[selinux-policy/f16] +- Allow spamd to send mail +- Add ssh_home_t label for /var/lib/nocpulse/.ssh +- Allow puppetmaster
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Nov 24 11:08:02 UTC 2011
commit 66b865a1eeb7474f4b71a94e1489c6e61676c041
Author: Miroslav <mgrepl at redhat.com>
Date: Thu Nov 24 12:07:50 2011 +0100
+- Allow spamd to send mail
+- Add ssh_home_t label for /var/lib/nocpulse/.ssh
+- Allow puppetmaster to read network state
+- Add colord_can_network_connect boolean
+- Allow colord to execute shell
+- Add bin_t label for "/usr/lib/iscan/network"
+- Allow chrome-sandbox ptrace
+- winbind needs to be able to talk to ldap directly, not through sssd
+- saslauthd_t needs to connect to zarafa_port_t
+- dnsmasq wants to read proc_net_t
+- Add full DNS support for FreeIPA
policy-F16.patch | 147 ++++++++++++++++++++++++++++++++++++---------------
selinux-policy.spec | 15 +++++-
2 files changed, 119 insertions(+), 43 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 2cf0c6f..9e336fa 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -4875,10 +4875,10 @@ index 0000000..1553356
+')
diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
new file mode 100644
-index 0000000..9dd77b4
+index 0000000..8eccbc2
--- /dev/null
+++ b/policy/modules/apps/chrome.te
-@@ -0,0 +1,180 @@
+@@ -0,0 +1,181 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -4910,6 +4910,7 @@ index 0000000..9dd77b4
+allow chrome_sandbox_t self:capability { chown dac_override fsetid setgid setuid sys_admin sys_chroot sys_ptrace };
+allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack };
+allow chrome_sandbox_t self:process setsched;
++allow chrome_sandbox_t self:process ptrace;
+allow chrome_sandbox_t self:fifo_file manage_file_perms;
+allow chrome_sandbox_t self:unix_stream_socket create_stream_socket_perms;
+allow chrome_sandbox_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -8721,10 +8722,10 @@ index 0000000..8d7c751
+')
diff --git a/policy/modules/apps/namespace.te b/policy/modules/apps/namespace.te
new file mode 100644
-index 0000000..bb6b61e
+index 0000000..1d0c0ff
--- /dev/null
+++ b/policy/modules/apps/namespace.te
-@@ -0,0 +1,38 @@
+@@ -0,0 +1,40 @@
+policy_module(namespace,1.0.0)
+
+########################################
@@ -8749,6 +8750,8 @@ index 0000000..bb6b61e
+
+kernel_read_system_state(namespace_init_t)
+
++corecmd_exec_shell(namespace_init_t)
++
+domain_use_interactive_fds(namespace_init_t)
+
+files_read_etc_files(namespace_init_t)
@@ -12678,7 +12681,7 @@ index 223ad43..d95e720 100644
rsync_exec(yam_t)
')
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 3fae11a..5808202 100644
+index 3fae11a..63712be 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -97,8 +97,6 @@ ifdef(`distro_redhat',`
@@ -12915,7 +12918,7 @@ index 3fae11a..5808202 100644
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -385,3 +401,11 @@ ifdef(`distro_suse', `
+@@ -385,3 +401,12 @@ ifdef(`distro_suse', `
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -12924,6 +12927,7 @@ index 3fae11a..5808202 100644
+# /usr/lib
+#
+
++/usr/lib/iscan/network -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/ruby/gems/.*/agents(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/virtualbox/VBoxManage -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
@@ -27099,7 +27103,7 @@ index 44a1e3d..7802b7b 100644
+ named_systemctl($1)
')
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
-index 4deca04..fc86505 100644
+index 4deca04..7859fa1 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -6,16 +6,24 @@ policy_module(bind, 1.11.0)
@@ -27173,18 +27177,20 @@ index 4deca04..fc86505 100644
tunable_policy(`named_write_master_zones',`
manage_dirs_pattern(named_t, named_zone_t, named_zone_t)
manage_files_pattern(named_t, named_zone_t, named_zone_t)
-@@ -154,6 +170,10 @@ tunable_policy(`named_write_master_zones',`
+@@ -154,6 +170,12 @@ tunable_policy(`named_write_master_zones',`
')
optional_policy(`
++ # needed by FreeIPA with DNS support
+ dirsrv_stream_connect(named_t)
++ ldap_stream_connect(named_t)
+')
+
+optional_policy(`
init_dbus_chat_script(named_t)
sysnet_dbus_chat_dhcpc(named_t)
-@@ -198,18 +218,18 @@ allow ndc_t self:process { fork signal_perms };
+@@ -198,18 +220,18 @@ allow ndc_t self:process { fork signal_perms };
allow ndc_t self:fifo_file rw_fifo_file_perms;
allow ndc_t self:unix_stream_socket { connect create_stream_socket_perms };
allow ndc_t self:tcp_socket create_socket_perms;
@@ -27206,7 +27212,7 @@ index 4deca04..fc86505 100644
kernel_read_kernel_sysctls(ndc_t)
corenet_all_recvfrom_unlabeled(ndc_t)
-@@ -228,6 +248,8 @@ files_search_pids(ndc_t)
+@@ -228,6 +250,8 @@ files_search_pids(ndc_t)
fs_getattr_xattr_fs(ndc_t)
@@ -27215,7 +27221,7 @@ index 4deca04..fc86505 100644
init_use_fds(ndc_t)
init_use_script_ptys(ndc_t)
-@@ -235,24 +257,13 @@ logging_send_syslog_msg(ndc_t)
+@@ -235,24 +259,13 @@ logging_send_syslog_msg(ndc_t)
miscfiles_read_localization(ndc_t)
@@ -30813,10 +30819,24 @@ index 0000000..e4d7098
+')
+
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
-index 74505cc..3824f02 100644
+index 74505cc..f510183 100644
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
-@@ -23,6 +23,7 @@ files_type(colord_var_lib_t)
+@@ -5,6 +5,13 @@ policy_module(colord, 1.0.0)
+ # Declarations
+ #
+
++## <desc>
++## <p>
++## Allow colord domain to connect to the network using TCP.
++## </p>
++## </desc>
++gen_tunable(colord_can_network_connect, false)
++
+ type colord_t;
+ type colord_exec_t;
+ dbus_system_domain(colord_t, colord_exec_t)
+@@ -23,9 +30,11 @@ files_type(colord_var_lib_t)
# colord local policy
#
allow colord_t self:capability { dac_read_search dac_override };
@@ -30824,7 +30844,11 @@ index 74505cc..3824f02 100644
allow colord_t self:process signal;
allow colord_t self:fifo_file rw_fifo_file_perms;
allow colord_t self:netlink_kobject_uevent_socket create_socket_perms;
-@@ -41,8 +42,13 @@ manage_dirs_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
++allow colord_t self:tcp_socket create_stream_socket_perms;
+ allow colord_t self:udp_socket create_socket_perms;
+ allow colord_t self:unix_dgram_socket create_socket_perms;
+
+@@ -41,8 +50,14 @@ manage_dirs_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
manage_files_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
files_var_lib_filetrans(colord_t, colord_var_lib_t, { file dir })
@@ -30836,10 +30860,11 @@ index 74505cc..3824f02 100644
+
+# reads *.ini files
+corecmd_exec_bin(colord_t)
++corecmd_exec_shell(colord_t)
corenet_all_recvfrom_unlabeled(colord_t)
corenet_all_recvfrom_netlabel(colord_t)
-@@ -50,6 +56,8 @@ corenet_udp_bind_generic_node(colord_t)
+@@ -50,6 +65,8 @@ corenet_udp_bind_generic_node(colord_t)
corenet_udp_bind_ipp_port(colord_t)
corenet_tcp_connect_ipp_port(colord_t)
@@ -30848,7 +30873,7 @@ index 74505cc..3824f02 100644
dev_read_video_dev(colord_t)
dev_write_video_dev(colord_t)
dev_rw_printer(colord_t)
-@@ -65,19 +73,30 @@ files_list_mnt(colord_t)
+@@ -65,19 +82,34 @@ files_list_mnt(colord_t)
files_read_etc_files(colord_t)
files_read_usr_files(colord_t)
@@ -30869,6 +30894,10 @@ index 74505cc..3824f02 100644
-sysnet_dns_name_resolve(colord_t)
+fs_getattr_tmpfs(colord_t)
+userdom_rw_user_tmpfs_files(colord_t)
++
++tunable_policy(`colord_can_network_connect',`
++ corenet_tcp_connect_all_ports(colord_t)
++')
tunable_policy(`use_nfs_home_dirs',`
+ fs_getattr_nfs(colord_t)
@@ -30880,7 +30909,7 @@ index 74505cc..3824f02 100644
fs_read_cifs_files(colord_t)
')
-@@ -89,6 +108,10 @@ optional_policy(`
+@@ -89,6 +121,10 @@ optional_policy(`
')
optional_policy(`
@@ -30891,7 +30920,7 @@ index 74505cc..3824f02 100644
policykit_dbus_chat(colord_t)
policykit_domtrans_auth(colord_t)
policykit_read_lib(colord_t)
-@@ -96,5 +119,16 @@ optional_policy(`
+@@ -96,5 +132,16 @@ optional_policy(`
')
optional_policy(`
@@ -35835,7 +35864,7 @@ index 9bd812b..982c0ea 100644
+ dnsmasq_systemctl($1)
')
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
-index fdaeeba..8542225 100644
+index fdaeeba..b1ea136 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -24,6 +24,9 @@ logging_log_file(dnsmasq_var_log_t)
@@ -35848,7 +35877,7 @@ index fdaeeba..8542225 100644
########################################
#
# Local policy
-@@ -48,11 +51,13 @@ files_var_lib_filetrans(dnsmasq_t, dnsmasq_lease_t, file)
+@@ -48,11 +51,14 @@ files_var_lib_filetrans(dnsmasq_t, dnsmasq_lease_t, file)
manage_files_pattern(dnsmasq_t, dnsmasq_var_log_t, dnsmasq_var_log_t)
logging_log_filetrans(dnsmasq_t, dnsmasq_var_log_t, file)
@@ -35859,11 +35888,12 @@ index fdaeeba..8542225 100644
kernel_read_kernel_sysctls(dnsmasq_t)
kernel_read_system_state(dnsmasq_t)
++kernel_read_network_state(dnsmasq_t)
+kernel_request_load_module(dnsmasq_t)
corenet_all_recvfrom_unlabeled(dnsmasq_t)
corenet_all_recvfrom_netlabel(dnsmasq_t)
-@@ -88,6 +93,8 @@ logging_send_syslog_msg(dnsmasq_t)
+@@ -88,6 +94,8 @@ logging_send_syslog_msg(dnsmasq_t)
miscfiles_read_localization(dnsmasq_t)
@@ -35872,7 +35902,7 @@ index fdaeeba..8542225 100644
userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
-@@ -96,7 +103,20 @@ optional_policy(`
+@@ -96,7 +104,20 @@ optional_policy(`
')
optional_policy(`
@@ -35893,7 +35923,7 @@ index fdaeeba..8542225 100644
')
optional_policy(`
-@@ -114,4 +134,5 @@ optional_policy(`
+@@ -114,4 +135,5 @@ optional_policy(`
optional_policy(`
virt_manage_lib_files(dnsmasq_t)
virt_read_pid_files(dnsmasq_t)
@@ -51998,7 +52028,7 @@ index 2855a44..58bb459 100644
+ allow $1 puppet_var_run_t:dir search_dir_perms;
+')
diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
-index 64c5f95..8168c62 100644
+index 64c5f95..cc8c6d6 100644
--- a/policy/modules/services/puppet.te
+++ b/policy/modules/services/puppet.te
@@ -6,12 +6,19 @@ policy_module(puppet, 1.0.0)
@@ -52169,7 +52199,7 @@ index 64c5f95..8168c62 100644
#
allow puppetmaster_t self:capability { dac_read_search dac_override setuid setgid fowner chown fsetid sys_tty_config };
-@@ -171,29 +255,35 @@ allow puppetmaster_t self:fifo_file rw_fifo_file_perms;
+@@ -171,29 +255,36 @@ allow puppetmaster_t self:fifo_file rw_fifo_file_perms;
allow puppetmaster_t self:netlink_route_socket create_netlink_socket_perms;
allow puppetmaster_t self:socket create;
allow puppetmaster_t self:tcp_socket create_stream_socket_perms;
@@ -52202,13 +52232,14 @@ index 64c5f95..8168c62 100644
+allow puppetmaster_t puppet_tmp_t:dir relabel_dir_perms;
kernel_dontaudit_search_kernel_sysctl(puppetmaster_t)
++kernel_read_network_state(puppetmaster_t)
kernel_read_system_state(puppetmaster_t)
kernel_read_crypto_sysctls(puppetmaster_t)
+kernel_read_kernel_sysctls(puppetmaster_t)
corecmd_exec_bin(puppetmaster_t)
corecmd_exec_shell(puppetmaster_t)
-@@ -206,21 +296,46 @@ corenet_tcp_bind_generic_node(puppetmaster_t)
+@@ -206,21 +297,46 @@ corenet_tcp_bind_generic_node(puppetmaster_t)
corenet_tcp_bind_puppet_port(puppetmaster_t)
corenet_sendrecv_puppet_server_packets(puppetmaster_t)
@@ -52258,7 +52289,7 @@ index 64c5f95..8168c62 100644
optional_policy(`
hostname_exec(puppetmaster_t)
')
-@@ -231,3 +346,9 @@ optional_policy(`
+@@ -231,3 +347,9 @@ optional_policy(`
rpm_exec(puppetmaster_t)
rpm_read_db(puppetmaster_t)
')
@@ -56585,7 +56616,7 @@ index 82cb169..0a29f68 100644
+ samba_systemctl($1)
')
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
-index e30bb63..66881fa 100644
+index e30bb63..4290ecd 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -85,6 +85,9 @@ files_config_file(samba_etc_t)
@@ -56900,7 +56931,22 @@ index e30bb63..66881fa 100644
corenet_tcp_connect_epmap_port(winbind_t)
corenet_tcp_connect_all_unreserved_ports(winbind_t)
-@@ -863,6 +887,12 @@ userdom_manage_user_home_content_pipes(winbind_t)
+@@ -850,10 +874,14 @@ domain_use_interactive_fds(winbind_t)
+
+ files_read_etc_files(winbind_t)
+ files_read_usr_symlinks(winbind_t)
++files_list_var_lib(winbind_t)
+
+ logging_send_syslog_msg(winbind_t)
+
+ miscfiles_read_localization(winbind_t)
++miscfiles_read_generic_certs(winbind_t)
++
++sysnet_use_ldap(winbind_t)
+
+ userdom_dontaudit_use_unpriv_user_fds(winbind_t)
+ userdom_manage_user_home_content_dirs(winbind_t)
+@@ -863,6 +891,12 @@ userdom_manage_user_home_content_pipes(winbind_t)
userdom_manage_user_home_content_sockets(winbind_t)
userdom_user_home_dir_filetrans_user_home_content(winbind_t, { dir file lnk_file fifo_file sock_file })
@@ -56913,7 +56959,7 @@ index e30bb63..66881fa 100644
optional_policy(`
kerberos_use(winbind_t)
')
-@@ -904,7 +934,7 @@ logging_send_syslog_msg(winbind_helper_t)
+@@ -904,7 +938,7 @@ logging_send_syslog_msg(winbind_helper_t)
miscfiles_read_localization(winbind_helper_t)
@@ -56922,7 +56968,7 @@ index e30bb63..66881fa 100644
optional_policy(`
apache_append_log(winbind_helper_t)
-@@ -922,6 +952,18 @@ optional_policy(`
+@@ -922,6 +956,18 @@ optional_policy(`
#
optional_policy(`
@@ -56941,7 +56987,7 @@ index e30bb63..66881fa 100644
type samba_unconfined_script_t;
type samba_unconfined_script_exec_t;
domain_type(samba_unconfined_script_t)
-@@ -932,9 +974,12 @@ optional_policy(`
+@@ -932,9 +978,12 @@ optional_policy(`
allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
allow smbd_t samba_unconfined_script_exec_t:file ioctl;
@@ -57233,7 +57279,7 @@ index f1aea88..a5a75a8 100644
admin_pattern($1, saslauthd_var_run_t)
')
diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te
-index cfc60dd..791c5b3 100644
+index cfc60dd..71d76cf 100644
--- a/policy/modules/services/sasl.te
+++ b/policy/modules/services/sasl.te
@@ -19,9 +19,6 @@ init_daemon_domain(saslauthd_t, saslauthd_exec_t)
@@ -57270,7 +57316,15 @@ index cfc60dd..791c5b3 100644
corenet_all_recvfrom_unlabeled(saslauthd_t)
corenet_all_recvfrom_netlabel(saslauthd_t)
-@@ -94,6 +94,7 @@ tunable_policy(`allow_saslauthd_read_shadow',`
+@@ -55,6 +55,7 @@ corenet_tcp_sendrecv_generic_if(saslauthd_t)
+ corenet_tcp_sendrecv_generic_node(saslauthd_t)
+ corenet_tcp_sendrecv_all_ports(saslauthd_t)
+ corenet_tcp_connect_pop_port(saslauthd_t)
++corenet_tcp_connect_zarafa_port(saslauthd_t)
+ corenet_sendrecv_pop_client_packets(saslauthd_t)
+
+ dev_read_urand(saslauthd_t)
+@@ -94,6 +95,7 @@ tunable_policy(`allow_saslauthd_read_shadow',`
optional_policy(`
kerberos_keytab_template(saslauthd, saslauthd_t)
@@ -58444,7 +58498,7 @@ index c954f31..c7cadcb 100644
+ admin_pattern($1, spamd_var_run_t)
')
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
-index ec1eb1e..df88282 100644
+index ec1eb1e..1c3a4bb 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -6,56 +6,101 @@ policy_module(spamassassin, 2.4.0)
@@ -58853,7 +58907,15 @@ index ec1eb1e..df88282 100644
')
optional_policy(`
-@@ -451,3 +562,51 @@ optional_policy(`
+@@ -444,6 +555,7 @@ optional_policy(`
+ ')
+
+ optional_policy(`
++ mta_send_mail(spamd_t)
+ sendmail_stub(spamd_t)
+ mta_read_config(spamd_t)
+ ')
+@@ -451,3 +563,51 @@ optional_policy(`
optional_policy(`
udev_read_db(spamd_t)
')
@@ -59013,21 +59075,22 @@ index 4b2230e..950e65a 100644
+ kerberos_manage_host_rcache(squid_t)
+')
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
-index 078bcd7..2d60774 100644
+index 078bcd7..84d29ee 100644
--- a/policy/modules/services/ssh.fc
+++ b/policy/modules/services/ssh.fc
-@@ -1,4 +1,10 @@
+@@ -1,4 +1,11 @@
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
+
+/var/lib/amanda/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
-+/var/lib/gitolite/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
++/var/lib/gitolite/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
++/var/lib/nocpulse/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+
+/etc/rc\.d/init\.d/sshd -- gen_context(system_u:object_r:sshd_initrc_exec_t,s0)
/etc/ssh/primes -- gen_context(system_u:object_r:sshd_key_t,s0)
/etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0)
-@@ -14,3 +20,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+@@ -14,3 +21,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
@@ -70291,9 +70354,9 @@ index 808ba93..4ff705d 100644
+ ')
+
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.cache")
-+ #files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.cache~")
++ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.cache~")
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload")
-+ #files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
++ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
+')
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index e5836d3..eae9427 100644
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 40f4ad3..9fbbed1 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 58%{?dist}
+Release: 59%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,19 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Thu Nov 24 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-59
+- Allow spamd to send mail
+- Add ssh_home_t label for /var/lib/nocpulse/.ssh
+- Allow puppetmaster to read network state
+- Add colord_can_network_connect boolean
+- Allow colord to execute shell
+- Add bin_t label for "/usr/lib/iscan/network"
+- Allow chrome-sandbox ptrace
+- winbind needs to be able to talk to ldap directly, not through sssd
+- saslauthd_t needs to connect to zarafa_port_t
+- dnsmasq wants to read proc_net_t
+- Add full DNS support for FreeIPA
+
* Mon Nov 21 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-58
- Allow mcelog_t to create dir and file in /var/run and label it correctly
- Allow dbus to manage fusefs
More information about the scm-commits
mailing list