[ol7_optional_latest] selinux-policy-doc-3.13.1-192.0.1.el7.noarch

SELinux policy documentation package

Changelog (Show File list) (Show related packages)

• Tue Apr 10 2018 EL Errata <el-errata_ww@oracle.com> - 3.13.1-192.0.1

  - Obsolete docker-engine-selinux [OraBug 26439663]
  - Fix container selinux policy [OraBug 26427364]
  - Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

• Tue Feb 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-192

  - Label /usr/libexec/dbus-1/dbus-daemon-launch-helper  as dbusd_exec_t to have systemd dbus services running in the correct domain instead of unconfined_service_t if unconfined.pp module is enabled.
  Resolves: rhbz#1546721

• Mon Feb 19 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-191

  - Allow openvswitch_t stream connect svirt_t
  Resolves: rhbz#1540702

• Fri Feb 16 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-190

  - Allow openvswitch domain to manage svirt_tmp_t sock files
  Resolves: rhbz#1540702
  - Fix broken systemd_tmpfiles_run() interface

• Wed Feb 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-189

  - Allow dirsrv_t domain to create tmp link files
  Resolves: rhbz#1536011
  - Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
  Resolves: rhbz#1428568
  - Allow ipsec_mgmt_t execute ifconfig_exec_t binaries
  - Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
  Resolves: rhbz#1539416

• Wed Feb 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-188

  - Allow svirt_domain to create socket files in /tmp with label svirt_tmp_t
  Resolves: rhbz#1540702
  - Allow keepalived_t domain getattr proc filesystem
  Resolves: rhbz#1477542
  - Rename svirt_sandbox_file_t to container_file_t and svirt_lxc_net_t to container_t
  Resolves: rhbz#1538544
  - Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t
  Resolves: rhbz:#1539416
  - Allow systemd_logind_t domain to bind on dhcpd_port_t,pki_ca_port_t,flash_port_t
  Resolves: rhbz#1479350

• Tue Feb 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-187

  - Allow openvswitch_t domain to read cpuid, write to sysfs files and creating openvswitch_tmp_t sockets
  Resolves: rhbz#1535196
  - Add new interface ppp_filetrans_named_content()
  Resolves: rhbz#1530601
  - Allow keepalived_t read sysctl_net_t files
  Resolves: rhbz#1477542
  - Allow puppetmaster_t domtran to puppetagent_t
  Resolves: rhbz#1376893
  - Allow kdump_t domain to read kernel ring buffer
  Resolves: rhbz#1540004
  - Allow ipsec_t domain to exec ifconfig_exec_t binaries.
  Resolves: rhbz#1539416
  - Allow unconfined_domain_typ to create pppd_lock_t directory in /var/lock
  Resolves: rhbz#1530601
  - Allow updpwd_t domain to create files in /etc with shadow_t label
  Resolves: rhbz#1412838
  - Allow iptables sysctl load list support with SELinux enforced
  Resolves: rhbz#1535572

• Wed Jan 17 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-186

  - Allow virt_domains to acces infiniband pkeys.
  Resolves: rhbz#1533183
  - Label /usr/libexec/ipsec/addconn as ipsec_exec_t to run this script as ipsec_t instead of init_t
  Resolves: rhbz#1535133
  - Allow audisp_remote_t domain write to files on all levels
  Resolves: rhbz#1534924

• Thu Jan 11 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-185

  - Allow vmtools_t domain creating vmware_log_t files
  Resolves: rhbz#1507048
  - Allow openvswitch_t domain to acces infiniband devices
  Resolves: rhbz#1532705

• Wed Jan 10 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-184

  - Allow chronyc_t domain to manage chronyd_keys_t files.
  Resolves: rhbz#1530525
  - Make virtlog_t domain system dbus client
  Resolves: rhbz#1481109
  - Update openvswitch SELinux module
  Resolves: rhbz#1482682
  - Allow virtd_t to create also sock_files with label virt_var_run_t
  Resolves: rhbz#1484075