• Wed Aug 05 2015 Miroslav Grepl mgrepl@redhat.com 3.13.1-140
  • firewalld needs to relabel own config files. BZ(#1250537)
  • Allow rhsmcertd to send signull to unconfined_service
  • Allow lsm_plugin_t to rw raw_fixed_disk.
  • Allow lsm_plugin_t to read sysfs, read hwdata, rw to scsi_generic_device
  • Allow openhpid to use libsnmp_bc plugin (allow read snmp lib files).

  • Tue Aug 04 2015 Lukas Vrabec lvrabec@redhat.com 3.13.1-139

  • Add header for sslh.if file
  • Fix sslh_admin() interface
  • Clean up sslh.if
  • Fix typo in pdns.if
  • Allow qpid to create lnk_files in qpid_var_lib_t.
  • Allow httpd_suexec_t to read and write Apache stream sockets
  • Merge pull request #21 from hogarthj/rawhide-contrib
  • Allow virt_qemu_ga_t domtrans to passwd_t.
  • use read and manage files_patterns and the description for the admin interface
  • Merge pull request #17 from rubenk/pdns-policy
  • Allow redis to read kernel parameters.
  • Label /etc/rt dir as httpd_sys_rw_content_t BZ(#1185500)
  • Allow hostapd to manage sock file in /va/run/hostapd Add fsetid cap. for hostapd Add net_raw cap. for hostpad BZ(#1237343)
  • Allow bumblebee to seng kill signal to xserver
  • glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes.
  • Allow drbd to get attributes from filesystems.
  • Allow drbd to read configuration options used when loading modules.
  • fix the description for the write config files, add systemd administration support and fix a missing gen_require in the admin interface
  • Added Booleans: pcp_read_generic_logs.
  • Allow pcp_pmcd daemon to read postfix config files. Allow pcp_pmcd daemon to search postfix spool dirs.
  • Allow glusterd to communicate with cluster domains over stream socket.
  • fix copy paste error with writing the admin interface
  • fix up the regex in sslh.fc, add sslh_admin() interface
  • adding selinux policy files for sslh
  • Remove diplicate sftpd_write_ssh_home boolean rule.
  • Add kdbus.pp policy to allow access /sys/fs/kdbus. It needs to go with own module because this is workaround for now to avoid SELinux in enforcing mode.
  • kdbusfs should not be accessible for now by default for shipped policies. It should be moved to kdbus.pp
  • kdbusfs should not be accessible for now.
  • Add support for /sys/fs/kdbus and allow login_pgm domain to access it.
  • Allow sysadm to administrate ldap environment and allow to bind ldap port to allow to setup an LDAP server (389ds).
  • Label /usr/sbin/chpasswd as passwd_exec_t.
  • Allow audisp_remote_t to read/write user domain pty.
  • Allow audisp_remote_t to start power unit files domain to allow halt system.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2015-12825

This update has been submitted for testing by sgallagh.

7 years ago
User Icon adamwill commented & provided feedback 7 years ago

Fixes #1250537, role deployment works with this policy.

Critical path update approved

7 years ago

This update has been submitted for stable by kevin.

7 years ago
User Icon kevin provided feedback 7 years ago

This update is currently being pushed to the Fedora 23 stable updates repository.

7 years ago

This update has been pushed to stable

7 years ago
User Icon pschindl commented & provided feedback 7 years ago

Fixes #1250537

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
7 years ago
in stable
7 years ago
7 years ago
BZ#1185500 Newer versions of RT need some policy changes
BZ#1237343 SELinux is preventing hostapd from using the 'net_raw' capabilities.
BZ#1250537 Deploy of roles fails with: Backup of '/etc/firewalld/zones/FedoraServer.xml' failed

Automated Test Results