[selinux-policy/f17] * Wed Aug 8 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-145 - Allow Chrome_ChildIO to read dosfs_
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Aug 8 10:59:54 UTC 2012
commit 822e42e0376955d68bc164f4c41b8449d53e9633
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Aug 8 12:58:52 2012 +0200
* Wed Aug 8 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-145
- Allow Chrome_ChildIO to read dosfs_t
- Fix svirt to be allowed to use fusefs file system
- Sanlock needs to send Kill Signals to non root process
- Allow sendmail to read/write postfix_delivery_t
policy-F16.patch | 151 ++++++++++++++++++++++++++++++++-------------------
selinux-policy.spec | 8 +++-
2 files changed, 101 insertions(+), 58 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index fa8fb12..b7ad125 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -68155,10 +68155,10 @@ index 0000000..efebae7
+')
diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
new file mode 100644
-index 0000000..da7bbf7
+index 0000000..b4247ae
--- /dev/null
+++ b/policy/modules/apps/chrome.te
-@@ -0,0 +1,184 @@
+@@ -0,0 +1,185 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -68211,6 +68211,7 @@ index 0000000..da7bbf7
+
+fs_manage_cgroup_dirs(chrome_sandbox_t)
+fs_manage_cgroup_files(chrome_sandbox_t)
++fs_read_dos_files(chrome_sandbox_t)
+
+corecmd_exec_bin(chrome_sandbox_t)
+
@@ -83827,7 +83828,7 @@ index cda5588..91d1e25 100644
+/usr/lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
+/usr/lib/udev/devices/shm/.* <<none>>
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
-index 97fcdac..c812a81 100644
+index 97fcdac..41e214d 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -631,6 +631,27 @@ interface(`fs_getattr_cgroup',`
@@ -84153,7 +84154,7 @@ index 97fcdac..c812a81 100644
+#
+interface(`fs_search_ecryptfs',`
+ gen_require(`
-+ type fusefs_t;
++ type ecryptfs_t;
+ ')
+
+ allow $1 ecryptfs_t:dir search_dir_perms;
@@ -84271,7 +84272,7 @@ index 97fcdac..c812a81 100644
+#
+interface(`fs_manage_ecryptfs_symlinks',`
+ gen_require(`
-+ type fusefs_t;
++ type ecryptfs_t;
+ ')
+
+ manage_lnk_files_pattern($1, ecryptfs_t, ecryptfs_t)
@@ -84324,7 +84325,33 @@ index 97fcdac..c812a81 100644
########################################
## <summary>
## Mount a FUSE filesystem.
-@@ -2006,21 +2368,83 @@ interface(`fs_dontaudit_manage_fusefs_files',`
+@@ -1811,6 +2173,25 @@ interface(`fs_mount_fusefs',`
+ allow $1 fusefs_t:filesystem mount;
+ ')
+
++#######################################
++## <summary>
++## Get the attributes of a FUSEFS filesystem.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`fs_getattr_fusefs',`
++ gen_require(`
++ type fusefs_t;
++ ')
++
++ allow $1 fusefs_t:filesystem getattr;
++')
++
+ ########################################
+ ## <summary>
+ ## Unmount a FUSE filesystem.
+@@ -2006,21 +2387,83 @@ interface(`fs_dontaudit_manage_fusefs_files',`
########################################
## <summary>
@@ -84413,7 +84440,7 @@ index 97fcdac..c812a81 100644
')
########################################
-@@ -2080,6 +2504,24 @@ interface(`fs_manage_hugetlbfs_dirs',`
+@@ -2080,6 +2523,24 @@ interface(`fs_manage_hugetlbfs_dirs',`
########################################
## <summary>
@@ -84438,7 +84465,7 @@ index 97fcdac..c812a81 100644
## Read and write hugetlbfs files.
## </summary>
## <param name="domain">
-@@ -2148,11 +2590,12 @@ interface(`fs_list_inotifyfs',`
+@@ -2148,11 +2609,12 @@ interface(`fs_list_inotifyfs',`
')
allow $1 inotifyfs_t:dir list_dir_perms;
@@ -84452,7 +84479,7 @@ index 97fcdac..c812a81 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -2480,6 +2923,7 @@ interface(`fs_read_nfs_files',`
+@@ -2480,6 +2942,7 @@ interface(`fs_read_nfs_files',`
type nfs_t;
')
@@ -84460,7 +84487,7 @@ index 97fcdac..c812a81 100644
allow $1 nfs_t:dir list_dir_perms;
read_files_pattern($1, nfs_t, nfs_t)
')
-@@ -2518,6 +2962,7 @@ interface(`fs_write_nfs_files',`
+@@ -2518,6 +2981,7 @@ interface(`fs_write_nfs_files',`
type nfs_t;
')
@@ -84468,7 +84495,7 @@ index 97fcdac..c812a81 100644
allow $1 nfs_t:dir list_dir_perms;
write_files_pattern($1, nfs_t, nfs_t)
')
-@@ -2544,6 +2989,25 @@ interface(`fs_exec_nfs_files',`
+@@ -2544,6 +3008,25 @@ interface(`fs_exec_nfs_files',`
########################################
## <summary>
@@ -84494,7 +84521,7 @@ index 97fcdac..c812a81 100644
## Append files
## on a NFS filesystem.
## </summary>
-@@ -2564,7 +3028,7 @@ interface(`fs_append_nfs_files',`
+@@ -2564,7 +3047,7 @@ interface(`fs_append_nfs_files',`
########################################
## <summary>
@@ -84503,7 +84530,7 @@ index 97fcdac..c812a81 100644
## on a NFS filesystem.
## </summary>
## <param name="domain">
-@@ -2584,6 +3048,42 @@ interface(`fs_dontaudit_append_nfs_files',`
+@@ -2584,6 +3067,42 @@ interface(`fs_dontaudit_append_nfs_files',`
########################################
## <summary>
@@ -84546,7 +84573,7 @@ index 97fcdac..c812a81 100644
## Do not audit attempts to read or
## write files on a NFS filesystem.
## </summary>
-@@ -2598,7 +3098,7 @@ interface(`fs_dontaudit_rw_nfs_files',`
+@@ -2598,7 +3117,7 @@ interface(`fs_dontaudit_rw_nfs_files',`
type nfs_t;
')
@@ -84555,7 +84582,7 @@ index 97fcdac..c812a81 100644
')
########################################
-@@ -2622,7 +3122,7 @@ interface(`fs_read_nfs_symlinks',`
+@@ -2622,7 +3141,7 @@ interface(`fs_read_nfs_symlinks',`
########################################
## <summary>
@@ -84564,7 +84591,7 @@ index 97fcdac..c812a81 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -2736,7 +3236,7 @@ interface(`fs_search_removable',`
+@@ -2736,7 +3255,7 @@ interface(`fs_search_removable',`
## </summary>
## <param name="domain">
## <summary>
@@ -84573,7 +84600,7 @@ index 97fcdac..c812a81 100644
## </summary>
## </param>
#
-@@ -2772,7 +3272,7 @@ interface(`fs_read_removable_files',`
+@@ -2772,7 +3291,7 @@ interface(`fs_read_removable_files',`
## </summary>
## <param name="domain">
## <summary>
@@ -84582,7 +84609,7 @@ index 97fcdac..c812a81 100644
## </summary>
## </param>
#
-@@ -2965,6 +3465,7 @@ interface(`fs_manage_nfs_dirs',`
+@@ -2965,6 +3484,7 @@ interface(`fs_manage_nfs_dirs',`
type nfs_t;
')
@@ -84590,7 +84617,7 @@ index 97fcdac..c812a81 100644
allow $1 nfs_t:dir manage_dir_perms;
')
-@@ -3005,6 +3506,7 @@ interface(`fs_manage_nfs_files',`
+@@ -3005,6 +3525,7 @@ interface(`fs_manage_nfs_files',`
type nfs_t;
')
@@ -84598,7 +84625,7 @@ index 97fcdac..c812a81 100644
manage_files_pattern($1, nfs_t, nfs_t)
')
-@@ -3045,6 +3547,7 @@ interface(`fs_manage_nfs_symlinks',`
+@@ -3045,6 +3566,7 @@ interface(`fs_manage_nfs_symlinks',`
type nfs_t;
')
@@ -84606,7 +84633,7 @@ index 97fcdac..c812a81 100644
manage_lnk_files_pattern($1, nfs_t, nfs_t)
')
-@@ -3258,6 +3761,24 @@ interface(`fs_getattr_nfsd_files',`
+@@ -3258,6 +3780,24 @@ interface(`fs_getattr_nfsd_files',`
getattr_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
')
@@ -84631,7 +84658,7 @@ index 97fcdac..c812a81 100644
########################################
## <summary>
## Read and write NFS server files.
-@@ -3278,6 +3799,24 @@ interface(`fs_rw_nfsd_fs',`
+@@ -3278,6 +3818,24 @@ interface(`fs_rw_nfsd_fs',`
########################################
## <summary>
@@ -84656,7 +84683,7 @@ index 97fcdac..c812a81 100644
## Allow the type to associate to ramfs filesystems.
## </summary>
## <param name="type">
-@@ -3387,7 +3926,7 @@ interface(`fs_search_ramfs',`
+@@ -3387,7 +3945,7 @@ interface(`fs_search_ramfs',`
########################################
## <summary>
@@ -84665,7 +84692,7 @@ index 97fcdac..c812a81 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -3424,7 +3963,7 @@ interface(`fs_manage_ramfs_dirs',`
+@@ -3424,7 +3982,7 @@ interface(`fs_manage_ramfs_dirs',`
########################################
## <summary>
@@ -84674,7 +84701,7 @@ index 97fcdac..c812a81 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -3442,7 +3981,7 @@ interface(`fs_dontaudit_read_ramfs_files',`
+@@ -3442,7 +4000,7 @@ interface(`fs_dontaudit_read_ramfs_files',`
########################################
## <summary>
@@ -84683,7 +84710,7 @@ index 97fcdac..c812a81 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -3810,6 +4349,24 @@ interface(`fs_unmount_tmpfs',`
+@@ -3810,6 +4368,24 @@ interface(`fs_unmount_tmpfs',`
########################################
## <summary>
@@ -84708,7 +84735,7 @@ index 97fcdac..c812a81 100644
## Get the attributes of a tmpfs
## filesystem.
## </summary>
-@@ -3958,6 +4515,42 @@ interface(`fs_dontaudit_list_tmpfs',`
+@@ -3958,6 +4534,42 @@ interface(`fs_dontaudit_list_tmpfs',`
########################################
## <summary>
@@ -84751,7 +84778,7 @@ index 97fcdac..c812a81 100644
## Create, read, write, and delete
## tmpfs directories
## </summary>
-@@ -4059,7 +4652,7 @@ interface(`fs_dontaudit_rw_tmpfs_files',`
+@@ -4059,7 +4671,7 @@ interface(`fs_dontaudit_rw_tmpfs_files',`
type tmpfs_t;
')
@@ -84760,7 +84787,7 @@ index 97fcdac..c812a81 100644
')
########################################
-@@ -4119,6 +4712,24 @@ interface(`fs_rw_tmpfs_files',`
+@@ -4119,6 +4731,24 @@ interface(`fs_rw_tmpfs_files',`
########################################
## <summary>
@@ -84785,7 +84812,7 @@ index 97fcdac..c812a81 100644
## Read tmpfs link files.
## </summary>
## <param name="domain">
-@@ -4156,7 +4767,7 @@ interface(`fs_rw_tmpfs_chr_files',`
+@@ -4156,7 +4786,7 @@ interface(`fs_rw_tmpfs_chr_files',`
########################################
## <summary>
@@ -84794,7 +84821,7 @@ index 97fcdac..c812a81 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -4175,6 +4786,42 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
+@@ -4175,6 +4805,42 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
########################################
## <summary>
@@ -84837,7 +84864,7 @@ index 97fcdac..c812a81 100644
## Relabel character nodes on tmpfs filesystems.
## </summary>
## <param name="domain">
-@@ -4232,6 +4879,24 @@ interface(`fs_relabel_tmpfs_blk_file',`
+@@ -4232,6 +4898,24 @@ interface(`fs_relabel_tmpfs_blk_file',`
########################################
## <summary>
@@ -84862,7 +84889,7 @@ index 97fcdac..c812a81 100644
## Read and write, create and delete generic
## files on tmpfs filesystems.
## </summary>
-@@ -4251,6 +4916,25 @@ interface(`fs_manage_tmpfs_files',`
+@@ -4251,6 +4935,25 @@ interface(`fs_manage_tmpfs_files',`
########################################
## <summary>
@@ -84888,7 +84915,7 @@ index 97fcdac..c812a81 100644
## Read and write, create and delete symbolic
## links on tmpfs filesystems.
## </summary>
-@@ -4457,6 +5141,8 @@ interface(`fs_mount_all_fs',`
+@@ -4457,6 +5160,8 @@ interface(`fs_mount_all_fs',`
')
allow $1 filesystem_type:filesystem mount;
@@ -84897,7 +84924,7 @@ index 97fcdac..c812a81 100644
')
########################################
-@@ -4503,7 +5189,7 @@ interface(`fs_unmount_all_fs',`
+@@ -4503,7 +5208,7 @@ interface(`fs_unmount_all_fs',`
## <desc>
## <p>
## Allow the specified domain to
@@ -84906,7 +84933,7 @@ index 97fcdac..c812a81 100644
## Example attributes:
## </p>
## <ul>
-@@ -4866,3 +5552,24 @@ interface(`fs_unconfined',`
+@@ -4866,3 +5571,24 @@ interface(`fs_unconfined',`
typeattribute $1 filesystem_unconfined_type;
')
@@ -132880,7 +132907,7 @@ index 0000000..3eb745d
+')
diff --git a/policy/modules/services/sanlock.te b/policy/modules/services/sanlock.te
new file mode 100644
-index 0000000..a535b8c
+index 0000000..e218f7a
--- /dev/null
+++ b/policy/modules/services/sanlock.te
@@ -0,0 +1,103 @@
@@ -132930,7 +132957,7 @@ index 0000000..a535b8c
+#
+# sanlock local policy
+#
-+allow sanlock_t self:capability { chown dac_override ipc_lock setgid setuid sys_nice sys_resource };
++allow sanlock_t self:capability { chown dac_override ipc_lock kill setgid setuid sys_nice sys_resource };
+allow sanlock_t self:process { setrlimit setsched signull signal sigkill };
+
+allow sanlock_t self:fifo_file rw_fifo_file_perms;
@@ -140032,7 +140059,7 @@ index 7c5d8d8..6fc6ad4 100644
+ files_pid_filetrans($1, virt_lxc_var_run_t, dir, "libvirt-sandbox")
')
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
-index 3eca020..4ca7290 100644
+index 3eca020..b1da265 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -1,60 +1,91 @@
@@ -140255,7 +140282,17 @@ index 3eca020..4ca7290 100644
tunable_policy(`virt_use_comm',`
term_use_unallocated_ttys(svirt_t)
-@@ -147,11 +228,17 @@ tunable_policy(`virt_use_fusefs',`
+@@ -140,18 +221,26 @@ tunable_policy(`virt_use_comm',`
+ ')
+
+ tunable_policy(`virt_use_fusefs',`
+- fs_read_fusefs_files(svirt_t)
++ fs_manage_fusefs_dirs(svirt_t)
++ fs_manage_fusefs_files(svirt_t)
+ fs_read_fusefs_symlinks(svirt_t)
++ fs_getattr_fusefs(svirt_t)
+ ')
+
tunable_policy(`virt_use_nfs',`
fs_manage_nfs_dirs(svirt_t)
fs_manage_nfs_files(svirt_t)
@@ -140273,7 +140310,7 @@ index 3eca020..4ca7290 100644
')
tunable_policy(`virt_use_sysfs',`
-@@ -160,11 +247,28 @@ tunable_policy(`virt_use_sysfs',`
+@@ -160,11 +249,28 @@ tunable_policy(`virt_use_sysfs',`
tunable_policy(`virt_use_usb',`
dev_rw_usbfs(svirt_t)
@@ -140302,7 +140339,7 @@ index 3eca020..4ca7290 100644
xen_rw_image_files(svirt_t)
')
-@@ -173,22 +277,41 @@ optional_policy(`
+@@ -173,22 +279,41 @@ optional_policy(`
# virtd local policy
#
@@ -140351,7 +140388,7 @@ index 3eca020..4ca7290 100644
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-@@ -199,9 +322,18 @@ manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
+@@ -199,9 +324,18 @@ manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
@@ -140372,7 +140409,7 @@ index 3eca020..4ca7290 100644
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -217,9 +349,15 @@ manage_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
+@@ -217,9 +351,15 @@ manage_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
manage_sock_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
files_pid_filetrans(virtd_t, virt_var_run_t, { file dir })
@@ -140388,7 +140425,7 @@ index 3eca020..4ca7290 100644
kernel_request_load_module(virtd_t)
kernel_search_debugfs(virtd_t)
-@@ -239,22 +377,32 @@ corenet_tcp_connect_soundd_port(virtd_t)
+@@ -239,22 +379,32 @@ corenet_tcp_connect_soundd_port(virtd_t)
corenet_rw_tun_tap_dev(virtd_t)
dev_rw_sysfs(virtd_t)
@@ -140422,7 +140459,7 @@ index 3eca020..4ca7290 100644
fs_list_auto_mountpoints(virtd_t)
fs_getattr_xattr_fs(virtd_t)
-@@ -262,6 +410,18 @@ fs_rw_anon_inodefs_files(virtd_t)
+@@ -262,6 +412,18 @@ fs_rw_anon_inodefs_files(virtd_t)
fs_list_inotifyfs(virtd_t)
fs_manage_cgroup_dirs(virtd_t)
fs_rw_cgroup_files(virtd_t)
@@ -140441,7 +140478,7 @@ index 3eca020..4ca7290 100644
mcs_process_set_categories(virtd_t)
-@@ -276,6 +436,8 @@ term_use_ptmx(virtd_t)
+@@ -276,6 +438,8 @@ term_use_ptmx(virtd_t)
auth_use_nsswitch(virtd_t)
@@ -140450,7 +140487,7 @@ index 3eca020..4ca7290 100644
miscfiles_read_localization(virtd_t)
miscfiles_read_generic_certs(virtd_t)
miscfiles_read_hwdata(virtd_t)
-@@ -285,16 +447,32 @@ modutils_read_module_config(virtd_t)
+@@ -285,16 +449,32 @@ modutils_read_module_config(virtd_t)
modutils_manage_module_config(virtd_t)
logging_send_syslog_msg(virtd_t)
@@ -140483,7 +140520,7 @@ index 3eca020..4ca7290 100644
tunable_policy(`virt_use_nfs',`
fs_manage_nfs_dirs(virtd_t)
-@@ -313,6 +491,10 @@ optional_policy(`
+@@ -313,6 +493,10 @@ optional_policy(`
')
optional_policy(`
@@ -140494,7 +140531,7 @@ index 3eca020..4ca7290 100644
dbus_system_bus_client(virtd_t)
optional_policy(`
-@@ -326,19 +508,30 @@ optional_policy(`
+@@ -326,19 +510,30 @@ optional_policy(`
optional_policy(`
hal_dbus_chat(virtd_t)
')
@@ -140526,7 +140563,7 @@ index 3eca020..4ca7290 100644
# Manages /etc/sysconfig/system-config-firewall
iptables_manage_config(virtd_t)
-@@ -353,6 +546,12 @@ optional_policy(`
+@@ -353,6 +548,12 @@ optional_policy(`
')
optional_policy(`
@@ -140539,7 +140576,7 @@ index 3eca020..4ca7290 100644
policykit_dbus_chat(virtd_t)
policykit_domtrans_auth(virtd_t)
policykit_domtrans_resolve(virtd_t)
-@@ -360,11 +559,11 @@ optional_policy(`
+@@ -360,11 +561,11 @@ optional_policy(`
')
optional_policy(`
@@ -140556,7 +140593,7 @@ index 3eca020..4ca7290 100644
')
optional_policy(`
-@@ -375,6 +574,7 @@ optional_policy(`
+@@ -375,6 +576,7 @@ optional_policy(`
kernel_read_xen_state(virtd_t)
kernel_write_xen_state(virtd_t)
@@ -140564,7 +140601,7 @@ index 3eca020..4ca7290 100644
xen_stream_connect(virtd_t)
xen_stream_connect_xenstore(virtd_t)
xen_read_image_files(virtd_t)
-@@ -394,20 +594,36 @@ optional_policy(`
+@@ -394,20 +596,36 @@ optional_policy(`
# virtual domains common policy
#
@@ -140604,7 +140641,7 @@ index 3eca020..4ca7290 100644
corecmd_exec_bin(virt_domain)
corecmd_exec_shell(virt_domain)
-@@ -418,10 +634,12 @@ corenet_tcp_sendrecv_generic_node(virt_domain)
+@@ -418,10 +636,12 @@ corenet_tcp_sendrecv_generic_node(virt_domain)
corenet_tcp_sendrecv_all_ports(virt_domain)
corenet_tcp_bind_generic_node(virt_domain)
corenet_tcp_bind_vnc_port(virt_domain)
@@ -140618,7 +140655,7 @@ index 3eca020..4ca7290 100644
dev_read_rand(virt_domain)
dev_read_sound(virt_domain)
dev_read_urand(virt_domain)
-@@ -429,10 +647,12 @@ dev_write_sound(virt_domain)
+@@ -429,10 +649,12 @@ dev_write_sound(virt_domain)
dev_rw_ksm(virt_domain)
dev_rw_kvm(virt_domain)
dev_rw_qemu(virt_domain)
@@ -140631,7 +140668,7 @@ index 3eca020..4ca7290 100644
files_read_usr_files(virt_domain)
files_read_var_files(virt_domain)
files_search_all(virt_domain)
-@@ -440,25 +660,435 @@ files_search_all(virt_domain)
+@@ -440,25 +662,435 @@ files_search_all(virt_domain)
fs_getattr_tmpfs(virt_domain)
fs_rw_anon_inodefs_files(virt_domain)
fs_rw_tmpfs_files(virt_domain)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 258a48d..f3fd5d8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 144%{?dist}
+Release: 145%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -479,6 +479,12 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Aug 8 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-145
+- Allow Chrome_ChildIO to read dosfs_t
+- Fix svirt to be allowed to use fusefs file system
+- Sanlock needs to send Kill Signals to non root process
+- Allow sendmail to read/write postfix_delivery_t
+
* Mon Aug 6 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-144
- Allow sendmail to read/write postfix_delivery_t
- Update sanlock policy to solve all AVC's
More information about the scm-commits
mailing list