Added attribute privkmsg for all domains that need to read kernel messages.

Added secadmfile for all files that only the secadm_r can deal with.

Added From Ivan:
        mount_point attribute to indicate files/directories that can be 
mounted on.
        read_fonts
        fontconfig
        getattr patches
        gift patches



Added several fixes from Russell
        Procmail, setfiles from initrc,
        lost+found changes

Changed a bunch of ":file read" -> ":file {getattr read }"

Don't transition to depmod from uncofined_t for targeted

ssh needs to be able to append to faillog, Needs to check shells in /sbin

Remove use_syslogng boolean.

Multiple fixes to amanda.

Fixes to anaconda domain so it will run in targeted policy

Allow httpd_suexec_t to run on homedirs.

Allow acpid to write to /proc/power

Fixes to automout domain

Move ipp_port_t into common area so other domains can work with it.

Rearrange cups.te ifdef(`hald.te', `  ...

Add ddcprobe.te

Fix move of cert file to /etc/pki and fix ability for certain domains to 
read cert files.

Fix ftpd.te (Needed ability to rw home dirs and auth_control capability)

Remove some "user_" domain stuff that leaked into domains/program tree.

Hal needs more privs.

Hotplug needs more privs

Many fixes for lvm.te to make lvm work.  Also added clvmd domain.

Allow mysql to setsched

Fixes for gssd domain (needs setuid and access to rpc_pipefs)

smb needs to communicate with cups.

Move

-file_type_auto_trans(sysadm_xauth_t, staff_home_dir_t, staff_home_xauth_t)

to

user.te

Handle creation of flag files in /  (poweroff, .autorelabel, .autofsck ...)
 
Change
+/etc/sysconfig/network-scripts/ifcfg-.+ -- system_u:object_r:net_conf_t

So that NetworkManager can rewrite them.

Fixes for bluetooth

Got a little more liberal with definitions of shlib_t under /usr/lib, 
/opt and /usr/local

Fix some of the man pages

Allow snmpd to read /proc/XXX/cmdline




































--