[selinux-policy/f15] - Allow hostname read network state - Allow syslog to manage all log files - Add use_fusefs_home_dir
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Aug 11 13:25:08 UTC 2011
commit 8de36f734186e833ae692891923289559f36a58a
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Thu Aug 11 15:24:42 2011 +0200
- Allow hostname read network state
- Allow syslog to manage all log files
- Add use_fusefs_home_dirs boolean for chrome
- Make vdagent working with confined users
- Fix syslog port definition
- Allow openvpn to set its process priority when the nice parameter is used
- Restorecond should be able to watch and relabel devices in /dev
- Alow hddtemp to perform DNS name resolution
policy-F15.patch | 338 +++++++++++++++++++++++++++++++++-----------------
selinux-policy.spec | 12 ++-
2 files changed, 234 insertions(+), 116 deletions(-)
---
diff --git a/policy-F15.patch b/policy-F15.patch
index a703605..8777a5f 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -3049,10 +3049,10 @@ index 0000000..e921f24
+')
diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
new file mode 100644
-index 0000000..9f6478c
+index 0000000..22ddda5
--- /dev/null
+++ b/policy/modules/apps/chrome.te
-@@ -0,0 +1,117 @@
+@@ -0,0 +1,124 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -3167,6 +3167,13 @@ index 0000000..9f6478c
+ fs_dontaudit_append_cifs_files(chrome_sandbox_t)
+')
+
++tunable_policy(`use_fusefs_home_dirs',`
++ fs_search_fusefs(chrome_sandbox_t)
++ fs_read_fusefs_files(chrome_sandbox_t)
++ fs_exec_fusefs_files(chrome_sandbox_t)
++ fs_read_fusefs_symlinks(chrome_sandbox_t)
++')
++
+optional_policy(`
+ sandbox_use_ptys(chrome_sandbox_t)
+')
@@ -11374,7 +11381,7 @@ index 5a07a43..096bc60 100644
corenet_udp_recvfrom_labeled($1, $2)
corenet_raw_recvfrom_labeled($1, $2)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 0757523..7652d34 100644
+index 0757523..a14fd0f 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -16,6 +16,7 @@ attribute rpc_port_type;
@@ -11465,7 +11472,7 @@ index 0757523..7652d34 100644
network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
network_port(ftp_data, tcp,20,s0)
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -112,7 +137,7 @@ network_port(hddtemp, tcp,7634,s0)
+@@ -112,11 +137,12 @@ network_port(hddtemp, tcp,7634,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
@@ -11474,7 +11481,12 @@ index 0757523..7652d34 100644
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-@@ -126,43 +151,59 @@ network_port(iscsi, tcp,3260,s0)
+ network_port(innd, tcp,119,s0)
++network_port(ionixnetmon, tcp,7410,s0, udp,7410,s0)
+ network_port(ipmi, udp,623,s0, udp,664,s0)
+ network_port(ipp, tcp,631,s0, udp,631,s0, tcp,8610-8614,s0, udp,8610-8614,s0)
+ network_port(ipsecnat, tcp,4500,s0, udp,4500,s0)
+@@ -126,43 +152,59 @@ network_port(iscsi, tcp,3260,s0)
network_port(isns, tcp,3205,s0, udp,3205,s0)
network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
network_port(jabber_interserver, tcp,5269,s0)
@@ -11540,7 +11552,7 @@ index 0757523..7652d34 100644
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pulseaudio, tcp,4713,s0)
-@@ -177,24 +218,29 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
+@@ -177,25 +219,30 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
network_port(rlogind, tcp,513,s0)
network_port(rndc, tcp,953,s0)
@@ -11570,11 +11582,13 @@ index 0757523..7652d34 100644
+network_port(streaming, tcp, 554, s0, udp, 554, s0, tcp, 1755, s0, udp, 1755, s0)
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
network_port(swat, tcp,901,s0)
+-network_port(syslogd, udp,514,s0)
+network_port(sype, tcp,9911,s0, udp,9911,s0)
- network_port(syslogd, udp,514,s0)
++network_port(syslogd, udp,514,s0, tcp,6514,s0, udp,6514,s0)
network_port(tcs, tcp, 30003, s0)
network_port(telnetd, tcp,23,s0)
-@@ -205,20 +251,22 @@ network_port(transproxy, tcp,8081,s0)
+ network_port(tftp, udp,69,s0)
+@@ -205,20 +252,22 @@ network_port(transproxy, tcp,8081,s0)
network_port(ups, tcp,3493,s0)
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
network_port(uucpd, tcp,540,s0)
@@ -11600,7 +11614,7 @@ index 0757523..7652d34 100644
network_port(zope, tcp,8021,s0)
# Defaults for reserved ports. Earlier portcon entries take precedence;
-@@ -272,9 +320,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -272,9 +321,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *;
@@ -30323,10 +30337,10 @@ index 87b4531..db2d189 100644
+ files_list_etc($1)
')
diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te
-index c234b32..6620169 100644
+index c234b32..32f1b6d 100644
--- a/policy/modules/services/hddtemp.te
+++ b/policy/modules/services/hddtemp.te
-@@ -42,8 +42,8 @@ files_search_etc(hddtemp_t)
+@@ -42,8 +42,12 @@ files_search_etc(hddtemp_t)
files_read_usr_files(hddtemp_t)
storage_raw_read_fixed_disk(hddtemp_t)
@@ -30335,7 +30349,10 @@ index c234b32..6620169 100644
logging_send_syslog_msg(hddtemp_t)
miscfiles_read_localization(hddtemp_t)
--
+
++optional_policy(`
++ sysnet_dns_name_resolve(hddtemp_t)
++')
diff --git a/policy/modules/services/icecast.if b/policy/modules/services/icecast.if
index ecab47a..40affd8 100644
--- a/policy/modules/services/icecast.if
@@ -34776,6 +34793,19 @@ index 0a0d63c..91de41a 100644
########################################
#
# MySQL Manager Policy
+diff --git a/policy/modules/services/nagios.fc b/policy/modules/services/nagios.fc
+index 1fc9905..e4dfb48 100644
+--- a/policy/modules/services/nagios.fc
++++ b/policy/modules/services/nagios.fc
+@@ -34,6 +34,8 @@ ifdef(`distro_debian',`
+ # mail plugins
+ /usr/lib(64)?/nagios/plugins/check_mailq -- gen_context(system_u:object_r:nagios_mail_plugin_exec_t,s0)
+
++/usr/lib/pnp4nagios(/.*)? gen_context(system_u:object_r:nagios_var_lib_t,s0)
++
+ # system plugins
+ /usr/lib(64)?/nagios/plugins/check_breeze -- gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
+ /usr/lib(64)?/nagios/plugins/check_dummy -- gen_context(system_u:object_r:nagios_services_plugin_exec_t,s0)
diff --git a/policy/modules/services/nagios.if b/policy/modules/services/nagios.if
index 8581040..2367841 100644
--- a/policy/modules/services/nagios.if
@@ -34868,18 +34898,34 @@ index 8581040..2367841 100644
allow $1 nagios_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
-index bf64a4c..8a9789c 100644
+index bf64a4c..eecaf7c 100644
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
-@@ -79,6 +79,7 @@ files_spool_filetrans(nagios_t, nagios_spool_t, fifo_file)
+@@ -27,6 +27,9 @@ files_pid_file(nagios_var_run_t)
+ type nagios_spool_t;
+ files_type(nagios_spool_t)
++type nagios_var_lib_t;
++files_type(nagios_var_lib_t)
++
+ nagios_plugin_template(admin)
+ nagios_plugin_template(checkdisk)
+ nagios_plugin_template(mail)
+@@ -77,8 +80,13 @@ files_pid_filetrans(nagios_t, nagios_var_run_t, file)
+ manage_fifo_files_pattern(nagios_t, nagios_spool_t, nagios_spool_t)
+ files_spool_filetrans(nagios_t, nagios_spool_t, fifo_file)
+
++manage_files_pattern(nagios_t, nagios_var_lib_t, nagios_var_lib_t)
++manage_fifo_files_pattern(nagios_t, nagios_var_lib_t, nagios_var_lib_t)
++files_var_lib_filetrans(nagios_t, nagios_var_lib_t, { file dir })
++
kernel_read_system_state(nagios_t)
kernel_read_kernel_sysctls(nagios_t)
+kernel_read_software_raid_state(nagios_t)
corecmd_exec_bin(nagios_t)
corecmd_exec_shell(nagios_t)
-@@ -107,13 +108,11 @@ files_read_etc_files(nagios_t)
+@@ -107,13 +115,11 @@ files_read_etc_files(nagios_t)
files_read_etc_runtime_files(nagios_t)
files_read_kernel_symbol_table(nagios_t)
files_search_spool(nagios_t)
@@ -34894,7 +34940,7 @@ index bf64a4c..8a9789c 100644
auth_use_nsswitch(nagios_t)
logging_send_syslog_msg(nagios_t)
-@@ -124,10 +123,10 @@ userdom_dontaudit_use_unpriv_user_fds(nagios_t)
+@@ -124,10 +130,10 @@ userdom_dontaudit_use_unpriv_user_fds(nagios_t)
userdom_dontaudit_search_user_home_dirs(nagios_t)
mta_send_mail(nagios_t)
@@ -34907,7 +34953,7 @@ index bf64a4c..8a9789c 100644
netutils_kill_ping(nagios_t)
')
-@@ -143,6 +142,7 @@ optional_policy(`
+@@ -143,6 +149,7 @@ optional_policy(`
#
# Nagios CGI local policy
#
@@ -34915,7 +34961,7 @@ index bf64a4c..8a9789c 100644
optional_policy(`
apache_content_template(nagios)
typealias httpd_nagios_script_t alias nagios_cgi_t;
-@@ -180,11 +180,13 @@ optional_policy(`
+@@ -180,11 +187,13 @@ optional_policy(`
#
allow nrpe_t self:capability { setuid setgid };
@@ -34930,7 +34976,7 @@ index bf64a4c..8a9789c 100644
domtrans_pattern(nrpe_t, nagios_checkdisk_plugin_exec_t, nagios_checkdisk_plugin_t)
read_files_pattern(nrpe_t, nagios_etc_t, nagios_etc_t)
-@@ -201,7 +203,8 @@ corecmd_exec_shell(nrpe_t)
+@@ -201,7 +210,8 @@ corecmd_exec_shell(nrpe_t)
corenet_tcp_bind_generic_node(nrpe_t)
corenet_tcp_bind_inetd_child_port(nrpe_t)
@@ -34940,7 +34986,7 @@ index bf64a4c..8a9789c 100644
dev_read_sysfs(nrpe_t)
dev_read_urand(nrpe_t)
-@@ -211,6 +214,7 @@ domain_read_all_domains_state(nrpe_t)
+@@ -211,6 +221,7 @@ domain_read_all_domains_state(nrpe_t)
files_read_etc_runtime_files(nrpe_t)
files_read_etc_files(nrpe_t)
@@ -34948,7 +34994,7 @@ index bf64a4c..8a9789c 100644
fs_getattr_all_fs(nrpe_t)
fs_search_auto_mountpoints(nrpe_t)
-@@ -270,12 +274,10 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
+@@ -270,12 +281,10 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
#
allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
@@ -34961,7 +35007,7 @@ index bf64a4c..8a9789c 100644
kernel_read_kernel_sysctls(nagios_mail_plugin_t)
corecmd_read_bin_files(nagios_mail_plugin_t)
-@@ -299,7 +301,7 @@ optional_policy(`
+@@ -299,7 +308,7 @@ optional_policy(`
optional_policy(`
postfix_stream_connect_master(nagios_mail_plugin_t)
@@ -34970,7 +35016,7 @@ index bf64a4c..8a9789c 100644
')
######################################
-@@ -310,6 +312,9 @@ optional_policy(`
+@@ -310,6 +319,9 @@ optional_policy(`
# needed by ioctl()
allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
@@ -34980,7 +35026,7 @@ index bf64a4c..8a9789c 100644
files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
fs_getattr_all_fs(nagios_checkdisk_plugin_t)
-@@ -323,7 +328,6 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
+@@ -323,7 +335,6 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
allow nagios_services_plugin_t self:capability { net_bind_service net_raw };
allow nagios_services_plugin_t self:process { signal sigkill };
@@ -34988,7 +35034,7 @@ index bf64a4c..8a9789c 100644
allow nagios_services_plugin_t self:tcp_socket create_stream_socket_perms;
allow nagios_services_plugin_t self:udp_socket create_socket_perms;
-@@ -340,6 +344,8 @@ files_read_usr_files(nagios_services_plugin_t)
+@@ -340,6 +351,8 @@ files_read_usr_files(nagios_services_plugin_t)
optional_policy(`
netutils_domtrans_ping(nagios_services_plugin_t)
@@ -34997,7 +35043,7 @@ index bf64a4c..8a9789c 100644
')
optional_policy(`
-@@ -363,7 +369,6 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
+@@ -363,7 +376,6 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
manage_dirs_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
files_tmp_filetrans(nagios_system_plugin_t, nagios_system_plugin_tmp_t, { dir file })
@@ -36107,7 +36153,7 @@ index 9d0a67b..9197ef0 100644
#
interface(`openct_domtrans',`
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
-index 8b550f4..e41ff47 100644
+index 8b550f4..37e15bb 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -6,9 +6,9 @@ policy_module(openvpn, 1.10.0)
@@ -36133,9 +36179,14 @@ index 8b550f4..e41ff47 100644
type openvpn_initrc_exec_t;
init_script_file(openvpn_initrc_exec_t)
-@@ -43,12 +46,11 @@ files_pid_file(openvpn_var_run_t)
- allow openvpn_t self:capability { dac_read_search dac_override ipc_lock net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
- allow openvpn_t self:process { signal getsched };
+@@ -40,15 +43,14 @@ files_pid_file(openvpn_var_run_t)
+ # openvpn local policy
+ #
+
+-allow openvpn_t self:capability { dac_read_search dac_override ipc_lock net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
+-allow openvpn_t self:process { signal getsched };
++allow openvpn_t self:capability { dac_read_search dac_override ipc_lock net_bind_service net_admin setgid setuid sys_chroot sys_tty_config sys_nice };
++allow openvpn_t self:process { signal getsched setsched };
allow openvpn_t self:fifo_file rw_fifo_file_perms;
-
allow openvpn_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -41301,7 +41352,7 @@ index de37806..229a3c7 100644
+ read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
+')
diff --git a/policy/modules/services/rhcs.te b/policy/modules/services/rhcs.te
-index 93c896a..11e586f 100644
+index 93c896a..c1e73c6 100644
--- a/policy/modules/services/rhcs.te
+++ b/policy/modules/services/rhcs.te
@@ -6,13 +6,22 @@ policy_module(rhcs, 1.1.0)
@@ -41374,7 +41425,7 @@ index 93c896a..11e586f 100644
can_exec(fenced_t, fenced_exec_t)
-@@ -82,8 +95,12 @@ files_tmp_filetrans(fenced_t, fenced_tmp_t, { file fifo_file dir })
+@@ -82,8 +95,13 @@ files_tmp_filetrans(fenced_t, fenced_tmp_t, { file fifo_file dir })
stream_connect_pattern(fenced_t, groupd_var_run_t, groupd_var_run_t, groupd_t)
@@ -41383,11 +41434,12 @@ index 93c896a..11e586f 100644
corecmd_exec_bin(fenced_t)
+corecmd_exec_shell(fenced_t)
++corenet_udp_bind_ionixnetmon_port(fenced_t)
+corenet_tcp_bind_zented_port(fenced_t)
corenet_tcp_connect_http_port(fenced_t)
dev_read_sysfs(fenced_t)
-@@ -105,8 +122,24 @@ tunable_policy(`fenced_can_network_connect',`
+@@ -105,8 +123,24 @@ tunable_policy(`fenced_can_network_connect',`
')
optional_policy(`
@@ -41413,7 +41465,7 @@ index 93c896a..11e586f 100644
')
optional_policy(`
-@@ -114,13 +147,37 @@ optional_policy(`
+@@ -114,13 +148,37 @@ optional_policy(`
lvm_read_config(fenced_t)
')
@@ -41452,7 +41504,7 @@ index 93c896a..11e586f 100644
allow gfs_controld_t self:shm create_shm_perms;
allow gfs_controld_t self:netlink_kobject_uevent_socket create_socket_perms;
-@@ -139,10 +196,6 @@ storage_getattr_removable_dev(gfs_controld_t)
+@@ -139,10 +197,6 @@ storage_getattr_removable_dev(gfs_controld_t)
init_rw_script_tmp_files(gfs_controld_t)
optional_policy(`
@@ -41463,7 +41515,7 @@ index 93c896a..11e586f 100644
lvm_exec(gfs_controld_t)
dev_rw_lvm_control(gfs_controld_t)
')
-@@ -154,9 +207,10 @@ optional_policy(`
+@@ -154,9 +208,10 @@ optional_policy(`
allow groupd_t self:capability { sys_nice sys_resource };
allow groupd_t self:process setsched;
@@ -41475,7 +41527,7 @@ index 93c896a..11e586f 100644
dev_list_sysfs(groupd_t)
files_read_etc_files(groupd_t)
-@@ -168,8 +222,7 @@ init_rw_script_tmp_files(groupd_t)
+@@ -168,8 +223,7 @@ init_rw_script_tmp_files(groupd_t)
# qdiskd local policy
#
@@ -41485,7 +41537,7 @@ index 93c896a..11e586f 100644
allow qdiskd_t self:tcp_socket create_stream_socket_perms;
allow qdiskd_t self:udp_socket create_socket_perms;
-@@ -199,6 +252,8 @@ files_dontaudit_getattr_all_sockets(qdiskd_t)
+@@ -199,6 +253,8 @@ files_dontaudit_getattr_all_sockets(qdiskd_t)
files_dontaudit_getattr_all_pipes(qdiskd_t)
files_read_etc_files(qdiskd_t)
@@ -41494,7 +41546,7 @@ index 93c896a..11e586f 100644
storage_raw_read_removable_device(qdiskd_t)
storage_raw_write_removable_device(qdiskd_t)
storage_raw_read_fixed_disk(qdiskd_t)
-@@ -207,10 +262,6 @@ storage_raw_write_fixed_disk(qdiskd_t)
+@@ -207,10 +263,6 @@ storage_raw_write_fixed_disk(qdiskd_t)
auth_use_nsswitch(qdiskd_t)
optional_policy(`
@@ -41505,7 +41557,7 @@ index 93c896a..11e586f 100644
netutils_domtrans_ping(qdiskd_t)
')
-@@ -223,18 +274,28 @@ optional_policy(`
+@@ -223,18 +275,28 @@ optional_policy(`
# rhcs domains common policy
#
@@ -46271,13 +46323,30 @@ index 0000000..71d9784
+
diff --git a/policy/modules/services/vdagent.if b/policy/modules/services/vdagent.if
new file mode 100644
-index 0000000..83336ab
+index 0000000..7647279
--- /dev/null
+++ b/policy/modules/services/vdagent.if
-@@ -0,0 +1,93 @@
+@@ -0,0 +1,128 @@
+
+## <summary>policy for vdagent</summary>
+
++#####################################
++## <summary>
++## Getattr on vdagent executable.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`vdagent_getattr_exec',`
++ gen_require(`
++ type vdagent_exec_t;
++ ')
++
++ allow $1 vdagent_exec_t:file getattr;
++')
+
+########################################
+## <summary>
@@ -46297,6 +46366,24 @@ index 0000000..83336ab
+ domtrans_pattern($1, vdagent_exec_t, vdagent_t)
+')
+
++#######################################
++## <summary>
++## Get the attributes of vdagent logs.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`vdagent_getattr_log',`
++ gen_require(`
++ type vdagent_log_t;
++ ')
++
++ logging_search_logs($1)
++ allow $1 vdagent_log_t:file getattr_file_perms;
++')
+
+########################################
+## <summary>
@@ -51700,10 +51787,18 @@ index ede3231..6cdbda3 100644
auth_rw_login_records(getty_t)
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
-index c310775..80e513b 100644
+index c310775..67f4c3d 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
-@@ -28,15 +28,18 @@ dev_read_sysfs(hostname_t)
+@@ -21,6 +21,7 @@ allow hostname_t self:capability sys_admin;
+ allow hostname_t self:unix_stream_socket create_stream_socket_perms;
+ dontaudit hostname_t self:capability sys_tty_config;
+
++kernel_read_network_state(hostname_t)
+ kernel_list_proc(hostname_t)
+ kernel_read_proc_symlinks(hostname_t)
+
+@@ -28,15 +29,18 @@ dev_read_sysfs(hostname_t)
# Early devtmpfs, before udev relabel
dev_dontaudit_rw_generic_chr_files(hostname_t)
@@ -51722,7 +51817,7 @@ index c310775..80e513b 100644
fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
term_dontaudit_use_console(hostname_t)
-@@ -46,6 +49,7 @@ term_use_all_ptys(hostname_t)
+@@ -46,6 +50,7 @@ term_use_all_ptys(hostname_t)
init_use_fds(hostname_t)
init_use_script_fds(hostname_t)
init_use_script_ptys(hostname_t)
@@ -54729,7 +54824,7 @@ index c7cfb62..ee89659 100644
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 9b5a9ed..389ed25 100644
+index 9b5a9ed..9eb94a4 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -19,6 +19,11 @@ type auditd_log_t;
@@ -54892,7 +54987,15 @@ index 9b5a9ed..389ed25 100644
# for sending messages to logged in users
init_read_utmp(syslogd_t)
init_dontaudit_write_utmp(syslogd_t)
-@@ -480,6 +528,10 @@ optional_policy(`
+@@ -443,6 +491,7 @@ init_use_fds(syslogd_t)
+
+ # cjp: this doesnt make sense
+ logging_send_syslog_msg(syslogd_t)
++logging_manage_all_logs(syslogd_t)
+
+ miscfiles_read_localization(syslogd_t)
+
+@@ -480,6 +529,10 @@ optional_policy(`
')
optional_policy(`
@@ -54903,7 +55006,7 @@ index 9b5a9ed..389ed25 100644
postgresql_stream_connect(syslogd_t)
')
-@@ -488,6 +540,10 @@ optional_policy(`
+@@ -488,6 +541,10 @@ optional_policy(`
')
optional_policy(`
@@ -56704,7 +56807,7 @@ index 170e2c7..e29a4eb 100644
+')
+')
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
-index 7ed9819..df3c078 100644
+index 7ed9819..c1f4c70 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -22,6 +22,9 @@ attribute can_relabelto_binary_policy;
@@ -56859,16 +56962,18 @@ index 7ed9819..df3c078 100644
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(newrole_t)
-@@ -312,6 +337,8 @@ kernel_use_fds(restorecond_t)
+@@ -312,6 +337,10 @@ kernel_use_fds(restorecond_t)
kernel_rw_pipes(restorecond_t)
kernel_read_system_state(restorecond_t)
++dev_relabel_all_dev_nodes(restorecond_t)
++
+files_dontaudit_read_all_symlinks(restorecond_t)
+
fs_relabelfrom_noxattr_fs(restorecond_t)
fs_dontaudit_list_nfs(restorecond_t)
fs_getattr_xattr_fs(restorecond_t)
-@@ -335,6 +362,8 @@ miscfiles_read_localization(restorecond_t)
+@@ -335,6 +364,8 @@ miscfiles_read_localization(restorecond_t)
seutil_libselinux_linked(restorecond_t)
@@ -56877,7 +56982,7 @@ index 7ed9819..df3c078 100644
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(restorecond_t)
-@@ -353,16 +382,19 @@ optional_policy(`
+@@ -353,16 +384,19 @@ optional_policy(`
allow run_init_t self:process setexec;
allow run_init_t self:capability setuid;
allow run_init_t self:fifo_file rw_file_perms;
@@ -56898,7 +57003,7 @@ index 7ed9819..df3c078 100644
dev_dontaudit_list_all_dev_nodes(run_init_t)
domain_use_interactive_fds(run_init_t)
-@@ -380,6 +412,8 @@ selinux_compute_create_context(run_init_t)
+@@ -380,6 +414,8 @@ selinux_compute_create_context(run_init_t)
selinux_compute_relabel_context(run_init_t)
selinux_compute_user_contexts(run_init_t)
@@ -56907,7 +57012,7 @@ index 7ed9819..df3c078 100644
auth_use_nsswitch(run_init_t)
auth_domtrans_chk_passwd(run_init_t)
auth_domtrans_upd_passwd(run_init_t)
-@@ -388,6 +422,7 @@ auth_dontaudit_read_shadow(run_init_t)
+@@ -388,6 +424,7 @@ auth_dontaudit_read_shadow(run_init_t)
init_spec_domtrans_script(run_init_t)
# for utmp
init_rw_utmp(run_init_t)
@@ -56915,7 +57020,7 @@ index 7ed9819..df3c078 100644
logging_send_syslog_msg(run_init_t)
-@@ -405,6 +440,19 @@ ifndef(`direct_sysadm_daemon',`
+@@ -405,6 +442,19 @@ ifndef(`direct_sysadm_daemon',`
')
')
@@ -56935,7 +57040,7 @@ index 7ed9819..df3c078 100644
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(run_init_t)
-@@ -420,61 +468,22 @@ optional_policy(`
+@@ -420,61 +470,22 @@ optional_policy(`
# semodule local policy
#
@@ -57005,7 +57110,7 @@ index 7ed9819..df3c078 100644
# netfilter_contexts:
seutil_manage_default_contexts(semanage_t)
-@@ -487,118 +496,72 @@ ifdef(`distro_debian',`
+@@ -487,118 +498,72 @@ ifdef(`distro_debian',`
files_read_var_lib_symlinks(semanage_t)
')
@@ -59329,7 +59434,7 @@ index db75976..392d1ee 100644
+HOME_DIR/\.gvfs(/.*)? <<none>>
+HOME_DIR/\.debug(/.*)? <<none>>
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 28b88de..6b7f9c7 100644
+index 28b88de..dc49084 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,8 +30,9 @@ template(`userdom_base_user_template',`
@@ -60394,7 +60499,7 @@ index 28b88de..6b7f9c7 100644
userdom_common_user_template($1)
##############################
-@@ -956,54 +1185,83 @@ template(`userdom_unpriv_user_template', `
+@@ -956,54 +1185,89 @@ template(`userdom_unpriv_user_template', `
#
# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -60446,11 +60551,9 @@ index 28b88de..6b7f9c7 100644
+
+ tunable_policy(`user_setrlimit',`
+ allow $1_usertype self:process setrlimit;
- ')
-
- optional_policy(`
-- netutils_run_ping_cond($1_t,$1_r)
-- netutils_run_traceroute_cond($1_t,$1_r)
++ ')
++
++ optional_policy(`
+ cdrecord_role($1_r, $1_t)
+ ')
+
@@ -60480,35 +60583,42 @@ index 28b88de..6b7f9c7 100644
+
+ optional_policy(`
+ java_role_template($1, $1_r, $1_t)
-+ ')
-+
-+ optional_policy(`
+ ')
+
+ optional_policy(`
+- netutils_run_ping_cond($1_t,$1_r)
+- netutils_run_traceroute_cond($1_t,$1_r)
+ mono_role_template($1, $1_r, $1_t)
+ ')
+
+ optional_policy(`
+ mount_run_fusermount($1_t, $1_r)
+ mount_read_pid_files($1_t)
++ ')
++
++ optional_policy(`
++ wine_role_template($1, $1_r, $1_t)
++ ')
++
++ optional_policy(`
++ postfix_run_postdrop($1_t, $1_r)
')
-- # Run pppd in pppd_t by default for user
+ # Run pppd in pppd_t by default for user
optional_policy(`
- ppp_run_cond($1_t,$1_r)
-+ wine_role_template($1, $1_r, $1_t)
++ ppp_run_cond($1_t, $1_r)
')
optional_policy(`
- setroubleshoot_stream_connect($1_t)
-+ postfix_run_postdrop($1_t, $1_r)
-+ ')
-+
-+ # Run pppd in pppd_t by default for user
-+ optional_policy(`
-+ ppp_run_cond($1_t, $1_r)
++ vdagent_getattr_log($1_t)
++ vdagent_getattr_exec($1_t)
++ vdagent_stream_connect($1_t)
')
')
-@@ -1039,7 +1297,7 @@ template(`userdom_unpriv_user_template', `
+@@ -1039,7 +1303,7 @@ template(`userdom_unpriv_user_template', `
template(`userdom_admin_user_template',`
gen_require(`
attribute admindomain;
@@ -60517,7 +60627,7 @@ index 28b88de..6b7f9c7 100644
')
##############################
-@@ -1066,6 +1324,7 @@ template(`userdom_admin_user_template',`
+@@ -1066,6 +1330,7 @@ template(`userdom_admin_user_template',`
#
allow $1_t self:capability ~{ sys_module audit_control audit_write };
@@ -60525,7 +60635,7 @@ index 28b88de..6b7f9c7 100644
allow $1_t self:process { setexec setfscreate };
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
allow $1_t self:tun_socket create;
-@@ -1074,6 +1333,9 @@ template(`userdom_admin_user_template',`
+@@ -1074,6 +1339,9 @@ template(`userdom_admin_user_template',`
# Skip authentication when pam_rootok is specified.
allow $1_t self:passwd rootok;
@@ -60535,7 +60645,7 @@ index 28b88de..6b7f9c7 100644
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1088,6 +1350,7 @@ template(`userdom_admin_user_template',`
+@@ -1088,6 +1356,7 @@ template(`userdom_admin_user_template',`
kernel_sigstop_unlabeled($1_t)
kernel_signull_unlabeled($1_t)
kernel_sigchld_unlabeled($1_t)
@@ -60543,7 +60653,7 @@ index 28b88de..6b7f9c7 100644
corenet_tcp_bind_generic_port($1_t)
# allow setting up tunnels
-@@ -1105,10 +1368,13 @@ template(`userdom_admin_user_template',`
+@@ -1105,10 +1374,13 @@ template(`userdom_admin_user_template',`
dev_rename_all_blk_files($1_t)
dev_rename_all_chr_files($1_t)
dev_create_generic_symlinks($1_t)
@@ -60557,7 +60667,7 @@ index 28b88de..6b7f9c7 100644
domain_dontaudit_ptrace_all_domains($1_t)
# signal all domains:
domain_kill_all_domains($1_t)
-@@ -1119,15 +1385,19 @@ template(`userdom_admin_user_template',`
+@@ -1119,15 +1391,19 @@ template(`userdom_admin_user_template',`
domain_sigchld_all_domains($1_t)
# for lsof
domain_getattr_all_sockets($1_t)
@@ -60577,7 +60687,7 @@ index 28b88de..6b7f9c7 100644
term_use_all_terms($1_t)
-@@ -1141,7 +1411,10 @@ template(`userdom_admin_user_template',`
+@@ -1141,7 +1417,10 @@ template(`userdom_admin_user_template',`
logging_send_syslog_msg($1_t)
@@ -60589,7 +60699,7 @@ index 28b88de..6b7f9c7 100644
# The following rule is temporary until such time that a complete
# policy management infrastructure is in place so that an administrator
-@@ -1210,6 +1483,8 @@ template(`userdom_security_admin_template',`
+@@ -1210,6 +1489,8 @@ template(`userdom_security_admin_template',`
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -60598,7 +60708,7 @@ index 28b88de..6b7f9c7 100644
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1222,6 +1497,7 @@ template(`userdom_security_admin_template',`
+@@ -1222,6 +1503,7 @@ template(`userdom_security_admin_template',`
selinux_set_enforce_mode($1)
selinux_set_all_booleans($1)
selinux_set_parameters($1)
@@ -60606,7 +60716,7 @@ index 28b88de..6b7f9c7 100644
auth_relabel_all_files_except_shadow($1)
auth_relabel_shadow($1)
-@@ -1237,8 +1513,15 @@ template(`userdom_security_admin_template',`
+@@ -1237,8 +1519,15 @@ template(`userdom_security_admin_template',`
seutil_run_checkpolicy($1,$2)
seutil_run_loadpolicy($1,$2)
seutil_run_semanage($1,$2)
@@ -60622,7 +60732,7 @@ index 28b88de..6b7f9c7 100644
optional_policy(`
aide_run($1,$2)
')
-@@ -1279,11 +1562,60 @@ template(`userdom_security_admin_template',`
+@@ -1279,11 +1568,60 @@ template(`userdom_security_admin_template',`
interface(`userdom_user_home_content',`
gen_require(`
type user_home_t;
@@ -60683,7 +60793,7 @@ index 28b88de..6b7f9c7 100644
ubac_constrained($1)
')
-@@ -1395,6 +1727,7 @@ interface(`userdom_search_user_home_dirs',`
+@@ -1395,6 +1733,7 @@ interface(`userdom_search_user_home_dirs',`
')
allow $1 user_home_dir_t:dir search_dir_perms;
@@ -60691,14 +60801,13 @@ index 28b88de..6b7f9c7 100644
files_search_home($1)
')
-@@ -1441,10 +1774,18 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1441,9 +1780,17 @@ interface(`userdom_list_user_home_dirs',`
allow $1 user_home_dir_t:dir list_dir_perms;
files_search_home($1)
-')
-########################################
--## <summary>
+ tunable_policy(`use_nfs_home_dirs',`
+ fs_list_nfs($1)
+ ')
@@ -60709,11 +60818,10 @@ index 28b88de..6b7f9c7 100644
+')
+
+########################################
-+## <summary>
+ ## <summary>
## Do not audit attempts to list user home subdirectories.
## </summary>
- ## <param name="domain">
-@@ -1456,9 +1797,11 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1456,9 +1803,11 @@ interface(`userdom_list_user_home_dirs',`
interface(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
type user_home_dir_t;
@@ -60725,7 +60833,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -1515,6 +1858,42 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1515,6 +1864,42 @@ interface(`userdom_relabelto_user_home_dirs',`
allow $1 user_home_dir_t:dir relabelto;
')
@@ -60768,7 +60876,7 @@ index 28b88de..6b7f9c7 100644
########################################
## <summary>
## Create directories in the home dir root with
-@@ -1589,6 +1968,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
+@@ -1589,6 +1974,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
')
dontaudit $1 user_home_t:dir search_dir_perms;
@@ -60777,7 +60885,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -1603,10 +1984,12 @@ interface(`userdom_dontaudit_search_user_home_content',`
+@@ -1603,10 +1990,12 @@ interface(`userdom_dontaudit_search_user_home_content',`
#
interface(`userdom_list_user_home_content',`
gen_require(`
@@ -60792,7 +60900,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -1649,6 +2032,25 @@ interface(`userdom_delete_user_home_content_dirs',`
+@@ -1649,6 +2038,25 @@ interface(`userdom_delete_user_home_content_dirs',`
########################################
## <summary>
@@ -60818,7 +60926,7 @@ index 28b88de..6b7f9c7 100644
## Do not audit attempts to set the
## attributes of user home files.
## </summary>
-@@ -1700,12 +2102,32 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1700,12 +2108,32 @@ interface(`userdom_read_user_home_content_files',`
type user_home_dir_t, user_home_t;
')
@@ -60851,7 +60959,7 @@ index 28b88de..6b7f9c7 100644
## Do not audit attempts to read user home files.
## </summary>
## <param name="domain">
-@@ -1716,11 +2138,14 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1716,11 +2144,14 @@ interface(`userdom_read_user_home_content_files',`
#
interface(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -60869,7 +60977,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -1779,6 +2204,24 @@ interface(`userdom_delete_user_home_content_files',`
+@@ -1779,6 +2210,24 @@ interface(`userdom_delete_user_home_content_files',`
########################################
## <summary>
@@ -60894,7 +61002,7 @@ index 28b88de..6b7f9c7 100644
## Do not audit attempts to write user home files.
## </summary>
## <param name="domain">
-@@ -1810,8 +2253,7 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -1810,8 +2259,7 @@ interface(`userdom_read_user_home_content_symlinks',`
type user_home_dir_t, user_home_t;
')
@@ -60904,7 +61012,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -1827,20 +2269,14 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -1827,20 +2275,14 @@ interface(`userdom_read_user_home_content_symlinks',`
#
interface(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -60929,7 +61037,7 @@ index 28b88de..6b7f9c7 100644
########################################
## <summary>
-@@ -2008,7 +2444,7 @@ interface(`userdom_user_home_dir_filetrans',`
+@@ -2008,7 +2450,7 @@ interface(`userdom_user_home_dir_filetrans',`
type user_home_dir_t;
')
@@ -60938,7 +61046,7 @@ index 28b88de..6b7f9c7 100644
files_search_home($1)
')
-@@ -2182,7 +2618,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
+@@ -2182,7 +2624,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
type user_tmp_t;
')
@@ -60947,7 +61055,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -2435,13 +2871,14 @@ interface(`userdom_read_user_tmpfs_files',`
+@@ -2435,13 +2877,14 @@ interface(`userdom_read_user_tmpfs_files',`
')
read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
@@ -60963,7 +61071,7 @@ index 28b88de..6b7f9c7 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -2462,26 +2899,6 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2462,26 +2905,6 @@ interface(`userdom_rw_user_tmpfs_files',`
########################################
## <summary>
@@ -60990,7 +61098,7 @@ index 28b88de..6b7f9c7 100644
## Get the attributes of a user domain tty.
## </summary>
## <param name="domain">
-@@ -2570,6 +2987,24 @@ interface(`userdom_use_user_ttys',`
+@@ -2570,6 +2993,24 @@ interface(`userdom_use_user_ttys',`
allow $1 user_tty_device_t:chr_file rw_term_perms;
')
@@ -61015,7 +61123,7 @@ index 28b88de..6b7f9c7 100644
########################################
## <summary>
## Read and write a user domain pty.
-@@ -2588,6 +3023,24 @@ interface(`userdom_use_user_ptys',`
+@@ -2588,6 +3029,24 @@ interface(`userdom_use_user_ptys',`
allow $1 user_devpts_t:chr_file rw_term_perms;
')
@@ -61040,7 +61148,7 @@ index 28b88de..6b7f9c7 100644
########################################
## <summary>
## Read and write a user TTYs and PTYs.
-@@ -2646,6 +3099,24 @@ interface(`userdom_dontaudit_use_user_terminals',`
+@@ -2646,6 +3105,24 @@ interface(`userdom_dontaudit_use_user_terminals',`
########################################
## <summary>
@@ -61065,7 +61173,7 @@ index 28b88de..6b7f9c7 100644
## Execute a shell in all user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
-@@ -2815,7 +3286,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -2815,7 +3292,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
@@ -61074,7 +61182,7 @@ index 28b88de..6b7f9c7 100644
allow unpriv_userdomain $1:process sigchld;
')
-@@ -2831,11 +3302,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -2831,11 +3308,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
#
interface(`userdom_search_user_home_content',`
gen_require(`
@@ -61090,7 +61198,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -2917,7 +3390,7 @@ interface(`userdom_dontaudit_use_user_ptys',`
+@@ -2917,7 +3396,7 @@ interface(`userdom_dontaudit_use_user_ptys',`
type user_devpts_t;
')
@@ -61099,7 +61207,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -2972,7 +3445,45 @@ interface(`userdom_write_user_tmp_files',`
+@@ -2972,7 +3451,45 @@ interface(`userdom_write_user_tmp_files',`
type user_tmp_t;
')
@@ -61146,7 +61254,7 @@ index 28b88de..6b7f9c7 100644
')
########################################
-@@ -3009,6 +3520,7 @@ interface(`userdom_read_all_users_state',`
+@@ -3009,6 +3526,7 @@ interface(`userdom_read_all_users_state',`
')
read_files_pattern($1, userdomain, userdomain)
@@ -61154,7 +61262,7 @@ index 28b88de..6b7f9c7 100644
kernel_search_proc($1)
')
-@@ -3087,6 +3599,24 @@ interface(`userdom_signal_all_users',`
+@@ -3087,6 +3605,24 @@ interface(`userdom_signal_all_users',`
########################################
## <summary>
@@ -61179,7 +61287,7 @@ index 28b88de..6b7f9c7 100644
## Send a SIGCHLD signal to all user domains.
## </summary>
## <param name="domain">
-@@ -3139,3 +3669,1058 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3139,3 +3675,1058 @@ interface(`userdom_dbus_send_all_users',`
allow $1 userdomain:dbus send_msg;
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index df9f83b..9f5c531 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.16
-Release: 37%{?dist}
+Release: 38%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,16 @@ exit 0
%endif
%changelog
+* Thu Aug 11 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.16-38
+- Allow hostname read network state
+- Allow syslog to manage all log files
+- Add use_fusefs_home_dirs boolean for chrome
+- Make vdagent working with confined users
+- Fix syslog port definition
+- Allow openvpn to set its process priority when the nice parameter is used
+- Restorecond should be able to watch and relabel devices in /dev
+- Alow hddtemp to perform DNS name resolution
+
* Fri Aug 5 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.16-37
- Fixes for zarafa, postfix policy
- Backport collect policy
More information about the scm-commits
mailing list