
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server

Mon Jun 23 14:00:00 2008 Dan Walsh 3.4.2-6
- Apply unconfined_execmem_exec_t to haskell programs

Sun Jun 22 14:00:00 2008 Dan Walsh 3.4.2-5
- Fix prelude file context

Thu Jun 12 14:00:00 2008 Dan Walsh 3.4.2-4
- allow hplip to talk dbus
- Fix context on ~/.local dir

Thu Jun 12 14:00:00 2008 Dan Walsh 3.4.2-3
- Prevent applications from reading x_device

Thu Jun 12 14:00:00 2008 Dan Walsh 3.4.2-2
- Add /var/lib/selinux context

Wed Jun 11 14:00:00 2008 Dan Walsh 3.4.2-1
- Update to upstream

Wed Jun 4 14:00:00 2008 Dan Walsh 3.4.1-5
- Add livecd policy

Wed Jun 4 14:00:00 2008 Dan Walsh 3.4.1-3
- Dontaudit search of admin_home for init_system_domain
- Rewrite of xace interfaces
- Lots of new fs_list_inotify
- Allow livecd to transition to setfiles_mac

Fri May 9 14:00:00 2008 Dan Walsh 3.4.1-2
- Begin XAce integration

Fri May 9 14:00:00 2008 Dan Walsh 3.4.1-1
- Merge Upstream

Wed May 7 14:00:00 2008 Dan Walsh 3.3.1-48
- Allow amanada to create data files

Wed May 7 14:00:00 2008 Dan Walsh 3.3.1-47
- Fix initial install, semanage setup

Tue May 6 14:00:00 2008 Dan Walsh 3.3.1-46
- Allow system_r for httpd_unconfined_script_t

Wed Apr 30 14:00:00 2008 Dan Walsh 3.3.1-45
- Remove dmesg boolean
- Allow user domains to read/write game data

Mon Apr 28 14:00:00 2008 Dan Walsh 3.3.1-44
- Change unconfined_t to transition to unconfined_mono_t when running mono
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work

Mon Apr 28 14:00:00 2008 Dan Walsh 3.3.1-43
- Remove old booleans from targeted-booleans.conf file

Fri Apr 25 14:00:00 2008 Dan Walsh 3.3.1-42
- Add boolean to mmap_zero
- allow tor setgid
- Allow gnomeclock to set clock

Thu Apr 24 14:00:00 2008 Dan Walsh 3.3.1-41
- Don\'t run crontab from unconfined_t

Wed Apr 23 14:00:00 2008 Dan Walsh 3.3.1-39
- Change etc files to config files to allow users to read them

Mon Apr 14 14:00:00 2008 Dan Walsh 3.3.1-37
- Lots of fixes for confined domains on NFS_t homedir

Mon Apr 14 14:00:00 2008 Dan Walsh 3.3.1-36
- dontaudit mrtg reading /proc
- Allow iscsi to signal itself
- Allow gnomeclock sys_ptrace

Thu Apr 10 14:00:00 2008 Dan Walsh 3.3.1-33
- Allow dhcpd to read kernel network state

Thu Apr 10 14:00:00 2008 Dan Walsh 3.3.1-32
- Label /var/run/gdm correctly
- Fix unconfined_u user creation

Tue Apr 8 14:00:00 2008 Dan Walsh 3.3.1-31
- Allow transition from initrc_t to getty_t

Tue Apr 8 14:00:00 2008 Dan Walsh 3.3.1-30
- Allow passwd to communicate with user sockets to change gnome-keyring

Sat Apr 5 14:00:00 2008 Dan Walsh 3.3.1-29
- Fix initial install

Fri Apr 4 14:00:00 2008 Dan Walsh 3.3.1-28
- Allow radvd to use fifo_file
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home
dirs if the boolean is set

Tue Apr 1 14:00:00 2008 Dan Walsh 3.3.1-27
- Allow nsplugin to read /etc/mozpluggerrc, user_fonts
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t

Fri Mar 28 13:00:00 2008 Dan Walsh 3.3.1-26
- Allow initrc_t to dbus chat with consolekit.

Thu Mar 27 13:00:00 2008 Dan Walsh 3.3.1-25
- Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed

Tue Mar 25 13:00:00 2008 Dan Walsh 3.3.1-24
- Allow mount to mkdir on tmpfs
- Allow ifconfig to search debugfs

Tue Mar 18 13:00:00 2008 Dan Walsh 3.3.1-23
- Fix file context for MATLAB
- Fixes for xace

Tue Mar 18 13:00:00 2008 Dan Walsh 3.3.1-22
- Allow stunnel to transition to inetd children domains
- Make unconfined_dbusd_t an unconfined domain

Mon Mar 17 13:00:00 2008 Dan Walsh 3.3.1-21
- Fixes for qemu/virtd

Fri Mar 14 13:00:00 2008 Dan Walsh 3.3.1-20
- Fix bug in mozilla policy to allow xguest transition
- This will fix the

libsemanage.dbase_llist_query: could not find record value
libsemanage.dbase_llist_query: could not query record value (No such file or
directory)
bug in xguest

Fri Mar 14 13:00:00 2008 Dan Walsh 3.3.1-19
- Allow nsplugin to run acroread

Thu Mar 13 13:00:00 2008 Dan Walsh 3.3.1-18
- Add cups_pdf policy
- Add openoffice policy to run in xguest

Thu Mar 13 13:00:00 2008 Dan Walsh 3.3.1-17
- prewika needs to contact mysql
- Allow syslog to read system_map files

Wed Mar 12 13:00:00 2008 Dan Walsh 3.3.1-16
- Change init_t to an unconfined_domain

Tue Mar 11 13:00:00 2008 Dan Walsh 3.3.1-15
- Allow init to transition to initrc_t on shell exec.
- Fix init to be able to sendto init_t.
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
- More mls fixes

Tue Mar 11 13:00:00 2008 Bill Nottingham 3.3.1-14
- fixes for init policy (#436988)
- fix build

Mon Mar 10 13:00:00 2008 Dan Walsh 3.3.1-13
- Additional changes for MLS policy

Thu Mar 6 13:00:00 2008 Dan Walsh 3.3.1-12
- Fix initrc_context generation for MLS

Mon Mar 3 13:00:00 2008 Dan Walsh 3.3.1-11
- Fixes for libvirt

Mon Mar 3 13:00:00 2008 Dan Walsh 3.3.1-10
- Allow bitlebee to read locale_t

Fri Feb 29 13:00:00 2008 Dan Walsh 3.3.1-9
- More xselinux rules

Thu Feb 28 13:00:00 2008 Dan Walsh 3.3.1-8
- Change httpd_$1_script_r
*_t to httpd_$1_content_r
*_t

Wed Feb 27 13:00:00 2008 Dan Walsh 3.3.1-6
- Prepare policy for beta release
- Change some of the system domains back to unconfined
- Turn on some of the booleans

Tue Feb 26 13:00:00 2008 Dan Walsh 3.3.1-5
- Allow nsplugin_config execstack/execmem
- Allow nsplugin_t to read alsa config
- Change apache to use user content

Tue Feb 26 13:00:00 2008 Dan Walsh 3.3.1-4
- Add cyphesis policy

Tue Feb 26 13:00:00 2008 Dan Walsh 3.3.1-2
- Fix Makefile.devel to build mls modules
- Fix qemu to be more specific on labeling

Tue Feb 26 13:00:00 2008 Dan Walsh 3.3.1-1
- Update to upstream fixes

Fri Feb 22 13:00:00 2008 Dan Walsh 3.3.0-2
- Allow staff to mounton user_home_t

Fri Feb 22 13:00:00 2008 Dan Walsh 3.3.0-1
- Add xace support

Thu Feb 21 13:00:00 2008 Dan Walsh 3.2.9-2
- Add fusectl file system

Wed Feb 20 13:00:00 2008 Dan Walsh 3.2.9-1
- Fixes from yum-cron
- Update to latest upstream

Tue Feb 19 13:00:00 2008 Dan Walsh 3.2.8-2
- Fix userdom_list_user_files

Fri Feb 15 13:00:00 2008 Dan Walsh 3.2.8-1
- Merge with upstream

Tue Feb 5 13:00:00 2008 Dan Walsh 3.2.7-6
- Allow udev to send audit messages

Tue Feb 5 13:00:00 2008 Dan Walsh 3.2.7-5
- Add additional login users interfaces
- userdom_admin_login_user_template(staff)

Tue Feb 5 13:00:00 2008 Dan Walsh 3.2.7-3
- More fixes for polkit

Tue Feb 5 13:00:00 2008 Dan Walsh 3.2.7-2
- Eliminate transition from unconfined_t to qemu by default
- Fixes for gpg

Tue Feb 5 13:00:00 2008 Dan Walsh 3.2.7-1
- Update to upstream

Tue Feb 5 13:00:00 2008 Dan Walsh 3.2.6-7
- Fixes for staff_t

Tue Feb 5 13:00:00 2008 Dan Walsh 3.2.6-6
- Add policy for kerneloops
- Add policy for gnomeclock

Mon Feb 4 13:00:00 2008 Dan Walsh 3.2.6-5
- Fixes for libvirt

Sun Feb 3 13:00:00 2008 Dan Walsh 3.2.6-4
- Fixes for nsplugin

Sat Feb 2 13:00:00 2008 Dan Walsh 3.2.6-3
- More fixes for qemu

Sat Feb 2 13:00:00 2008 Dan Walsh 3.2.6-2
- Additional ports for vnc and allow qemu and libvirt to search all directories

Fri Feb 1 13:00:00 2008 Dan Walsh 3.2.6-1
- Update to upstream
- Add libvirt policy
- add qemu policy

Fri Feb 1 13:00:00 2008 Dan Walsh 3.2.5-25
- Allow fail2ban to create a socket in /var/run

Wed Jan 30 13:00:00 2008 Dan Walsh 3.2.5-24
- Allow allow_httpd_mod_auth_pam to work

Wed Jan 30 13:00:00 2008 Dan Walsh 3.2.5-22
- Add audisp policy and prelude

Mon Jan 28 13:00:00 2008 Dan Walsh 3.2.5-21
- Allow all user roles to executae samba net command

Fri Jan 25 13:00:00 2008 Dan Walsh 3.2.5-20
- Allow usertypes to read/write noxattr file systems

Thu Jan 24 13:00:00 2008 Dan Walsh 3.2.5-19
- Fix nsplugin to allow flashplugin to work in enforcing mode

Wed Jan 23 13:00:00 2008 Dan Walsh 3.2.5-18
- Allow pam_selinux_permit to kill all processes

Mon Jan 21 13:00:00 2008 Dan Walsh 3.2.5-17
- Allow ptrace or user processes by users of same type
- Add boolean for transition to nsplugin

Mon Jan 21 13:00:00 2008 Dan Walsh 3.2.5-16
- Allow nsplugin sys_nice, getsched, setsched

Mon Jan 21 13:00:00 2008 Dan Walsh 3.2.5-15
- Allow login programs to talk dbus to oddjob

Thu Jan 17 13:00:00 2008 Dan Walsh 3.2.5-14
- Add procmail_log support
- Lots of fixes for munin

Tue Jan 15 13:00:00 2008 Dan Walsh 3.2.5-13
- Allow setroubleshoot to read policy config and send audit messages

Mon Jan 14 13:00:00 2008 Dan Walsh 3.2.5-12
- Allow users to execute all files in homedir, if boolean set
- Allow mount to read samba config

Sun Jan 13 13:00:00 2008 Dan Walsh 3.2.5-11
- Fixes for xguest to run java plugin

Mon Jan 7 13:00:00 2008 Dan Walsh 3.2.5-10
- dontaudit pam_t and dbusd writing to user_home_t

Mon Jan 7 13:00:00 2008 Dan Walsh 3.2.5-9
- Update gpg to allow reading of inotify

Wed Jan 2 13:00:00 2008 Dan Walsh