-
Wed Oct 31 2018 EL Errata <el-errata_ww@oracle.com> - 3.13.1-229.0.1
- SELinux support for cgroup2 filesystem. [OraBug 28127822]
- refpolicy: Define getrlimit permission for class process [OraBug 28229492]
- Add vhost-scsi to be vhost_device_t type [OraBug 27774921]
- Obsolete docker-engine-selinux [OraBug 26439663]
- Fix container selinux policy [OraBug 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
-
Wed Sep 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229
- Allow neutron domain to read/write /var/run/utmp
Resolves: rhbz#1630318
-
Tue Sep 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-228
- Allow tomcat_domain to read /dev/random
Resolves: rhbz#1631666
- Allow neutron_t domain to use pam
Resolves: rhbz#1630318
-
Mon Sep 17 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-227
- Add interface apache_read_tmp_dirs()
- Allow dirsrvadmin_script_t domain to list httpd_tmp_t dirs
Resolves: rhbz#1622602
-
Sat Sep 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-226
- Allow tomcat servers to manage usr_t files
Resolves: rhbz#1625678
- Dontaudit tomcat serves to append to /dev/random device
Resolves: rhbz#1625678
- Allow sys_nice capability to mysqld_t domain
- Allow dirsrvadmin_script_t domain to read httpd tmp files
Resolves: rhbz#1622602
- Allow syslogd_t domain to manage cert_t files
Resolves: rhbz#1615995
-
Wed Sep 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-225
- Allow sbd_t domain to getattr of all char files in /dev and read sysfs_t files and dirs
Resolves: rhbz#1627114
- Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t
Resolves: rhbz#1567753
-
Fri Sep 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-224
- Allow tomcat Tomcat to delete a temporary file used when compiling class files for JSPs.
Resolves: rhbz#1625678
- Allow chronyd_t domain to read virt_var_lib_t files
- Allow virtual machines to use dri devices. This allows use openCL GPU calculations. BZ(1337333)
Resolves: rhbz#1625613
- Allow tomcat services create link file in /tmp
Resolves: rhbz#1624289
- Add boolean: domain_can_mmap_files.
Resolves: rhbz#1460322
-
Sun Sep 02 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-223
- Make working SELinux sandbox with Wayland.
Resolves: rhbz#1624308
- Allow svirt_t domain to mmap svirt_image_t block files
Resolves: rhbz#1624224
- Add caps dac_read_search and dav_override to pesign_t domain
- Allow iscsid_t domain to mmap userio chr files
Resolves: rhbz#1623589
- Add boolean: domain_can_mmap_files.
Resolves: rhbz#1460322
- Add execute_no_trans permission to mmap_exec_file_perms pattern
- Allow sudodomain to search caller domain proc info
- Allow xdm_t domain to mmap and read cert_t files
- Replace optional policy blocks to make dbus interfaces effective
Resolves: rhbz#1624414
- Add interface dev_map_userio_dev()
-
Wed Aug 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-222
- Allow readhead_t domain to mmap own pid files
Resolves: rhbz#1614169
-
Tue Aug 28 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-221
- Allow ovs-vswitchd labeled as openvswitch_t domain communicate with qemu-kvm via UNIX stream socket
- Allow httpd_t domain to mmap tmp files
Resolves: rhbz#1608355
- Update dirsrv_read_share() interface to allow caller domain to mmap dirsrv_share_t files
- Update dirsrvadmin_script_t policy to allow read httpd_tmp_t symlinks
- Label /dev/tpmrm[0-9]* as tpm_device_t
- Allow semanage_t domain mmap usr_t files
Resolves: rhbz#1622607
- Update dev_filetrans_all_named_dev() to allow create event22-30 character files with label event_device_t