File: Changelog

package info (click to toggle)
refpolicy 2%3A2.20161023.1-9
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 19,804 kB
  • ctags: 407
  • sloc: xml: 115,713; python: 2,367; makefile: 625; ansic: 299; sh: 122; sed: 20; awk: 7
file content (1769 lines) | stat: -rw-r--r-- 83,703 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
* Sun Oct 23 2016 Chris PeBenito <pebenito@ieee.org> - 2.20161023
Adam Tkac (2):
      varnishncsa (varnishlog_t) reads localization files
      Grant certmonger "chown" capability

Chris PeBenito (42):
      Merge branch 'bigon-geoclue'
      Add additional comments in geoclue.
      Merge branch 'bigon-virt-1'
      Merge branch 'nm-1' of git://github.com/bigon/refpolicy-contrib into
         bigon-nm-1
      Merge branch 'bigon-nm-1'
      Module version bump for virt and networkmanager patches from Laurent
         Bigonville.
      Merge branch 'master' of git://github.com/bigon/refpolicy-contrib
      Module version bump for firewalld updates from Laurent Bigonville.
      Module version bump for collectd update from Jason Zaman.
      Module version bumps for user runtime fixes from Jason Zaman.
      Boinc updates from Russell Coker.
      rpcbind: Read /sys/devices/system/cpu/online from Russell Coker.
      watchdog: Move line.
      Module version bump for watchdog pidfile option from Russell Coker.
      Systemd units from Russell Coker.
      Module version bump for pulseaudio fc fix from Jason Zaman.
      cpucontrol: revise cpucontrol_conf_t labeling, from Guido Trentalancia.
      Module version bumps for patches from Guido Trentalancia.
      Update the telepathy module:
      Update the alsa module so that the alsa_etc_t file context (previously
         alsa_etc_rw_t) is widened to the whole alsa share directory, instead of
         just a couple of files.
      alsa: Add compatibility alias for alsa_etc_rw_t.
      Update the sysnetwork module to add some permissions needed by the dhcp
         client (another separate patch makes changes to the ifconfig part).
      Module version bump for various patches from Guido Trentalancia.
      pulseaudio: Fix compile errors.
      Merge branch 'master' of
         https://github.com/SeanPlacchetti/refpolicy-contrib
      Module version bump for webalizer dead type removal from Sean Placchetti.
      Module version bump for Evolution SSL fix from Guido Trentalancia.
      evolution: Read user certs from Guido Trentalancia.
      cups: Move can_exec() line.
      cups: Module version bump for hplip patch from Guido Trentalancia
      pulseaudio: Move interface definitions.
      Module version bump for mozilla patch from Guido Trentalancia.
      Module version bump for gnome patch from Guido Trentalancia.
      Module version bump for evolution patch from Guido Trentalancia.
      gpg: Whitespace fix.
      Merge branch 'feature/fix-networkmanager-varrun-macro' of
         https://github.com/rfkrocktk/refpolicy-contrib
      Module version bump for networkmanager fix from Naftuli Tzvi Kay.
      Merge branch 'rfkrocktk-feature/syncthing'
      Rearrange lines in syncthing.
      webalizer: Rearrange a couple lines.
      Module version bump for webalizer patch from Russell Coker.
      Bump module versions for release.

Dominick Grift (18):
      Module version bump for changes to the geoclue module by Laurent
         Bigonville.
      Module version bump for changes to various modules from Laurent
         Bigonville.
      geoclue: move kernel interface call to the appropriate position
      Actually associate mailmain_domain attribute with mailman domains
      Module version bumps for changes to various modules by Nicolas Iooss
      Module version bump for changes to the cron module by Jason Zaman
      Module version bump for changes to the redis module by Grant Ridder
      Module version bump for changes to the raid module by Laurent Bigonville
      Module version bump for changes to the networkmanager module by Laurent
         Bigonville.
      Module version bump for changes to the redis module by Grant Ridder.
      Module version bump for changes to the mozilla module by Laurent
         Bigonville.
      Module version bump for changes to the geoclue module by Nicolas Iooss.
      Add hwloc-dump-hwdata SELinux policy
      Module version bump for changes to the varnishd module by Robert Moucha
      Module version bump for changes to the puppet module by Thomas Mueller
      Module version bump for changes to the varnishd module by Adam Tkac
      Module version bump for changes to the certmonger module by Adam Tkac
      Revert "dbus: allow system, and session bus clients to answer to dbus
         unconfined domains"

Grant Ridder (2):
      Add read/write perms for redis-sentinel
      Allow tcp_connect to redis_port_t for redis_t

Guido Trentalancia (7):
      Policykit module: add fs_getattr_xattr_fs()
      Update the policy for module apm
      Let gpg disable core dumps
      Update the rtkit module
      Update the pulseaudio module for usability and ORC support
      cups: update permissions for HP printers (load firmware)
      gpg: public key signature verification in evolution

Guido Trentalancia via refpolicy (3):
      evolution: read SSL certificates
      mozilla: let mozilla play audio
      gnome: add support for the OIL Runtime Compiler (ORC) optimized code
         execution

Jason Zaman (10):
      cron: Allow locks to be lnk_files
      collectd: update policy for 5.5
      consolekit: allow managing user runtime
      pulseaudio: fcontext and filetrans for runtime
      ftp: Add filetrans from user_runtime
      gnome: Add filetrans from user_runtime
      mplayer: Add filetrans from user_runtime
      userhelper: Add filetrans from user_runtime
      wm: Add filetrans from user_runtime
      pulseaudio: fix user runtime fcontext

Laurent Bigonville (13):
      Add initial geoclue 2 module
      Properly escape dot in the path to the geoclue daemon
      Use auth_use_nsswitch() as we need DNS resolving and access nsswitch.conf
      virt.fc: Add some debian contexts
      networkmanager.fc: nm-dispatcher.action has been renamed to nm-dispatcher
      Allow some domain to read sysctl_vm_overcommit_t
      Allow mdadm read efivarfs files
      Allow /var/run/firewalld/ directory to transition to firewalld_var_run_t
      Add an interface to allow a domain to read firewalld_var_run_t files
      Allow firewalld to create firewalld_var_run_t directory.
      dontaudit firewalld attempt to relabel its own config files
      Allow NM to execute arping
      Debian now ships firefox-esr, properly label the executable

Luis Ressel (1):
      New policy for tboot utilities

Naftuli Tzvi Kay (2):
      Fix NetworkManager Read Pid Files Macro
      Syncthing Policy

Nicolas Iooss (3):
      Describe _initrc_domtrans interfaces differently from the _domtrans ones
      Fix typos in several interfaces
      Add Arch Linux path for geoclue module

Robert Moucha (1):
      Fix trivial typo in varnishncsa name

Russell Coker (2):
      watchdog reads pid files
      named reads vm sysctls

Russell Coker via refpolicy (1):
      webalizer patch for inclusion

Sean Placchetti (1):
      -Remove unused declarations from webalizer type enforcement file

Thomas Mueller (1):
      Allow puppet_t transtition to shorewall_t

doverride (3):
      Merge pull request #8 from bigon/geoclue
      Merge pull request #11 from bigon/overcommit-1
      Merge pull request #12 from fishilico/typos

* Tue Dec 08 2015 Chris PeBenito <selinux@tresys.com> - 2.20151208
Alexander Wetzel (1):
      add vfio support for libvirt

Chas Williams - CONTRACTOR (1):
      afs: update labels, file contexts and allow access to urandom

Chris PeBenito (14):
      Module version bump for hadoop_admin() fix from Jazon Zaman.
      Module version bump for fc typo in radius from Sven Vermeulen.
      Module version bump for patches from Jason Zaman.
      Module version bump for init_startstop_service from Jason Zaman.
      Module version bump for cron_admin interface from Jason Zaman.
      Comment/whitespace fix in virt.te.
      Module version bump for vfio support for libvirt from Alexander Wetzel.
      Add systemd unit types.
      Add systemd socket activations.
      Merge branch 'pebenito-master'
      Module version bump for systemd additions.
      Merge branch 'bigon-systemd'
      Module version bump for dbus systemd patch from Laurent Bigonville.
      Bump module versions for release.

Dominick Grift (16):
      Module version bump for courier fixes from Sven Vermeulen.
      Module version bump for afs fixes from Chas Williams.
      Redundant rules and afs_files_t is not a filesystem type
      Various samhain fixes
      Cachefilesd module updates
      Module version bump for changes to the dnsmasq policy module by Jason
         Zaman
      Module version bump for changes to the snmp policy module by Jason Zaman
      Module version bump for changes to the pulseaudio policy module by Jason
         Zaman
      cachefiles: It is cachefilesd_cache_t
      Module version bump for update to the networkmanager policy module by
         Stephen Smalley.
      Module version bumps for "Remove run interface calls from admin
         interfaces" changes by Jason Zaman.
      Module version bump for changes to the pulseaudio module by Niklas Haas.
      Changes to the git, hadoop and rsync modules by Jason Zaman.
      Module version bump for changes to the virt module by Jason Zaman
      Module version bump for changes to the mozilla module from Laurent
         Bigonville.
      Module version bump for changes to the wine module by Nicolas Iooss

Jason Zaman (19):
      hadoop: remove _role from _admin interface
      rpcbind: typo fix
      git: make inetd interface optional
      rpc: introduce allow_gssd_write_tmp boolean
      rpc: allow setgid capability
      virt: add virt_tmpfs_t type and permissions
      introduce virt_leaseshelper_t
      dnsmasq: allow exec shell for scripts
      snmp: missing fcontext for snmpd
      pulseaudio: filetrans for autospawn.lock
      Use init_startstop_service in admin interfaces A-M
      Use init_startstop_service in admin interfaces N-Z
      Remove _run() interfaces from _admin()
      Introduce cron_admin interface
      rsync: remove rsync_run from admin interface
      git: allow git_system_t to listen on tcp_sockets
      hadoop: init_startstop_service() can not take attributes
      virt: Allow creating qemu guest agent socket
      virt: Add policy for virtlockd the Virtual machine lock manager

Laurent Bigonville (2):
      Transition D-Bus system service out of the init_t domain when PID1 is
         systemd
      Label iceweasel plugin-container executable as mozilla_plugin_exec_t

Nicolas Iooss (1):
      wine: remove use of nonexisting interface

Niklas Haas (1):
      pulse: don't give pulseaudio_client full access to user_home_t

Stephen Smalley (1):
      contrib: networkmanager: allow netlink_generic_socket access

Sven Vermeulen (6):
      Locate authdaemon socket and communicate with authdaemon
      Allow authdaemon to access selinux fs to check SELinux state
      Grant setuid/setgid to courier_pop_t
      Execute courier helper script after authentication
      Courier IMAP needs to manage the users' maildir
      Fix typo for radiusd /var/lib location

doverride (2):
      Merge pull request #3 from haasn/pulse-nohome
      Merge pull request #6 from bigon/mozilla-1

* Wed Dec 03 2014 Chris PeBenito <selinux@tresys.com> - 2.20141203
Chris PeBenito (26):
      Whitespace fix in ntp.fc.
      Module version bump for ntp fc entries from Laurent Bigonville.
      Whitespace fix in shibboleth.te.
      Module version bump for new shibboleth module from Martin Lang.
      Module version bump for apt fix from Nicolas Iooss.
      Module version bump for dnsmasq MTU fix from Sven Vermeulen.
      Module version bump for apache content interfaces from Sven Vermeulen.
      Module version bump for gitweb fc entry on Debian and ArchLinux from
         Nicolas Iooss.
      Module version bump for fc regex fixes from Nicolas Iooss.
      Module version bump for various fixes from Laurent Bigonville.
      Module version bump for ModemManager fc entry from Laurent Bigonville.
      Add missing cron_admin_role() dependency.
      Move sock_file filetrans to fcron_crond conditional.
      Module version bump for cron and snort updates from Sven Vermeulen.
      Module version bump for java icedtea fc entries from Sven Vermeulen.
      Module version bump for apache/mlogc patch from Elia Pinto.
      Remove name from ntp-kod ntp_drift_t filetrans.
      Module version bump for ntp-kod file support from Jason Zaman.
      Module version bump for init_daemon_pid_file use from Sven Vermeulen.
      Module version bump for alsa and hiawatha fixes from Sven Vermeulen.
      Module version bump for ftp and tftp fixes from Nicolas Iooss.
      Move irc exec lines.
      Module version bump for irc re-exec itself patch from Luis Ressel.
      Module version bump for NetworkManager fc fix for ArchLinux from Nicolas
         Iooss.
      Module version bump for _admin fixes from Jason Zaman.
      Bump module versions for release.

Dominick Grift (3):
      Module version bump for changes to the loadkeys module by Nicolas Iooss
      cron: that boolean identifier does not exist         also require it
      Module version bump for changes to the networkmanager modules by Lubomir
         Rintel

Elia Pinto (1):
      apache.te: Add labelling support for /var/log/mlogc

Jason Zaman (20):
      Add filetrans for ntp-kod file
      ccs: syntax errors in ccs_admin interface
      condor: syntax error in condor_admin
      distcc: syntax error in distcc_admin
      ftp: syntax error in ftp_admin
      kerberos: syntax error in kerberos_admin
      kismet: syntax error in kismet_admin
      nut: syntax error in nut_admin
      prelude: syntax error in prelude_admin
      psad: syntax error in psad_admin
      quota: syntax error in quota_admin
      rpcbind: syntax error in rpcbind_admin
      rpm: syntax error in rpm_admin
      systemtap: syntax error in stapserver_admin
      svnserve: syntax error in svnserve_admin
      uptime: syntax error in uptime_admin
      zabbix: syntax error in zabbix_admin
      remove pyzor_role() from pyzor_admin()
      remove spamassassin_role() from spamassassin_admin()
      rsync: syntax error in rsync_admin

Laurent Bigonville (7):
      Add several fcontext for debian specific paths for ntp
      Fix dbus_all_session_domain(), session_bus_type is an attribute
      Allow gconfd to be started by the session bus
      Fix the usage of dbus_spec_session_domain() interface
      Properly label exim4 initscript under Debian
      Add new gnome_spec_domtrans_all_gkeyringd() interface
      Label /usr/sbin/ModemManager as modemmanager_exec_t

Lubomir Rintel (1):
      Allow NetworkManager to create Bluetooth SDP sockets

Luis Ressel (1):
      irc.te: Allow irssi to re-execute itself

Martin Lang (1):
      Add a policy module for shibboleth authentication

Nicolas Iooss (7):
      apt: remove non-existing permission set write_dir_perms
      Label /usr/share/gitweb/static as httpd_git_content_t
      Fix strange file patterns
      ftp: fix labels in /var/lock/subsys/
      Label /usr/bin/tftpd as tftpd_exec_t
      Label /usr/lib/networkmanager/ like /usr/lib/NetworkManager/
      Allow loadkeys to read usr_t files

Sven Vermeulen (17):
      dnsmasq reads MTU sysctl
      Support read/append/manage functions for various httpd content
      Snort policy updates
      fcron socket support
      Fix typo in dnsmasq.if
      Mark icedtea binaries as java_exec_t
      Use init_daemon_pid_file for contrib modules
      Enable asound.state.lock support
      Add support for Hiawatha web server
      Use logging_search_logs, not logging_search_log
      Use logging_search_logs, not logging_search_log
      Use files_search_etc, not logging_search_etc
      Use files_search_etc, not logging_search_etc
      Use files_search_etc, not files_search_config
      Use corecmd_search_bin, not corecmd_searh_bin
      Use fs_search_tmpfs, not files_search_tmpfs
      Use domain_auto_trans, not auto_trans

* Tue Mar 11 2014 Chris PeBenito <selinux@tresys.com> - 2.20140311
Chris PeBenito (17):
      Minor rearrangement of minidlna lines.
      Module version bump for openvpn tmp files from Sven Vermeulen.
      Update modules for file_t merge into unlabeled_t.
      Module version bump for postfix showq fc from Laurent Bigonville.
      Rename gpg_agent_connect to gpg_stream_connect_agent.
      Module version bump for gpg agent interface from Luis Ressel.
      Whitespace fixes in git.fc.
      Module version bump for debian git fc entries from Laurent Bigonville.
      Move bin_t fc to corecommands.
      Move exec/transition lines in couchdb.
      Add comment about couchdb_js policy.
      Module version bump for couchdb updates from Luis Ressel.
      Module version bump for pcscd fix from Luis Ressel.
      Move screen dontaudit rule.
      Module version bump for screen fix from Luis Ressel.
      Module version bump for git fc fix from Nicolas Iooss.
      Bump module versions for release.

Dan Walsh (28):
      Allow irc_t to use tcp sockets
      Add labels for apache logs under miq package
      Allow smbcontrol to create content in /var/lib/samba
      Allow ktalkd to bind to the ktalkd_port
      Allow memcache to read sysfs data
      Allow mdadm to getattr any file system
      Allow cupsd_lpd_t to bind to the printer port
      Allow rlogind to bind to the rlogin_port
      Allow cvs to bind to the cvs_port
      svirt domains neeed to create kobject_uevint_sockets
      Lots of new access required for sosreport
      Allow tgtd_t to connect to isns ports
      openct needs to be able to create netlink_object_uevent_sockets
      Allow glusterd to create sock_file in /run
      Add support for tmp directories to openvswitch
      Allow virt_domain with USB devices to look at dos file systems
      Additional access for MLS
      Additional access for MLS window manager
      Additional access for MLS window manager
      Additional access for MLS window manager
      Allow rpcbind to use nsswitch
      Allow gpg_agent to use ssh-add
      Add apache labeling for glpi
      Allow pegasus to transition to dmidecode
      Allow mcelog to use the /dev/cpu device
      Allow apmd to request the kernel load modules
      Allow postfix programs to getattr on all executables
      label mate-keyring-daemon with gkeyringd_exec_t

Dominick Grift (126):
      Typo fix in ksmtuned_admin() by Shintaro Fujiwara
      Fix monolithic built
      Change file context spec for aide log files to catch suffixes
      Module version bumps for changes in various policy modules by Sven    
         Vermeulen
      Squid: Use a single pattern for brevity
      Irc was already allowed to create tcp sockets, it only needed an    
         additional accept, and listen to be able to act as a proxy
      Its probably a better idea to use the httpd_sys_ra_content_t type sid    
         for logs in these locations
      Module version bump for changes to the tcsd policy module by Lukas    
         Vrabec
      Module version bump for changes to various policy modules by Miroslav    
         Grepl
      Module version bump for changes to the samba policy module by Dan Walsh
      Module version bump for changes to the telepathy policy module by    
         Miroslav Grepl
      We do not have a boinc domain type attribute     Change boolean
         description a bit
      Additional rabbitmq couchdb support
      Module version bumps for changes to various policy modules by Miroslav    
         Grepl
      Additional git tcp networking rules
      Additional ktalkd udp networking rules
      Module version bump for changes to various policy modules by Dan Walsh
      Addtional cups ldp tcp networking rules
      Should be server packets because it is binding, and not connecting
      Clean up telnet, and rlogin networking rules
      Additional cvs tcp networking rules
      Module version bump for changes to various policy modules by Dan     Walsh
      Addtional tgtd tcp networking rules
      Additional polipo tcp networking rules
      Fix asterisk files_spool_filetrans()
      Module version bump for changes to the networkmanager policy module by    
         Lukas Vrabec
      Additional fs_tmpfs_filetrans() for munin service plugin content on    
         tmpfs
      Module version bump for changes to various policy modules by Miroslav    
         Grepl
      Support rlogind, and telnetd as init daemon domains ( i think fedora is   
          campaigning to get rid of (x)?inetd )
      Support mariadb logging, file context specification for mariadb specific  
           config location
      Change logwatch boolean identifier to something more self-documenting.    
         Additional tcp networking rules
      Module version bump for changes to various policy modules by Miroslav    
         Grepl
      Fix inconsistencies in the pkcs policy module
      Fix fetchmail inconsistencies
      Module version bump for changes in various policy modules by Dan Walsh
      Support for window managers to stream socket connect to pulseaudio
      Logwatch does not need to be able to bind tcp sockets to generic nodes    
         since its only connecting
      Adds userhelper_exec_consolehelper for window managers
      Remove duplicate rules due to addition of auth_use_nsswitch()
      We dont use the arbt domain types template.     Use a more uniform boolean
         discription
      Clean up libstoragemngmt policy module     We do not yet support systemd
      Change type from etc_rw to conf for readability     admin access to
         condor_conf_t
      Hit by a nasty optional policy nesting issue
      We will find another way to run pa as a system server
      Module version bump for changes to various policy modules by Miroslav    
         Grepl
      Clean up hypervkvp policy module (seems incomplete)
      Clean up initial redis policy module
      Additional openvpn tcp networking rules
      redis: allow redis to bind tcp sockets to redis_port_t type ports
      bluetooth: bluetooth_t acquires org.bluez service on dbus system bus
      wm: associate wm_exec_t to core command executable files so that initrc_t
         (/sbin/start-stop-daemon) can access it (metacity)
      logrotate restarts syslogd via init script in Debian
      This file is called just man-db in Debian.
      exim: exim owns directory /var/lib/exim4
      accountsd: accounts-daemon lists /var/log
      alsa: alsactl listing /dev/shm alsa: alsactl reading /dev/urandom alsa:
         alsactl getting attributes of devtmpfs / (/dev) alsa: alsactl maintains
         a pulseaudio tmpfs file
      Cron: /sbin/runlevel reads /run/utmp cron: anacron (system_cronjob_t)
         reading, writing inherited random crond tmp files (/tmp/tmpfk1VT2O)
      dbus: allow system, and session bus clients to answer to dbus unconfined
         domains
      apt: Run apt system cronjobs in the apt_t domain apt: apt system cronjob
         creates dpkg.status.* files in /var/backup
      devicekit: upowerd reads own unix stream socket devicekit:
         devicekit_power_t (runlevel) read /run/utmp
      mandb: Make the man-db cronjob work on Debian
      rtkit: traverse /proc to get to process state files
      networkmanager: NetworkManager reads /run/udev/data/n2 file
      avahi: create a avahi_initrc_domtrans for udev_t: udev runs a avahi dns
         check script which does, i guess, a dns check. If needed it starts, or
         stops avahi via its init script. I also created a
         avahi_manage_pid_files() for udev_t because the script manages a file
         called "checked_nameservers.*" in /run/avahi-daemon
      Cleanups of various modules with regard to regular expressions and white  
           space
      apt: As it turns out the /var/backups directory is labeled in the backup  
           module (which i incidentally did not have installed earlier). Instead
         of     creating this file with a file type transition to
         apt_var_cache_t, allow     apt_t to manage backup_store files
      mta: this needs to be verified again, it should just have been running    
         in exim_t. I might have taken this from old logs
      mandb: /etc/cron.daily/man-db executes dpkg, reads dpkg db on Debian
      slocate: catch /usr/bin/updatedb.mlocate, and /etc/cron.daily/mlocate on  
           Debian
      dpkg: catch /etc/cron.daily/dpkg on Debian     dpkg: allow
         /etc/cron.daily/dpkg to manage backup store files on Debian
      cron: consistent usage of regular expressions     cron: prelink no longer
         runs in the system cronjob domain
      alsa: alsactl wants to associate pulse-shm-.* to device_t type    
         filesystems. This happens early on but i do not understand how that    
         (/dev) relates to /dev/shm in this regard
      devicekit: reads udev pid files     modemmanager: reads udev pid files
      vdagent: spice-vdagentd uses /dev/vport1p1 virtio console
      tmpreaper: mountall-bootcl in the tmpreaper_t domain reads, writes    
         /dev/pts/0 inherited from init script
      revert regular expressions
      wm: allow $1_wm_t to stream connect to $1_gkeyringd_t
      mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and   
          to read exim var lib files.
      mta: These are duplicates because system_mail_t is a user_mail_domain,    
         as it is based off of the mta_base_mail_template() which assigns that  
           type attribute
      locate: extra rules needed by debian /etc/cron.daily/locate script
      backup: in Debian /etc/cron.daily/passwd backs-up shadow, passwd etc to   
          /var/backups
      avahi: create interfaces that will allow calles to create avahi pid dirs  
           and create specifc avahi pid objects with a type transition (for
         udev,     which runs: /usr/lib/avahi/avahi-daemon-check-dns.sh in
         Debian
      Initial gdomap policy module
      Initial minissdpd policy module
      alsa: due to a bug in gnome 3.4, in debian, alsactl does all kinds of    
         weird things related to pulseaudio
      various: revert regex fixes: fcsort does not want this now
      gdomap: gdomap_port_t is now available, gdomap binds tcp, and udp socket
         to it
      alsa: make alsa_t and pulseaudio_client so that pulseaudio_client rules
         apply to it. alsactl does not actually run pulseaudio it seems though.
      pulseaudio: allow all pulseaudio_client to send null signals to
         unconfined_t, since unconfined_t is not actually a pulseaudio_client (
         unconfined_t runs pulseaudio without a domain transition)
      avahi: create avahi_setattr_pid_dirs() for udev (avahi dns check script
         run by udev in Debian)
      These { read write } tty_device_t chr files on boot up in Debian
      colord: colord executable file locations in Debian
      colord: reads /proc/1, reads /run/udev files
      vdagent: read/write mtrr file
      mandb: dpkg running in the mandb_t domain in Debian (mandb cronjob)
         traverses /root
      exim: traverses sysfs, uses system cronjob file descriptors (/dev/null) in
         Debian (/etc/cron.daily/exim)
      minissdpd fixes
      devicekit: disk reads /proc/sys/vm/overcommit_memory
      devicekit: edit devicekit_append_inherited_log_files to include get
         attribute permission so that it can be also used for fsadm
      devicekit: 95hdparm-apm (devicekit_power_t) gets attributes of /dev/sda
         (fixed_disk_device_t)
      networkmanager: added interfaces that fedora calls for dhcpc. In Debian it
         was confirmed that at least dhclient manages
         /var/lib/NetworkManager/dhclient-eth0.conf
      firewalld: various fixes that i borrowed from Fedora but that also apply
         to Debian (confirmed)
      firewalld: interfaces created for iptables
      irqbalance: getsched from Debian
      colord: colord reads /proc/3412/cmdline (cupsd state files)
      virt: libvirtd reads /run/udev/data/+input:input3
      firewalld: traverses / on sysfs
      rngd: needs ipc_lock capability, maintains /run/rngd.pid
      tmpreaper: mountall-bootcl executes /bin/plymouth on Debian
      minissdpd: deal with assertion violation (sys_module)
      gdomap: missing networking rules, it traverses /tmp for some reason
      ntp: create ntp_read_drift_files() for dhclient
      dpkg: allow dpkg, and dpkg script to domain transition to initrc_t on any
         init script file type rather than only the generic initrc_exec_t init
         script file type
      exim: exim4 reads online
      apt: apt runs /usr/bin/apt-get apt: on_ac_power (apt_t) lists
         /sys/class/power_supply
      exim: exim_manage_var_lib_files created for init: init script runs helper
         apps that create/manage /var/lib/exim4/config.autogenerated.tmp
      gdomap/minissdpd: create read_config interfaces for initrc_t
      exim: make exim init script create /var/run/exim4 with a proper context
      pulseaudio: pulsaudio_t needs to be able to read user_tmpfs_files
         (/run/shm/pulse-shm-.*)
      dnsmasq: add support for /etc/dnsmasq.d/
      Module version bumps for various policy modules
      Module version bump for changes to the logrotate module by Luis Ressel
      Git: git daemons can list and read git personal repositories
      Module version bumps for changes to various policy modules by Fedora
      redis, lsm: typo fixes
      userhelper: append newline

James Carter (8):
      - Fixed typo in contrib/avahi.if
      - Fixed typo in contrib/glusterfs.te
      - Fixed typo in contrib/jabber.if
      - Fixed typo in contrib/keystone.if
      - Fixed typo in contrib/mailscanner.if
      - Fixed typo in contrib/qpid.if
      - Fixed typo in contrib/readahead.fc.
      - Fixed typo in contrib/rpm.if.

Laurent Bigonville (2):
      Label /usr/lib/postfix/showq as postfix_showq_exec_t
      Properly label git-daemon and gitweb.cgi on Debian

Luis Ressel (10):
      Allow initrc_t to create /var/run/opendkim
      Label /etc/cron.daily/logrotate correctly.
      gpg: Create gpg_agent_connect interface
      Minor updates to couchdb policy
      couchdb: Add separate domain for couchjs
      couchdb: Dontaudit denials caused by Erlang's disksup
      Reformat couchdb.fc
      pcscd.if: Permit access to pid files inside /var/run/pcscd/.
      Allow gpg-agent's scdaemon to connect to pcscd.
      Dontaudit screen asking for the sys_tty_config capability

Lukas Vrabec (8):
      Allow tcsd to read utmp file
      fix boinc policy
      Add support for couchdb in rabbitmq policy
      Fix transition rules in asterisk policy
      Add fowner capability to networkmanager policy
      Add policy for lsmd
      Add policy for hypervkvpd
      Add policy for redis-server

Mika Pflüger (1):
      Correct typo in passenger module name

Miroslav Grepl (40):
      Allow passenger to execute ifconfig
      Allow mpd setcap which is needed by pulseaudio
      Allow block_suspend cap for samba-net
      Allow t-mission-control to manage gabble cache files
      Allow nslcd to read /sys/devices/system/cpu
      Add labeling for ~/.cache/telepathy/avatars/gabble
      Allow firewalld to read NM state
      Allow systemd running as git_systemd to bind git port
      Fix labeling for fetchmail pid files/dirs
      Fix polipo.te
      Fix cupsd.te
      Allow munin service plugins to manage own tmpfs files/dirs
      Make ktalk as init domain
      Allow mysqld_safe_t to handle also symlinks in /var/log/mariadb
      Add logwatch_can_sendmail boolean
      Allow rhsmcertd to read init state
      Allow fsetid for pkcsslotd
      Allow fetchmail to create own pid with correct labeling
      Fix rhcs_domain_template()
      Add support for abrt-upload-watch
      Allow virtd to relabel unix stream socket
      Fix lsm.fc for pid files
      Also sock_file trans rule is needed in lsm
      Update condor_master rules to allow read system state info and allow
         logging
      Add labeling for /etc/condor and allow condor domain to write it (bug)
      Allow condor domains to manage own logs
      Allow glusterd to read domains state
      Add openvpn_can_network_connect() boolean
      Fix minissdpd_admin()
      Allow ctdb to getattr on al filesystems
      Watchdog opens the raw socket
      Allow watchdog to read network state info
      Add setroubleshoot_signull() interface
      Allow sosreport to send signull to setroubleshootd
      Allow sosreport all signal perms
      Allow sosreport to dbus chat with rpm
      Allow zabbix_agentd to read all domain state
      Allow smoltclient to execute ldconfig
      Allow sosreport to request the kernel to load a module
      Allow setpgid for sosreport

Nicolas Iooss (1):
      git: fix file pattern after whitespace fixes

Sven Vermeulen (6):
      Add minidlna policy
      Allow openvpn temporary files
      Add aide bin /usr/bin and mark /var/lib/aide
      Provide alsa_write_lib interface
      Run dmidecode after newrole or on terminals
      Grant write privileges to squid on its log files

* Wed Apr 24 2013 Chris PeBenito <selinux@tresys.com> - 2.20130424
Chris PeBenito (18):
      Rewrite of mcelog module from Guido Trentalancia
      Remove unnecessary lines in mcelog.te.
      Slight rearrangement in mcelog.te.
      Module version bump for mcelog update from Guido Trentalancia.
      Module version bump for ntp module fixes from Dominick Grift.
      Module version bump for fc substitutions optimizations from Sven
         Vermeulen.
      Module version bump for postfix/mta misc fixes from Sven Vermeulen.
      Module version bump for init_daemon_run_dirs usage from Sven Vermeulen.
      Turn off all tunables by default, from Guido Trentalancia.
      Module version bump for tunable default change.
      Module version bump for saslauthd tcp mysql connections from Mika Flueger.
      Move kernel request line in quota.
      Module version bump for quota kernel module request from Mika Pflueger.
      Module version bump for djbdns ports fixes from Russell Coker.
      Remove stray + in keystone.te.
      Whitespace fixes in cron.fc.
      Module version bump for pulseaudio type_transition conflict fix from Sven
         Vermeulen.
      Bump module versions for release.

Dominick Grift (889):
      Initial BIRD Internet Routing Daemon policy
      oident daemon fixes
      Introduce ntp_conf_t
      Allow ntp_admin() to manage ntp_drift_t content.
      List etc_t directories
      Use "Role allowed access." for consistency
      Use permissions sets for compatibility.
      Remove getattr permision from ntp_admin()
      Initial Sensord policy module
      Various block_suspend capability2 support from Fedora
      Gitolite3 support from Fedora
      /var/lib/sqlgrey is greylist milter data from Fedora
      Terminal related fixes for plymouthd from Fedora     Support block_suspend
         capability2 for plymouth
      Support minimal polkit in new location
      Support ldap for user authentication from Fedora
      Sanlock sends kill signals to non-root processes from Fedora     Various
         other capabilities for sanlock from Fedora
      Initial support for sqlgrey from Fedora
      Tor reads network sysctls from Fedora
      GPG agent reads /dev/random from Fedora
      Freshclam reads system and network state from Fedora
      Execute wpa_cli in the NetworkManager_t domain for wicd from Fedora
      lpstat.cups reads fips_enabled from Fedora
      Initial system tap compile server policy module
      Systemtap server admin manages stapserver_var_lib_t content
      Telepathy Idle reads gschemas.compiled from Fedora
      Initial slpd policy module
      Initial lightsquid policy module
      Initial wdmd policy module
      Initial mailscanner policy module and some depencies.
      Support slpd log rotation
      Initial numad policy module
      Open log files for append only
      CGClear reads CGConfig files from Fedora     Cosmetic changes to cgroup
         policy module     File contexts of cgroup app executables files in
         /sbin also apply to     /usr/sbin     Make cgroup_admin() a bit more
         compact
      Initial svnserve policy module
      Various small changes to ucspitcp
      Initial fcoe policy module
      Initial lldpad policy module
      fcoemon sends to lldpad with a dgram socket
      Initial quantum policy module
      Initial dspam policy module
      Module version bump for Telepathy file context spec fixes from Laurent    
         Bigonville.
      Initial isns policy module
      Various changes to tcs policy module
      Initial ctdb policy module
      Various changes to the sblim policy module and its dependencies
      Initial polipo policy module
      Module version bump for networkmanager fixes
      Fixes to the polipo policy module
      Module version bump for smartmon fixes from Laurent Bigonville.
      Module version bump for accountsd file context spec fix from     Laurent
         Bigonville.
      Various changes to the raid module
      Module version bump for rtkit file context spec fix from     Laurent
         Bigonville
      Initial couchdb policy module
      Changes to the bind policy module
      Initial dnssectrigger policy module
      Initial man2html policy module
      Initial openhpi policy module
      Bind sends/receives http server instead of client packets conditionally
      Two file context regular expression fixes by Eric Paris
      Type mdadm_t is no longer a unconfined type
      Initial pkcs policy module
      Initial cfengine policy module
      Initial keystone policy module
      Initial l2tp policy module
      Initial mongodb policy module
      cfengine whitespace cleanup
      Changes to the accountsservice policy module
      Changes to the acct policy module
      Changes to the ada policy module
      changes to the afs policy module
      Changes to the accountsservice policy module
      Changes to the aiccu policy module
      Changes to the aide policy module
      Syntax error in afs_admin()
      Changes to the aisexec policy module
      Changes to the alsa policy module
      Changes to the amanda policy module
      Changes to the amavisd policy module and relevant dependencies
      Changes to the amtu policy module
      Changes to the anaconda policy module
      Changes to the abrt policy module and relevant dependencies
      numad sends/receives msgs from Fedora
      Amtu executable file in installed in /usr/sbin in Fedora
      The (usr/)? expression does not work consistently so better not use it    
         at all
      Changes to the httpd policy module
      Merge branch 'master' of
         ssh://dgrift@oss.tresys.com/home/git/refpolicy-contrib
      Fixes to the apache policy module and dependencies
      Changes to the apcupsd policy module
      Role attributes for lightsquid application domain
      Changes to the mailscanner module
      Changes to the svnserve policy module
      Changes to the quantum policy module
      Changes to the dspam module
      Changes to the ctdb policy module
      Changes to the couchdb policy module
      Changes to the openhpid policy module
      Changes to the keystone policy module
      Changes to the l2tp policy module
      Changes to the apm module and relevant dependencies
      Changes to the arpwatch policy module
      Changes to the apcupsd policy module
      Changes to the abrt policy module
      Changes to the apache policy module
      Changes to the asterisk policy module and dependencies
      Changes to the authbind policy module
      Changes to the automount policy module
      Change acpid lock file context spec
      Changes to the avahi policy module and dependencies
      Changes to the awstats policy module
      Changes to the bacula policy module
      Changes to the bcfg2 policy module
      Changes to the apt policy module
      Changes to the apache policy module
      Changes to the backup module
      Changes to the bind policy module
      Bird module clean up
      Fix arpwatch connected_stream_socket_perms
      Changes to the bitlbee policy module
      Changes to the blueman policy module
      Changes to the bluetooth policy module
      Changes to the brctl policy module
      Changes to the apache policy module
      Changes to the bugzilla policy module
      Changes to the calamaris policy module
      Implement lightsquid_admin()
      Changes to the apache policy module and dependencies
      Initial boinc policy module
      Initial callweaver policy module
      Changes to the canna policy module
      Changes to the ccs policy module
      Changes to the cdrecord policy module
      Changes to the certmaster policy module and various role attribute fixes
      cdrecord needs to read and write callers unix domain stream socket not    
         create it
      Changes to the certmonger policy module and its dependencies
      Initial cachefilesd policy module
      Changes to the certwatch policy module
      Changes to the chronyd policy module
      Changes to the cipe policy module
      Changes to the clamav policy module
      Various network clean up
      Add dev_rw_cachefiles() to cachefilesd policy module
      Changes to the clockspeed policy module
      Changes to the clogd policy module
      Changes to the cmirrord policy module
      Changes to the cobbler policy module
      Changes to the colord policy module
      Changes to the comsat policy module
      Initial collectd policy module
      Initial condor policy module and relevant dependencies
      Changes to the consolekit policy module and relevant dependencies
      Changes to the corosync policy module and relevant dependencies
      Clean up couchdb network rules
      Changes to the courier policy module
      Changes to the cpucontrol policy module
      Changes to the cpufreqselector policy module
      Changes to the cron policy module and relevant dependencies
      Changes to the cups policy module and relevant dependencies
      Changes to the cvs policy module
      Remove redundant connect avperms
      Changes to the cyphesis policy module
      Remove redundant rules from apache_admin()
      Changes to the cyrus policy module
      Changes to the daemontools policy module
      Changes to the dante policy module
      Modify dbadm boolean descriptions
      Changes to the dbus policy module and its dependencies
      Changes to the dcc policy module
      Changes to the ddclient policy module
      Changes to the ddcprobe policy module
      Changes to the denyhosts policy module
      Changes to the devicekit policy module and relevant dependencies
      Changes to the dhcpd policy module
      Changes tothe dictd policy module
      Changes to the discc policy module
      Changes to the djbdns policy module
      Changes to the dkim policy module
      Changes to the dmidecode policy module
      Module bump for Laurent Bigonville trousers init script file context    
         specification fix
      Module bump for Laurent Bigonville libvirt init script file context    
         specification fix
      Changes to the dnsmasq policy module and relevant dependencies
      Changes to the dovecot policy module
      Changes to the dpkg policy module
      Changes to the entropyd policy module
      Changes to the evolution policy module
      Changes to the exim policy module and relevant dependencies
      Changes to the cron policy module
      Changes to the fail2ban policy module
      fcoemon XML clean up
      Changes to the fetchmail policy module
      Changes to the fingerd policy module
      Initial firewalld policy module
      Changes to the firstboot policy module
      Changes to the fprint policy module and relevant dependencies
      Changes to the ftp module
      Changes to the games policy module
      Clean up evolution and cdrecord XML
      Changes to the gatekeeper policy module
      Changes to the gift policy module
      Changes to the git policy module
      Changes to the gitosis policy module
      Changes to the glance policy module
      Initial glusterfs policy module
      Add gatekeeper newline
      Deprecate glusterd_admin() use glusterfs_admin() instead
      Portage module version bump for autofs support by Matthew Thode and    
         clean up
      cfengine: This location is now labeled with a cfengine private type
      Changes to the slpd policy module
      Changes to the gnomeclock policy module and relevant dependencies
      Changes to the gpg policy module
      Changes to the gpm policy module
      Changes to the gpsd policy module and relevant dependencies
      changes to the guest policy module
      Changes to the gnomeclock policy module
      Deprecate various DBUS interfaces and relevant dependencies
      Changes to the cachefilesd policy module
      Remove file context specification for kgpg which is a GUI frontend to    
         GPG. Domain transition to gpg_t will happen when kgpg runs gpg.    
         (rhbz#862229)
      Initial mandb policy module
      Changes to the hadoop policy module
      Changes to the hald policy module
      Changes to the hddtemp policy module
      Changes to the howl policy module
      changes to the mandb policy module
      Changes to the dbus policy module
      Changes to the rpm policy module
      Changes to the i18n_input policy module
      Changes to the icecast policy module
      Changes to the ifplugd policy module
      Changes to the imaze policy module
      Changes to the inetd policy module and relevant dependencies
      Changes to the innd policy module
      Changes to the irc policy module
      Changes to the ircd policy module
      Changes to the irc policy module
      Changes to the dbus policy module
      Changes to the avahi policy module
      Changes to the bluetooth policy module
      Changes to the aiccu policy module
      Changes to the bacula policy module
      Changes to the boinc policy module
      Changes to the bugzilla policy module
      Changes to the ccs policy module
      Changes to the clamav policy module
      Changes to the cobbler policy module
      Changes to the cyphesis policy module
      Changes to the dante policy module
      Changes to the dbskk policy module
      Changes to the ddclient policy module
      Changes to the denyhosts policy module
      Changes to the dnssectrigger policy module
      Changes to the dovecot policy module
      Changes to the drbd policy module
      Changes to the evolution policy module
      Changes to the fail2ban policy module
      Changes to the firewalld policy module
      Changes to the firstboot policy module
      Changes to the games policy module
      Changes to the gift policy module
      Changes to the glance policy module
      Changes to the hald policy module
      Changes to the dbus policy module
      Changes to the git policy module
      Changes to the polipo policy module
      Changes to the firewalld policy module
      Changes to the gpg policy module
      Tab clean up in ircbalance file context file
      Changes to the irqbalance policy module
      Tab clean up in iscsi file context file
      Changes to the iscsi policy module
      Tab clean up in jabber file context file
      Changes to the jabberd policy module
      Changes to the pyicqt policy module
      Tab clean up in java file context file
      Changes to the java policy module
      Changes to the dbus policy module
      Changes to the gnome policy module
      Changes to the apache policy module
      Changes to the accountsd policy module
      Changes to the alsa policy module
      Changes to the evolution policy module
      Changes to the bluetooth policy module
      Changes to the games policy module
      Changes to the gift policy module
      Changes to the gpg policy module
      Changes to the hadoop policy module
      Tab clean up in kdump file context file
      Changes to the kdump policy module
      Changes to the gpg policy module
      Changes to the dbus policy module
      Changes to the evolution policy module
      Changes to the gpm policy module
      Version bump for evolution file context fixes by Laurent Bigonville
      Version bump for nut file context fixes by Laurent Bigonville
      Changes to the kdumpgui policy module
      Tab clean up in kerberos file context file
      Changes to the kerberos policy module and relevant dependencies
      Changes to the kerneloops policy module
      Tab clean up in kerberos file context file
      Changes to the kismet policy module
      Clean up amavis XML header
      Initial keyboardd policy module
      Tab clean up in ksmtuned file context file
      Changes to the ksmtuned policy module
      Tab clean up in ktalk file context file
      Changes to the ktalk policy module
      Changes to the kudzu policy module
      Initial iodine policy module
      Initial dirmngr policy module
      Changes to the iodine policy module
      Changes to the kerberos policy module
      Changes to the kdumpgui policy module
      Update deprecated interface calls ( gnome_read_config ->    
         gnome_read_generic_home_content )
      Changes to the mozilla policy module
      Changes to the thunderbird policy module
      Changes to the l2tp policy module
      Tab clean up in ldap file context file
      Changes to the ldap policy module
      Tab clean up in likewise file context file
      Changes to the likewise policy module
      Tab clean up in lircd file context file
      Changes to the lircd policy module
      Changes to the livecd policy module
      Tab clean up in loadkeys file context file
      Changes to the loadkeys policy module and relevant dependencies
      Tab clean up in lockdev file context file
      Changes to the lockdev policy module
      Tab clean up in logrotate file context file
      Changes to the logrotate policy module and relevant dependencies
      Tab clean up in logwatch file context file
      Changes to the logrotate policy module
      Changes to the logwatch policy module
      Tab clean up in lpd file context file
      Changes to the lpd policy module
      Tab clean up in cron policy module
      Changes to the lpd policy module
      Changes to the consolekit policy module
      Tab fix in cron policy module
      Tab clean up in mailman file context file
      Changes to the mailman policy module and relevant dependencies
      Tab clean up in mcelog file context file
      Changes to the mcelog policy module
      Tab clean up in mediawiki file context file
      Mediawiki XML clean up
      Tab clean up in memcached file context file
      Changes to the memcached policy module
      Changes to the apache policy module
      Tab clean up in milter file context file
      Changes to the milter policy module and relevant dependencies
      Changes to the modemmanager policy module
      Tab clean up in mojomojo file context file
      Changes to the mojomojo policy module and relevant dependencies
      Changes to the gpg policy module
      Changes to the mongodb policy module
      Changes to the mono policy module
      Changes to the monop policy module
      Tab clean up in mozilla file context file
      Changes to the mozilla policy module and relevant dependencies
      Changes to the mozilla policy module
      Changes to the apache policy module
      Tab clean up in mpd file context file
      Changes to the mpd policy module
      Tab clean up in mplayer file context file
      Changes to the evolution policy module
      Changes to the mplayer policy module
      Changes to the irc policy module
      Tab clean up in mrtg file context file
      Changes to the mrtg policy module
      Tab clean up in mta file context file
      Changes to the mta policy module and relevant dependencies
      Changes to the mta policy module and relevant dependencies
      Get rid of mozilla_conf_t as it is unused
      Changes to the logrotate policy module
      Changes to the logwatch policy module
      Changes to the java policy module
      Changes to the apache module and relevant dependencies
      Tab clean up in munin file context file
      Changes to the munin policy module and relevant dependencies
      Tab clean up in mysql file context file
      Changes to mysqld policy module
      Changes to various policy modules
      Changes to the munin policy module
      Changes to the dovecot policy module
      Changes to various policy modules
      Changes to the mta policy module
      Changes to the certmonger policy module and relavant dependencies
      Tab clean up in nagios file context file
      Changes to the nagios policy module and relevant dependencies
      Changes to the modutils policy module
      Tab cleanup in the nessus file context file
      Changes to the nessus policy module
      Tab clean up in the network manager file context file
      Changes to the networkmanager policy module and relevant dependencies
      Changes to the mozilla policy module
      Changes to the cobbler policy module
      Initial rngd policy module
      Tab clean up in the nis file context file
      Changes to the nis policy module
      Tab clean up in the nscd file context file
      Changes to the nscd policy module
      Tab clean up in the nsd file context file
      Changes to the nsd policy module
      Tab clean up in the nslcd file context file
      Changes to the nslcd policy module
      Tab clean up in the ntop file context file
      Changes to the ntop policy module
      Tab clean up in the ntp file context file
      Changes to the ntp policy module
      Changes to the numad policy module
      Tab clean up in the nut file context file
      Changes to the nut policy module
      Tab clean up in the nx file context file
      Changes to the nx policy module
      Changes to the oav policy module
      Initial obex policy module
      Tab clean up in the oddjob file context file
      Tab clean up in gpg policy module
      Changes to the oddjob policy module
      Changes to the mozilla policy module
      Initial pacemaker policy module
      Tab clean up in the oidentd file context file
      Changes to the oident policy module
      Tab clean up in the openca file context file
      Changes to the openca policy module
      Tab clean up in the openct file context file
      Changes to the openct policy module
      Tab clean up in the openvpn file context file
      Changes to the openvpn policy module
      Tab clean up in the pads file context file
      Changes to the pads policy module
      Tab clean up in the passenger file context file
      Changes to the passenger policy module and relevant dependencies
      Tab clean up in the pcmcia file context file
      Changes to the pcmcia policy module
      Tab clean up in the pcscd file context file
      Changes to the pcscd policy module and relevant dependencies
      Tab clean up in the pegasus file context file
      Changes to the pegasus policy module
      Tab clean up in the perdition file context file
      Changes to the perdition policy module
      Tab clean up in the pingd file context file
      Changes to the pingd policy module
      Changes to the plymouthd policy module
      Changes to the mozilla policy module
      Changes to the plymouth policy module
      Tab clean up in the podsleuth file context file
      Changes to the podsleuth policy module
      Tab clean up in the policykit file context file
      Changes to the policykit policy module and relevant dependencies
      Tab clean up in the portage file context file
      Changes to the portage policy module
      Tab clean up in the portmap file context file
      Changes to the portmap policy module
      Tab clean up in the portreserve file context file
      Changes to the portreserve policy module
      Tab clean up in the portslave file context file
      Changes to the portslave policy module and relevant dependencies
      Tab clean up in the postfix file context file
      Changes to the postfix policy module and relevant dependencies
      Fixes to various policy modules
      Tab clean up in the postfixpolicyd file context file
      Changes to the postfixpolicyd policy module
      Tab clean up in the postgrey file context file
      Changes to the postgrey policy module
      Tab clean up in the ppp file context file
      Changes to the ppp policy module and relevant dependencies
      Tab clean up in the prelink file context file
      Changes to the prelink policy module and relevant dependencies
      Tab clean up in the prelude file context file
      Changes to the prelude policy module
      Tab clean up in the privoxy file context file
      Changes to the privoxy policy module
      Tab clean up in the procmail file context file
      Changes to the procmail policy module
      Tab clean up in the psad file context file
      Changes to the psad policy module
      Changes to the ptchown policy module
      Tab clean up in the publicfile file context file
      Changes to the publicfile policy module
      Fix a fatal syntax error in mozilla_plugin_role()
      Changes to the plymouth policy module
      Changes to the policykit policy module
      Module version bump for fixes in shorewall, fail2ban and portage policy   
          modules by Sven Vermeulen
      Tab clean up in the puppet file context file
      Changes to ther puppet policy module and relevant dependencies
      Initial pwauth policy module
      Tab clean up in the pxe file context file
      Changes to the pxe policy module
      Tab clean up in the pyzor file context file
      Changes to the pyzor policy module
      Tab clean up in the qemu file context file
      Changes to the qemu policy module
      Tab clean up in the virt file context file
      Changes to the virt policy module and relevant depedencies
      Changes to the virt policy module
      Changes to the cron policy module
      Changes to the qemu policy module
      Changes to the virt policy module
      Epylog wants sys_nice and setsched
      Tab clean up in the qmail file context file
      Changes to the qmail policy module
      Tab clean up in the qpid file context file
      Changes to the qpid policy module
      Tab clean up in the quota file context file
      Changes to the quota policy module and relevant dependencies
      Initial rabbitmq policy module
      Tab clean up in the radius file context file
      Changes to the radius policy module
      Tab clean up in the radvd file context file
      Changes to the radvd policy module
      Changes to the raid policy module
      Tab clean up in the razor file context file
      Changes to the razor policy module and relevant dependencies
      Smokeping cgi needs to run ping with a domain transition     Remove
         redundant socket create already provided by    
         sysnet_dns_name_resolve()
      Changes to the virt policy module
      Changes to the apache policy module
      Changes to the gnome policy module
      Changes to the rdisc policy mpdule
      Changes to the readahead policy module
      Changes to the remotelogin policy module
      Tab clean up in the resmgr file context file
      Changes to the resmgr policy module
      Tab clean up in the rgmanager file context file
      Changes to the rgmanager policy module
      Initial Realmd policy module and relevant dependencies
      Fix resmgrd init script file context specification
      Changes to the cups policy module
      automount reads overcommit_memory
      Changes to the networkmanager policy module
      Freshclam manages amavis spool content
      Changes to the tftp policy module
      Changes to the cobbler policy module
      Tab clean up in the rhcs file context file
      Changes to the rhcs policy module and relevant dependencies
      Tab clean up in the rhgb file context file
      Changes to the rhgb policy module
      Tab clean up in the rhsmcertd file context file
      Changes to the rhsmcertd policy module
      Tab clean up in the ricci file context file
      Changes to the ricci policy module
      Tab clean up in the rlogin file context file
      Changes to the rlogin policy module
      Tab clean up in the roundup file context file
      Changes to the roundup policy module
      Changes to the remotelogin policy module
      Changes to the apache policy module
      Changes to the awstats policy module
      fix puppet_admin() need to require types that it uses
      Replace wrong type in puppet_admin()
      Fix a syntax error in ricci_domtrans()
      Catch all rpcbind content in /var/run
      Changes to the cups policy module
      Tab clean up in the rpc file context file
      Changes to the rpc policy module
      Tab clean up in the rpcbind file context file
      Changes to the rpcbind policy module
      Tab clean up in the rpm file context file
      Changes to the rpm policy module and depedencies
      Changes to the rshd policy module
      Changes to the virt policy module
      Changes to the rssh policy module
      Tab clean up in the rsync file context file
      Fix a typo in apache XML
      Changes to the rsync policy module
      Changes to the rtkit policy module
      Tab clean up in the rwho file context file
      Changes to the rwho policy module
      Reads /proc/sys/kernel/random/poolsize
      Tab clean up in the samba file context file
      Changes to the samba policy module and relevant dependencies
      Tab clean up in the sambagui file context file
      Changes to the sambagui policy module
      Initial firewallgui policy module
      Tab clean up in the samhain file context file
      Changes to the samhain policy module
      Tab clean up in the sanlock file context file
      Changes to the sanlock policy module and relevant dependencies
      Tab clean up in the sasl file context file
      Changes to the sasl policy module
      Chnages to the sblim policy module
      Tab clean up in the screen file context file
      Changes to the screen policy module
      Tab clean up in the sectoolm file context file
      Changes to firewallgui policy module
      Changes to the sectoolm policy module
      Tab clean up in the sendmail file context file
      Changes to the sendmail policy module and relevant dependencies
      Tab clean up in the setroubleshoot file context file
      Changes to the setroubleshoot policy module
      Tab clean up in the shorewall file context file
      Changes to the shorewall policy module
      Tab clean up in the shutdown file context file
      Changes to the shutdown policy module and relevant dependencies
      Tab clean up in the slocate file context file
      Changes to the slocate policy module and relevant dependencies
      These domains transition to shutdown domain now so they no longer need    
         direct access
      Re-add missing network rule in screen policy module
      fail2ban server sets scheduler
      shutdown XML clean up
      libvirtd sets kernel scheduler
      mongod reads cpuinfo_max_freq
      Changes to the slrnpull policy module
      Tab clean up in the smartmon file context file
      Changes to the smartmon policy module
      Tab clean up in the smokeping file context file
      Changes to the smokeping policy module
      Tab clean up in the smoltclient file context file
      Changes to the smoltclient policy module
      Tab clean up in the snmp file context file
      Changes to the snmp policy module
      Tab clean up in the snort file context file
      Changes to the snort policy module
      Changes to the sosreport policy module and relevant dependencies
      Tab clean up in the soundserver file context file
      Changes to the soundserver policy module
      Tab clean up in the spamassassin file context file
      Changes to the spamassassin policy module and relevant dependendies
      spamassassin_role callers create ~/.spamd with the spamd_home_t user    
         home type instead
      Re-add sys_admin capability that was lost with porting from Fedora
      Move mailscanner content to mailscanner module
      Changes to the speedtouch policy module
      Tab clean up in the squid file context file
      Changes to the squid policy module
      Changes to the sssd policy module
      Tab clean up in the stunnel file context file
      Changes to the stunnel policy module
      Tab clean up in the sxid file context file
      Changes to the sxid policy module
      Tab clean up in the sysstat file context file
      Changes to the sysstat policy module
      Tab clean up in the tcpd file context file
      Changes to the tcpd policy module
      Changes to the tcsd policy module
      Tab clean up in the telepathy file context file
      Changes to the telepathy policy module
      Tab clean up in the telnet file context file
      Changes to the telnet policy module
      Tab clean up in the tftp file context file
      Changes to the tftp policy module
      Tab clean up in the tgtd file context file
      Changes to the tgtd policy module
      Tab clean up in the thunderbird file context file
      Changes to the thunderbird policy module
      Catch /var/log/cron directory as well
      Dovecot module version bump for fixes by Sven Vermeulen
      Portage module version bump for fixes by Sven Vermeulen
      Cron module version bump for fixes by Sven Vermeulen
      Changes to the exim policy module
      Entropyd reads /proc/meminfo
      Blueman reads tmp_t directories
      Do not audit attempts by cups config to read tmp_t directories
      Do not audit attempts by fail2ban to read tmp_t directories
      Do not audit attempts by firewalld to read tmp_t directories
      Gnomeclock reads urandom and realtime clock
      Kdumpctl needs sys_chroot capability
      Various kdumpgui fixes from Fedora
      Do not audit attempts by logwatch to read tmp_t directories
      Catch all alias files
      Refine aliases file transition with names
      Realmd dbus chat policykit and networkmanager from Fedora
      Do not audit attempts by tuned to read tmp_t directories
      Changes to the timidity policy module
      Tab clean up in the tmpreaper file context file
      Changes to the tmpreaper policy module and relevant dependencies
      Tab clean up in the tor file context file
      Changes to the tor policy module
      Changes to the transproxy policy module
      Tab clean up in the tripwire file context file
      Changes to the tripwire policy module
      Tab clean up in the tuned file context file
      Changes to the tuned policy module
      Tab clean up in the tvtime file context file
      Changes to the tvtime policy module
      Changes to the tzdata policy module
      Changes to the ucspitcp policy module
      Tab clean up in the ulogd file context file
      Changes to the ulogd policy module
      Tab clean up in the uml file context file
      Changes to the uml policy module
      Make it so that irc clients can also get attributes of cifs, nfs, fuse    
         and other file systems
      Changes to the updfstab policy module
      Changes to the uptime policy module
      Tab clean up in the usbmodules file context file
      Changes to the usbmodule policy module
      Changes to the usbmuxd policy module
      Tab clean up in the userhelper file context file
      Screen sends child terminated signals to all interactive fd domains
      Changes to the userhelper policy module and relevant dependencies
      Changes to the virt policy module
      Module version bump for fail2ban changes by Sven Vermeulen
      Changes to the rpm policy module
      fix smartmon init script file context specification
      Changes to the usernetctl policy module
      Tab clean up in the uucp file context file
      Changes to the uucp policy module
      Changes to the virt policy module
      Tab clean up in the uuid file context file
      Changes to the uuidd policy module
      Tab clean up in the uwimap file context file
      Changes to the uwimap policy module
      Tab clean up in the varnishd file context file
      Changes to the varnishd policy module
      Changes to the vbetool policy module
      Tab clean up in the vdagent file context file
      Changes to the vdagent policy module
      Tab clean up in the vhostmd file context file
      Changes to the vhostmd policy module
      Changes to the vlock policy module
      Tab clean up in the vmware file context file
      Changes to the vmware policy module
      Tab clean up in the vnstatd file context file
      Changes to the vnstatd policy module
      Tab clean up in the vpn file context file
      Changes to the vpnc policy module
      Tab clean up in the w3c file context file
      Changes to the w3c policy module
      Tab clean up in the watchdog file context file
      Changes to the watchdog policy module
      Changes to the wdmd policy module
      Changes to the webadm policy modules
      Changes to the webalizer policy module
      White space fix in apache policy module
      Changes to the wine policy module
      Tab clean up in the wireshark file context file
      Changes to the wireshark policy module
      Tab clean up in the wm file context file
      Changes to the wm policy module
      Changes to the inn policy module
      Move man cache file type to miscfiles
      Changes to the inn policy module
      More accurate dbadm boolean descriptions
      mysql_admin() has access to ~/.my.cnf files
      Tab clean up in the xen file context file
      Changes to the xen policy module and relevant dependencies
      Tab clean up in the xfs file context file
      Changes to the xfs policy module
      Changes to the xguest policy module and relevant dependencies
      Changes to the xprint policy module
      Changes to the xscreensaver policy module
      Tab clean up in the yam file context file
      Changes to the yam policy module
      Tab clean up in the zabbix file context file
      Changes to the zabbix policy module
      Tab clean up in the zarafa file context file
      Changes to the zarafa policy module
      Tab clean up in the zebra file context file
      Changes to the zebra policy module
      Changes to the zosremote policy module
      Changes to the mysql policy module
      Tab clean up in the pulseaudio file context file
      Changes to the pulseaudio policy module and relevant dependencies
      Changes to the pulseaudio policy module
      One chown too many
      Changes to the mplayer policy module
      The prelink cron script now runs in its own domain
      Initial smstools policy module
      Initial openvswitch policy module and relevant dependencies
      Reads pcsd pid files
      Reads random device
      winbind manages smbd pid sock files from Fedora
      Changes to the bind policy module
      CG rules daemon reads all sysctls
      Runs consoletype and searches nfs state data from Fedora
      Support munin unbound plugin from Fedora
      Zabbix sends signals from Fedora
      Blueman sets scheduler and sends signals from Fedora
      pcscd_read_pub_files is deprecated, use pcscd_read_pid_files instead
      Module version bumps for fixes in portage and virt modules by Sven    
         Vermeulen
      Policy module version bumps for various changes by Sven Vermeulen
      Changes to the openvpn policy module
      Module version bumps for various fixes by Sven Vermeulen
      Changes to the mandb policy module
      Changes to the tmpreaper policy module
      Changes to the munin policy module
      Changes to the rngd policy module
      Changes to the awstats policy module and relevant dependencies
      Changes to the apache policy module
      Changes to various policy modules
      Changes to the abrt policy module
      Changes to the passenger policy module and relevant depedencies
      Changes to the pegagus policy module
      Changes to the mta policy module
      Changes to the fetchmail policy module
      Changes to the bitlbee policy module
      Changes to the blueman policy module and relevant dependencies
      Changes to the amavis policy module
      Changes to the userhelper policy module
      Changes to the blueman policy module
      Changes to the squid policy module
      Changes to the sblim policy module
      Changes to the kdumpgui policy module
      Changes to the mailman policy module
      Changes to the realmd policy module
      Changes to the raid policy module
      Changes to the samba policy module
      Changes to the various policy modules
      Changes to the snmp policy module
      Changes to the spamassassin policy module
      Changes to the sssd policy module
      Changes to the l2tpd policy module
      Changes to the shorewall policy module
      Changes to the xen policy module
      Changes to the tftp policy modules
      Changes to the accountsd policy module
      Changes to the tgtd policy module
      Changes to the corosync policy module
      Changes to the kdump policy module
      Changes to the openvswitch policy module
      Changes to the mpd policy module
      Changes to the mozilla policy module
      Changes to the zarafa policy module
      Changes to the boinc policy module
      Changes to the setroubleshoot policy module
      Changes to the dspam policy module
      Changes to the rgrmanager policy module and relevant dependencies
      Changes to the svnserve policy module
      Changes to the virt policy module
      Changes to the prelink policy module
      Changes to the apache policy module
      Changes to the gnomeclock policy module
      Changes to various policy modules
      Changes to the pegagus policy module
      Changes to the shorewall policy module
      Changes to the kerberos policy module
      Changes to the rhcs policy module
      Changes to the irc policy module
      Changes to the clamav policy module
      Changes to the mrtg policy module
      Changes to the munin policy module
      Changes to the amavis policy module
      Changes to the ppp policy module
      Initial jockey policy module
      Module version bumps for "several named transition for directories    
         created in /var/run by initscripts" in various modules by Laurent    
         Bigonville
      Module version bumps for fixes in various modules by Laurent Bigonville
      Module version bump for changes to the consolekit policy module by    
         Laurent Bigonville
      Changes to the stunnel policy module
      Module version bumps for fixes in various modules by Sven Vermeulen
      Changes to the virt policy module
      Changes to the apache policy module
      Changes to the wm policy module
      Changes to the samba policy module
      Changes to the certmonger policy module
      Changes to the mozilla policy module
      Changes to the corosync policy module
      Changes to the pacemaker policy module
      Changes to the tuned policy module
      Changes to the cups module and relevant dependencies
      Changes to the rhsmcertd policy module
      Changes to the lpd policy module
      Changes to the munin policy module
      Changes to the ntp policy module
      Changes to the tor policy module
      Changes to the firewalld policy module
      Changes to the dspam policy module
      Changes to the setroubleshoot policy module
      Changes to the condor policy module
      Changes to the kerberos policy module
      Changes to the passenger policy module
      Changes to the ppp policy module
      Changes to the the dkim policy module
      Changes to the abrt policy module
      Changes to the lircd policy module
      Changes to the dkim policy module
      Changes to the virt policy module
      Changes to the munin policy module
      Changes to the dovecot policy module
      Changes to the cobbler policy module
      Changes to the userhelper policy module
      Changes to the logwatch policy module
      Changes to the wdmd policy module and relevant dependencies
      Changes to the nscd policy module and relevant dependencies
      Changes to the dbus policy module
      Module version bumps for fixes in various policy modules by Laurent    
         Bigonville
      Changes to the cups policy module
      Changes to the dbus policy module
      Changes to the apcupsd policy module
      Remove redundant net_bind_service capabilities in various modules
      Changes to the virt policy module
      Changes to the puppet policy module
      Module version bumps for fixes in various policy module by Sven    
         Vermeulen
      Module version bumps for file context fixes in various policy modules by  
           Laurent Bigonville
      Make httpd_manage_all_user_content() do what it advertises
      Add more networking rules to mplayer policy module for compatibility
      Fix fcronsighup file context. Should be crontab_exec_t as per previous    
         spec
      Module version bumps for changes in various modules by Sven Vermeulen
      Move asterisk_exec() and modify XML header
      Consolekit creates /var/run/console directories with a type transition    
         unconditionally
      Module version bump in consolekit policy module for changes by Sven    
         Vermeulen
      The imaplogin executable file should be courier_pop_exec_t according to   
          existing file context specification
      Module version bump for changes to the fail2ban policy module by Sven    
         Vermeulen
      Modules version bumps for changes in various policy modules by Sven    
         Vermeulen

Laurent Bigonville (28):
      Add Debian locations for Telepathy connection managers
      Label telepathy-rakia as telepathy-sofiasip
      Allow smartd daemon to write in /var/lib/smartmontools directory
      Add Debian location for smartd daemon initscript
      Add Debian location for accounts-daemon daemon
      Add Debian location for rtkit-daemon daemon
      Add Debian location for tcsd init script
      Add Debian location for libvirtd init script
      Add Debian location for evolution executables
      Add Debian locationis for nut executables and configuration files
      Add several named transition for directories created in /var/run by
         initscripts
      Run packagekit under apt_t context on Debian distribution
      Add proper label for colord daemon in debian
      Allow the system dbus to search cgroup directories
      Allow virtd_t context to read sysctl_crypto_t
      Allow colord_t context to read sysctl_crypto_t
      Add proper label for gconfd-2 daemon in Debian
      Ensure that consolekit can create /var/run/console directory on Debian
      Properly label nm-dispatcher.action on Debian
      policykit.fc: Properly label polkit-agent-helper-1 on Debian
      cups.fc: Properly label cups-pk-helper-mechanism on Debian
      Allow pcscd the fsetid capability
      Allow networkmanager_t to read crypto_sysctl_t
      Allow virsh_t context to read sysctl_crypto_t
      Allow cupsd_t to read cupsd_log_t
      gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian
      ptchown.fc: Properly label pt_chown executable in Debian
      Label /usr/bin/kvm as qemu_exec_t

Matthew Thode (2):
      added autofs support and nsswitch support
      removing refrences to named_var_lib_t as it doesn't exist anymore for
         bind.if

Mika Pflüger (3):
      Allow saslauthd_t to talk to mysqld via TCP
      Quota policy adjustments: * Allow quota_t to load kernel modules
      Debian locations for dovecot deliver and dovecot auth.

Russell Coker (1):
      Fix djbdns ports

Sven Vermeulen (75):
      Update with new substitutions
      Mark the pid directory as a pid directory
      Add in transitions for queue types when the queues are created
      Fix typo in interface postfix_exec_postqueue
      Allow maildelivery to use dotlock files in the mail spool
      Allow postfix local to change ownership of mailfiles
      Use libexec location for postfix binaries
      Allow initrc_t to create run dirs for contrib modules
      Update logwatch location in file context
      Sandbox is an inherent part of the portage inner workings
      Fix startup issue with fail2ban-client
      Be able to get output from fail2ban-client
      Ignore searches when ran from the user home directory
      Shorewall admins execute shorewall too
      Shorewall needs sys_admin capability for manipulating network stack
      Be able to display dovecot errors
      Remove transition to ldconfig
      Adding interfaces for handling cron log files
      Fail2ban client checks state of log files before telling the server
      Support mysql init script
      Support initial creation of mysql database files
      Portage fetch domain needs to access certificates
      Make samba domtrans optional in virt
      Fix typo in tunable declaration for fcron_crond
      Introducing cron_manage_log_files interface
      Introduce dontaudit interfaces for leaked fd and unix stream sockets
      Dontaudit attempts by system_mail_t to use leaked fd or stream sockets
      Support at service
      Additional postfix admin requirements
      Reintroduce postfix_var_run_t for pid directory and fowner capability
      Postfix deferred queue should not mark mails as postfix_spool_maildrop_t
      Running qemu with SDL support requires more xserver-related privileges
      Fix typo in clockspeed comment
      Support openvpn status file
      Asterisk voicemail messages are generated from tmp
      Make rtkit calls optional
      Gentoo installs dovecot certs in /etc/ssl/dovecot
      Moving sandbox code to sandbox section (v2)
      Allow sandbox to log violations
      Use rw_fifo_file_perms
      Apache should not depend on gpg
      Named init script creates rundir
      Add ~/.maildir as a valid maildir destination
      Support stunnel_read_config for startup
      Updates on stunnel policy
      More .maildir fixes
      Mark make.profile entry as portage_conf_t (v2)
      Move mta call (coding style)
      Changes to puppet domain
      Allow rpc admin to run exportfs
      Grant sys_admin capability to puppet
      Puppet module helper scripts are puppet_var_lib_t
      Support netlink_route_socket creation for puppet
      Puppet initscript creates /run/puppet
      Puppet runs statfs against selinuxfs
      mplayer streams HTTP resources
      fcron and fcronsighup binaries are moved
      Asterisk needs to search through logs
      Denial in mail log on node bind
      Fix typo in mcelog_admin (missing bracket)
      Add in contexts for fcron rm.systab and systab.tmp
      Remove pulseaudio filename_trans conflict
      Allow asterisk admins to execute asterisk binary directly
      Support tagfiles for consolekit
      ConsoleKit needs to read the dbus machine-id
      File context updates for courier-imap
      Update on file contexts for OpenLDAP
      Update on file contexts for wpa_supplicant
      Allow IRC clients to read certificates
      Allow reading /proc/self for fail2ban due to FAM support
      Update file contexts for puppet
      Support ~/.tmux.conf as tmux configuration file
      Add setuid/setgid capability to ulogd_t
      Support tmux control socket
      Postfix creates defer(red) queue locations