[selinux-policy] selinux_set_enforce_mode needs to be used with type

Daniel J Walsh dwalsh at fedoraproject.org
Fri Aug 9 10:07:37 UTC 2013 

commit b6a163f4efd5ad4eaf9aa82408b4d0b337ab72f0
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Aug 9 06:07:28 2013 -0400

    selinux_set_enforce_mode needs to be used with type
    
    - Add append to the dontaudit for unix_stream_socket of xdm_t leak
    - Allow xdm_t to create symlinks in log direcotries
    - Allow login programs to read afs config
    - Label 10933 as a pop port, for dovecot
    - New policy to allow selinux_server.py to run as semanage_t as a dbus service
    - Add fixes to make netlabelctl working on MLS
    - AVC's required for running sepolicy gui as staff_t
    - Dontaudit attempts to read symlinks, sepolicy gui is likely to cause this type of AVC
    - New dbus server to be used with new gui
    - After modifying some files in /etc/mail, I saw this needed on the next boot
    - Loading a vm from /usr/tmp with virt-manager
    - Clean up oracleasm policy for Fedora
    - Add oracleasm policy written by rlopez at redhat.com
    - Make postfix_postdrop_t as mta_agent to allow domtrans to system mail if it is executed by apache
    - Add label for /var/crash
    - Allow fenced to domtrans to sanclok_t
    - Allow nagios to manage nagios spool files
    - Make tfptd as home_manager
    - Allow kdump to read kcore on MLS system
    - Allow mysqld-safe sys_nice/sys_resource caps
    - Allow apache to search automount tmp dirs if http_use_nfs is enabled
    - Allow crond to transition to named_t, for use with unbound
    - Allow crond to look at named_conf_t, for unbound
    - Allow mozilla_plugin_t to transition its home content
    - Allow dovecot_domain to read all system and network state
    - Allow httpd_user_script_t to call getpw
    - Allow semanage to read pid files
    - Dontaudit leaked file descriptors from user domain into thumb
    - Make PAM authentication working if it is enabled in ejabberd
    - Add fixes for rabbit to fix ##992920,#992931
    - Allow glusterd to mount filesystems
    - Loading a vm from /usr/tmp with virt-manager
    - Trying to load a VM I got an AVC from devicekit_disk for loopcontrol device
    - Add fix for pand service
    - shorewall touches own log
    - Allow nrpe to list /var
    - Mozilla_plugin_roles can not be passed into lpd_run_lpr
    - Allow afs domains to read afs_config files
    - Allow login programs to read afs config
    - Allow virt_domain to read virt_var_run_t symlinks
    - Allow smokeping to send its process signals
    - Allow fetchmail to setuid
    - Add kdump_manage_crash() interface
    - Allow abrt domain to write abrt.socket

 selinux-policy.spec |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 99833ee..ecb46a9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -14,7 +14,7 @@
 %define BUILD_MLS 1
 %endif
 %define POLICYVER 29
-%define POLICYCOREUTILSVER 2.1.14-12
+%define POLICYCOREUTILSVER 2.1.14-74
 %define CHECKPOLICYVER 2.1.12-3
 Summary: SELinux policy configuration
 Name: selinux-policy

More information about the scm-commits mailing list