RPM Search

Changelog for selinux-policy-3.6.32-127.fc12.noarch.rpm :
Mon Nov 15 13:00:00 2010 Miroslav Grepl 3.6.32-127
- Remove transition from unconfined to iptables domain
- Fixes for uucp policy

Thu Nov 4 13:00:00 2010 Miroslav Grepl 3.6.32-126
- Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory

Wed Oct 27 14:00:00 2010 Miroslav Grepl 3.6.32-125
- Allow vpnc to search /root

Tue Oct 26 14:00:00 2010 Miroslav Grepl 3.6.32-124
- Allow logwatch to use zz-disk_space logwatch script
- Allow radius setrlimit

Fri Oct 1 14:00:00 2010 Miroslav Grepl 3.6.32-123
- Add label for \'/usr/share/sampler/tray/tray\'
- Fixes for abrt policy
- Fixes for chrome-sandbox policy

Wed Sep 1 14:00:00 2010 Miroslav Grepl 3.6.32-122
- Fixes for nut policy

Tue Aug 17 14:00:00 2010 Miroslav Grepl 3.6.32-121
- Fix label for mount.crypt
- Allow dhcpc to read Network Manger lib files
- Add httpd_setrlimit boolean

Thu Aug 5 14:00:00 2010 Miroslav Grepl 3.6.32-120
- Fixes for cobbler policy
- Dont audit varnishd sys_tty_config capability
- Allow varnishd kill capability
- Fixes for munin policy
- Change label for /var/tmp
- Add clamd_use_jit boolean

Wed Jun 23 14:00:00 2010 Miroslav Grepl 3.6.32-119
- Allow rpm to execute rpm tmp files
- Allow denyhosts to send syslog messages

Fri Jun 4 14:00:00 2010 Miroslav Grepl 3.6.32-118
- Fixes for abrt

Mon May 31 14:00:00 2010 Miroslav Grepl 3.6.32-117
- Fixes for nagios

Fri May 21 14:00:00 2010 Miroslav Grepl 3.6.32-116
- Allow denyhosts to connect to tcp port 9911
- Fixes for munin

Tue May 11 14:00:00 2010 Miroslav Grepl 3.6.32-115
- Allow avahi-autoipd to chat with NetworkManager over dbus
- Allow tgtd to read files on anon_inodefs file systems
- Add label for /var/lib/mpd directory

Wed May 5 14:00:00 2010 Miroslav Grepl 3.6.32-114
- Allow denyhosts sys_tty_config capability
- Fixes for chrony policy
- Allow ksmtuned to use terminals
- Allow lircd to write to generic usb devices

Thu Apr 22 14:00:00 2010 Miroslav Grepl 3.6.32-113
- Allow pulseaudio to read udev process state.
- Dontaudit hal leaks

Fri Apr 16 14:00:00 2010 Miroslav Grepl 3.6.32-112
- Fix label for /usr/share/system-config-services/gui.py
- Allow snort to read network state information
- Fix reserved port desination from Dan Walsh

Tue Apr 13 14:00:00 2010 Miroslav Grepl 3.6.32-111
- Allow shorewall to execute hostname
- Allow gpg-agent to read symbolic links in bin directories
- Allow vmware-host to read and write generic character device files
- Add munin plugin policy from F13
- Add denyhosts polict from F13

Thu Apr 8 14:00:00 2010 Miroslav Grepl 3.6.32-110
- Add label for /opt/google/chrome/chrome-sandbox
- Allow asterisk to bind and connect to sip tcp ports

Fri Apr 2 14:00:00 2010 Miroslav Grepl 3.6.32-109
- Allow hald to manage block device files

Tue Mar 30 14:00:00 2010 Miroslav Grepl 3.6.32-108
- Add label for libgpac library
- Fixes for openvpn

Fri Mar 26 13:00:00 2010 Miroslav Grepl 3.6.32-107
- Allow pppd to read and write to modem devices

Tue Mar 23 13:00:00 2010 Miroslav Grepl 3.6.32-106
- Allow mysqld_safe setsched, getsched
- Allow logrotate to transition to sssd
- Allow snort to read and write generic USB devices
- Add label for piranha log files
- Add qpidd policy from rawhide

Fri Mar 19 13:00:00 2010 Miroslav Grepl 3.6.32-105
- Fixes for nagios

Thu Mar 18 13:00:00 2010 Miroslav Grepl 3.6.32-104
- Allow logrotate to transition to asterisk
- Allow xdm to transition to shutdown
- Allow shutdown dac_override
- Allow samba sys_chroot

Mon Mar 15 13:00:00 2010 Miroslav Grepl 3.6.32-103
- Add sosreport policy

Mon Mar 15 13:00:00 2010 Miroslav Grepl 3.6.32-102
- Allow bluetooth sys_admin capability
- Fix label for libADM libraries
- Allow libvirt to set svrit_image_t label on sysfs
- Add shutdown policy from Dan Walsh

Wed Mar 10 13:00:00 2010 Miroslav Grepl 3.6.32-101
- Allow nsplugin to manage pulseaudio homedir content

Tue Mar 9 13:00:00 2010 Miroslav Grepl 3.6.32-100
- Allow pulseaudio sys_tty_config capability
- Add label for cman_tool
- Fixes for corosync policy
- Allow abrt to get the attributes of all domains
- Allow abrt to read symbolic links on a NFS filesystem

Fri Mar 5 13:00:00 2010 Miroslav Grepl 3.6.32-99
- Add back etcfile attribute

Fri Mar 5 13:00:00 2010 Miroslav Grepl 3.6.32-98
- Allow modcluster to call getpwnam
- Allow useradd sys_ptrace capability
- Fixes for pulseaudio from Dan Walsh
- Allow swat to signal winbind
- Add label for mssql and allow apache to connect to this database port if boolean set

Wed Mar 3 13:00:00 2010 Miroslav Grepl 3.6.32-97
- Fixes for xserver from Dan Walsh

Mon Mar 1 13:00:00 2010 Miroslav Grepl 3.6.32-96
- Add cachefilesfd policy
- Update cobbler policy from F13
- Allow hald connect to usbmuxd over a unix domain
- Allow staff_t to read semanage module store

Fri Feb 26 13:00:00 2010 Miroslav Grepl 3.6.32-95
- Add fixes from Dan Walsh

Fri Feb 26 13:00:00 2010 Miroslav Grepl 3.6.32-94
- Fixes for MLS booting from Dan Walsh

Thu Feb 25 13:00:00 2010 Miroslav Grepl 3.6.32-93
- Fix wine dontaudit mmap_zero
- Add vbetool_mmap_zero_ignore boolean
- dontaudit acct using console

Tue Feb 23 13:00:00 2010 Miroslav Grepl 3.6.32-92
- Fixes for cluster policy
- Fixes for rgmanager
- Add label for /etc/pki dir in bind-chroot
- Allow system-config-firewall to send system log messages
- Remove label for Directory Server

Wed Feb 17 13:00:00 2010 Miroslav Grepl 3.6.32-91
- Add label for /opt/zimbra/log directory
- Add label for /usr/local/centreon/log directory
- Add label for /var/spool/bacula/log directory
- Add nagios_mail_plugin type for nagios mail plugins
- Do not audit attempts to search the network state directory for locate
- Allow ping read and write the console, all ttys and all ptys
- Allow pppd to send audit messages
- Allow modemmanager net_admin capability
- Fixes for cluster policy

Fri Feb 12 13:00:00 2010 Miroslav Grepl 3.6.32-90
- Allow dnsmasq to create log file

Thu Feb 11 13:00:00 2010 Miroslav Grepl 3.6.32-89
- Allow rpcd to read files with default file type

Thu Feb 11 13:00:00 2010 Miroslav Grepl 3.6.32-88
- Fixes for sandbox
- Allow quota to set priority of kernel threads
- Fixes for svirt

Wed Feb 10 13:00:00 2010 Miroslav Grepl 3.6.32-87
- Fixes for ipsec policy
- Allow pppd to get attributes of the modem devices
- Add label for /usr/share/e16/misc directory

Tue Feb 9 13:00:00 2010 Miroslav Grepl 3.6.32-86
- Allow mysql ipc_lock capability
- Allow passwd sys_nice capability
- Allow plymouth to read network config files
- Fixes for git
- Add label for /usr/sbin/ns-slapd
- Allow munin to list mail queue
- Add label for shorewall compiler
- Fixes for nagios plugin policy
- Allow auditctl to set priority of kernel threads

Fri Feb 5 13:00:00 2010 Dan Walsh 3.6.32-85
- Cleanup spec file

Thu Feb 4 13:00:00 2010 Dan Walsh 3.6.32-84
- Fix /var/lib labeling in post install

Thu Feb 4 13:00:00 2010 Miroslav Grepl 3.6.32-83
- Fixes for cluster policy

Wed Feb 3 13:00:00 2010 Miroslav Grepl 3.6.32-82
- Add label for /root/.Xdefaults
- Allow xauth to read symbolic links on a NFS filesystem
- Add label for /var/run/slim.lock
- Add mcelog policy

Tue Feb 2 13:00:00 2010 Miroslav Grepl 3.6.32-81
- Allow policykit-auth to set attributes on fonts cache directory
- Add label for RealPlayer plugins
- Add label for /usr/sbin/xrdp
- Allow chrome-sandbox to read gnome homedir content
- Allow rsyslogd to connect to MySQL using a unix domain stream socket
- Allow apache to list inotifyfs filesystem
- Add label for /dev/pps device
- Fixes for chronyd policy

Mon Feb 1 13:00:00 2010 Miroslav Grepl 3.6.32-80
- Allow xdm to execute octave
- Add label for var/run/lxdm.auth
- Allow pppd sys_admin capability
- Allow cups-pdf fowner capability
- Fix path for cluster binaries
- Fixes for pulseaudio
- Add label for /var/webmin directory
- Allow prelink execmod on files in home directory
- Allow cups-config to read process state of all user domains.
- Fixes for vmware policy
- Fixes for lirc policy
- Allow amavis to read utmp

Fri Jan 29 13:00:00 2010 Miroslav Grepl 3.6.32-79
- Fix rpm_dontaudit_leaks
- Fix typo in rgmanager.if
- Fixes for nis policy

Wed Jan 27 13:00:00 2010 Miroslav Grepl 3.6.32-78
- Allow to openvpn to read utmp
- Allow xdm to read the video4linux devices
- Add label for /etc/openldap/slapd.d directory
- Allow tgtd to manage fixed disk device nodes
- Allow chsh to execute nxserver
- Allow abrt_helper to send system log messages
- Add label for /etc/zabbix/web directory
- Add label for /sbin/mke4fs

Mon Jan 25 13:00:00 2010 Miroslav Grepl 3.6.32-77
- Allow xenstored to manage files on on a XENFS filesystem
- Allow cupsd to setattr on a fonts cache directory
- Allot smolt-client to send system log messages

Fri Jan 22 13:00:00 2010 Miroslav Grepl 3.6.32-76
- Add labeling for gitweb
- Allow plymouth to read and write the /dev/ptmx
- Fixes for sanbox
- Allow nagios_services_plugin_t to read snmpd libraries

Thu Jan 21 13:00:00 2010 Miroslav Grepl 3.6.32-75
- Allow sulogin to talk to console and tty_device_t

Wed Jan 20 13:00:00 2010 Miroslav Grepl 3.6.32-74
- Fixes for afs
- Remove transtion from system_cronjob to gpg domain

Tue Jan 19 13:00:00 2010 Miroslav Grepl 3.6.32-73
- Add labeling for /var/lib/avahi-autoipd directory

Tue Jan 19 13:00:00 2010 Miroslav Grepl 3.6.32-72
- Fixes for memcached from Dan Walsh
- Allow podsleuth to read user tmpfs files
- Allow tftpd to read system state information in proc
- Fixes for sssd from Dan Walsh
- Allow snmpd chown capability

Fri Jan 15 13:00:00 2010 Miroslav Grepl 3.6.32-71
- Allow hotplug to transition to brctl domain
- Fixes for sftpd

Tue Jan 12 13:00:00 2010 Miroslav Grepl 3.6.32-70
- Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t

Mon Jan 11 13:00:00 2010 Miroslav Grepl 3.6.32-69
- Fixes for iscsid
- Allow openvpn to bind to http port
- Add wine_mmap_zero_ignore boolean

Fri Jan 8 13:00:00 2010 Miroslav Grepl 3.6.32-68
- Fixes for xenconsoled
- Allow xauth to connectto xserver_t unix_stream_socket
- Add textrel_shlib_t fixes
- Add labeling for LXDM
- Allow cupsd_lpd_t to setattr fontconfig directory
- Allow abrt to getattr on all character file device nodes.
- Add labeling for the rest nagios plugins

Wed Jan 6 13:00:00 2010 Miroslav Grepl 3.6.32-67
- Allow snmbd to send itself signal
- Allow virt_domain to read /dev/random
- Allow apcupsd to send itself signull
- Allow swat to transition to nmbd
- Add textrel_shlib_t label for /usr/local/lib/codecs/

Mon Jan 4 13:00:00 2010 Dan Walsh 3.6.32-66
- Allow lircd to use tcp_socket and connect/bind to port 8675

Wed Dec 30 13:00:00 2009 Dan Walsh 3.6.32-65
- Allow traceroute to use all terms
- Fix mgetty use for faxes
- Dontaudit xdm listing fusefs
- Allow xguest to resolve host names
- Allow abrt to read noxattr filesystems (cdrom)
- Allow abrt_helper to send itself signals
- Allow amavis to read certs
- Allow apache to bind to port 3000 (Ruby on rails)
- Asterist uses mysql and snmp
- Allow consolekit to write wtmp file for shutdown
- Allow cups ipc_lock
- Allow hal to transition to ppp
- Fix mailman labels for 64 bit systems
- dontaudit system_mail access to leaked terminals
- Allow mysqld_safe_t to unlink mysqld pid files
- nrpe_t uses getpw calls
- Allow NetworkManager to delete ppp pid files
- Allow pptp_t to sens userdomain signals
- Allow prelude to connect to mysql
- Allow swat to start winbind server
- Fixes for snort
- Allow telnetd to setattr user terminals
- Allow qemu to read fusefs
- Allow domains that have telinit to connectto upstart unix_stream_socket
- Dontaudit ipsec_mgmt sys_tty_config
- Fix labels for postgrestgres test suite
- Other textrel_shlib_t fixes

Wed Dec 23 13:00:00 2009 Dan Walsh 3.6.32-64
- Update to Rawhide filesystem.if file
- Allow abrt to read nfs
- Allow cups to search fusefs
- Allow dovecot_auth to search var_log
- Fix label on ksmtuned.pid
- Dontaudit policykit looking at mount points
- Allow xdm to manage /var/cache/fontconfig
- Allow xenstored to search xenfs

Tue Dec 22 13:00:00 2009 Dan Walsh 3.6.32-63
- Allow sendmail setpgid
- Allow dovecot to read nfs homedirs

Mon Dec 21 13:00:00 2009 Dan Walsh 3.6.32-62
- Add label for /var/ekpd
- Allow portreserve to look at bin files
- Allow gssd to ask the kernel to load modules
- If you can run mount you can run fusermount

Mon Dec 21 13:00:00 2009 Dan Walsh 3.6.32-61
- Fixes for sandbox_x_server
- Fix ntop policy
- Sandbox fixes

Fri Dec 18 13:00:00 2009 Dan Walsh 3.6.32-60
- Fixs for cluster policy
- mysql_safe fixes
- Fixes for sssd
- Cgroup access for virtd
- Dontaudit fail2ban leaks

Tue Dec 15 13:00:00 2009 Dan Walsh 3.6.32-59
- Dontaudit udp_socket leaks for xauth_t
- Dontaudit rules for iceauth_t
- Let locate read symlinks on noxattr file systems
- Remove wine from unconfined domain if unconfined pp removed
- Add labels for vhostmd
- Add port 546 as a dhcpc port
- Add labeled for /dev/dahdi
- Add certmonger policy
- Allow sysadm to communicate with racoon and zebra
- Allow dbus service dbus_chat with unconfined_t
- Fixes for xguest
- Add dontaudits for abrt
- file contexts for mythtv
- Lots of fixes for asterisk
- Fix file context for certmaster
- Add log dir for dovecot
- Policy for ksmtuned
- File labeling and fixes for mysql and mysql_safe
- New plugin infrstructure for nagios
- Allow nut_upsd_t dac_override
- File context fixes for nx
- Allow oddjob_mkhomedir to create homedir
- Add pcscd_pub interfaces to be used by xdm
- Add stream connect from fenced to corosync
- Fixes for swat
- Allow fsdaemon to manage scsi devices
- Policy for tgtd
- Policy for vhostmd
- Allow ipsec to create tmp files
- Change label on fusermount

Thu Dec 10 13:00:00 2009 Dan Walsh 3.6.32-58
- Dontaudit udp_socket leaks for xauth_t

Wed Dec 9 13:00:00 2009 Dan Walsh 3.6.32-57
- Allow unconfined_t to send dbus messages to setroubleshoot
- Allow confined screen app to setattr on user ttys
- remove wine_t from unconfined domain when unconfined.pp disabled
- Allow sysadm_t to communicate with racoon
- Allow xauth to be run from all unconfined user types
- Fix labeling on all /var/cache/mod_
* apps
- Allow asterisk to communicate with postgresql
- Fix labeling for /var/lib/certmaster
- Add policy for ksmtuned and tgtd
- Fixes fro vhostmd

Mon Dec 7 13:00:00 2009 Dan Walsh 3.6.32-56
- Dontaudit exec of fusermount from xguest
- Allow licrd to use mouse_device
- Allow sysadm_t to connect to zebra stream socket
- Dontaudit policykit_auth trying to config terminal
- Allow logrotate and asterisk to execute asterisk
- Allow logrotate to read var_lib files (zope) and connect to fail2ban stream
- Allow firewallgui to communicate with unconfined_t
- Allow podsleuth to ask the kernel to load modules
- Fix labeling on vhostmd scripts
- Remove transition from unconfined_t to windbind_helper_t
- Allow abrt_helper to look at inotify
- Fix labels for mythtv
- Allow apache to signal sendmail
- allow asterisk to send mail
- Allow rpcd to get and setcap
- Add tor_bind_all_unreserved_ports boolean
- Add policy for vhostmd
- MOre textrel_shlib_t files
- Add rw_herited_term_perms

Thu Dec 3 13:00:00 2009 Dan Walsh 3.6.32-55
- Add fprintd_chat(unconfined_t) to fix su timeout problem
- Make xguest follow allow_execstack boolean
- Dontaudit dbus looking at nfs

Thu Dec 3 13:00:00 2009 Dan Walsh 3.6.32-54
- Require selinux-policy from selinux-policy-TYPE
- Add labeling to /usr/lib/win32 textrel_shlib_t
- dontaudit all leaks for abrt_helper
- Fix labeling for mythtv
- Dontaudit setroubleshoot_fix leaks
- Allow xauth_t to read usr_t
- Allow iptables to use fifo files
- Fix labeling on /var/lib/wifiroamd

Tue Dec 1 13:00:00 2009 Dan Walsh 3.6.32-53
- Remove transition from dhcpc_t to consoletype_t, just allow exec
- Fixes for prelink cron job
- Fix label on yumex backend
- Allow unconfined_java_t to communicate with iptables
- Allow abrt to read /tmp files
- Fix nut/ups policy

Tue Dec 1 13:00:00 2009 Dan Walsh 3.6.32-52
- Major fixup of ntop policy
- Fix label on /usr/lib/xorg/modules/extensions/libglx.so.195.22
- Allow xdm to signal session bus
- Allow modemmanager to use generic ptys, and sys_tty_config capability
- Allow abrt_helper chown access, dontaudit leaks
- Allow logwatch to list cifs and nfs file systems
- Allow kismet to read network state
- Allow cupsd_config_t to connecto unconfined unix_stream
- Fix avahi labeling and allow avahi to manage /etc/resolv.conf
- Allow sshd to read usr_t files
- Allow login programs to manage pcscd_var_run_t files
- Allow tor to read usr_t files

Wed Nov 25 13:00:00 2009 Dan Walsh 3.6.32-51
- Mark google shared libraries as requiring textrel_shlib
- Allow svirt to bind/connect to network ports
- Add label for .libvirt directory.

Tue Nov 24 13:00:00 2009 Dan Walsh 3.6.32-50
- Allow modemmanager sys_admin

Mon Nov 23 13:00:00 2009 Dan Walsh 3.6.32-49
- Allow sssd to read all processes domain

Mon Nov 23 13:00:00 2009 Dan Walsh 3.6.32-48
- Abrt connect to any port
- Dontaudit chrome-sandbox trying to getattr on all processes
- Allow passwd to execute gnome-keyring
- Allow chrome_sandbox_t to read home content inherited from the parent
- Fix eclipse labeling
- Allow mozilla to connect to flash port
- Allow pulseaudio to connect to unix_streams
- Allow sambagui to read secrets file
- Allow mount to mount unlabeled files
- ALlow abrt to use ypbind, send kill signals
- Allow arpwatch to create socket class
- Allow asterisk to read urand
- Allow corosync to communicate with user tmpfs
- Allow devicedisk to read virt images block devices
- Allow gpsd to sys_tty_config
- Fix nagios interfaces
- Policy for nagios plugins
- Fixes for nx
- Allow rtkit_daemon to read locale file
- Allow snort to create socket
- Additional perms for xauth
- lots of textrel_lib_t file context

Tue Nov 17 13:00:00 2009 Dan Walsh 3.6.32-47
- Make mozilla call in execmem.if optional to fix build of minimum install
- Allow uucpd to execute shells and send mail
- Fix label on libtfmessbsp.so

Mon Nov 16 13:00:00 2009 Dan Walsh 3.6.32-46
- abrt needs more access to rpm pid files
- Abrt wants to execute its own tmp files
- abrt needs to write sysfs
- abrt needs to search all file system dirs
- logrotate and tmpreaper need to be able to manage abrt cache
- rtkit_daemon needs to be able to setsched on lots of user apps
- networkmanager creates dirs in /var/lib
- plymouth executes lvm tools

Fri Nov 13 13:00:00 2009 Dan Walsh 3.6.32-45
- Allow mount on dos file systems
- fixes for upsmon and upsd to be able to retrieve pwnam and resolve addresses

Thu Nov 12 13:00:00 2009 Dan Walsh 3.6.32-44
- Add lighttpd file context to apache.fc
- Allow tmpreaper to read /var/cache/yum
- Allow kdump_t sys_rawio
- Add execmem_exec_t context for /usr/bin/aticonfig
- Allow dovecot-deliver to signull dovecot
- Add textrel_shlib_t to /usr/lib/libADM5avcodec.so

Tue Nov 10 13:00:00 2009 Dan Walsh 3.6.32-43
- Fix transition so unconfined_exemem_t creates user_tmp_t
- Allow chrome_sandbox_t to write to user_tmp_t when printing
- Allow corosync to connect to port 5404 and to interact with user_tmpfs_t files
- Allow execmem_t to execmod files in mozilla_home_t
- Allow firewallgui to communicate with nscd

Mon Nov 9 13:00:00 2009 Dan Walsh 3.6.32-42
- Allow kdump to read the kernel core interface
- Dontaudit abrt read all files in home dir
- Allow kismet client to write to .kismet dir in homedir
- Turn on asterisk policy and allow logrotate to communicate with it
- Allow abrt to manage rpm cache files
- Rules to allow sysadm_t to install a kernel
- Allow local_login to read console_device_t to Z series logins
- Allow automount and devicekit_disk to search all filesystem dirs
- Allow corosync to setrlimit
- Allow hal to read modules.dep
- Fix xdm using pcscd
- Dontaudit gssd trying to write user_tmp_t, kerberos libary problem.
- Eliminate transition from unconifned_t to loadkeys_t
- Dontaudit several leaks to xauth_t
- Allow xdm_t to search for man pages
- Allow xdm_dbus to append to xdm log

Wed Nov 4 13:00:00 2009 Dan Walsh 3.6.32-41
- Allow podsleuth to send signals to users
- Allow mail agents to getattr on fifo files from apps that execute mail agent
- Fix labels for rpmfusion cruft
- Allow xauth to read/write user tmp files because kdesu is doing something strange.
- Let abrt read nsplugin_home_t

Tue Nov 3 13:00:00 2009 Dan Walsh 3.6.32-40
- Abrt creates lnk_files

Mon Nov 2 13:00:00 2009 Dan Walsh 3.6.32-39
- Allow setroubleshoot-fix to signull user domains

Fri Oct 30 13:00:00 2009 Dan Walsh 3.6.32-38
- Allow abrt to create link files in /var/cache/abrt

Fri Oct 30 13:00:00 2009 Dan Walsh 3.6.32-37
- Allow consolekit to manage /var/run/console directory
- Allow pcsd to r/w smartcard devices
- Temporarily allow xauth to read/write user_home_t
- Allow apache to read nagios log files
- Fix execmem to work correctly
- Stop transitioning from unconfined_t to iceauth

Thu Oct 29 13:00:00 2009 Dan Walsh 3.6.32-36
- Change labeling of /usr/share/yumex/yumex-yum-backend
- Allow initrc_t to request loading kernel modules
- Allow initrc_t to manage net_conf_t files
- Allow prelink to manage tmp files for \"delta rpm\"
- Allow livecd tool to transition to chfn and passwd
- Allow cupsd to bind to howl port
- dontaudit leaked userdomain sockets to xauth
- Allow lircd to use pseudo terminal device
- Allow sambagui to send syslog messages
- dontaudit chrome using nfs and samba file systems if they are used for the homedir
- Allow prelude-dispatch ipc_lock and setpcap
- Change lircd /var/run specification
- Define ports for dhcpcv6

Tue Oct 27 13:00:00 2009 Dan Walsh 3.6.32-35
- Allow bittlebee to connect to privoxy port
- Allow iptables to work with shorewall

Fri Oct 23 14:00:00 2009 Dan Walsh 3.6.32-34
- Turn allow_postfix_local_write_mail_spool on by default
- Allow bluetooth setpcap
- Allow dbus to transiton to rpm_t when executing debuginfo-install
- Allow chrome-sandbox to sends it self signals.
- Fix the labeling of /usr/lib/libswscale.so.0.7.1
- Allow spamassassin to list /var/lib/spamassassin

Fri Oct 23 14:00:00 2009 Dan Walsh 3.6.32-33
- Allow firefox to transition to java

Thu Oct 22 14:00:00 2009 Dan Walsh 3.6.32-32
- Allow unconfined_execmem_t to transition to sandbox
- Allow postfix_cleanup to read etc_alias
- Allow consolekit to signal udev

Wed Oct 21 14:00:00 2009 Dan Walsh 3.6.32-31
- Allow unconfined_execmem_t to transition to sandbox
- Add sectool policy
- Add sssd log files

Tue Oct 20 14:00:00 2009 Dan Walsh 3.6.32-30
- Fixes found for confined users day

Sat Oct 17 14:00:00 2009 Dan Walsh 3.6.32-29
- Allow ccs to communicate with userdomains, and create tmpfs_t
- Add /dev/noz
* as a modem_device_t and allow modemmanager to rw it.
- Add mapping for /var/run/lircd

Thu Oct 15 14:00:00 2009 Dan Walsh 3.6.32-28
- Allow sandbox_domain to interact with userdomain fifo_files

Wed Oct 14 14:00:00 2009 Dan Walsh 3.6.32-27
- Allow plymouthd_t to use frame_buffer

Tue Oct 13 14:00:00 2009 Dan Walsh 3.6.32-26
- Fix labeling for privoxy config files
- Add devtmpfs file system labeling

Mon Oct 12 14:00:00 2009 Dan Walsh 3.6.32-25
- Fix alias for execmem_exec_t
- Dontaudit hal leakage
- Add label for nspluginviewer

Sat Oct 10 14:00:00 2009 Dan Walsh 3.6.32-24
- Add home_cert_t for labeling of certs in the homedir

Thu Oct 8 14:00:00 2009 Dan Walsh 3.6.32-23
- Allow xdm to unlink xauth_home_t

Wed Oct 7 14:00:00 2009 Dan Walsh 3.6.32-22
- Allow polickit to read meminfo

Mon Oct 5 14:00:00 2009 Dan Walsh 3.6.32-21
- Allow dovecot_t getcap, setcap

Fri Oct 2 14:00:00 2009 Dan Walsh 3.6.32-20
- Add chrome-sandbox policy
- Split out execmem policy

Fri Oct 2 14:00:00 2009 Dan Walsh 3.6.32-19
- Add labeling for /var/run/kdm

Thu Oct 1 14:00:00 2009 Dan Walsh 3.6.32-18
- Allow svirt to list sysfs_t directory

Thu Oct 1 14:00:00 2009 Dan Walsh 3.6.32-17
- Allow vpnc request the kernel to load modules

Wed Sep 30 14:00:00 2009 Dan Walsh 3.6.32-16
- Fix minimum policy installs
- Allow udev and rpcbind to request the kernel to load modules

Wed Sep 30 14:00:00 2009 Dan Walsh 3.6.32-15
- Add plymouth policy
- Allow local_login to sys_admin

Tue Sep 29 14:00:00 2009 Dan Walsh 3.6.32-13
- Allow cupsd_config to read user tmp
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t

Fri Sep 25 14:00:00 2009 Dan Walsh 3.6.32-12
- Update rhcs policy

Thu Sep 24 14:00:00 2009 Dan Walsh 3.6.32-11
- Allow users to exec restorecond

Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-10
- Allow sendmail to request kernel modules load

Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-9
- Fix all kernel_request_load_module domains

Mon Sep 21 14:00:00 2009 Dan Walsh 3.6.32-8
- Fix all kernel_request_load_module domains

Sun Sep 20 14:00:00 2009 Dan Walsh 3.6.32-7
- Remove allow_exec
* booleans for confined users. Only available for unconfined_t

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-6
- More fixes for sandbox_web_t

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-5
- Allow sshd to create .ssh directory and content

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-4
- Fix request_module line to module_request

Fri Sep 18 14:00:00 2009 Dan Walsh 3.6.32-3
- Fix sandbox policy to allow it to run under firefox.
- Dont audit leaks.

Thu Sep 17 14:00:00 2009 Dan Walsh 3.6.32-2
- Fixes for sandbox

Thu Sep 17 14:00:00 2009 Dan Walsh 3.6.32-1
- Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice

Tue Sep 15 14:00:00 2009 Dan Walsh 3.6.31-5
- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
- Remove policycoreutils-python requirement except for minimum

Mon Sep 14 14:00:00 2009 Dan Walsh 3.6.31-4
- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)

Thu Sep 10 14:00:00 2009 Dan Walsh 3.6.31-3
- Add wordpress/wp-content/uploads label
- Fixes for sandbox when run from staff_t

Thu Sep 10 14:00:00 2009 Dan Walsh 3.6.31-2
- Update to upstream
- Fixes for devicekit_disk

Tue Sep 8 14:00:00 2009 Dan Walsh 3.6.30-6
- More fixes

Tue Sep 8 14:00:00 2009 Dan Walsh 3.6.30-5
- Lots of fixes for initrc and other unconfined domains

Fri Sep 4 14:00:00 2009 Dan Walsh 3.6.30-4
- Allow xserver to use netlink_kobject_uevent_socket

Thu Sep 3 14:00:00 2009 Dan Walsh 3.6.30-3
- Fixes for sandbox

Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.30-2
- Dontaudit setroubleshootfix looking at /root directory

Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.30-1
- Update to upsteam

Mon Aug 31 14:00:00 2009 Dan Walsh 3.6.29-2
- Allow gssd to send signals to users
- Fix duplicate label for apache content

Fri Aug 28 14:00:00 2009 Dan Walsh 3.6.29-1
- Update to upstream

Fri Aug 28 14:00:00 2009 Dan Walsh 3.6.28-9
- Remove polkit_auth on upgrades

Wed Aug 26 14:00:00 2009 Dan Walsh 3.6.28-8
- Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare

Tue Aug 25 14:00:00 2009 Dan Walsh 3.6.28-7
- Fixes for cdrecord, mdadm, and others

Sat Aug 22 14:00:00 2009 Dan Walsh 3.6.28-6
- Add capability setting to dhcpc and gpm

Sat Aug 22 14:00:00 2009 Dan Walsh 3.6.28-5
- Allow cronjobs to read exim_spool_t

Fri Aug 21 14:00:00 2009 Dan Walsh 3.6.28-4
- Add ABRT policy

Thu Aug 20 14:00:00 2009 Dan Walsh 3.6.28-3
- Fix system-config-services policy

Wed Aug 19 14:00:00 2009 Dan Walsh 3.6.28-2
- Allow libvirt to change user componant of virt_domain

Tue Aug 18 14:00:00 2009 Dan Walsh 3.6.28-1
- Allow cupsd_config_t to be started by dbus
- Add smoltclient policy

Fri Aug 14 14:00:00 2009 Dan Walsh 3.6.27-1
- Add policycoreutils-python to pre install

Thu Aug 13 14:00:00 2009 Dan Walsh 3.6.26-11
- Make all unconfined_domains permissive so we can see what AVC\'s happen

Mon Aug 10 14:00:00 2009 Dan Walsh 3.6.26-10
- Add pt_chown policy

Mon Aug 10 14:00:00 2009 Dan Walsh 3.6.26-9
- Add kdump policy for Miroslav Grepl
- Turn off execstack boolean

Fri Aug 7 14:00:00 2009 Bill Nottingham 3.6.26-8
- Turn on execstack on a temporary basis (#512845)

Thu Aug 6 14:00:00 2009 Dan Walsh 3.6.26-7
- Allow nsplugin to connecto the session bus
- Allow samba_net to write to coolkey data

Wed Aug 5 14:00:00 2009 Dan Walsh 3.6.26-6
- Allow devicekit_disk to list inotify

Wed Aug 5 14:00:00 2009 Dan Walsh 3.6.26-5
- Allow svirt images to create sock_file in svirt_var_run_t

Tue Aug 4 14:00:00 2009 Dan Walsh 3.6.26-4
- Allow exim to getattr on mountpoints
- Fixes for pulseaudio

Fri Jul 31 14:00:00 2009 Dan Walsh 3.6.26-3
- Allow svirt_t to stream_connect to virtd_t

Fri Jul 31 14:00:00 2009 Dan Walsh 3.6.26-2
- Allod hald_dccm_t to create sock_files in /tmp

Thu Jul 30 14:00:00 2009 Dan Walsh 3.6.26-1
- More fixes from upstream

Tue Jul 28 14:00:00 2009 Dan Walsh 3.6.25-1
- Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries

Tue Jul 28 14:00:00 2009 Dan Walsh 3.6.24-1
- Update to upstream

Mon Jul 27 14:00:00 2009 Dan Walsh 3.6.23-2
- Allow certmaster to override dac permissions

Wed Jul 22 14:00:00 2009 Dan Walsh 3.6.23-1
- Update to upstream

Mon Jul 20 14:00:00 2009 Dan Walsh 3.6.22-3
- Fix context for VirtualBox

Tue Jul 14 14:00:00 2009 Dan Walsh 3.6.22-1
- Update to upstream

Fri Jul 10 14:00:00 2009 Dan Walsh 3.6.21-4
- Allow clamscan read amavis spool files

Wed Jul 8 14:00:00 2009 Dan Walsh 3.6.21-3
- Fixes for xguest

Tue Jul 7 14:00:00 2009 Tom \"spot\" Callaway 3.6.21-2
- fix multiple directory ownership of mandirs

Wed Jul 1 14:00:00 2009 Dan Walsh 3.6.21-1
- Update to upstream

Tue Jun 30 14:00:00 2009 Dan Walsh 3.6.20-2
- Add rules for rtkit-daemon

Thu Jun 25 14:00:00 2009 Dan Walsh 3.6.20-1
- Update to upstream
- Fix nlscd_stream_connect

Thu Jun 25 14:00:00 2009 Dan Walsh 3.6.19-5
- Add rtkit policy

Wed Jun 24 14:00:00 2009 Dan Walsh 3.6.19-4
- Allow rpcd_t to stream connect to rpcbind

Tue Jun 23 14:00:00 2009 Dan Walsh 3.6.19-3
- Allow kpropd to create tmp files

Tue Jun 23 14:00:00 2009 Dan Walsh 3.6.19-2
- Fix last duplicate /var/log/rpmpkgs

Mon Jun 22 14:00:00 2009 Dan Walsh 3.6.19-1
- Update to upstream

* add sssd

Sat Jun 20 14:00:00 2009 Dan Walsh 3.6.18-1
- Update to upstream

* cleanup

Fri Jun 19 14:00:00 2009 Dan Walsh 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt

Thu Jun 18 14:00:00 2009 Dan Walsh 3.6.16-4
- Fix mcs rules to include chr_file and blk_file

Tue Jun 16 14:00:00 2009 Dan Walsh 3.6.16-3
- Add label for udev-acl

Mon Jun 15 14:00:00 2009 Dan Walsh 3.6.16-2
- Additional rules for consolekit/udev, privoxy and various other fixes

Fri Jun 12 14:00:00 2009 Dan Walsh 3.6.16-1
- New version for upstream

Thu Jun 11 14:00:00 2009 Dan Walsh 3.6.14-3
- Allow NetworkManager to read inotifyfs

Wed Jun 10 14:00:00 2009 Dan Walsh 3.6.14-2
- Allow setroubleshoot to run mlocate

Mon Jun 8 14:00:00 2009 Dan Walsh 3.6.14-1
- Update to upstream

Tue Jun 2 14:00:00 2009 Dan Walsh 3.6.13-3
- Add fish as a shell
- Allow fprintd to list usbfs_t
- Allow consolekit to search mountpoints
- Add proper labeling for shorewall

Tue May 26 14:00:00 2009 Dan Walsh 3.6.13-2
- New log file for vmware
- Allow xdm to setattr on user_tmp_t

Thu May 21 14:00:00 2009 Dan Walsh 3.6.13-1
- Upgrade to upstream

Wed May 20 14:00:00 2009 Dan Walsh 3.6.12-39
- Allow fprintd to access sys_ptrace
- Add sandbox policy

Mon May 18 14:00:00 2009 Dan Walsh 3.6.12-38
- Add varnishd policy

Thu May 14 14:00:00 2009 Dan Walsh 3.6.12-37
- Fixes for kpropd

Tue May 12 14:00:00 2009 Dan Walsh 3.6.12-36
- Allow brctl to r/w tun_tap_device_t

Mon May 11 14:00:00 2009 Dan Walsh 3.6.12-35
- Add /usr/share/selinux/packages

Mon May 11 14:00:00 2009 Dan Walsh 3.6.12-34
- Allow rpcd_t to send signals to kernel threads

Thu May 7 14:00:00 2009 Dan Walsh 3.6.12-33
- Fix upgrade for F10 to F11

Thu May 7 14:00:00 2009 Dan Walsh 3.6.12-31
- Add policy for /var/lib/fprint

Tue May 5 14:00:00 2009 Dan Walsh 3.6.12-30
-Remove duplicate line

Tue May 5 14:00:00 2009 Dan Walsh 3.6.12-29
- Allow svirt to manage pci and other sysfs device data

Mon May 4 14:00:00 2009 Dan Walsh 3.6.12-28
- Fix package selection handling

Fri May 1 14:00:00 2009 Dan Walsh 3.6.12-27
- Fix /sbin/ip6tables-save context
- Allod udev to transition to mount
- Fix loading of mls policy file

Thu Apr 30 14:00:00 2009 Dan Walsh 3.6.12-26
- Add shorewall policy

Wed Apr 29 14:00:00 2009 Dan Walsh 3.6.12-25
- Additional rules for fprintd and sssd

Tue Apr 28 14:00:00 2009 Dan Walsh 3.6.12-24
- Allow nsplugin to unix_read unix_write sem for unconfined_java

Tue Apr 28 14:00:00 2009 Dan Walsh 3.6.12-23
- Fix uml files to be owned by users

Tue Apr 28 14:00:00 2009 Dan Walsh 3.6.12-22
- Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less

Mon Apr 27 14:00:00 2009 Dan Walsh 3.6.12-21
- Allow confined users to manage virt_content_t, since this is home dir content
- Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection

Mon Apr 27 14:00:00 2009 Dan Walsh 3.6.12-20
- Fix labeling on /var/lib/misc/prelink
*
- Allow xserver to rw_shm_perms with all x_clients
- Allow prelink to execute files in the users home directory

Fri Apr 24 14:00:00 2009 Dan Walsh 3.6.12-19
- Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead

Fri Apr 24 14:00:00 2009 Dan Walsh 3.6.12-16
- Update to latest milter code from Paul Howarth

Thu Apr 23 14:00:00 2009 Dan Walsh 3.6.12-15
- Additional perms for readahead

Thu Apr 23 14:00:00 2009 Dan Walsh 3.6.12-14
- Allow pulseaudio to acquire_svc on session bus
- Fix readahead labeling

Thu Apr 23 14:00:00 2009 Dan Walsh 3.6.12-13
- Allow sysadm_t to run rpm directly
- libvirt needs fowner

Wed Apr 22 14:00:00 2009 Dan Walsh 3.6.12-12
- Allow sshd to read var_lib symlinks for freenx

Tue Apr 21 14:00:00 2009 Dan Walsh 3.6.12-11
- Allow nsplugin unix_read and write on users shm and sem
- Allow sysadm_t to execute su

Tue Apr 21 14:00:00 2009 Dan Walsh 3.6.12-10
- Dontaudit attempts to getattr user_tmpfs_t by lvm
- Allow nfs to share removable media

Mon Apr 20 14:00:00 2009 Dan Walsh 3.6.12-9
- Add ability to run postdrop from confined users

Sat Apr 18 14:00:00 2009 Dan Walsh 3.6.12-8
- Fixes for podsleuth

Fri Apr 17 14:00:00 2009 Dan Walsh 3.6.12-7
- Turn off nsplugin transition
- Remove Konsole leaked file descriptors for release

Fri Apr 17 14:00:00 2009 Dan Walsh 3.6.12-6
- Allow cupsd_t to create link files in print_spool_t
- Fix iscsi_stream_connect typo
- Fix labeling on /etc/acpi/actions
- Don\'t reinstall unconfine and unconfineuser on upgrade if they are not installed

Tue Apr 14 14:00:00 2009 Dan Walsh 3.6.12-5
- Allow audioentroy to read etc files

Mon Apr 13 14:00:00 2009 Dan Walsh 3.6.12-4
- Add fail2ban_var_lib_t
- Fixes for devicekit_power_t

Thu Apr 9 14:00:00 2009 Dan Walsh 3.6.12-3
- Separate out the ucnonfined user from the unconfined.pp package

Tue Apr 7 14:00:00 2009 Dan Walsh 3.6.12-2
- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.

Tue Apr 7 14:00:00 2009 Dan Walsh 3.6.12-1
- Upgrade to latest upstream
- Allow devicekit_disk sys_rawio

Mon Apr 6 14:00:00 2009 Dan Walsh 3.6.11-1
- Dontaudit binds to ports < 1024 for named
- Upgrade to latest upstream

Fri Apr 3 14:00:00 2009 Dan Walsh 3.6.10-9
- Allow podsleuth to use tmpfs files

Fri Apr 3 14:00:00 2009 Dan Walsh 3.6.10-8
- Add customizable_types for svirt

Fri Apr 3 14:00:00 2009 Dan Walsh 3.6.10-7
- Allow setroubelshoot exec
* privs to prevent crash from bad libraries
- add cpufreqselector

Thu Apr 2 14:00:00 2009 Dan Walsh 3.6.10-6
- Dontaudit listing of /root directory for cron system jobs

Mon Mar 30 14:00:00 2009 Dan Walsh 3.6.10-5
- Fix missing ld.so.cache label

Fri Mar 27 13:00:00 2009 Dan Walsh 3.6.10-4
- Add label for ~/.forward and /root/.forward

Thu Mar 26 13:00:00 2009 Dan Walsh 3.6.10-3
- Fixes for svirt

Thu Mar 19 13:00:00 2009 Dan Walsh 3.6.10-2
- Fixes to allow svirt read iso files in homedir

Thu Mar 19 13:00:00 2009 Dan Walsh 3.6.10-1
- Add xenner and wine fixes from mgrepl

Wed Mar 18 13:00:00 2009 Dan Walsh 3.6.9-4
- Allow mdadm to read/write mls override

Tue Mar 17 13:00:00 2009 Dan Walsh 3.6.9-3
- Change to svirt to only access svirt_image_t

Thu Mar 12 13:00:00 2009 Dan Walsh 3.6.9-2
- Fix libvirt policy

Thu Mar 12 13:00:00 2009 Dan Walsh 3.6.9-1
- Upgrade to latest upstream

Tue Mar 10 13:00:00 2009 Dan Walsh 3.6.8-4
- Fixes for iscsid and sssd
- More cleanups for upgrade from F10 to Rawhide.

Mon Mar 9 13:00:00 2009 Dan Walsh 3.6.8-3
- Add pulseaudio, sssd policy
- Allow networkmanager to exec udevadm

Sat Mar 7 13:00:00 2009 Dan Walsh 3.6.8-2
- Add pulseaudio context

Wed Mar 4 13:00:00 2009 Dan Walsh 3.6.8-1
- Upgrade to latest patches

Wed Mar 4 13:00:00 2009 Dan Walsh 3.6.7-2
- Fixes for libvirt

Mon Mar 2 13:00:00 2009 Dan Walsh 3.6.7-1
- Update to Latest upstream

Sat Feb 28 13:00:00 2009 Dan Walsh 3.6.6-9
- Fix setrans.conf to show SystemLow for s0

Fri Feb 27 13:00:00 2009 Dan Walsh 3.6.6-8
- Further confinement of qemu images via svirt

Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 3.6.6-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Thu Feb 19 13:00:00 2009 Dan Walsh 3.6.6-6
- Allow NetworkManager to manage /etc/NetworkManager/system-connections

Wed Feb 18 13:00:00 2009 Dan Walsh 3.6.6-5
- add virtual_image_context and virtual_domain_context files

Tue Feb 17 13:00:00 2009 Dan Walsh 3.6.6-4
- Allow rpcd_t to send signal to mount_t
- Allow libvirtd to run ranged

Tue Feb 17 13:00:00 2009 Dan Walsh 3.6.6-3
- Fix sysnet/net_conf_t

Tue Feb 17 13:00:00 2009 Dan Walsh 3.6.6-2
- Fix squidGuard labeling

Wed Feb 11 13:00:00 2009 Dan Walsh 3.6.6-1
- Re-add corenet_in_generic_if(unlabeled_t)

Wed Feb 11 13:00:00 2009 Dan Walsh 3.6.5-3

* Tue Feb 10 2009 Dan Walsh 3.6.5-2
- Add git web policy

Mon Feb 9 13:00:00 2009 Dan Walsh 3.6.5-1
- Add setrans contains from upstream

Mon Feb 9 13:00:00 2009 Dan Walsh 3.6.4-6
- Do transitions outside of the booleans

Sun Feb 8 13:00:00 2009 Dan Walsh 3.6.4-5
- Allow xdm to create user_tmp_t sockets for switch user to work

Thu Feb 5 13:00:00 2009 Dan Walsh 3.6.4-4
- Fix staff_t domain

Thu Feb 5 13:00:00 2009 Dan Walsh 3.6.4-3
- Grab remainder of network_peer_controls patch

Wed Feb 4 13:00:00 2009 Dan Walsh 3.6.4-2
- More fixes for devicekit

Tue Feb 3 13:00:00 2009 Dan Walsh 3.6.4-1
- Upgrade to latest upstream

Mon Feb 2 13:00:00 2009 Dan Walsh 3.6.3-13
- Add boolean to disallow unconfined_t login

Fri Jan 30 13:00:00 2009 Dan Walsh 3.6.3-12
- Add back transition from xguest to mozilla

Fri Jan 30 13:00:00 2009 Dan Walsh 3.6.3-11
- Add virt_content_ro_t and labeling for isos directory

Tue Jan 27 13:00:00 2009 Dan Walsh 3.6.3-10
- Fixes for wicd daemon

Mon Jan 26 13:00:00 2009 Dan Walsh 3.6.3-9
- More mls/rpm fixes

Fri Jan 23 13:00:00 2009 Dan Walsh 3.6.3-8
- Add policy to make dbus/nm-applet work

Thu Jan 22 13:00:00 2009 Dan Walsh 3.6.3-7
- Remove polgen-ifgen from post and add trigger to policycoreutils-python

Wed Jan 21 13:00:00 2009 Dan Walsh 3.6.3-6
- Add wm policy
- Make mls work in graphics mode

Tue Jan 20 13:00:00 2009 Dan Walsh 3.6.3-3
- Fixed for DeviceKit

Mon Jan 19 13:00:00 2009 Dan Walsh 3.6.3-2
- Add devicekit policy

Mon Jan 19 13:00:00 2009 Dan Walsh 3.6.3-1
- Update to upstream

Thu Jan 15 13:00:00 2009 Dan Walsh 3.6.2-5
- Define openoffice as an x_domain

Mon Jan 12 13:00:00 2009 Dan Walsh 3.6.2-4
- Fixes for reading xserver_tmp_t

Thu Jan 8 13:00:00 2009 Dan Walsh 3.6.2-3
- Allow cups_pdf_t write to nfs_t

Tue Jan 6 13:00:00 2009 Dan Walsh 3.6.2-2
- Remove audio_entropy policy

Mon Jan 5 13:00:00 2009 Dan Walsh 3.6.2-1
- Update to upstream

Sun Jan 4 13:00:00 2009 Dan Walsh 3.6.1-15
- Allow hal_acl_t to getattr/setattr fixed_disk

Sat Dec 27 13:00:00 2008 Dan Walsh 3.6.1-14
- Change userdom_read_all_users_state to include reading symbolic links in /proc

Mon Dec 22 13:00:00 2008 Dan Walsh 3.6.1-13
- Fix dbus reading /proc information

Thu Dec 18 13:00:00 2008 Dan Walsh 3.6.1-12
- Add missing alias for home directory content

Wed Dec 17 13:00:00 2008 Dan Walsh 3.6.1-11
- Fixes for IBM java location

Thu Dec 11 13:00:00 2008 Dan Walsh 3.6.1-10
- Allow unconfined_r unconfined_java_t

Tue Dec 9 13:00:00 2008 Dan Walsh 3.6.1-9
- Add cron_role back to user domains

Mon Dec 8 13:00:00 2008 Dan Walsh 3.6.1-8
- Fix sudo setting of user keys

Thu Dec 4 13:00:00 2008 Dan Walsh 3.6.1-7
- Allow iptables to talk to terminals
- Fixes for policy kit
- lots of fixes for booting.

Wed Dec 3 13:00:00 2008 Dan Walsh 3.6.1-4
- Cleanup policy

Mon Dec 1 13:00:00 2008 Ignacio Vazquez-Abrams - 3.6.1-2
- Rebuild for Python 2.6

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-19
- Fix labeling on /var/spool/rsyslog

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-18
- Allow postgresl to bind to udp nodes

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-17
- Allow lvm to dbus chat with hal
- Allow rlogind to read nfs_t

Wed Nov 5 13:00:00 2008 Dan Walsh 3.5.13-16
- Fix cyphesis file context

Mon Nov 3 13:00:00 2008 Dan Walsh 3.5.13-15
- Allow hal/pm-utils to look at /var/run/video.rom
- Add ulogd policy

Mon Nov 3 13:00:00 2008 Dan Walsh 3.5.13-14
- Additional fixes for cyphesis
- Fix certmaster file context
- Add policy for system-config-samba
- Allow hal to read /var/run/video.rom

Mon Nov 3 13:00:00 2008 Dan Walsh 3.5.13-13
- Allow dhcpc to restart ypbind
- Fixup labeling in /var/run

Thu Oct 30 13:00:00 2008 Dan Walsh 3.5.13-12
- Add certmaster policy

Wed Oct 29 13:00:00 2008 Dan Walsh 3.5.13-11
- Fix confined users
- Allow xguest to read/write xguest_dbusd_t

Mon Oct 27 13:00:00 2008 Dan Walsh 3.5.13-9
- Allow openoffice execstack/execmem privs

Fri Oct 24 14:00:00 2008 Dan Walsh 3.5.13-8
- Allow mozilla to run with unconfined_execmem_t

Thu Oct 23 14:00:00 2008 Dan Walsh 3.5.13-7
- Dontaudit domains trying to write to .xsession-errors

Thu Oct 23 14:00:00 2008 Dan Walsh 3.5.13-6
- Allow nsplugin to look at autofs_t directory

Wed Oct 22 14:00:00 2008 Dan Walsh 3.5.13-5
- Allow kerneloops to create tmp files

Wed Oct 22 14:00:00 2008 Dan Walsh 3.5.13-4
- More alias for fastcgi

Tue Oct 21 14:00:00 2008 Dan Walsh 3.5.13-3
- Remove mod_fcgid-selinux package

Mon Oct 20 14:00:00 2008 Dan Walsh 3.5.13-2
- Fix dovecot access

Fri Oct 17 14:00:00 2008 Dan Walsh 3.5.13-1
- Policy cleanup

Thu Oct 16 14:00:00 2008 Dan Walsh 3.5.12-3
- Remove Multiple spec
- Add include
- Fix makefile to not call per_role_expansion

Wed Oct 15 14:00:00 2008 Dan Walsh 3.5.12-2
- Fix labeling of libGL

Fri Oct 10 14:00:00 2008 Dan Walsh 3.5.12-1
- Update to upstream

Wed Oct 8 14:00:00 2008 Dan Walsh 3.5.11-1
- Update to upstream policy

Mon Oct 6 14:00:00 2008 Dan Walsh 3.5.10-3
- Fixes for confined xwindows and xdm_t

Fri Oct 3 14:00:00 2008 Dan Walsh 3.5.10-2
- Allow confined users and xdm to exec wm
- Allow nsplugin to talk to fifo files on nfs

Fri Oct 3 14:00:00 2008 Dan Walsh 3.5.10-1
- Allow NetworkManager to transition to avahi and iptables
- Allow domains to search other domains keys, coverup kernel bug

Wed Oct 1 14:00:00 2008 Dan Walsh 3.5.9-4
- Fix labeling for oracle

Wed Oct 1 14:00:00 2008 Dan Walsh 3.5.9-3
- Allow nsplugin to comminicate with xdm_tmp_t sock_file

Mon Sep 29 14:00:00 2008 Dan Walsh 3.5.9-2
- Change all user tmpfs_t files to be labeled user_tmpfs_t
- Allow radiusd to create sock_files

Wed Sep 24 14:00:00 2008 Dan Walsh 3.5.9-1
- Upgrade to upstream

Tue Sep 23 14:00:00 2008 Dan Walsh 3.5.8-7
- Allow confined users to login with dbus

Mon Sep 22 14:00:00 2008 Dan Walsh 3.5.8-6
- Fix transition to nsplugin

Mon Sep 22 14:00:00 2008 Dan Walsh 3.5.8-5
- Add file context for /dev/mspblk.
*

Sun Sep 21 14:00:00 2008 Dan Walsh 3.5.8-4
- Fix transition to nsplugin
\'

Thu Sep 18 14:00:00 2008 Dan Walsh 3.5.8-3
- Fix labeling on new pm
*log
- Allow ssh to bind to all nodes

Thu Sep 11 14:00:00 2008 Dan Walsh 3.5.8-1
- Merge upstream changes
- Add Xavier Toth patches

Wed Sep 10 14:00:00 2008 Dan Walsh 3.5.7-2
- Add qemu_cache_t for /var/cache/libvirt

Fri Sep 5 14:00:00 2008 Dan Walsh 3.5.7-1
- Remove gamin policy

Thu Sep 4 14:00:00 2008 Dan Walsh 3.5.6-2
- Add tinyxs-max file system support

Wed Sep 3 14:00:00 2008 Dan Walsh 3.5.6-1
- Update to upstream
- New handling of init scripts

Fri Aug 29 14:00:00 2008 Dan Walsh 3.5.5-4
- Allow pcsd to dbus
- Add memcache policy

Fri Aug 29 14:00:00 2008 Dan Walsh 3.5.5-3
- Allow audit dispatcher to kill his children

Tue Aug 26 14:00:00 2008 Dan Walsh 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user

Tue Aug 12 14:00:00 2008 Dan Walsh 3.5.4-2
- Allow ifconfig_t to read dhcpc_state_t

Mon Aug 11 14:00:00 2008 Dan Walsh 3.5.4-1
- Update to upstream

Thu Aug 7 14:00:00 2008 Dan Walsh 3.5.3-1
- Update to upstream

Sat Aug 2 14:00:00 2008 Dan Walsh 3.5.2-2
- Allow system-config-selinux to work with policykit

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-5
- Fix novel labeling

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-4
- Consolodate pyzor,spamassassin, razor into one security domain
- Fix xdm requiring additional perms.

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-3
- Fixes for logrotate, alsa

Fri Jul 25 14:00:00 2008 Dan Walsh 3.5.1-2
- Eliminate vbetool duplicate entry

Wed Jul 16 14:00:00 2008 Dan Walsh 3.5.1-1
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
- Change dhclient to be able to red networkmanager_var_run

Tue Jul 15 14:00:00 2008 Dan Walsh 3.5.0-1
- Update to latest refpolicy
- Fix libsemanage initial install bug

Wed Jul 9 14:00:00 2008 Dan Walsh 3.4.2-14
- Add inotify support to nscd

Tue Jul 8 14:00:00 2008 Dan Walsh 3.4.2-13
- Allow unconfined_t to setfcap

Mon Jul 7 14:00:00 2008 Dan Walsh 3.4.2-12
- Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems

Thu Jul 3 14:00:00 2008 Dan Walsh 3.4.2-11
- Allow ypbind apps to net_bind_service

Wed Jul 2 14:00:00 2008 Dan Walsh 3.4.2-10
- Allow all system domains and application domains to append to any log file

Sun Jun 29 14:00:00 2008 Dan Walsh 3.4.2-9
- Allow gdm to read rpm database
- Allow nsplugin to read mplayer config files

Thu Jun 26 14:00:00 2008 Dan Walsh 3.4.2-8
- Allow vpnc to run ifconfig

Tue Jun 24 14:00:00 2008 Dan Walsh 3.4.2-7
- Allow confined users to use postgres
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server

Mon Jun 23 14:00:00 2008 Dan Walsh 3.4.2-6
- Apply unconfined_execmem_exec_t to haskell programs

Sun Jun 22 14:00:00 2008 Dan Walsh 3.4.2-5
- Fix prelude file context

Thu Jun 12 14:00:00 2008 Dan Walsh 3.4.2-4
- allow hplip to talk dbus
- Fix context on ~/.local dir

Thu Jun 12 14:00:00 2008 Dan Walsh 3.4.2-3
- Prevent applications from reading x_device

Thu Jun 12 14:00:00 2008 Dan Walsh 3.4.2-2
- Add /var/lib/selinux context

Wed Jun 11 14:00:00 2008 Dan Walsh 3.4.2-1
- Update to upstream

Wed Jun 4 14:00:00 2008 Dan Walsh 3.4.1-5
- Add livecd policy

Wed Jun 4 14:00:00 2008 Dan Walsh 3.4.1-3
- Dontaudit search of admin_home for init_system_domain
- Rewrite of xace interfaces
- Lots of new fs_list_inotify
- Allow livecd to transition to setfiles_mac

Fri May 9 14:00:00 2008 Dan Walsh 3.4.1-2
- Begin XAce integration

Fri May 9 14:00:00 2008 Dan Walsh 3.4.1-1
- Merge Upstream

Wed May 7 14:00:00 2008 Dan Walsh 3.3.1-48
- Allow amanada to create data files

Wed May 7 14:00:00 2008 Dan Walsh 3.3.1-47
- Fix initial install, semanage setup

Tue May 6 14:00:00 2008 Dan Walsh 3.3.1-46
- Allow system_r for httpd_unconfined_script_t

Wed Apr 30 14:00:00 2008 Dan Walsh 3.3.1-45
- Remove dmesg boolean
- Allow user domains to read/write game data

Mon Apr 28 14:00:00 2008 Dan Walsh 3.3.1-44
- Change unconfined_t to transition to unconfined_mono_t when running mono
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work

Mon Apr 28 14:00:00 2008 Dan Walsh 3.3.1-43
- Remove old booleans from targeted-booleans.conf file

Fri Apr 25 14:00:00 2008 Dan Walsh 3.3.1-42
- Add boolean to mmap_zero
- allow tor setgid
- Allow gnomeclock to set clock

Thu Apr 24 14:00:00 2008 Dan Walsh 3.3.1-41
- Don\'t run crontab from unconfined_t

Wed Apr 23 14:00:00 2008 Dan Walsh 3.3.1-39
- Change etc files to config files to allow users to read them

Mon Apr 14 14:00:00 2008 Dan Walsh 3.3.1-37
- Lots of fixes for confined domains on NFS_t homedir

Mon Apr 14 14:00:00 2008 Dan Walsh 3.3.1-36
- dontaudit mrtg reading /proc
- Allow iscsi to signal itself
- Allow gnomeclock sys_ptrace

Thu Apr 10 14:00:00 2008 Dan Walsh 3.3.1-33
- Allow dhcpd to read kernel network state

Thu Apr 10 14:00:00 2008 Dan Walsh 3.3.1-32
- Label /var/run/gdm correctly
- Fix unconfined_u user creation

Tue Apr 8 14:00:00 2008 Dan Walsh 3.3.1-31
- Allow transition from initrc_t to getty_t

Tue Apr 8 14:00:00 2008 Dan Walsh 3.3.1-30
- Allow passwd to communicate with user sockets to change gnome-keyring

Sat Apr 5 14:00:00 2008 Dan Walsh 3.3.1-29
- Fix initial install

Fri Apr 4 14:00:00 2008 Dan Walsh 3.3.1-28
- Allow radvd to use fifo_file
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home
dirs if the boolean is set

Tue Apr 1 14:00:00 2008 Dan Walsh 3.3.1-27
- Allow nsplugin to read /etc/mozpluggerrc, user_fonts
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t

Fri Mar 28 13:00:00 2008 Dan Walsh 3.3.1-26
- Allow initrc_t to dbus chat with consolekit.

Thu Mar 27 13:00:00 2008 Dan Walsh 3.3.1-25
- Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed

Tue Mar 25 13:00:00 2008 Dan Walsh 3.3.1-24
- Allow mount to mkdir on tmpfs
- Allow ifconfig to search debugfs

Tue Mar 18 13:00:00 2008 Dan Walsh 3.3.1-23
- Fix file context for MATLAB
- Fixes for xace

Tue Mar 18 13:00:00 2008 Dan Walsh 3.3.1-22
- Allow stunnel to transition to inetd children domains
- Make unconfined_dbusd_t an unconfined domain

Mon Mar 17 13:00:00 2008 Dan Walsh 3.3.1-21
- Fixes for qemu/virtd

Fri Mar 14 13:00:00 2008 Dan Walsh 3.3.1-20
- Fix bug in mozilla policy to allow xguest transition
- This will fix the

libsemanage.dbase_llist_query: could not find record value
libsemanage.dbase_llist_query: could not query record value (No such file or
directory)
bug in xguest

Fri Mar 14 13:00:00 2008 Dan Walsh 3.3.1-19
- Allow nsplugin to run acroread

Thu Mar 13 13:00:00 2008 Dan Walsh 3.3.1-18
- Add cups_pdf policy
- Add openoffice policy to run in xguest

Thu Mar 13 13:00:00 2008 Dan Walsh 3.3.1-17
- prewika needs to contact mysql
- Allow syslog to read system_map files

Wed Mar 12 13:00:00 2008 Dan Walsh 3.3.1-16
- Change init_t to an unconfined_domain

Tue Mar 11 13:00:00 2008 Dan Walsh 3.3.1-15
- Allow init to transition to initrc_t on shell exec.
- Fix init to be able to sendto init_t.
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
- More mls fixes

Tue Mar 11 13:00:00 2008 Bill Nottingham 3.3.1-14
- fixes for init policy (#436988)
- fix build

Mon Mar 10 13:00:00 2008 Dan Walsh 3.3.1-13
- Additional changes for MLS policy

Thu Mar 6 13:00:00 2008 Dan Walsh 3.3.1-12
- Fix initrc_context generation for MLS

Mon Mar 3 13:00:00 2008 Dan Walsh 3.3.1-11
- Fixes for libvirt

Mon Mar 3 13:00:00 2008 Dan Walsh 3.3.1-10
- Allow bitlebee to read locale_t

Fri Feb 29 13:00:00 2008 Dan Walsh 3.3.1-9
- More xselinux rules

Thu Feb 28 13:00:00 2008 Dan Walsh 3.3.1-8
- Change httpd_$1_script_r
*_t to httpd_$1_content_r
*_t

Wed Feb 27 13:00:00 2008 Dan Walsh 3.3.1-6
- Prepare policy for beta release
- Change some of the system domains back to unconfined
- Turn on some of the booleans

Tue Feb 26 13:00:00 2008 Dan Walsh 3.3.1-5
- Allow nsplugin_config execstack/execmem
- Allow nsplugin_t to read alsa config
- Change apache to use user content

Tue Feb 26 13:00:00 2008 Dan Walsh 3.3.1-4
- Add cyphesis policy

Tue Feb 26 13:00:00 2008 Dan Walsh 3.3.1-2
- Fix Makefile.devel to build mls modules
- Fix qemu to be more specific on labeling

Tue Feb 26 13:00:00 2008 Dan Walsh