1.204.  selinux-policy

samba previously could not directly change a user's password via the passwd program.(BZ#429726)

newer versions of the system RAID utilities were previously blocked from logging properly when running SELinux in Enforcing mode.(BZ#475562)

the postgrey utility can now operate properly over a network socket.(BZ#479819)

the installation of RPM files on the PowerPC architecture is no longer blocked.(BZ#480163)

NetworkManager is now permitted to discover the priority of related processes.(BZ#480943)

procmail is now permitted to operate with and call the spamassassin application.(BZ#481387)

hald is now permitted to send messages via dbus bi-directionally.(BZ#481628)

system signals are now permitted to be sent properly to the automount daemon.(BZ#481706)

the samba_enable_home_dirs Boolean now allows access to hidden files in home directories.(BZ#484146)

the default context for files related to the sysstat package have been corrected.(BZ#485078)

procmail now permitted to execute anti-spam daemons.(BZ#485107)

samba can now access public_html directories.(BZ#485111)

the default label for the sa-learn binary used by spamassassin has been modified to the correct value.(BZ#486187)

the building of policies for a low-privileged user is now permitted when using selinux-policy-strict.(BZ#486354)

library files for the MATLAB environment are now correctly labelled. (BZ#486965)

samba is now permitted to properly rotate log files.(BZ#487021)

dbus is now permitted to read parts of the proc file system for its system messages.(BZ#489899)

the name service cache daemon no longer unexpectedly restarts due to a lack of search permissions.(BZ#490024)

the proc file system is now correctly labelled by the restorecon command.(BZ#492567)

search privileges are now granted to dnsmasq (when dnsmasq is launched using libvirt).(BZ#496867)

Openswan can now correctly access the Network Security Services libraries.(BZ#497168)

autofs now restarts normally when active mounts exist.(BZ#497273)

the amanda backup utility can now send all required signals to the system.(BZ#498596)

proper operation of xen guests via the virsh utility is now permitted.(BZ#499249)

HP printers now properly scan and operate over a network socket.(BZ#499691, BZ#504398)

spamd now restarts properly when a HUP signal is issued.(BZ#499701)

the clamav-milter binary was previously labeled with an incorrect context, preventing clamd from running in the correct domain.(BZ#500392)

setkey_t subjects can now read required files, such as those created by initscripts.(BZ#500395)

previously, a SELinux-related file in the selinux-policy-minimum package was unable to be properly installed.(BZ#502182)

the state of the qemu_full_network=1 Boolean is now enabled by default.(BZ#504238)

TUN/TAP drivers are now given full network socket access.(BZ#504738)

the required TCP port is added for the Cyrus IMAP Aggregator (mupdate).(BZ#504805)

Host-Guest File Systems under VMware can now be properly mounted.(BZ#504872)

iscsi-initiator can now run with full capability without causing denials. (BZ#506057)

previously, procmail application may have caused an fsetid denial. (BZ#507712)

the connection created by the dblink_connect functionality of PostgreSQL is no longer blocked. (BZ#508348)

the Winbind subsystem can now modify Kerberos related configuration files. (BZ#509174)

the attributes of the lsmod command have been updated allowing lsmod to properly query the state of kernel modules. 510188

the allow_unconfined_mmap_low boolean setting was not properly applied to the unconfined_t domain - even when turned off, unconfined_t processes were still allowed to map low memory pages. Note: Refer to Knowledgebase article DOC-18042 for more information about the handling of the low memory pages mapping restriction on systems with SELinux. (BZ#511143)

This update allows objects and processes running in the ipsec_t domain to read files labeled as initrc_exec_t. This is required for the /etc/rc.d/init.d/ipsec file to be launched properly. (BZ#511359)

the automount subsystem can now use the winbind mechanism as specified in /etc/nsswitch.conf. (BZ#511927)

all files in the /var/vdsm directory have the same SELinux file contexts. (BZ#512301, BZ#513208)