[selinux-policy] Add interface to dontaudit getattr access on sysctls
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Jul 24 19:56:43 UTC 2012
commit 26761212674615c14295fdd52991dfe1e95e4c9a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jul 24 15:56:40 2012 -0400
Add interface to dontaudit getattr access on sysctls
- Allow sshd to execute /bin/login
- Looks like xdm is recreating the xdm directory in ~/.cache/ on login
- Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jounald
- Fix semanage to work with unconfined domain disabled on F18
- Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls
- Virt seems to be using lock files
- Dovecot seems to be searching directories of every mountpoint
- Allow jockey to read random/urandom, execute shell and install third-party drivers
- Add aditional params to allow cachedfiles to manage its content
- gpg agent needs to read /dev/random
- The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd wants to read and write
- Add a bunch of dontaudit rules to quiet svirt_lxc domains
- Additional perms needed to run svirt_lxc domains
- Allow cgclear to read cgconfig
- Allow sys_ptrace capability for snmp
- Allow freshclam to read /proc
- Allow procmail to manage /home/user/Maildir content
- Allow NM to execute wpa_cli
- Allow amavis to read clamd system state
- Regenerate man pages
selinux-policy.spec | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3fea886..69aa863 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -15,7 +15,7 @@
%endif
%define POLICYVER 27
%define POLICYCOREUTILSVER 2.1.9-4
-%define CHECKPOLICYVER 2.1.9-4
+%define CHECKPOLICYVER 2.1.10-3
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.11.0
More information about the scm-commits
mailing list