selinux-policy-doc-3.9.16-52.fc15$> a9ԅcN>8?d $ Ahl  @  X  p  w y8h$8Ld(8*9*:J(*GHI(XY\]^bYd]lbt|u׬vwLx|efCselinux-policy-doc3.9.1652.fc15SELinux policy documentationSELinux policy documentation packageO_ x86-17.phx2.fedoraproject.orgϋ0Fedora ProjectFedora ProjectGPLv2+Fedora ProjectSystem Environment/Basehttp://oss.tresys.com/repos/refpolicy/linuxnoarch P+'1$?P) "K)[& %+y aI\\3$'kR>X& c uhbp't 62a!/v!j!Q {s(L(/k"}i"^8#"CQ08G 4{1U.Y't  -%Ch<2vV%[>\nK`. . B!VJ)vh[mWWSbUU\cݮ[NX\[iSMQ]x\uQbZSOdQTY]4^O\M?^1QTQAW1d\bTM@\Wj_XOxkZVOaSMPMdu^'TTFhUQZaMESMJ`JYXj<a6OzQXSQ=ohMPuUUGS[p{`SqOBOB`4Y.M:bN`CM2MBYn2WQZSM8V\RU`bjcSYdgQOM8d]raO^gm#i[Q)W/M3]M?UQ\ZVrTV]PNSVMROhUy^jah+WWOf8OzSqY"QYVitMjZMOMUWy^*aQOXO@QNOc[yFagZQOu\O9cULZmbRo[[Q|SD\^QRnQMOddP OXQZO:Y2RMdS6MDXOYVM7QuVO`~XcHZM;M=SM8WTYU/R&$W! }5VN*EU | ZT2_2@Y`19.,}EA큤A큤O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ O_ f90d6642396bd107eb2bead87e1f4abd10f50053d71665ab6c4dc0292976a653846bbdba1149ef9edd39c6f18d37f29e5ed9cb3670521f142ed6d7d2bf9f2b8342d2c3aa4d008aad3243fd00e4723033e27e253289356cdf2cf9ec46135a8327bceb4f36b0f077b7a232a94e214b3b0a5a85152e4d89c193f92ddaba3ede1ad65128c343639bf72baa8f8e30de9719525b5a51eb1c2ce1e136acbcabbaffc577bc76302b51378b70c53888e62a67bfeb074ea13f1047761560cff19fbf853b3f198c0a67fea6f343b0479747c6b5d707e22356d476684d74c639cc14cbd4220afb14f420b9744807e5a0290e9fa4826ec440a6d8f1bdb2de008d99a59c28205a185d8101bd6a9c5c0300d8ff9e6781a2a49c49887554c186f5beca33f0812fbaadf590e8cf244ef3b153b4faeabbdb0957ed576082cf1915a2528090ba61391b07fb0a4e2746e80a6d0cfecccb2ce5def2d699235f7189cb6def6b8d414c2ea50125b189160e302baf496af68703c873c32db93288dcd600703fce01a2a0f20a6dd6ec6c031ac142fc92106b93001b4a038848f55f525d35b38b11041c69008a4b2e7f8bb654fd733f7f17e21963c2a9c52c102ad4f8df2dec2d06c610012429d398133a3efb0f0a28e3194d930cb1e7bacf41935b542c31398d56700bae958a726ccaaea9ef8b3813b992779c0de050ff3e15d77c876bd230e383daa70bb1a9136786f165f9be0e197753a47e801f95c14543469f694f224cac0a31a323d66d1db42bcd45b742629ffb4e86ac54ce8e8360da60a5f2e2eb8ee3cce3badebb9f142779c7454067df3719857e4b53e6fb6482e489d1e255647c3b54dfb83ad53b6ff55e42e2b3236199a3fc137a2eda8528aa5b059ff601caa5a00c5bae91d1518e391daf10b21bf973f64d6a79f0221a34508e6bd5866b37c98bfae016d5c63fe308c140cfd13d4a81717a7c5bcca07f663d71f5382a069cfae3870138a790d2337b09e4ee94de3c42c3d026e9d0397d3a55cb76d929782b8c707d7def652c40b907ca75246c5e416edda459ac1b71dd3b724aee708a44e7afa2092a05c256c76414a8b359ff74ab4306d4720e99eda4d5b9f0355d96c282c81730e83f3c72527422db31271aae2139d86fa0ba75386b90c140c70af9ca056d5c3846852c5e316fc567c444199164f91174f24b0071321afc037277dcd3c9524e883628a46962932a7c288063edbc023366012936246248f8d4bc180e5827eca09378362db744e15eea0ad0da1ced120063e53be8207d59367df107dbe503e757032a31ea56e32f315ec19a44f27e528b89a862a4da856a42caede47fdfdf7d122192bc9c65e721c1f3327ca825d419be2d8cf6a4041f5cc66336d79bb27912b065d912e3bf12dcd36efab9ff236f1412a3237cb48e82e96eec4497716b5345bece4bab232e35418d77c4c0213606f2019d1e742f43f47db941992473a90b29463593ccd7e4cfd92d626016d2b4592441a8cc02af795ae1836192d59becb835060d1559acb16f509fcd3a1b349f2feccbe8d4f03fb655f89f1594e4e656e0d65261a8eb21004f20ca528fad3ba2ab1c0c287e185be593100436b620c9a63f83f65f93445423151b183666f5fd9ea9092eddffeda72349ea13975aa04f346d2437d4f4cdd71a3fba49986fec144bd47681ea2d954e82b287a8d6704d7215afb4659a7eb78483eeedec2714f2e81dca4d09096aa756792485c9a40f7526973d7afcf93cb0d3bbbeecc75e1d67b72fd94742dbd00c87936fb37bb20227b00fd7549bcdda6ab80948ae3e9ced4c1f73672d94047d0f2fe4100b7d323a4993e2e635e0d48e8d0358b4dd5edf9289ec18169b369e0605b4e0c8f47b20bedb3b0d69178a1526788c03f03ede46b4273e954bde0f8adf478f1c8a5cb9c521fb26dbf4965cde3ab84799ac303d232c041f4749e1edd46378982172833d24cf96533fed4f8d816efb5a5b8108e500e4ddc72935427e267c52afc351cbd3890fdd399e98c4903fab44df51340c2ca5e8d997f6e14e72178c1b1621a9c174b318bf0271ab346657fdf1a12886cf963188a2b256b387eb05a67eb6dccc8871f383508934c7a40010dbc2d2a37aff7c7f69e5550e949e0a78f9b9384266a3126f6129177eaae78e0e1975823394a0f4b905b6bc220c9b71d2dca54bac1618a56bd85597163de1757bc143895659ecfa52547bc158cb50fe7f87b4862d60852b4d7f6d2ef108762f4f151ef6333bc8e385e76791225e402a0df10fa78072d52f70be562e0478b2a81ca0a0738b5be04238c70eaac4ce3ba20f244047cc699974cc3ca2869ebbbb9e52f9e45bb2633594c33614ec849114c290576a16dea34c77fbcb691cc985d57618e73ad6d4b73ccddf0ecdc3ef8e1dc5d0784850a1630b6bd427049970bdb6698e7c9c274bdbffd488bede58dfbfc384c3e0655823107d5a7ec3cfde8e1d4703170142daf6f2ec038464fc5a386493ced7311288acba0def2b0c0bb48f628e783d9bf63fe34fcd0ab96c88dff489259135c41516913388b86c78318d3d8fdd3fcc575bba528a2160ba4779c14f70f4feb3c8f2db9013670ed98044fd00f76ec2a4925bbf05022b2b8ac09b9f86ecbb260a6c21b071da07af331af518e9c0ba902049bbce3644f677a38a830d23f01acd8dc0af0a9a896f36b17e72e00df36edfea0b2527c259e0d1228dd4971155bf08519fcb686b54a0853c659a446514fd006e315f983d99c0eac16342ad0f0c956424f83dd7771ecc7ea8bbf84b9a726f8bb342c5b656434f596cb14ecb97ad3bc6916743a9427b3ab50a6ce1364c3ef15be1523150d0b6309d22062a2c442f630f0a0dd2b7cdb77cd8d6e540c46f641154eeb1c25c5851831867b2e191b88864412c6a6195659ecbb8b50c4f622748cd413a5a82662a3e320cdaf07f6ca7adfe7781a1361498d077d0fb15f886ade87d201c2ec954b0393232f9464191a92a42db230d52fc2a36a99e3e19d5b32bab4a64c1291c3d0fffec61bd7580e78050d0fa09eb3e38199530d0dbede1d453f2c1aa7455603583347631aa967d3b2caeda2d3a8743d107449b646dd96444a281474cf31b93c735fede1ef6025e6b1009de4806e5a16fad2c1b049c463e718f2bc13448463e9b6f6c6adce0366a3318106f9ff611e5e47c157848511aa134622d5d7cda7e9e64b56248f3502a02014c14da23488b226867f6b8718fbf26af3948805d3b0f15eb48d7db9b1b29e09dea188385b8f16a42e6eae100aa1e1070ebec112a454512e6fdfe2b94c2784eecb6a154c2741742e4cdba5c607f21ec818f9be6298e56c844ac9703a153059b1f65facdcdfe16ecbf91e9061fedff3752052e97496681083a2067d7f8880d59dd9c766adbe451f11d74dbe2276a1f73b31242910c411cd8ab733333a6b2972f21bc3103548c0c467af54b3858fafb93eb5859e43a8c99f26c9552a8c02420c40c34b612c105ef0b7f740d2abd9d07c12050fb5c2b3b9e17a61a1441f2b0072c80d1f188c758d2226830c3f661b89a56f099d03c1d2266b1452445eaf91baab2d13ac9235d8787a836e812475d241505c227063bb5d6deed371a5cedee48cf419ebd909c4eb02e25bbd62fe111519cf4bd653684905b757b5ac9bef498478e320f12a5ca7e198250c634faa11d7c45b149d0c32f1b28c4a7111579359e460e63fff5dddbc6f7fa7de9616d8dbd6d4ad370d083481255e81c8aa109faa75bdfbbe82a326b1c28bcf754c4d70dce53a866ca8a8c913a2486b8e9ac81937e4fa3e135db958f0a00a95eb3d4a64118c6c91151b915678080ea48e94ea9457b5545591f92e8dc2cca23f79fd7ca9f249bb15fb2bc058d54e54ebdd9f819c6078debff8963b9244c2e7e06bd90b52a7d163d08f0b8252bed9c9a78cb519407514560a4aa47d798ea13b2f85b4a5c21fc40df20df2075b34083a3ccc53e6131f17ade6bc400ccdcd96f3eec7bebed1b5bf53acb24dfc79dbee06e1286f17704562ae3f8cbe31d1200fd91c0cff37c70b4fdcfba90475a3356c6d205caca4365157fc905ba13cef8bc55cc7886fb063538f19bd39d5eec6186e83e307b556133451b84510315d332db1bcc74674d79dd8735f268f76606695f79e88dc12f59a1fc443f469b9e18db671f75734d4cbefb3866b35489ad3a842aa6638df462a9ef9b49c559742dcf8d2076e7f0b7cb5993a6e82e620883d9eda504bcec9d5d37013ed3f5dd4eeff9d1f565be8555b1fbc060294f5ce2f155477fd43ce500481a6c0ae2681a0533642bd3df7c9546299e1d03c302d832d20241de9da0f5fe638b80df05ffec1075f00d2721e5f34057906f42abac044906c24dbfe6fe20fa5f1edf7b365346dda70223e69fbeb940287037c5aca47024374405599f341ebc96b7a9a4ae84f98c12fbc766a8bb7c3e9cfe188341b11fa99a754cae873d712aa37bb1879ea116eb5be9bc62b33eeacccbb908cbefcb92a13be772e597cfce7b8a437b94820720cb0eadba56279b086e434edd65f8bb35e12f5c0ac1947231a72bef7ab7c551bc39d844c4cd487cd4bd35fc938ee5960569f4c7b6d0dded643fbdac18915fbe94300d79e89040ac37196a3a82107c29c648c491cb3b9f37f2a10f26536591affdb83525b111d158cee2487db0e79499f7713086ba3cd9736ed8966b546802bf2c518d3357ebf6a7f9769c346b5dc748bb80bbf18ec34ed278d404f174f9885125914d464dd73946b34d5390332c59de1b738d85647277e00ccc4725a6cb9b57aa02d03023c5e8ce22f12f5f5f3f2ffc15db4f475b15085ee9df4e805d12d07d415dae33346ce5196b05d0b7af6b69b1cf67b760d775d1c9e7f5fdb4ec5710cafe7e516892de9e855b5d0bea4f99c1984fd0515ff885db4ea126d15125510f288f036462857556062258a2b5e3d3611604c98c05d20664f6a82bda52c9c2720869d8fc2270d9a2611036808fd10a1a28eb05e0ff95d7a301fcba3858480eb06802edd5a0d60ae40ed01d3209fe5f6fa04c20b02a8b8e09e5f00b690fec5c387d142db4ded3abdcb078eeaa0cda3370ae0bf0ebe36891bd57c6a7df8c4cb799e6c8fad5972fce58cef5bdd3b8e5f27e2faaa1ae237266e470c8b3f6e05b31ca676bd1cc60ae712b1d1c4818f211a8b7ee0283b57fdba25b2fd9e2487ed013b786db3abf1fbc11c3fa96a50e9f1390bb8ae2a5d529f6becee335b68205bb2ed1e2a3d99d1b3643ae1a8b6170d0cddd8e806c0efbaa40b5539eb4be25cab774ad6508e73d5269b6d2598db6658442cf484ebc5d35696bf1bb68a21c167f757b1851ecc7aa901eedd7b4ac9f6fabdd3d598e7593b52a1380ff88e4a8acf854da7d57d85e3fedd56914d6ac099b930a75734975449d0f081e9ad92d9b515b31ac1e0fd7a3a9cb3ba5577d11998067a6fa84d271203ca3bed9341cdc61947e4ff8eaf04ed081c009bd7524b35375ca254dbfa0fa4a15f184b22e43e28900f2235838e0249a76b5db854e25851167c46521b47b9ec80e27644d994d6158a3f7ee0d47f7915ae96d90ee1526ef067323c31e011a578eaaccbaa9a361068681fa4847233eff9c7aabb8bcf9d8239a47f45c3600d6e221cb3a18da1ab5844466f27073574878549aae60223ac6a14941bfa1211915ad0bceecd11241fdf94e9f36de263bf919a58bc185114dde42c7cd30ca1ab0ee19a409914820d1f5b4a33d8b1a73537fce181e934f9d1d3ae028e038a221929d32245d1f525ba01b4fb025a267da1b1e8492e5d5b58bcc1b579c198f7a8aca4f8d1be3556574b2f6f2b179a2ec1b8cebab418b76d8cd9e417dd24126418eaad629f701b5285434a755b6a369e3ace259da74c43d7961ac9463a90f2fcfab05ebd6ea8cfb7ce6429456f448b0ac9dd7b5f01422b23f0e67c2b649e380c2c4428f75746cd1c685829090ffff3fa9dd04299105793d744dcf377b3ae3ce6376ec9df3f44104fc575f54ae20aefa8ee39d3e14247052388411cf3b8c9fd9f2be1d96ab6b578d41797cfb02734c3b34f708f13f504674acda3319a6c1ab27e9884325d3b002f054f708845292c4e71d424885c1c38ce32ae019a6df3f2c152f70b4e5e95aaf8b2ae2da33d7933fdf094e6bb13e1a8ce6d7faf30f138a70a08025b7d44a83fb64c832c8020c5c5ea3698f4c6415cbdcd2dafaa32341ee052bcb219a989d0991fb137aeab8d2fac8acfd2f7ac8bcbe4c112620c24b9dace1b0993640eba07c8db4b0b30a0f30976432be567a13963a04de7e1b105c511f6db3f11bca311cfc34a936eac42bbb67ead5cf174d05262db855b1a8437ad291e08c0e83d669781485a34c8543125384a156c25633cb74364d4c655e8792a988f27f20bb0bbc4c9ac130959af6a1416348bc7497bf8821b7aad8535b04271d8b5e1dc0c0f20c86f68b254757b50ad18ffb3d801ab383093e169e6d08b3c0709e01cf7075460102bfdde4552b3440ebbb3abd51f00c6d4a40c8d1b5159e41ed1834f4a76ad32c8fa33feff6cd80f735e6f5861554c5dadcccfe6f1295c54f6e4039bf16dbc1680d7c3e9cc96f5457bfa64f43c840ad7eef3cbdb6d14d5c34bfea897960a1d284b8925d23051b2ce7bd39fca8023a0aedb1de9b649014604d7132d0913283475fff578f3f89da4593d8977cd74685e1293519bfb8d80570adf491d816d0d659a6642f8b43ee3915fd3acd1de5680596564322bbabf44ef0cbd6239115561b8a0fdbf5defb51d5376090acd670b48d6de1e4061fda06d87df103a1c81db18da1ac8089cb8a34f68e5a3a993252940f65e3eba13df58b2fe43a7760b82d5dac72c4aa8f41a201ac943f24928326e96119809ac98505c9ca345b391e9a234b2efe2c175985aec24b2379b20b676b72857429805520fc214b8906ac4f4e95110c2bb30b266f2ac66d4b704c37a96e896944c564027c8036c7cebf7f4022a2117e782f64c17b283a32195b3ff33d9f918c8d94a32c94ebcc76b263cbdfddbbc4f42e3e04abd7d1fb9aeb9b1eccff2a2b4dc4b8cae04c6644997dd405d89357c2bd90baacb0d0c24d71e01294daab40a108c3e9b62261e4c355e083ce7261f07f7bbd5be822cb803ca865485941bf92ef08dc136077845697946016d74ef6e0ede79b182b9330b6f096c4c61d5ef9efa0d14d056ea92a5b66ff6db4e15073f40aa71932cc4d27d9182281361682adb7f28b32595544e0c026a76b1a8c28388c0bd6bd22e1312fbd8ce95dba1a11b8de73890ad484497ac89c30713f4e92dc5742d66746bd0ec843aecfb8af5a60e9b76c67516387f78d570db58e899bef46f823ee37765d0992a1adac76aa0c98c1099f3eb75f58c8d263507517c0aaceb5b5944a6341a528416858319b09d3b291ea94c196b171256d27ede3815ec1e32b16d0a6e8805f6bf5baf849195b505ec7121c2a7d9c136acccaad9c2879d174e11bbf429c64616f9f67d426cf7330df718daec9e7364979b93cd248544014e15ddb217e70ad382476d6090fda6dc60b2ada8d12405891962f92d652f1626415f684303391f91c98fb3faeb4ca9131cef95c583ab55d721fe2e5169eb7acf389cf716a85b5b4a759ddf189e9731ea9974537ab25d52ffc3532114739523a4f963042bfe59c12bf11c929568d94cce6c1b94629eab660f1fd17f471b0b728354ac487d24f0bdf8ca49f7ff6aa466e2ce9c64442793fa9177b12ff903a4344e9538f6fe36f2ff05f1ea4e660cf45af31e48316797616c01a94fdeb7dbed01d24c7d415c5a1f75d97f729e812e871ddd5a5d72f5141c163c2a062d3bdcdcc87482b6d109619fa0d40165e148c4603432bd7bd41bbdf32df36f4168d85b7d3701fcfbbcd3d3b3e8632ed32578fd4596a2e72dfc37c5388fd52e94627f52bf443bf213a5eda529b557eca0395e543da5d84ad14a9ac90c7aafbb617e6916b90bfe5f82e2a518fd2c6ef5d49cfd0aa0e89f424267209b81b0ee360834af2f6d13994141e7c05e8481c1e9e1c8ca4bcfa5e7b99aa334c4938443ac02c97e67e077fe762f5e5308c0c98a1d73954f50b88d3b7c24854dd6052756c94ab25712ce677b3681eb4b912ad124a4780f7e97345d087b97eec5e742494b3415c5cab066607a75bac5391772f7ac344d648a2439b107a4892bee9810992a66c152c93a0c264d83663e5c76d26e328e2aa0438461c17dde723c7b09ba1e5f101f46275fdf970ac269a4763191d6bc36e7887a1ae85058c8724029c7421889bf5d454df6b2c0da443aa092020558a4dd1c191ca7db2cfca5cfa63e31e9c3a5b22e971abdd5a995226006e6da8fca3ba1fbf0f059e3c027c1858d46b31f69ce7767335460b31ea6b3123aa745ce5be0b69cf1de8d0e7a63179ea6c653d1cae8b37ddd77c45f769e1b3f8eb979e2262dc833c4f86ca55ed37cba4868fb38e676009d1dd285dbe22728c1643ee79e3e63fce9a06358fe745b241f7e8f353c41623d1af9745cea41b5cce6b9c0a7c2066e9c8738cdedc0093759c9247d9c8e508a1df288d8ec364beca21754adb662f6135a417866fedc48e347c26bb53133a56022c12d28205dfc451190f680b80c83605156e51632bead62c19684ce1dba58a42893cfd3480c75a76e0d39a58bb89f90b0aff60a7777358bd01875864926d480ae1eb13637805511d9dd9078f2fc0aae4435c5b0a05fe5d6b9c24c8f42bd7cc4c8f4ce208cb6d57cf212c217d2c044505cdd8f5b4a958dd77e7f20a6644f777dfca06c985905bbdb564189dde3069bf76708d905f4208d05d9f8662e59f5bb6f75782a811380a83882c937c653986d7befa99d42dfba05cd8b9e9033f45a284f25c2cf24a12beb826299fc9e19974fae01daa086a63dcd04a45dcdf6c138bd7e8a9c424873d4150d9ff582507c7064529df23c3d169b8473ef224ff0fe870e52c2c539a9e034a42c27892f6fe00f140291ca1edbeb53461d1dcc13e65bcdabea29e4a744d5ec5c26ad577981e4af69572b6c25528d8666c77d39ba22742285748cb799bc639bbbc5642ea430c8c3395a9b22f8fec126dae56f2acd5f80aabc918b2910f390269e4cc240d33fa217e292ae5e906b0e0d62b95549e84b368374cffeae0aaa2a77424fff542bf447e2e425027e9849808bf13b70a4a2e0313c13bf226297a38dd6dec0b847821baa4c3d74c59f5c322a7ab6a05331115e0110c48308246c2756cc0e98273063715eb80b388222a432d85e465f3af5d9de627735f17d70966ac5b4251321483c874b53dcd927bfbe720a124db5b4b01389fc29dcabe59f01fae6213fcd93d961bddae37c97b281135405716dff1a39d09e2a7209d4e37cf1b3064645ec291bf26eee472adf86bea53b69db2a4eb2b1dc7c29f31f003fc73a7bd71ffe6af0fa28511cabdda757c7513181d71309f5ebbb816fc37021fd6e5458004325a0b0fc77943d845e15cdb7aee3b939592b431bf0bb4580bef31b94f35a35dcd6e9da94547f80271cfb65f2adbb455e6453d03527520a29e1a0a46667c561de53fd13bd24bfae216f05e6182e22e639eabe1b1a955e097e966510dfbed795b42701566fb7d6e1a9090d3e350e40ac18767eea3dec883c961a2694fade4f9f4d7cd233bd19de5138507dde7fbe4363f79f196b505c33bd1c22f6b6109a7ce4373660f449aed0c973746ee9d6e0f8790b63b17090c7eba843f5cd578a35522e19cbbb473e7753879f462302f7d0e6318bdc8891b0d44035c3b5a243ff81ef1e63f93de574dbc42aacf564ef9690c44fd845fd87d96176a83d5c0a02de15731c400070afcc7f38e7c90f8e7ccb35fe0db8958273d5a15abd4e2c75e4088cd75a31f1be465434a1fbceb19e5a8a71c8c3ce231f89ffe3862b619e9a54e3687192e1eaa085e9e5fcc44cebec5b2e97b5ba467dcfa9789cc00da22f3d63bf5072f0dabd470cbb6cda0842fae6c06d1918c2cb03f7b7a8c9a413d4d6b805852e7bb33e21cd6ce62b19bb50fd576ef25c5f0eea2bffa21b8cb9f564a24c161a24df52af82e866ecf594f3607adf54f7fe3d794307a83b7bd4697250cb8cfd6320a7e396a0fb1a72c93c9f83bde762f993e011b637322db770038c821618332294d35f06c5661075e7b4c226f9edfa0f30f704660d0424f0bc26c7db69c588f5350ffad97bcc02b3279fa3eee5b1cbc60a0313d85c988d235f0a4af1a5f9c7fad0cf9222d6515199b55e42694bbd76cb0507c94031033a98f22dc467ff585c4230f503a102c09c5a73e06e08861d58f16f2b765333f4194e3cac177391669da46c4f4ac74acd8bdc4a009c091af3e5b23a11a4ed6086950bde6a9c5299ecc77e073dca163f91dae0aa1af9ae7c60bb03fe71867d41da4ed98527e7763e47749959bddd80288cf9f3e92d0239b17a2e80c00edbf92710c70b2fdeee0e486c1909cd97bfcd734ce725268f7d14f36198340300acb0216f4909f7870cb74e5b0fe1f62428cce97036af241f35889f527a614e51bf7261d236f0668725738c7ef3db22cfd772144cebca4ef597989b349660290f3456a879214b4d0f51bc61dc3229009532fc50e82e34cb08eaf775fcf017bccd646ff5ee345d7f7ce6d0d13dc5c31411ac7294849bc81b567c640dda597b59bcf9fed9e3ee0a3966c49d6db27e5c1fe4b096c90f3696e702d1de9c88d524e6b72519e5a1bc7c5769e2891c602e39139ab5ead7942ebc20b8a7c524a2a177e8be8aca04da95d4665717000b39b11ac7a59f102ab20cc071e0f328f6da05d0012d886b3d18a26fe05bd72a7c91fa64c94ed3294a68e7e20bb90a853aa2db5b24a86195a9c76a8e9dba0757e8b317946b5cbe2045535568ed6d7e1c8d0157be8c3d2a41affc18610d777553259d3a6258b011097b9a316ab03df56d0dd12823a8cbee7a4a5c5dd668aab44fb01e08d5d43d9b16fb3635c17388ae6585b5e668bbea09159cd9e289b5b5dd8449dbb9873ebf1179c857ce7c424c0c05333e07a12f6f3f9fe5707832553a965d598e43b2c197374c86b796aa95e2eb3220c525dd371122b4e3138b8df4e1d7832d1829c03f9d1a4460c0a54e243baef6b165176e9ae122954d2dbf80b8ee105a1f36672b625936cd990670ff73ab73e2363502bef9e563171f8740a214003edda1c1d397e622af671bc4ef2f143cf43f95b0a8507aff4e50970ab5d0e1be702a0d4998ab64265346c232091ab6a971a17ba5784aedfa15f4f580aac4fd38dcbe0dba09bf09b39330fb462caf48b474418f9d05ee2c9f4077b7b2ec83a81c7440b993ba20e381bb2d693492c5eafbfa3b59deb641fea3779eb6dbd16c39da2bc60423c1c6fd7da59c46dd4edd05b3c495dd91b60df5daf3011975c7d5594fab8d0378362b8f5a58b52d11c119a95afb9dfe8fb72620b7a2a51012918c002180bd9539c5d97046f9088ee6bcd69eb89324b473f3c15bf7179884d4d7622997be157aaaa0910f04e9cb30ada2702859f45850a33d553e1eb74662a31d30afe504dab9ae652e53b7fa844d35add9886f8924ccd1edc2cb9fd5282a7f1b2d857e4de5d641244fc9737ecd022a08c05f83ea6a7e702ca19c8fddf463a4625dc355953e4a3f22e267b7f58b5ed3cb59c240927fc68fd9234b3b85d456ac2ef5c1931286b8f0b251129cc77194f07fe7bdc29c9a83829feaed285c4e6044e59ad21e4320058c04bbb884efc52edc51a3e449447fe4d3dfb19120e5982d7e1eb206349da68fbe93a2b981fb7bae1d736eeb07656ea2b7a229b4a0e99b0fb44e80c517e127f169f5c2f57f0ef63603da14aebb7aa7461a49c8b0a7be5dfdbb4d636842b6df621454e13d15b7c88e5a16535f33a5a69d353d5770a8b4bc419ede359cd3c298086d2c9d53767b3a7709644f2a57a9bdd5ca0042510ddb649539448f47d8a508e8a883b98f78bb55575547c479da4641de15210de4820cf4deaaf27da85ee057001e26aedc94dfe233b238b421cf62cc372dea266da4cb98d38a256a149a5f73d37d3352bc0092ab48e2a9199cc8d20807a3b97d6a920b391936c5f62c95ecd9358724f9c8a3ac28a49fcc8066b6d61adc2793e89f2a4129124aad50e6863259bae4b6759b38fe55589cbf978146a33469055aaea5f75ef2e3249fe11928ae72dc2166fe9e9dd352f7dc89773ae14eb5f2bdc96b3773c167604b529c0182bead60217602766d9c7653a61ffeba8d706633ec5114e8ff1ee1ded9e0d51a82d0d91d5b96aecf9cefb0277a92209197203bddfcd05cc2cfabfb7eaecd9ee0e0b4dd2bde42e80e7bfcfc5492c91e23cd24c9e3218d726c9f9c8e8a4972c84264df6155292f3bda5fce4eff80171038223373d9ac748533f36de74fbcec24748fe6c2b3d0321da6cd134882da6a32e4339db3c8746383080710b10434ca2014d44b3aa43f667c80e1d58b6c6d29fbbc894c89298c2e2e8f4f028d5e21ce9b72f80562efc06528680b8d5d211b2326333f0d7fe0ec7ae1fa79e1aa853c5e53d2f184ddf0071f1ada81b772e6cc03c2bd75628176d14da7683546b5e249650db23302be6cf6faf4ac3bb91148316b192c1eac69f94e0d74fcdbdba258379a98173328aa2eb224070f5f2339ded23ff87fcc1c92d6ede312cadcd83d329455d3c03057b57a344b4fabeb9e8cbcac93e36f0a5f5ab84d456b770a03008c13f878d20a56bfc11fa5094988a474cc78029d737c604b5abe5cb085212dd7d9134f7874905fe4451112b96ddbf64dbc33824c258293efc4dc03e49a305c424a7b38bdfd2d17ed345c723e507c40dac84a7f2677b48a8a26ad01ab49a5e9fd1e7a8cb4e640f0129db264e5d78cc9357cc1d645ae491299fab812d32563dbe4c2fa3cdae208f9893178796522fb3d9ef67a67daaf14145894b402dc365828020c426eb8eee517926ba55badbc1d68e21244ab3adf0153076772151e90bcfcf41631244deec0c3f1e161dfce5b1a099f41285a1b6964015d33e3175e444b1d703742e91b6e28a9d2cc5da03a0e09a3f6e64cef840830428a40a89868dbcdc3baf4e0e1fff871c8828234cea96dd209eabbb138fb9a610f2434a8c5cf94b83e2575f63ebff9565da9f891465ff35ba2720ed12a646d497ba387ec7093e01548711a60fe054a43d2a10e695b4adbf09fcbea251303fd4fc67389cdff123764279e095902984a4df2365c712820e9bd63dcacee48188f530f9483f4f355bface0c39fe425c8141cbfbf815dfe22e7dfcc887fd00c4bc055712df27f6816db7392a25fbb2fae1f96df0e85e4b165ae90a6c835f94daf4a14d087a6c68479fed4fd9b85471ff5f10597c715c5faa181fc6b2c1816bda39c9ecb8aae8ff2ad068ddb07f9a20d83b3433a9b7a22e1dcd50438d12763a0c2f11d0faffe35fc350712b7f3db637753a932aa52f7378fd63bd6ba8c47167cfdb39d071475947edd44566ca4c8911424adca8370974496b602c5e6ed141340cdfc230386461c3d7b4f7dac72e3a18e98d4f837fdccddfade6e5b24ee1757a028b5806c4eaf3e4b62006d74cba122536033e9d3d4755e05e82571fe8c29dd8e27d34299ab69fa3ff261bec692b24f1ec6d0dcc55c9031fa8eae055b21782998f4e99c1912de14e710b4efa8c17b50c1f2456ef3af47569d36180e01dbd17c1e5ee8ebf7feb720b33364fdf565e7c4a6f80b7184ea31fe1bc0df1b33a2417dbe15e1accd3c597315f5a600915f1c476d4579d5c086828e496f6b13bfc9d17040f504ef804a3e085df096a935732f780cf0a40162469c5fc106e319efd5eb56d5cef59ea49513929b1e312a008e46ce74638e1aba811f69070d46dd44e63e376990400756b048cdd3e60c340bf861306ef5aaeba48e058247ffbf35a93ca2eb511f7f938ff1b1b9ea55cabed1d0e5cd93fcfa71a3d91b5394212c6e7f119ed252f43b9bc513e1926d33510b85b9c168c14906f254e86cfc45754b3dc19fad71cfc3c00165a8da8166d9bb106658b42a63954e681891b0419dae3587460720dd69a3eda0c486628e07000ac57fe24ff6f2a32c95648e2bd7c5b916d17505f9c8ac1f3ae5318b3dba0a802392d6ccd893cbffbc66667ab18a91401748068f3dd3cbb86ffc369b36ef1040c5e5f6400fb3b18bd2e9f306be1d294b9d22fd2726b8af918a28fc7dfefec99dbcbdc50b5068419b549ac1895cad67cab08494de6d947dc45f472047863442a214e325e0ba1725339704958985d8f4cda36e50b6d78a93ea9cafbcef2a3efb5c1b9b9359d52af1cd50404eb1f23a09266aa147b0ea6ae2aba66e062e189150199365c9574e882a93d2f7b6413e5ff13ed90f2811e9bde0ad70aaeea1dc81912390daa2dbdab24f39208b58a9206dc91874d3d8d18c093fa3b17f94042cfafd6c801a830be90744e16d09946fcb2caa81e92d5141cf4358a819a9d78f9aca9666a2c49e695f50766958c5364b8a668d84bb5e70216c03f1a8fa909cca9e57587a87794325ee47a964da902d1c9c627a9d2d35b8b66d3d444d9af7449e83f039247f347fde91f793ea585e6dfd6fdefaa656303a368a8053188a289e55e9102e5d6f382af1fff9d0de417316e9abdd4e9d9d090666ec9bbe8784148bcd9bb1b68c4c1145b8a4ef58d1000e9c9aefaf007546b6bec7c21fb2f98a2086534c7d7c8d3b6955658a12f31ce738de15db3c456730205f3eb901c5af7f98d9a750a142d92d055dd0030ddb1bf12c2cf40ae18f0823318f5a32ef75956d34a0f234a13988824f1c08c38ef37b34d6892e2f351195c288470108b3e91dc527bcdacda971b5576dfcf9ad0d56f20b8d641225809406a8e563676aa144fbe47da3a7f05fcd51f2a91a2e4917dc578165798c4382b8facb4bc27a1fb9528a98260d1ba88ec88b1fdd1fbc527fbd41dd9a201944f2f9e76b611ce82b0a33291809b68d0af48875bf09db2a9703536c6d88567f2570295529891b9c8086ae73c300756bb6c82ee4a49287a7c9c31a0abe3acaea8a182003f362e6b8ea0e786e671ba37c7aafeb09eae7ef1277735d1a7b8caf7e0bef13df362aafdf7fc97330a300e56a922380e75f7396fdfbd28709b813e320c671dd7532dd67d56155458c949f20111728a60303bf05baba0f0809bbf0962a47164d57ab29e53a9e486d65c30970b921e3506c72cd71efa29d4efa6b256ed4638b215d04c4b8d2c0e72dde6619a3a53c9ee762fcd4d5baf2aa1bfe2d26df8f445274b5d5ad670b5e1e491f8a1af4acf0b913815b6a09822aa6ba67d46e11cc76f2d6ee40cfeabf247478b478304c69f3fa129a9bc4e2354d53c1056efbfeafab47d0a3968d636eae294aaabbd661dd7e12c98a0150bf6aeee33d34627230767ff1fcd726ea995085e1eb576293e8ee9fb9614c29a712ba00e7592ffa7c032c773f3003305e80fef6aa8e2eafb8f47319177fdfd54fa77fa5d5a8e5cf2eecba150bbcf97807c53ab2cca104d32607f7a020f027b56e660a2d05a209041fa5b3ad51ba924f63a76c6da16f1ce022537bfd93b48005a714a6fe87c0e395e4017dc06c8ca8d7f64041baefd26441f7dab6ef7f94c9479c9d31cd67f145ccbeeb09724f8da103651d0d5a25ef23ec1b9a70eafc44ce7ea6d98b6318f4d35e9d4c32e3c4cb5c72997f04679d6c17fddb967093a3fb40f0d43041213153f8649276e50fe38d07b67329326af93d75c1b2ae9e405d2d8ee53fb9ac06b671bd52d2228a0153a5041f8c202be8e7e36627a9ed4dc5a29668dde3caed13d37619916a05ed164a312bbd3eff443750ef9076a6baa25d95e20037234dd35a10646a33cadb1470354fe7c251c7b51ed2609e343253b1adddfca993c02a5fa316f49653637ba09bb73936537aa9f2c05908d3e5f157d6b8adae73022b703d7b7e5284f52f96081afe1a339b02b7d276a89ea28c5fe31cc4a218471c35c9e070809f61c8990a4baed777756de618218a7e49b8909ff1fc5f25e53c2da406b8ab1a5477dc46a319b5e843ebd7c483c4f0ae9ca3ae9c9c5c56115e6e3e77f48308235e668a908e446b38b52a9b12f1ac40267cff6554097f09f845c7a72313bf5553c34919bfe7686acca6d168d5a726d0657443e8b60527e6bae4b95b3308ce733be76552dfd91e3de537bc4c3f00aa128392fa7b654b2aa326e24665345a7e7917b6521139b1c0c8b3b01e4ff32e5c07bc4931f0c208a706972ff642c101a5ddb055988e3ea1103f6b75896035fc6148ec5c61f664b315954d108934424463f30d86bac7a624eaadd0f5761a45bc55f6da19a1f25d3e73aab0d67f4713e4c9e77eb74cc3acc412a6eaf2028cb87ffe60e46452f408eef93c261ee26b6fc343a344482953f832962ccf54bfd52827c5df218fc1ad753dca9f7d365ddf1cec9c2a85d032bd955334b127015d8b55f1aec00144a27a7779ddfd4729cddc73a4dde28359965f1de0f5bf0e489fc1e1a252bef6685af13e74c051cca5f7e5664b79e5d826780e96c3e9371f9f574f8288e8d37911bc368d916e1894d7d4413c0dab3d7c4211a5e469b4869c8f0d09c852fa65de6a83661564ba7df0a3f4a67fd0735949f7a36f600d3124fb1dee9aefff5c0f48079c5e75322121c6feff7458b82c78e591738772a5f7d2d996a08653a5d8b224a3e61f19b16b6b337863818f14fb9d44bfdfd7fec81cf4213192df81e9e282ed549c78a3179b3771e44b0b6234e323a0ecedce45afcee75717e12a46957e58aad07c8594084b14e3550e13005efe1cd75abfeaf3bf9d45d85727f3dc62cab8be95b4b289ccd05c68b6c760a2907803dd42e3f2a6cff91e8f54357df979a3419e3dc39a96c13b5a1273a4eb96feef7ddaab5d8dec630179412ab147fe68ba260ca11bd7dbc930048393bab393f364f1ddf4d51b2310a6cf30b2177f322cb04de02afe49df693597f6048ea2e2f4a41a60b3926a1c9a88dc4d79afd3e9a65ca30653917d96cd25c7dbc4e906d440237a67bf3cad7c81f88f5e107445a59eb44ffd751bd8658a9bda4491aac8d19ad6dedc1a1eb136aaf2b73bfc1868c715d1093bdad684e6622862ea659984932d55f495288718e8001f448bcf811b8e5d22ba453a286804660c7b42f1c4abb793e3ac8c1ed59a1490e1e6fe518479811729e03e352674753d1023c2faad4ae3c21f56f6957b4f32da65f016ec7e5017e4c2c59666900b78fcb623a2e401b1cff11da13f90350169b04a7e3e7a2260c6c5f62a3bbb77d1e8abc3da0b2c10211698ae3129e7fc91ff91ba041530858c5ab6e443665a9daff01e911d3857d526498d3e311f310a419a50370ea8a2313dc1b861a2d7ccec977d263b621cb44e0d0e3cd950b1997dd30e6d2db9687256c0772be948d84e5471be844705645a0aa29f4dcbd444ba700505b207aad296257c89a16add72efa18a1d10acf882ffd5499a08097de161a54999149e649922a2ffa3810237b7f44776557970026cd103e4e3df23cbb3d621b82baf46715faafdf45bb4612cd4df7002f661de0b2a2192d5ab440e4e0790f7968e54e61993df09714470980816ffc96a59d2102be9e7de1e694ba7f5c4108c54913aa59e4c78b8b4cdea7c46e7acfe95fe92df558033010ab7036cd294d2025bfc051aa8e5dca913c38edfbbf8bf7749f02559fca585a92cef14a1c58c87dc43072ad7aabf125bfaa5df4332d11716ce32c968ee3efb1b6a48eebce662445fe4fb090660933429ab71aae6e53af3b37aa54b15e0ffe5019c8200128bdcc503fa7bcd81b476b71643b22c87d56af4fa930db72371a3c89bc01ea9310f104446f40rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootselinux-policy-3.9.16-52.fc15.src.rpmselinux-policy-doc    /usr/bin/xdg-openrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-13.9.16-52.fc155.2-14.9.1.2O_6ONNؽNåNåN@N@N^N/NN{#@Nm@Nf @NC@N;@N/N&@N +NN N e@MM@M@M@M{@Mߒ@M@Mc@MM‘@MM@M@M@MM@M@M@M@MMM@M@MlMM@MMTMx@Mv@MoMlMgMgMbSM[@MRMQ0@MQ0@MJMGMGMA^@M>@M9u@M6@M5M4/@M4/@M0:M,F@M$]@M@M9MMMMM\@M M M@L!L!L@LL8L@L@LOLOL[@L@L@Lr@L L,@L,@Lډ@L7LLLNL@LΫLeL|L@LB@LB@LB@L@LMLL@LdLL{L*@L@L5LLA@L@LLL@LcLzLzLzLzL)@L|L|L{@L{@LvW@LvW@Ls@Ls@LrbLrbLk@LjyLjyLe3Lc@La?@LZLYV@LXLN@LN@LMxLMxLI@LH2LF@LEL=L=L=L;L7@L LT@L@LL@L@L0LLGL@K^K^KKKj@K$@KKK@K@K@K@K]K޺K@KtK#@KKՀ@K:@KK͗@KŮ@K\K\K @KKKKK9@KK@KK@K@KKKKrKK~@K,K,K,K@KK8@KKK@K@KqKqKqK}+K{@K{@KuBKs@KqN@KjKie@Kf@K`*K`*K]KXAKTM@KPXKEKEKEKD{@KC)KA@K;@K2@K0K/c@K+nK*@K(K"4@KK>K>K>JJęJH@JH@JJJ_@JjJjJjJ@Jv@Jv@Jv@Jv@J$J$JJ0@J@J@JG@JG@J@JJ@J@J@JJJ#J@JJJ@J:J@JJQJ@J J J|@JzJyt@Jyt@Jx"JrJrJq@Jn@Jn@JmJf@Jd\@J\s@JW-@JT@JS8JKOJI@JCfJCfJB@J@J@J?r@J<@J;}J:,@J7@J67J2C@J0J/@J,@J%@JJB@JJMJ J dJ@J@J@J@J*@J*@II@IIA@IIII@I@IIIX@IX@IX@II@I@IcIIo@Io@IzI)@I@I@@I@@II@I@I@IԨIд@I̿In@I3I3I@II@I@IV@IIaIm@Im@I@I'@II2III@IIIIIIII@III@I1I@III~@I}Iy@Ix_Iw@IuItk@Itk@Io%@Ik0IeIcGIa@I`IVIO@IJ;@IHIAI>]I= @I7@I6tI3IIIIIIII IP@I@IIg@Ig@HHH@HrH~@H,H@HCHHH @H @Hf@Hf@H@H+H@H׈H׈H7@HBH@HǶH@HH|@HHH@H{@H)HHL@H@H@H@H@H}H|@Ht@HsVHr@Hl@HkmHgy@HcH`H_@H^>HQHQHQHO@HFHFH$@DX@DU@DN@DN@DLDH@DGwDGwDDD@@D?D?D;@D;@D:HD:HD2_D1@D1@D+@D+@D+@D'D!<@D!<@D!<@DDD@D@D@DDDDDD@D@D@D@D uD $@D D @D @DDDFC@C@C@C@CR@CR@CR@CR@CR@CCCCC@Ci@CC@C@CtC@C@CC:@CECCC @C @CعCعCعCعCC@C-C-C-C@C@CCǖ@C@CáCáCP@CP@C@C[C @CCg@Cg@CCC!@C~@C,C@CCCCC@CC@C@C@CZCZC @C @CCCf@Cf@Cf@C@CqC @C @C @C @C @CCC}@C7@C7@C7@CBCBCYCCCC}@CqCqMiroslav Grepl 3.9.16-52Miroslav Grepl 3.9.16-51Miroslav Grepl 3.9.16-50Miroslav Grepl 3.9.16-49Miroslav Grepl 3.9.16-48Miroslav Grepl 3.9.16-47Miroslav Grepl 3.9.16-46Miroslav Grepl 3.9.16-45Miroslav Grepl 3.9.16-44Miroslav Grepl 3.9.16-43Miroslav Grepl 3.9.16-42Miroslav Grepl 3.9.16-41Miroslav Grepl 3.9.16-40Miroslav Grepl 3.9.16-39Miroslav Grepl 3.9.16-38Miroslav Grepl 3.9.16-37Miroslav Grepl 3.9.16-36Miroslav Grepl 3.9.16-35Miroslav Grepl 3.9.16-34Miroslav Grepl 3.9.16-33Miroslav Grepl 3.9.16-32Miroslav Grepl 3.9.16-31Miroslav Grepl 3.9.16-30Miroslav Grepl 3.9.16-29Miroslav Grepl 3.9.16-28Miroslav Grepl 3.9.16-27Miroslav Grepl 3.9.16-26Miroslav Grepl 3.9.16-25Miroslav Grepl 3.9.16-24Miroslav Grepl 3.9.16-23Miroslav Grepl 3.9.16-22Dan Walsh 3.9.16-21Dan Walsh 3.9.16-20Dan Walsh 3.9.16-19Miroslav Grepl 3.9.16-18Miroslav Grepl 3.9.16-17Miroslav Grepl 3.9.16-16Miroslav Grepl 3.9.16-15Miroslav Grepl 3.9.16-14Miroslav Grepl 3.9.16-13Miroslav Grepl 3.9.16-12Miroslav Grepl 3.9.16-11Miroslav Grepl 3.9.16-10Miroslav Grepl 3.9.16-9Miroslav Grepl 3.9.16-8Miroslav Grepl 3.9.16-7Miroslav Grepl 3.9.16-6Miroslav Grepl 3.9.16-5Miroslav Grepl 3.9.16-4Miroslav Grepl 3.9.16-3Miroslav Grepl 3.9.16-1Miroslav Grepl 3.9.15-6Miroslav Grepl 3.9.15-5Miroslav Grepl 3.9.15-4Miroslav Grepl 3.9.15-3Miroslav Grepl 3.9.15-2Miroslav Grepl 3.9.15-1Fedora Release Engineering - 3.9.14-2Dan Walsh 3.9.14-1Miroslav Grepl 3.9.13-10Miroslav Grepl 3.9.13-9Dan Walsh 3.9.13-8Miroslav Grepl 3.9.13-7Miroslav Grepl 3.9.13-6Miroslav Grepl 3.9.13-5Miroslav Grepl 3.9.13-4Miroslav Grepl 3.9.13-3Miroslav Grepl 3.9.13-2Miroslav Grepl 3.9.13-1Miroslav Grepl 3.9.12-8Miroslav Grepl 3.9.12-7Miroslav Grepl 3.9.12-6Miroslav Grepl 3.9.12-5Dan Walsh 3.9.12-4Dan Walsh 3.9.12-3Dan Walsh 3.9.12-2Miroslav Grepl 3.9.12-1Dan Walsh 3.9.11-2Miroslav Grepl 3.9.11-1Miroslav Grepl 3.9.10-13Dan Walsh 3.9.10-12Miroslav Grepl 3.9.10-11Miroslav Grepl 3.9.10-10Miroslav Grepl 3.9.10-9Miroslav Grepl 3.9.10-8Miroslav Grepl 3.9.10-7Miroslav Grepl 3.9.10-6Miroslav Grepl 3.9.10-5Dan Walsh 3.9.10-4Miroslav Grepl 3.9.10-3Miroslav Grepl 3.9.10-2Miroslav Grepl 3.9.10-1Miroslav Grepl 3.9.9-4Dan Walsh 3.9.9-3Miroslav Grepl 3.9.9-2Miroslav Grepl 3.9.9-1Miroslav Grepl 3.9.8-7Dan Walsh 3.9.8-6Miroslav Grepl 3.9.8-5Miroslav Grepl 3.9.8-4Dan Walsh 3.9.8-3Dan Walsh 3.9.8-2Dan Walsh 3.9.8-1Dan Walsh 3.9.7-10Dan Walsh 3.9.7-9Dan Walsh 3.9.7-8Dan Walsh 3.9.7-7Dan Walsh 3.9.7-6Dan Walsh 3.9.7-5Dan Walsh 3.9.7-4Dan Walsh 3.9.7-3Dan Walsh 3.9.7-2Dan Walsh 3.9.7-1Dan Walsh 3.9.6-3Dan Walsh 3.9.6-2Dan Walsh 3.9.6-1Dan Walsh 3.9.5-11Dan Walsh 3.9.5-10Dan Walsh 3.9.5-9Dan Walsh 3.9.5-8Dan Walsh 3.9.5-7Dan Walsh 3.9.5-6Dan Walsh 3.9.5-5Dan Walsh 3.9.5-4Dan Walsh 3.9.5-3Dan Walsh 3.9.5-2Dan Walsh 3.9.5-1Dan Walsh 3.9.4-3Dan Walsh 3.9.4-2Dan Walsh 3.9.4-1Dan Walsh 3.9.3-4Dan Walsh 3.9.3-3Dan Walsh 3.9.3-2Dan Walsh 3.9.3-1Dan Walsh 3.9.2-1Dan Walsh 3.9.1-3Dan Walsh 3.9.1-2Dan Walsh 3.9.1-1Dan Walsh 3.9.0-2Dan Walsh 3.9.0-1Dan Walsh 3.8.8-21Dan Walsh 3.8.8-20Dan Walsh 3.8.8-19Dan Walsh 3.8.8-18Dan Walsh 3.8.8-17Dan Walsh 3.8.8-16Dan Walsh 3.8.8-15Dan Walsh 3.8.8-14Dan Walsh 3.8.8-13Dan Walsh 3.8.8-12Dan Walsh 3.8.8-11Dan Walsh 3.8.8-10Dan Walsh 3.8.8-9Dan Walsh 3.8.8-8Dan Walsh 3.8.8-7Dan Walsh 3.8.8-6Dan Walsh 3.8.8-5Dan Walsh 3.8.8-4Dan Walsh 3.8.8-3Dan Walsh 3.8.8-2Dan Walsh 3.8.8-1Dan Walsh 3.8.7-3Dan Walsh 3.8.7-2Dan Walsh 3.8.7-1Dan Walsh 3.8.6-3Miroslav Grepl 3.8.6-2Dan Walsh 3.8.6-1Dan Walsh 3.8.5-1Dan Walsh 3.8.4-1Dan Walsh 3.8.3-4Dan Walsh 3.8.3-3Dan Walsh 3.8.3-2Dan Walsh 3.8.3-1Dan Walsh 3.8.2-1Dan Walsh 3.8.1-5Dan Walsh 3.8.1-4Dan Walsh 3.8.1-3Dan Walsh 3.8.1-2Dan Walsh 3.8.1-1Dan Walsh 3.7.19-22Dan Walsh 3.7.19-21Dan Walsh 3.7.19-20Dan Walsh 3.7.19-19Dan Walsh 3.7.19-17Dan Walsh 3.7.19-16Dan Walsh 3.7.19-15Dan Walsh 3.7.19-14Dan Walsh 3.7.19-13Dan Walsh 3.7.19-12Dan Walsh 3.7.19-11Dan Walsh 3.7.19-10Dan Walsh 3.7.19-9Dan Walsh 3.7.19-8Dan Walsh 3.7.19-7Dan Walsh 3.7.19-6Dan Walsh 3.7.19-5Dan Walsh 3.7.19-4Dan Walsh 3.7.19-3Dan Walsh 3.7.19-2Dan Walsh 3.7.19-1Dan Walsh 3.7.18-3Dan Walsh 3.7.18-2Dan Walsh 3.7.18-1Dan Walsh 3.7.17-6Dan Walsh 3.7.17-5Dan Walsh 3.7.17-4Dan Walsh 3.7.17-3Dan Walsh 3.7.17-2Dan Walsh 3.7.17-1Dan Walsh 3.7.16-2Dan Walsh 3.7.16-1Dan Walsh 3.7.15-4Dan Walsh 3.7.15-3Dan Walsh 3.7.15-2Dan Walsh 3.7.15-1Dan Walsh 3.7.14-5Dan Walsh 3.7.14-4Dan Walsh 3.7.14-3Dan Walsh 3.7.14-2Dan Walsh 3.7.14-1Dan Walsh 3.7.13-4Dan Walsh 3.7.13-3Dan Walsh 3.7.13-2Dan Walsh 3.7.13-1Dan Walsh 3.7.12-1Dan Walsh 3.7.11-1Dan Walsh 3.7.10-5Dan Walsh 3.7.10-4Dan Walsh 3.7.10-3Dan Walsh 3.7.10-2Dan Walsh 3.7.10-1Dan Walsh 3.7.9-4Dan Walsh 3.7.9-3Dan Walsh 3.7.9-2Dan Walsh 3.7.9-1Dan Walsh 3.7.8-11Dan Walsh 3.7.8-9Dan Walsh 3.7.8-8Dan Walsh 3.7.8-7Dan Walsh 3.7.8-6Dan Walsh 3.7.8-5Dan Walsh 3.7.8-4Dan Walsh 3.7.8-3Dan Walsh 3.7.8-2Dan Walsh 3.7.8-1Dan Walsh 3.7.7-3Dan Walsh 3.7.7-2Dan Walsh 3.7.7-1Dan Walsh 3.7.6-1Dan Walsh 3.7.5-8Dan Walsh 3.7.5-7Dan Walsh 3.7.5-6Dan Walsh 3.7.5-5Dan Walsh 3.7.5-4Dan Walsh 3.7.5-3Dan Walsh 3.7.5-2Dan Walsh 3.7.5-1Dan Walsh 3.7.4-4Dan Walsh 3.7.4-3Dan Walsh 3.7.4-2Dan Walsh 3.7.4-1Dan Walsh 3.7.3-1Dan Walsh 3.7.1-1Dan Walsh 3.6.33-2Dan Walsh 3.6.33-1Dan Walsh 3.6.32-17Dan Walsh 3.6.32-16Dan Walsh 3.6.32-15Dan Walsh 3.6.32-13Dan Walsh 3.6.32-12Dan Walsh 3.6.32-11Dan Walsh 3.6.32-10Dan Walsh 3.6.32-9Dan Walsh 3.6.32-8Dan Walsh 3.6.32-7Dan Walsh 3.6.32-6Dan Walsh 3.6.32-5Dan Walsh 3.6.32-4Dan Walsh 3.6.32-3Dan Walsh 3.6.32-2Dan Walsh 3.6.32-1Dan Walsh 3.6.31-5Dan Walsh 3.6.31-4Dan Walsh 3.6.31-3Dan Walsh 3.6.31-2Dan Walsh 3.6.30-6Dan Walsh 3.6.30-5Dan Walsh 3.6.30-4Dan Walsh 3.6.30-3Dan Walsh 3.6.30-2Dan Walsh 3.6.30-1Dan Walsh 3.6.29-2Dan Walsh 3.6.29-1Dan Walsh 3.6.28-9Dan Walsh 3.6.28-8Dan Walsh 3.6.28-7Dan Walsh 3.6.28-6Dan Walsh 3.6.28-5Dan Walsh 3.6.28-4Dan Walsh 3.6.28-3Dan Walsh 3.6.28-2Dan Walsh 3.6.28-1Dan Walsh 3.6.27-1Dan Walsh 3.6.26-11Dan Walsh 3.6.26-10Dan Walsh 3.6.26-9Bill Nottingham 3.6.26-8Dan Walsh 3.6.26-7Dan Walsh 3.6.26-6Dan Walsh 3.6.26-5Dan Walsh 3.6.26-4Dan Walsh 3.6.26-3Dan Walsh 3.6.26-2Dan Walsh 3.6.26-1Dan Walsh 3.6.25-1Dan Walsh 3.6.24-1Dan Walsh 3.6.23-2Dan Walsh 3.6.23-1Dan Walsh 3.6.22-3Dan Walsh 3.6.22-1Dan Walsh 3.6.21-4Dan Walsh 3.6.21-3Tom "spot" Callaway 3.6.21-2Dan Walsh 3.6.21-1Dan Walsh 3.6.20-2Dan Walsh 3.6.20-1Dan Walsh 3.6.19-5Dan Walsh 3.6.19-4Dan Walsh 3.6.19-3Dan Walsh 3.6.19-2Dan Walsh 3.6.19-1Dan Walsh 3.6.18-1Dan Walsh 3.6.17-1Dan Walsh 3.6.16-4Dan Walsh 3.6.16-3Dan Walsh 3.6.16-2Dan Walsh 3.6.16-1Dan Walsh 3.6.14-3Dan Walsh 3.6.14-2Dan Walsh 3.6.14-1Dan Walsh 3.6.13-3Dan Walsh 3.6.13-2Dan Walsh 3.6.13-1Dan Walsh 3.6.12-39Dan Walsh 3.6.12-38Dan Walsh 3.6.12-37Dan Walsh 3.6.12-36Dan Walsh 3.6.12-35Dan Walsh 3.6.12-34Dan Walsh 3.6.12-33Dan Walsh 3.6.12-31Dan Walsh 3.6.12-30Dan Walsh 3.6.12-29Dan Walsh 3.6.12-28Dan Walsh 3.6.12-27Dan Walsh 3.6.12-26Dan Walsh 3.6.12-25Dan Walsh 3.6.12-24Dan Walsh 3.6.12-23Dan Walsh 3.6.12-22Dan Walsh 3.6.12-21Dan Walsh 3.6.12-20Dan Walsh 3.6.12-19Dan Walsh 3.6.12-16Dan Walsh 3.6.12-15Dan Walsh 3.6.12-14Dan Walsh 3.6.12-13Dan Walsh 3.6.12-12Dan Walsh 3.6.12-11Dan Walsh 3.6.12-10Dan Walsh 3.6.12-9Dan Walsh 3.6.12-8Dan Walsh 3.6.12-7Dan Walsh 3.6.12-6Dan Walsh 3.6.12-5Dan Walsh 3.6.12-4Dan Walsh 3.6.12-3Dan Walsh 3.6.12-2Dan Walsh 3.6.12-1Dan Walsh 3.6.11-1Dan Walsh 3.6.10-9Dan Walsh 3.6.10-8Dan Walsh 3.6.10-7Dan Walsh 3.6.10-6Dan Walsh 3.6.10-5Dan Walsh 3.6.10-4Dan Walsh 3.6.10-3Dan Walsh 3.6.10-2Dan Walsh 3.6.10-1Dan Walsh 3.6.9-4Dan Walsh 3.6.9-3Dan Walsh 3.6.9-2Dan Walsh 3.6.9-1Dan Walsh 3.6.8-4Dan Walsh 3.6.8-3Dan Walsh 3.6.8-2Dan Walsh 3.6.8-1Dan Walsh 3.6.7-2Dan Walsh 3.6.7-1Dan Walsh 3.6.6-9Dan Walsh 3.6.6-8Fedora Release Engineering - 3.6.6-7Dan Walsh 3.6.6-6Dan Walsh 3.6.6-5Dan Walsh 3.6.6-4Dan Walsh 3.6.6-3Dan Walsh 3.6.6-2Dan Walsh 3.6.6-1Dan Walsh 3.6.5-3Dan Walsh 3.6.5-1Dan Walsh 3.6.4-6Dan Walsh 3.6.4-5Dan Walsh 3.6.4-4Dan Walsh 3.6.4-3Dan Walsh 3.6.4-2Dan Walsh 3.6.4-1Dan Walsh 3.6.3-13Dan Walsh 3.6.3-12Dan Walsh 3.6.3-11Dan Walsh 3.6.3-10Dan Walsh 3.6.3-9Dan Walsh 3.6.3-8Dan Walsh 3.6.3-7Dan Walsh 3.6.3-6Dan Walsh 3.6.3-3Dan Walsh 3.6.3-2Dan Walsh 3.6.3-1Dan Walsh 3.6.2-5Dan Walsh 3.6.2-4Dan Walsh 3.6.2-3Dan Walsh 3.6.2-2Dan Walsh 3.6.2-1Dan Walsh 3.6.1-15Dan Walsh 3.6.1-14Dan Walsh 3.6.1-13Dan Walsh 3.6.1-12Dan Walsh 3.6.1-11Dan Walsh 3.6.1-10Dan Walsh 3.6.1-9Dan Walsh 3.6.1-8Dan Walsh 3.6.1-7Dan Walsh 3.6.1-4Ignacio Vazquez-Abrams - 3.6.1-2Dan Walsh 3.5.13-19Dan Walsh 3.5.13-18Dan Walsh 3.5.13-17Dan Walsh 3.5.13-16Dan Walsh 3.5.13-15Dan Walsh 3.5.13-14Dan Walsh 3.5.13-13Dan Walsh 3.5.13-12Dan Walsh 3.5.13-11Dan Walsh 3.5.13-9Dan Walsh 3.5.13-8Dan Walsh 3.5.13-7Dan Walsh 3.5.13-6Dan Walsh 3.5.13-5Dan Walsh 3.5.13-4Dan Walsh 3.5.13-3Dan Walsh 3.5.13-2Dan Walsh 3.5.13-1Dan Walsh 3.5.12-3Dan Walsh 3.5.12-2Dan Walsh 3.5.12-1Dan Walsh 3.5.11-1Dan Walsh 3.5.10-3Dan Walsh 3.5.10-2Dan Walsh 3.5.10-1Dan Walsh 3.5.9-4Dan Walsh 3.5.9-3Dan Walsh 3.5.9-2Dan Walsh 3.5.9-1Dan Walsh 3.5.8-7Dan Walsh 3.5.8-6Dan Walsh 3.5.8-5Dan Walsh 3.5.8-4Dan Walsh 3.5.8-3Dan Walsh 3.5.8-1Dan Walsh 3.5.7-2Dan Walsh 3.5.7-1Dan Walsh 3.5.6-2Dan Walsh 3.5.6-1Dan Walsh 3.5.5-4Dan Walsh 3.5.5-3Dan Walsh 3.5.5-2Dan Walsh 3.5.4-2Dan Walsh 3.5.4-1Dan Walsh 3.5.3-1Dan Walsh 3.5.2-2Dan Walsh 3.5.1-5Dan Walsh 3.5.1-4Dan Walsh 3.5.1-3Dan Walsh 3.5.1-2Dan Walsh 3.5.1-1Dan Walsh 3.5.0-1Dan Walsh 3.4.2-14Dan Walsh 3.4.2-13Dan Walsh 3.4.2-12Dan Walsh 3.4.2-11Dan Walsh 3.4.2-10Dan Walsh 3.4.2-9Dan Walsh 3.4.2-8Dan Walsh 3.4.2-7Dan Walsh 3.4.2-6Dan Walsh 3.4.2-5Dan Walsh 3.4.2-4Dan Walsh 3.4.2-3Dan Walsh 3.4.2-2Dan Walsh 3.4.2-1Dan Walsh 3.4.1-5Dan Walsh 3.4.1-3Dan Walsh 3.4.1-2Dan Walsh 3.4.1-1Dan Walsh 3.3.1-48Dan Walsh 3.3.1-47Dan Walsh 3.3.1-46Dan Walsh 3.3.1-45Dan Walsh 3.3.1-44Dan Walsh 3.3.1-43Dan Walsh 3.3.1-42Dan Walsh 3.3.1-41Dan Walsh 3.3.1-39Dan Walsh 3.3.1-37Dan Walsh 3.3.1-36Dan Walsh 3.3.1-33Dan Walsh 3.3.1-32Dan Walsh 3.3.1-31Dan Walsh 3.3.1-30Dan Walsh 3.3.1-29Dan Walsh 3.3.1-28Dan Walsh 3.3.1-27Dan Walsh 3.3.1-26Dan Walsh 3.3.1-25Dan Walsh 3.3.1-24Dan Walsh 3.3.1-23Dan Walsh 3.3.1-22Dan Walsh 3.3.1-21Dan Walsh 3.3.1-20Dan Walsh 3.3.1-19Dan Walsh 3.3.1-18Dan Walsh 3.3.1-17Dan Walsh 3.3.1-16Dan Walsh 3.3.1-15Bill Nottingham 3.3.1-14Dan Walsh 3.3.1-13Dan Walsh 3.3.1-12Dan Walsh 3.3.1-11Dan Walsh 3.3.1-10Dan Walsh 3.3.1-9Dan Walsh 3.3.1-8Dan Walsh 3.3.1-6Dan Walsh 3.3.1-5Dan Walsh 3.3.1-4Dan Walsh 3.3.1-2Dan Walsh 3.3.1-1Dan Walsh 3.3.0-2Dan Walsh 3.3.0-1Dan Walsh 3.2.9-2Dan Walsh 3.2.9-1Dan Walsh 3.2.8-2Dan Walsh 3.2.8-1Dan Walsh 3.2.7-6Dan Walsh 3.2.7-5Dan Walsh 3.2.7-3Dan Walsh 3.2.7-2Dan Walsh 3.2.7-1Dan Walsh 3.2.6-7Dan Walsh 3.2.6-6Dan Walsh 3.2.6-5Dan Walsh 3.2.6-4Dan Walsh 3.2.6-3Dan Walsh 3.2.6-2Dan Walsh 3.2.6-1Dan Walsh 3.2.5-25Dan Walsh 3.2.5-24Dan Walsh 3.2.5-22Dan Walsh 3.2.5-21Dan Walsh 3.2.5-20Dan Walsh 3.2.5-19Dan Walsh 3.2.5-18Dan Walsh 3.2.5-17Dan Walsh 3.2.5-16Dan Walsh 3.2.5-15Dan Walsh 3.2.5-14Dan Walsh 3.2.5-13Dan Walsh 3.2.5-12Dan Walsh 3.2.5-11Dan Walsh 3.2.5-10Dan Walsh 3.2.5-9Dan Walsh 3.2.5-8Dan Walsh 3.2.5-7Dan Walsh 3.2.5-6Dan Walsh 3.2.5-5Dan Walsh 3.2.5-4Dan Walsh 3.2.5-3Dan Walsh 3.2.5-2Dan Walsh 3.2.5-1Dan Walsh 3.2.4-5Dan Walsh 3.2.4-4Dan Walsh 3.2.4-3Dan Walsh 3.2.4-1Dan Walsh 3.2.4-1Dan Walsh 3.2.3-2Dan Walsh 3.2.3-1Dan Walsh 3.2.2-1Dan Walsh 3.2.1-3Dan Walsh 3.2.1-1Dan Walsh 3.1.2-2Dan Walsh 3.1.2-1Dan Walsh 3.1.1-1Dan Walsh 3.1.0-1Dan Walsh 3.0.8-30Dan Walsh 3.0.8-28Dan Walsh 3.0.8-27Dan Walsh 3.0.8-26Dan Walsh 3.0.8-25Dan Walsh 3.0.8-24Dan Walsh 3.0.8-23Dan Walsh 3.0.8-22Dan Walsh 3.0.8-21Dan Walsh 3.0.8-20Dan Walsh 3.0.8-19Dan Walsh 3.0.8-18Dan Walsh 3.0.8-17Dan Walsh 3.0.8-16Dan Walsh 3.0.8-15Dan Walsh 3.0.8-14Dan Walsh 3.0.8-13Dan Walsh 3.0.8-12Dan Walsh 3.0.8-11Dan Walsh 3.0.8-10Dan Walsh 3.0.8-9Dan Walsh 3.0.8-8Dan Walsh 3.0.8-7Dan Walsh 3.0.8-5Dan Walsh 3.0.8-4Dan Walsh 3.0.8-3Dan Walsh 3.0.8-2Dan Walsh 3.0.8-1Dan Walsh 3.0.7-10Dan Walsh 3.0.7-9Dan Walsh 3.0.7-8Dan Walsh 3.0.7-7Dan Walsh 3.0.7-6Dan Walsh 3.0.7-5Dan Walsh 3.0.7-4Dan Walsh 3.0.7-3Dan Walsh 3.0.7-2Dan Walsh 3.0.7-1Dan Walsh 3.0.6-3Dan Walsh 3.0.6-2Dan Walsh 3.0.6-1Dan Walsh 3.0.5-11Dan Walsh 3.0.5-10Dan Walsh 3.0.5-9Dan Walsh 3.0.5-8Dan Walsh 3.0.5-7Dan Walsh 3.0.5-6Dan Walsh 3.0.5-5Dan Walsh 3.0.5-4Dan Walsh 3.0.5-3Dan Walsh 3.0.5-2Dan Walsh 3.0.5-1Dan Walsh 3.0.4-6Dan Walsh 3.0.4-5Dan Walsh 3.0.4-4Dan Walsh 3.0.4-3Dan Walsh 3.0.4-2Dan Walsh 3.0.4-1Dan Walsh 3.0.3-6Dan Walsh 3.0.3-5Dan Walsh 3.0.3-4Dan Walsh 3.0.3-3Dan Walsh 3.0.3-2Dan Walsh 3.0.3-1Dan Walsh 3.0.2-9Dan Walsh 3.0.2-8Dan Walsh 3.0.2-7Dan Walsh 3.0.2-5Dan Walsh 3.0.2-4Dan Walsh 3.0.2-3Dan Walsh 3.0.2-2Dan Walsh 3.0.1-5Dan Walsh 3.0.1-4Dan Walsh 3.0.1-3Dan Walsh 3.0.1-2Dan Walsh 3.0.1-1Dan Walsh 2.6.5-3Dan Walsh 2.6.5-2Dan Walsh 2.6.4-7Dan Walsh 2.6.4-6Dan Walsh 2.6.4-5Dan Walsh 2.6.4-2Dan Walsh 2.6.4-1Dan Walsh 2.6.3-1Dan Walsh 2.6.2-1Dan Walsh 2.6.1-4Dan Walsh 2.6.1-3Dan Walsh 2.6.1-2Dan Walsh 2.6.1-1Dan Walsh 2.5.12-12Dan Walsh 2.5.12-11Dan Walsh 2.5.12-10Dan Walsh 2.5.12-8Dan Walsh 2.5.12-5Dan Walsh 2.5.12-4Dan Walsh 2.5.12-3Dan Walsh 2.5.12-2Dan Walsh 2.5.12-1Dan Walsh 2.5.11-8Dan Walsh 2.5.11-7Dan Walsh 2.5.11-6Dan Walsh 2.5.11-5Dan Walsh 2.5.11-4Dan Walsh 2.5.11-3Dan Walsh 2.5.11-2Dan Walsh 2.5.11-1Dan Walsh 2.5.10-2Dan Walsh 2.5.10-1Dan Walsh 2.5.9-6Dan Walsh 2.5.9-5Dan Walsh 2.5.9-4Dan Walsh 2.5.9-3Dan Walsh 2.5.9-2Dan Walsh 2.5.8-8Dan Walsh 2.5.8-7Dan Walsh 2.5.8-6Dan Walsh 2.5.8-5Dan Walsh 2.5.8-4Dan Walsh 2.5.8-3Dan Walsh 2.5.8-2Dan Walsh 2.5.8-1Dan Walsh 2.5.7-1Dan Walsh 2.5.6-1Dan Walsh 2.5.5-2Dan Walsh 2.5.5-1Dan Walsh 2.5.4-2Dan Walsh 2.5.4-1Dan Walsh 2.5.3-3Dan Walsh 2.5.3-2Dan Walsh 2.5.3-1Dan Walsh 2.5.2-6Dan Walsh 2.5.2-5Dan Walsh 2.5.2-4Dan Walsh 2.5.2-3Dan Walsh 2.5.2-2Dan Walsh 2.5.2-1Dan Walsh 2.5.1-5Dan Walsh 2.5.1-4Dan Walsh 2.5.1-2Dan Walsh 2.5.1-1Dan Walsh 2.4.6-20Dan Walsh 2.4.6-19Dan Walsh 2.4.6-18Dan Walsh 2.4.6-17Dan Walsh 2.4.6-16Dan Walsh 2.4.6-15Dan Walsh 2.4.6-14Dan Walsh 2.4.6-13Dan Walsh 2.4.6-12Dan Walsh 2.4.6-11Dan Walsh 2.4.6-10Dan Walsh 2.4.6-9Dan Walsh 2.4.6-8Dan Walsh 2.4.6-7Dan Walsh 2.4.6-6Dan Walsh 2.4.6-5Dan Walsh 2.4.6-4Dan Walsh 2.4.6-3Dan Walsh 2.4.6-1Dan Walsh 2.4.5-4Dan Walsh 2.4.5-3Dan Walsh 2.4.5-2Dan Walsh 2.4.5-1Dan Walsh 2.4.4-2Dan Walsh 2.4.4-2Dan Walsh 2.4.4-1Dan Walsh 2.4.3-13Dan Walsh 2.4.3-12Dan Walsh 2.4.3-11Dan Walsh 2.4.3-10Dan Walsh 2.4.3-9Dan Walsh 2.4.3-8Dan Walsh 2.4.3-7Dan Walsh 2.4.3-6Dan Walsh 2.4.3-5Dan Walsh 2.4.3-4Dan Walsh 2.4.3-3Dan Walsh 2.4.3-2Dan Walsh 2.4.3-1Dan Walsh 2.4.2-8Dan Walsh 2.4.2-7James Antill 2.4.2-6Dan Walsh 2.4.2-5Dan Walsh 2.4.2-4Dan Walsh 2.4.2-3Dan Walsh 2.4.2-2Dan Walsh 2.4.2-1Dan Walsh 2.4.1-5Dan Walsh 2.4.1-4Dan Walsh 2.4.1-3Dan Walsh 2.4.1-2Dan Walsh 2.4-4Dan Walsh 2.4-3Dan Walsh 2.4-2Dan Walsh 2.4-1Dan Walsh 2.3.19-4Dan Walsh 2.3.19-3Dan Walsh 2.3.19-2Dan Walsh 2.3.19-1James Antill 2.3.18-10James Antill 2.3.18-9Dan Walsh 2.3.18-8Dan Walsh 2.3.18-7Dan Walsh 2.3.18-6Dan Walsh 2.3.18-5Dan Walsh 2.3.18-4Dan Walsh 2.3.18-3Dan Walsh 2.3.18-2Dan Walsh 2.3.18-1Dan Walsh 2.3.17-2Dan Walsh 2.3.17-1Dan Walsh 2.3.16-9Dan Walsh 2.3.16-8Dan Walsh 2.3.16-7Dan Walsh 2.3.16-6Dan Walsh 2.3.16-5Dan Walsh 2.3.16-4Dan Walsh 2.3.16-2Dan Walsh 2.3.16-1Dan Walsh 2.3.15-2Dan Walsh 2.3.15-1Dan Walsh 2.3.14-8Dan Walsh 2.3.14-7Dan Walsh 2.3.14-6Dan Walsh 2.3.14-4Dan Walsh 2.3.14-3Dan Walsh 2.3.14-2Dan Walsh 2.3.14-1Dan Walsh 2.3.13-6Dan Walsh 2.3.13-5Dan Walsh 2.3.13-4Dan Walsh 2.3.13-3Dan Walsh 2.3.13-2Dan Walsh 2.3.13-1Dan Walsh 2.3.12-2Dan Walsh 2.3.12-1Dan Walsh 2.3.11-1Dan Walsh 2.3.10-7Dan Walsh 2.3.10-6Dan Walsh 2.3.10-3Dan Walsh 2.3.10-1Dan Walsh 2.3.9-6Dan Walsh 2.3.9-5Dan Walsh 2.3.9-4Dan Walsh 2.3.9-3Dan Walsh 2.3.9-2Dan Walsh 2.3.9-1Dan Walsh 2.3.8-2Dan Walsh 2.3.7-1Dan Walsh 2.3.6-4Dan Walsh 2.3.6-3Dan Walsh 2.3.6-2Dan Walsh 2.3.6-1Dan Walsh 2.3.5-1Dan Walsh 2.3.4-1Dan Walsh 2.3.3-20Dan Walsh 2.3.3-19Dan Walsh 2.3.3-18Dan Walsh 2.3.3-17Dan Walsh 2.3.3-16Dan Walsh 2.3.3-15Dan Walsh 2.3.3-14Dan Walsh 2.3.3-13Dan Walsh 2.3.3-12Dan Walsh 2.3.3-11Dan Walsh 2.3.3-10Dan Walsh 2.3.3-9Dan Walsh 2.3.3-8Dan Walsh 2.3.3-7Dan Walsh 2.3.3-6Dan Walsh 2.3.3-5Dan Walsh 2.3.3-4Dan Walsh 2.3.3-3Dan Walsh 2.3.3-2Dan Walsh 2.3.3-1Dan Walsh 2.3.2-4Dan Walsh 2.3.2-3Dan Walsh 2.3.2-2Dan Walsh 2.3.2-1Dan Walsh 2.3.1-1Dan Walsh 2.2.49-1Dan Walsh 2.2.48-1Dan Walsh 2.2.47-5Dan Walsh 2.2.47-4Dan Walsh 2.2.47-3Dan Walsh 2.2.47-1Dan Walsh 2.2.46-2Dan Walsh 2.2.46-1Dan Walsh 2.2.45-3Dan Walsh 2.2.45-2Dan Walsh 2.2.45-1Dan Walsh 2.2.44-1Dan Walsh 2.2.43-4Dan Walsh 2.2.43-3Dan Walsh 2.2.43-2Dan Walsh 2.2.43-1Dan Walsh 2.2.42-4Dan Walsh 2.2.42-3Dan Walsh 2.2.42-2Dan Walsh 2.2.42-1Dan Walsh 2.2.41-1Dan Walsh 2.2.40-2Dan Walsh 2.2.40-1Dan Walsh 2.2.39-2Dan Walsh 2.2.39-1Dan Walsh 2.2.38-6Dan Walsh 2.2.38-5Dan Walsh 2.2.38-4Dan Walsh 2.2.38-3Dan Walsh 2.2.38-2Dan Walsh 2.2.38-1Dan Walsh 2.2.37-1Dan Walsh 2.2.36-2Dan Walsh 2.2.36-1James Antill 2.2.35-2Dan Walsh 2.2.35-1Dan Walsh 2.2.34-3Dan Walsh 2.2.34-2Dan Walsh 2.2.34-1Dan Walsh 2.2.33-1Dan Walsh 2.2.32-2Dan Walsh 2.2.32-1Dan Walsh 2.2.31-1Dan Walsh 2.2.30-2Dan Walsh 2.2.30-1Dan Walsh 2.2.29-6Russell Coker 2.2.29-5Dan Walsh 2.2.29-4Dan Walsh 2.2.29-3Dan Walsh 2.2.29-2Dan Walsh 2.2.29-1Dan Walsh 2.2.28-3Dan Walsh 2.2.28-2Dan Walsh 2.2.28-1Dan Walsh 2.2.27-1Dan Walsh 2.2.25-3Dan Walsh 2.2.25-2Dan Walsh 2.2.24-1Dan Walsh 2.2.23-19Dan Walsh 2.2.23-18Dan Walsh 2.2.23-17Karsten Hopp 2.2.23-16Dan Walsh 2.2.23-15Dan Walsh 2.2.23-14Dan Walsh 2.2.23-13Dan Walsh 2.2.23-12Jeremy Katz - 2.2.23-11Jeremy Katz - 2.2.23-10Dan Walsh 2.2.23-9Dan Walsh 2.2.23-8Dan Walsh 2.2.23-7Dan Walsh 2.2.23-5Dan Walsh 2.2.23-4Dan Walsh 2.2.23-3Dan Walsh 2.2.23-2Dan Walsh 2.2.23-1Dan Walsh 2.2.22-2Dan Walsh 2.2.22-1Dan Walsh 2.2.21-9Dan Walsh 2.2.21-8Dan Walsh 2.2.21-7Dan Walsh 2.2.21-6Dan Walsh 2.2.21-5Dan Walsh 2.2.21-4Dan Walsh 2.2.21-3Dan Walsh 2.2.21-2Dan Walsh 2.2.21-1Dan Walsh 2.2.20-1Dan Walsh 2.2.19-2Dan Walsh 2.2.19-1Dan Walsh 2.2.18-2Dan Walsh 2.2.18-1Dan Walsh 2.2.17-2Dan Walsh 2.2.16-1Dan Walsh 2.2.15-4Dan Walsh 2.2.15-3Dan Walsh 2.2.15-1Dan Walsh 2.2.14-2Dan Walsh 2.2.14-1Dan Walsh 2.2.13-1Dan Walsh 2.2.12-1Dan Walsh 2.2.11-2Dan Walsh 2.2.11-1Dan Walsh 2.2.10-1Dan Walsh 2.2.9-2Dan Walsh 2.2.9-1Dan Walsh 2.2.8-2Dan Walsh 2.2.7-1Dan Walsh 2.2.6-3Dan Walsh 2.2.6-2Dan Walsh 2.2.6-1Dan Walsh 2.2.5-1Dan Walsh 2.2.4-1Dan Walsh 2.2.3-1Dan Walsh 2.2.2-1Dan Walsh 2.2.1-1Dan Walsh 2.1.13-1Dan Walsh 2.1.12-3Dan Walsh 2.1.11-1Dan Walsh 2.1.10-1Jeremy Katz - 2.1.9-2Dan Walsh 2.1.9-1Dan Walsh 2.1.8-3Dan Walsh 2.1.8-2Dan Walsh 2.1.8-1Dan Walsh 2.1.7-4Dan Walsh 2.1.7-3Dan Walsh 2.1.7-2Dan Walsh 2.1.7-1Dan Walsh 2.1.6-24Dan Walsh 2.1.6-23Dan Walsh 2.1.6-22Dan Walsh 2.1.6-21Dan Walsh 2.1.6-20Dan Walsh 2.1.6-18Dan Walsh 2.1.6-17Dan Walsh 2.1.6-16Dan Walsh 2.1.6-15Dan Walsh 2.1.6-14Dan Walsh 2.1.6-13Dan Walsh 2.1.6-11Dan Walsh 2.1.6-10Dan Walsh 2.1.6-9Dan Walsh 2.1.6-8Dan Walsh 2.1.6-5Dan Walsh 2.1.6-4Dan Walsh 2.1.6-3Dan Walsh 2.1.6-2Dan Walsh 2.1.6-1Dan Walsh 2.1.4-2Dan Walsh 2.1.4-1Dan Walsh 2.1.3-1Jeremy Katz - 2.1.2-3Dan Walsh 2.1.2-2Dan Walsh 2.1.2-1Dan Walsh 2.1.1-3Dan Walsh 2.1.1-2Dan Walsh 2.1.1-1Dan Walsh 2.1.0-3Dan Walsh 2.1.0-2.Dan Walsh 2.1.0-1.Dan Walsh 2.0.11-2.Dan Walsh 2.0.11-1.Dan Walsh 2.0.9-1.Dan Walsh 2.0.8-1.Dan Walsh 2.0.7-3Dan Walsh 2.0.7-2Dan Walsh 2.0.6-2Dan Walsh 2.0.5-4Dan Walsh 2.0.5-1Dan Walsh 2.0.4-1Dan Walsh 2.0.2-2Dan Walsh 2.0.2-1Dan Walsh 2.0.1-2Dan Walsh 2.0.1-1- Fix livecd_run() interface - Add labeling for /var/spool/postfix/dev/log * support postfix chroot - Allow sandbox_xserver_t to send signals - These are needed with CRL fetching is enabled - Razor labeling is not used no longer - Add label for /sbin/xtables-multi - Add support for winshadow port and allow iscsid to connect to this port - Allow chrome_sandbox_t to send all signals to sandbox_nacl_t - Allow sandbox_nacl to setsched on its process - Dontaudit fail2ban looking at gnome content - fix label for /usr/lib(64)/iscan/network- Fix BOINC bug- BOinc fixes - Allow mysqld_safe to delete the mysql_db_t sock_file - Dovecot has a new fifo_file /var/run/stats-mail- Allow gnomeclock to send system log msgs - Users that use X and spice need to use the virtio device - squashfs supports extended attributes - Allow system_cronjob to dbus chat with NetworkManager - Allow all postfix domains to use the fifo_file - Allow squid to check the network state - Allow spamd to send mail- Fix typo in ssh.if- Allow spamd and clamd to steam connect to each other - Allow colord to execute ifconfig - Allow smbcontrol to signal themselves - Make faillog MLS trusted to make sudo_$1_t working- Backport MCS fixes from F16 - Other chrome fixes from F16- Backport chrome fixes - Backport cloudform policy- Fixes for systemd - Add FIPS suppport for dirsrv- Allow sa-update to update rules - Allow sa-update to read spamd tmp file - Allow screen to read all domain state - Allow sa-update to execute shell - More fixes for sa-update running out of cron job - Allow initrc to manage cron system spool - Fixes for collectd policy - Fixes added during clean up bugzillas - Dontaudit fail2ban_client_t sys_tty_config capability - Fix for puppet which does execute check on passwd - ricci_modservice send syslog msgs - Fix dev_dontaudit_write_mtrr() interface- Make mta_role() active - Add additional gitweb file context labeling - Allow asterisk to connect to jabber client port - Allow sssd to read the contents of /sys/class/net/$IFACE_NAME - Allow fsdaemon dac_override- Add logging_syslogd_can_sendmail boolean - Add support for exim and confined users - support for ommail module to send logs via mail - Add execmem_execmod() to execmem role - Allow pptp to send generic signal to kernel threads - Fix kerberos_manage_host_rcache() interface- Fixes for mock- Backport F16 fixes - livecd fixes - systemd fixes- Allow hostname read network state - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Fix syslog port definition - Allow openvpn to set its process priority when the nice parameter is used - Restorecond should be able to watch and relabel devices in /dev - Alow hddtemp to perform DNS name resolution- Fixes for zarafa, postfix policy - Backport collect policy- Backport ABRT changes - Make tmux working with scree policy - Allow root cron jobs can't run without unconfined - add interface to dontaudit writes to urand, needed by libra - Add label for /var/cache/krb5rcache directory- Allow jabberd_router_t to read system state - Rename oracledb_port to oracle_port - Allow rgmanager executes init script files in initrc_t domain which ensure proper transitions - screen wants to manage sock file in screen home dirs - Make screen working with confined users - Allow gssd to search access on the directory /proc/fs/nfsd- More fixes for postfix policy - Allow virsh_t setsched - Add mcelog_log_t type for mcelog log file - Add virt_ptynode attribute- Add l2tpd policy - Fixes for abrt - Backport fail2ban_client policy- Allow getcap, setcap for syslogd - Fix label for /usr/lib64/opera/opera- Make mozilla_plugin_tmpfs_t as userdom_user_tmpfs_content() - Allow init to delete all pid sockets - Allow colord to read /proc/stat - Add label for /var/www/html/wordpress/wp-content/plugins directory - Allow pppd to search /var/lock dir - puppetmaster use nsswitch: #711804 - Update abrt to match rawhide policy - allow privoxy to read network data - support gecko mozilla browser plugin - Allow chrome_sandbox to execute content in nfs homedir - postfix_qmgr needs to read /var/spool/postfix/deferred - abrt_t needs fsetid- Fixes for zarafa policy - Other fixes for fail2ban - Allow keyring to drop capabilities - Allow cobblerd to send syslog messages - Allow xserver to read/write the xserver_misk device - ppp also installs /var/log/ppp and /var/run/ppp directories * remove filetrans rules - fix for pppd_lock - Allow fail2ban run ldconfig - Allow lvm to read/write pipes inherited from login programs- Fix /var/lock labeling issue- Allow ssh to execute systemctl - fail2ban fixes related to /tmp directory - Allow puppetmaster to create dirs in /var/run/puppet- Add label for /var/lock/ppp - Fixes for colord policy - Allow sys_chroot for postfix domains- Add label for dev/ati/card* - Allowe secadm to manage selinux config files- Add Dominicks patch for dccp_socket - dnsmasq needs to read nm-dns-dnsmasq.conf in /var/run/ - Colord inherits open file descriptors from the users...' - cgred needs auth_use_nsswitch() - apcupsd lock file was missing file context specificatio... - Make cron work - Allow clamav to manage amavis spool files - Use httpd_can_sendmail boolean also for httpd_suexec_t - Add fenced_can_ssh boolean - Add dev_dontaudit_read_generic_files() for hplip - Allow xauthority to create shared memory - Make postfix user domains application_domains - Allow xend to sys_admin privs - Allow mount to read usr files - Allow logrotate to connect to init script using unix stream socket - Allow nsplugin_t to getattr on gpmctl- Allow logrotate to connect to init script using unix domain stream socket - Allow shorewall read and write inherited user domain pty/tty - virt will attempt to us another virtualizations pulsesaudio tmpfs_t, ignore error - Allow colord to get the attributes of fixed disk device nodes - Allow nsplugin_t to getattr on gpmctl - Allow mozilla_plugin to connect to pcscd over an unix stream socket - Allow logrotate to execute systemctl - colord wants to read files in users homedir - Remote login should create user_tmp_t content not its own tmp files - Allow psad signal - Fix cobbler_read_lib_files interface - Allow rlogind to r/w user terminals - Allow prelink_cron_system_t to relabel content and ignore obj_id - Allow gnomeclock_systemctl_t to list init_var_run_t - Dbus domains will inherit fds from the init system- Add label for /lib/upstart/init - Allow colord to getattr on /proc/scsi/scsi - Dontaudit sys_module for ifconfig and irqbalance- Make telepathy working with confined users - Allow colord signal - prelink_cron_system_t needs to be able to detect systemd - Allow cupsd_config_t to read user's symlinks in /tmp- Fixes for colord and vnstatd policy - telepathy needs to dbus chat with unconfined_t and unconfined_dbusd_t - Remove dbus.patch and move it to policy-F15.patch- Adding in unconfined_r telepathy domains so telepathy apps will not crash on update- Fix dbus_session_domain - Stop transitiong from unconfined_t to telepathy domains or to gkeyring domains- Allow init_t getcap and setcap - Allow namespace_init_t to use nsswitch - aisexec will execute corosync - colord tries to read files off noxattr file systems- Add back transition from unconfined to telepathy domains- Allow spamd to sent mail - Needs to be able to write to its systemhigh log file - Fix aide policy to run on MLS boxes - Allow NetworkManager to manage content in /etc/NetworkManager/system-connections - Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners - Allow telepath_msn_t to read /proc/PARENT/cmdline - ftpd needs kill capability - Allow telepath_msn_t to connect to sip port - keyring daemon does not work on nfs homedirs - Allow $1_sudo_t to read default SELinux context - Add label for tgtd sock file in /var/run/ - Add apache_exec_rotatelogs interface - allow all zaraha domains to signal themselves, server writes to /tmp - Allow syslog to read the process state - Add label for /usr/lib/chromium-browser/chrome - Remove the telepathy transition from unconfined_t - Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts - Allow initrc_t domain to manage abrt pid files - Add support for AEOLUS project - Virt_admin should be allowed to manage images and processes - Allow plymountd to send signals to init - Change labeling of fping6- xdm_t needs getsession for switch user - Every app that used to exec init is now execing systemdctl - Allow squid to manage krb5_host_rcache_t files - Allow foghorn to connect to agentx port - Fixes for colord policy- Need to allow apps that use locks to read /var/lock if it is a symlink - Allow systemd to create tasks - Logwatch reads /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward - Fixes for foghorn policy - Add labeling for systemd unit files - Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added - Add label for matahari-broker.pid file - We want to remove untrustedmcsprocess from ability to read /proc/pid - Fixes for matahari policy- Allow colord to use unix_dgram_socket - Allow apps that search pids to read /var/run if it is a lnk_file - iscsid_t creates its own directory - Allow init to list var_lock_t dir - apm needs to verify user accounts auth_use_nsswitch- Add /var/run/lock /var/lock definition to file_contexts.subs - nslcd_t is looking for kerberos cc files - SSH_USE_STRONG_RNG is 1 which requires /dev/random - Fix auth_rw_faillog definition - Allow sysadm_t to set attributes on fixed disks - allow user domains to execute lsof and look at application sockets - prelink_cron job calls telinit -u if init is rewritten - Fixes to run qemu_t from staff_t- Fix label for /var/run/udev to udev_var_run_t- Add label for /run/udev - Mock needs to be able to read network state- Other fixes to make boot working- A lot of fixes making /run change working - Add subs file to equate /var/run with /run and /var/lock with /run/lock - Allow rgmanager to send the kill signal to all users - Allow ssh_t to search /root/.ssh and create it if it does not exist - dontaudit read of user_tmp_t from load_policy - Allow abrt fowner capability - Allow audit daemons to change the run level in MLS environments - Since /var/lock is moving to /run/lock. We need to allow all interfaces for lock files to search var_run_t - Add file labelfor MathKernel - Add label for /dev/dlm* - Allow systemd_tmpfiles_t to manage sandbox data - More /run directories labels - rlogind sends kill signal to chkpwd_t - systemd is now mounting on /var/lock- Make Makefile/Rules.modular run sepolgen-ifgen during build to check if files for bugs -systemd is going to be useing /run and /run/lock for early bootup files. - Fix some comments in rlogin.if - Add policy for KDE backlighthelper - sssd needs to read ~/.k5login in nfs, cifs or fusefs file systems - sssd wants to read .k5login file in users homedir - setroubleshoot reads executables to see if they have TEXTREL - Add /var/spool/audit support for new version of audit - Remove kerberos_connect_524() interface calling - Combine kerberos_master_port_t and kerberos_port_t - systemd has setup /dev/kmsg as stderr for apps it executes - Need these access so that init can impersonate sockets on unix_dgram_socket- Add syslogd_exec_t label for systemd-kmsg-syslogd - ipsec_mgmt_t wants to cause ipsec_t to dump core, needs to be allowed - Allow rythmbox and other apps to share music over daap port - Allow qemu and pulseaudio to work together - Allow httpd to create socket file in /tmp - Allow tuned to write to sysfs - Allow systemd_tmpfiles to send kernel messages - Add a dev_filetrans to readahead_manage_pid_files so any callers can create directories and files in /dev with this label - mrtg needs to be able to create /var/lock/mrtg - Add label for /usr/share/shorewall/getparams - xdm needs to read KDE config files - Smolt needs to look at urand and read hwdata - google talk plugin in nsplugin is listing the contents - Add support for KDE ksysguardprocesslist_helper - Add support for a new cluster service - foghorn - gnome-control-center reads colord lib files when monitor is plugged - Add interface for defining node_types- Fix multiple specification for boot.log - devicekit leaks file descriptors to setfiles_t - Change all all_nodes to generic_node and all_if to generic_if - Should not use deprecated interface - Switch from using all_nodes to generic_node and from all_if to generic_if - Add support for xfce4-notifyd - Fix file context to show several labels as SystemHigh - seunshare needs to be able to mounton nfs/cifs/fusefs homedirs - Add etc_runtime_t label for /etc/securetty - Fixes to allow xdm_t to start gkeyringd_USERTYPE_t directly - login.krb needs to be able to write user_tmp_t - dirsrv needs to bind to port 7390 for dogtag - Fix a bug in gpg policy - gpg sends audit messages - Allow qpid to manage matahari files- Initial policy for matahari - Add dev_read_watchdog - Allow clamd to connect clamd port - Add support for kcmdatetimehelper - Allow shutdown to setrlimit and sys_nice - Allow systemd_passwd to talk to /dev/log before udev or syslog is running - Purge chr_file and blk files on /tmp - Fixes for pads - Fixes for piranha-pulse - gpg_t needs to be able to encyprt anything owned by the user- More dontaudits of writes from readahead - Dontaudit readahead_t file_type:dir write, to cover up kernel bug - systemd_tmpfiles needs to relabel faillog directory as well as the file - Allow hostname and consoletype to r/w inherited initrc_tmp_t files handline hostname >> /tmp/myhost- Update to upstream - Fixes for telepathy - Add port defition for ssdp port - add policy for /bin/systemd-notify from Dan - Mount command requires users read mount_var_run_t - colord needs to read konject_uevent_socket - User domains connect to the gkeyring socket - Add colord policy and allow user_t and staff_t to dbus chat with it - Add lvm_exec_t label for kpartx - Dontaudit reading the mail_spool_t link from sandbox -X - systemd is creating sockets in avahi_var_run and system_dbusd_var_run- Make a lot of modules independent - Update to make new seunshare/sandbox work - allow virt_domains to use inherited noxattrs file systems - Dont allow svirt_t to send kill signals - Cleanup policy to allow less modules in base - Cleanup to allow minimal files in base policy- gpg_t needs to talk to gnome-keyring - nscd wants to read /usr/tmp->/var/tmp to generate randomziation in unixchkpwd - enforce MCS labeling on nodes - Allow arpwatch to read meminfo - Allow gnomeclock to send itself signals - init relabels /dev/.udev files on boot - gkeyringd has to transition back to staff_t when it runs commands in bin_t or shell_exec_t - nautilus checks access on /media directory before mounting usb sticks, dontaudit access_check on mnt_t - dnsmasq can run as a dbus service, needs acquire service - mysql_admin should be allowed to connect to mysql service - virt creates monitor sockets in the users home dir- Allow sysadm type people to look at usb devices - Cron needs to be able to run shutdown - virt creates monitor sockets in the users home dir- gnome-keyring-daemon needs nsswitch getpw calls - Symantic places a pipe in the /opt directory tree that it expects syslogd to be able to write to - keyringd daemon sends/recieves dbus messages from user types - sudo domains need to be able to signal all users "sysadm_t" - allow systemd-ask-passwd to create unix dgram socket - allow puppet master to read usr files - fixes for mock policy - Add mock_enable_homedirs boolean - Allow systemd to relabel /dev - Moving to only one file type sandbox_file_t - mta search /var/lib/logcheck - sssd needs to bind to random UDP ports - Allow amavis sigkill - Add systemd_passwd_agent_dev_template interface and use it for lvm- Allow usbhid-ups to read hardware state information - systemd-tmpfiles has moved - Allo cgroup to sys_tty_config - For some reason prelink is attempting to read gconf settings - Add allow_daemons_use_tcp_wrapper boolean - Add label for ~/.cache/wocky to make telepathy work in enforcing mode - Add label for char devices /dev/dasd* - Fix for apache_role - Allow amavis to talk to nslcd - allow all sandbox to read selinux poilcy config files - Allow cluster domains to use the system bus and send each other dbus messages- Update to upstream - Allow systemd-tmpfiles to getattr on all files/dirs- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Update to ref policy - cgred needs chown capability - Add /dev/crash crash_dev_t - systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability- New labeling for postfmulti #675654 - dontaudit xdm_t listing noxattr file systems - dovecot-auth needs to be able to connect to mysqld via the network as well as locally - shutdown is passed stdout to a xdm_log_t file - smartd creates a fixed disk device - dovecot_etc_t contains a lnk_file that domains need to read - mount needs to be able to read etc_runtim_t:lnk_file since in rawhide this is a link created at boot- syslog_t needs syslog capability - dirsrv needs to be able to create /var/lib/snmp - Fix labeling for dirsrv - Fix for dirsrv policy missing manage_dirs_pattern - corosync needs to delete clvm_tmpfs_t files - qdiskd needs to list hugetlbfs - Move setsched to sandbox_x_domain, so firefox can run without network access - Allow hddtemp to read removable devices - Adding syslog and read_policy permissions to policy * syslog Allow unconfined, sysadm_t, secadm_t, logadm_t * read_policy allow unconfined, sysadm_t, secadm_t, staff_t on Targeted allow sysadm_t (optionally), secadm_t on MLS - mdadm application will write into /sys/.../uevent whenever arrays are assembled or disassembled.- Add tcsd policy- ricci_modclusterd_t needs to bind to rpc ports 500-1023 - Allow dbus to use setrlimit to increase resoueces - Mozilla_plugin is leaking to sandbox - Allow confined users to connect to lircd over unix domain stream socket which allow to use remote control - Allow awstats to read squid logs - seunshare needs to manage tmp_t - apcupsd cgi scripts have a new directory- Fix xserver_dontaudit_read_xdm_pid - Change oracle_port_t to oracledb_port_t to prevent conflict with satellite - Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. * These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t - Allow readahead to manage readahead pid dirs - Allow readahead to read all mcs levels - Allow mozilla_plugin_t to use nfs or samba homedirs- Allow nagios plugin to read /proc/meminfo - Fix for mozilla_plugin - Allow samba_net_t to create /etc/keytab - pppd_t setting up vpns needs to run unix_chkpwd, setsched its process and write wtmp_t - nslcd can read user credentials - Allow nsplugin to delete mozilla_plugin_tmpfs_t - abrt tries to create dir in rpm_var_lib_t - virt relabels fifo_files - sshd needs to manage content in fusefs homedir - mock manages link files in cache dir- nslcd needs setsched and to read /usr/tmp - Invalid call in likewise policy ends up creating a bogus role - Cannon puts content into /var/lib/bjlib that cups needs to be able to write - Allow screen to create screen_home_t in /root - dirsrv sends syslog messages - pinentry reads stuff in .kde directory - Add labels for .kde directory in homedir - Treat irpinit, iprupdate, iprdump services with raid policy- NetworkManager wants to read consolekit_var_run_t - Allow readahead to create /dev/.systemd/readahead - Remove permissive domains - Allow newrole to run namespace_init- Add sepgsql_contexts file- Update to upstream- Add oracle ports and allow apache to connect to them if the connect_db boolean is turned on - Add puppetmaster_use_db boolean - Fixes for zarafa policy - Fixes for gnomeclock poliy - Fix systemd-tmpfiles to use auth_use_nsswitch- gnomeclock executes a shell - Update for screen policy to handle pipe in homedir - Fixes for polyinstatiated homedir - Fixes for namespace policy and other fixes related to polyinstantiation - Add namespace policy - Allow dovecot-deliver transition to sendmail which is needed by sieve scripts - Fixes for init, psad policy which relate with confined users - Do not audit bootloader attempts to read devicekit pid files - Allow nagios service plugins to read /proc- Add firewalld policy - Allow vmware_host to read samba config - Kernel wants to read /proc Fix duplicate grub def in cobbler - Chrony sends mail, executes shell, uses fifo_file and reads /proc - devicekitdisk getattr all file systems - sambd daemon writes wtmp file - libvirt transitions to dmidecode- Add initial policy for system-setup-keyboard which is now daemon - Label /var/lock/subsys/shorewall as shorewall_lock_t - Allow users to communicate with the gpg_agent_t - Dontaudit mozilla_plugin_t using the inherited terminal - Allow sambagui to read files in /usr - webalizer manages squid log files - Allow unconfined domains to bind ports to raw_ip_sockets - Allow abrt to manage rpm logs when running yum - Need labels for /var/run/bittlebee - Label .ssh under amanda - Remove unused genrequires for virt_domain_template - Allow virt_domain to use fd inherited from virtd_t - Allow iptables to read shorewall config- Gnome apps list config_home_t - mpd creates lnk files in homedir - apache leaks write to mail apps on tmp files - /var/stockmaniac/templates_cache contains log files - Abrt list the connects of mount_tmp_t dirs - passwd agent reads files under /dev and reads utmp file - squid apache script connects to the squid port - fix name of plymouth log file - teamviewer is a wine app - allow dmesg to read system state - Stop labeling files under /var/lib/mock so restorecon will not go into this - nsplugin needs to read network state for google talk- Allow xdm and syslog to use /var/log/boot.log - Allow users to communicate with mozilla_plugin and kill it - Add labeling for ipv6 and dhcp- New labels for ghc http content - nsplugin_config needs to read urand, lvm now calls setfscreate to create dev - pm-suspend now creates log file for append access so we remove devicekit_wri - Change authlogin_use_sssd to authlogin_nsswitch_use_ldap - Fixes for greylist_milter policy- Update to upstream - Fixes for systemd policy - Fixes for passenger policy - Allow staff users to run mysqld in the staff_t domain, akonadi needs this - Add bin_t label for /usr/share/kde4/apps/kajongg/kajongg.py - auth_use_nsswitch does not need avahi to read passwords,needed for resolving data - Dontaudit (xdm_t) gok attempting to list contents of /var/account - Telepathy domains need to read urand - Need interface to getattr all file classes in a mock library for setroubleshoot- Update selinux policy to handle new /usr/share/sandbox/start script- Update to upstream - Fix version of policy in spec file- Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs - remove per sandbox domains devpts types - Allow dkim-milter sending signal to itself- Allow domains that transition to ping or traceroute, kill them - Allow user_t to conditionally transition to ping_t and traceroute_t - Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup- Turn on systemd policy - mozilla_plugin needs to read certs in the homedir. - Dontaudit leaked file descriptors from devicekit - Fix ircssi to use auth_use_nsswitch - Change to use interface without param in corenet to disable unlabelednet packets - Allow init to relabel sockets and fifo files in /dev - certmonger needs dac* capabilities to manage cert files not owned by root - dovecot needs fsetid to change group membership on mail - plymouthd removes /var/log/boot.log - systemd is creating symlinks in /dev - Change label on /etc/httpd/alias to be all cert_t- Fixes for clamscan and boinc policy - Add boinc_project_t setpgid - Allow alsa to create tmp files in /tmp- Push fixes to allow disabling of unlabeled_t packet access - Enable unlabelednet policy- Fixes for lvm to work with systemd- Fix the label for wicd log - plymouthd creates force-display-on-active-vt file - Allow avahi to request the kernel to load a module - Dontaudit hal leaks - Fix gnome_manage_data interface - Add new interface corenet_packet to define a type as being an packet_type. - Removed general access to packet_type from icecast and squid. - Allow mpd to read alsa config - Fix the label for wicd log - Add systemd policy- Fix gnome_manage_data interface - Dontaudit sys_ptrace capability for iscsid - Fixes for nagios plugin policy- Fix cron to run ranged when started by init - Fix devicekit to use log files - Dontaudit use of devicekit_var_run_t for fstools - Allow init to setattr on logfile directories - Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t- Fix up handling of dnsmasq_t creating /var/run/libvirt/network - Turn on sshd_forward_ports boolean by default - Allow sysadmin to dbus chat with rpm - Add interface for rw_tpm_dev - Allow cron to execute bin - fsadm needs to write sysfs - Dontaudit consoletype reading /var/run/pm-utils - Lots of new privs fro mozilla_plugin_t running java app, make mozilla_plugin - certmonger needs to manage dirsrv data - /var/run/pm-utils should be labeled as devicekit_var_run_t- fixes to allow /var/run and /var/lock as tmpfs - Allow chrome sandbox to connect to web ports - Allow dovecot to listem on lmtp and sieve ports - Allov ddclient to search sysctl_net_t - Transition back to original domain if you execute the shell- Remove duplicate declaration- Update to upstream - Cleanup for sandbox - Add attribute to be able to select sandbox types- Allow ddclient to fix file mode bits of ddclient conf file - init leaks file descriptors to daemons - Add labels for /etc/lirc/ and - Allow amavis_t to exec shell - Add label for gssd_tmp_t for /var/tmp/nfs_0- Put back in lircd_etc_t so policy will install- Turn on allow_postfix_local_write_mail_spool - Allow initrc_t to transition to shutdown_t - Allow logwatch and cron to mls_read_to_clearance for MLS boxes - Allow wm to send signull to all applications and receive them from users - lircd patch from field - Login programs have to read /etc/samba - New programs under /lib/systemd - Abrt needs to read config files- Update to upstream - Dontaudit leaked sockets from userdomains to user domains - Fixes for mcelog to handle scripts - Apply patch from Ruben Kerkhof - Allow syslog to search spool dirs- Allow nagios plugins to read usr files - Allow mysqld-safe to send system log messages - Fixes fpr ddclient policy - Fix sasl_admin interface - Allow apache to search zarafa config - Allow munin plugins to search /var/lib directory - Allow gpsd to read sysfs_t - Fix labels on /etc/mcelog/triggers to bin_t- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t - Allow saslauthd_t to create krb5_host_rcache_t files in /tmp - Fix xserver interface - Fix definition of /var/run/lxdm- Turn on mediawiki policy - kdump leaks kdump_etc_t to ifconfig, add dontaudit - uux needs to transition to uucpd_t - More init fixes relabels man,faillog - Remove maxima defs in libraries.fc - insmod needs to be able to create tmpfs_t files - ping needs setcap- Allow groupd transition to fenced domain when executes fence_node - Fixes for rchs policy - Allow mpd to be able to read samba/nfs files- Fix up corecommands.fc to match upstream - Make sure /lib/systemd/* is labeled init_exec_t - mount wants to setattr on all mountpoints - dovecot auth wants to read dovecot etc files - nscd daemon looks at the exe file of the comunicating daemon - openvpn wants to read utmp file - postfix apps now set sys_nice and lower limits - remote_login (telnetd/login) wants to use telnetd_devpts_t and user_devpts_t to work correctly - Also resolves nsswitch - Fix labels on /etc/hosts.* - Cleanup to make upsteam patch work - allow abrt to read etc_runtime_t- Add conflicts for dirsrv package- Update to upstream - Add vlock policy- Fix sandbox to work on nfs homedirs - Allow cdrecord to setrlimit - Allow mozilla_plugin to read xauth - Change label on systemd-logger to syslogd_exec_t - Install dirsrv policy from dirsrv package- Add virt_home_t, allow init to setattr on xserver_tmp_t and relabel it - Udev needs to stream connect to init and kernel - Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory- Allow NetworkManager to read openvpn_etc_t - Dontaudit hplip to write of /usr dirs - Allow system_mail_t to create /root/dead.letter as mail_home_t - Add vdagent policy for spice agent daemon- Dontaudit sandbox sending sigkill to all user domains - Add policy for rssh_chroot_helper - Add missing flask definitions - Allow udev to relabelto removable_t - Fix label on /var/log/wicd.log - Transition to initrc_t from init when executing bin_t - Add audit_access permissions to file - Make removable_t a device_node - Fix label on /lib/systemd/*- Fixes for systemd to manage /var/run - Dontaudit leaks by firstboot- Allow chome to create netlink_route_socket - Add additional MATHLAB file context - Define nsplugin as an application_domain - Dontaudit sending signals from sandboxed domains to other domains - systemd requires init to build /tmp /var/auth and /var/lock dirs - mount wants to read devicekit_power /proc/ entries - mpd wants to connect to soundd port - Openoffice causes a setattr on a lib_t file for normal users, add dontaudit - Treat lib_t and textrel_shlib_t directories the same - Allow mount read access on virtual images- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs. - Allow devicekit_power to domtrans to mount - Allow dhcp to bind to udp ports > 1024 to do named stuff - Allow ssh_t to exec ssh_exec_t - Remove telepathy_butterfly_rw_tmp_files(), dev_read_printk() interfaces which are nolonger used - Fix clamav_append_log() intefaces - Fix 'psad_rw_fifo_file' interface- Allow cobblerd to list cobler appache content- Fixup for the latest version of upowed - Dontaudit sandbox sending SIGNULL to desktop apps- Update to upstream-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access - dovecot-auth_t needs ipc_lock - gpm needs to use the user terminal - Allow system_mail_t to append ~/dead.letter - Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf - Add pid file to vnstatd - Allow mount to communicate with gfs_controld - Dontaudit hal leaks in setfiles- Lots of fixes for systemd - systemd now executes readahead and tmpwatch type scripts - Needs to manage random seed- Allow smbd to use sys_admin - Remove duplicate file context for tcfmgr - Update to upstream- Fix fusefs handling - Do not allow sandbox to manage nsplugin_rw_t - Allow mozilla_plugin_t to connecto its parent - Allow init_t to connect to plymouthd running as kernel_t - Add mediawiki policy - dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs. - Disable transition from dbus_session_domain to telepathy for F14 - Allow boinc_project to use shm - Allow certmonger to search through directories that contain certs - Allow fail2ban the DAC Override so it can read log files owned by non root users- Start adding support for use_fusefs_home_dirs - Add /var/lib/syslog directory file context - Add /etc/localtime as locale file context- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user - Turn off iptables from unconfined user - Allow sudo to send signals to any domains the user could have transitioned to. - Passwd in single user mode needs to talk to console_device_t - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio - locate tried to read a symbolic link, will dontaudit - New labels for telepathy-sunshine content in homedir - Google is storing other binaries under /opt/google/talkplugin - bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug - Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15 - modemmanger and bluetooth send dbus messages to devicekit_power - Samba needs to getquota on filesystems labeld samba_share_t- Dontaudit attempts by xdm_t to write to bin_t for kdm - Allow initrc_t to manage system_conf_t- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory. - Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets - Allow confined users to read xdm_etc_t files - Allow xdm_t to transition to xauth_t for lxdm program- Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home - Allow clamd to send signals to itself - Allow mozilla_plugin_t to read user home content. And unlink pulseaudio shm. - Allow haze to connect to yahoo chat and messenger port tcp:5050. Bz #637339 - Allow guest to run ps command on its processes by allowing it to read /proc - Allow firewallgui to sys_rawio which seems to be required to setup masqerading - Allow all domains to search through default_t directories, in order to find differnet labels. For example people serring up /foo/bar to be share via samba. - Add label for /var/log/slim.log- Pull in cleanups from dgrift - Allow mozilla_plugin_t to execute mozilla_home_t - Allow rpc.quota to do quotamod- Cleanup policy via dgrift - Allow dovecot_deliver to append to inherited log files - Lots of fixes for consolehelper- Fix up Xguest policy- Add vnstat policy - allow libvirt to send audit messages - Allow chrome-sandbox to search nfs_t- Update to upstream- Add the ability to send audit messages to confined admin policies - Remove permissive domain from cmirrord and dontaudit sys_tty_config - Split out unconfined_domain() calls from other unconfined_ calls so we can d - virt needs to be able to read processes to clearance for MLS- Allow all domains that can use cgroups to search tmpfs_t directory - Allow init to send audit messages- Update to upstream- Allow mdadm_t to create files and sock files in /dev/md/- Add policy for ajaxterm- Handle /var/db/sudo - Allow pulseaudio to read alsa config - Allow init to send initrc_t dbus messagesAllow iptables to read shorewall tmp files Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr intd label vlc as an execmem_exec_t Lots of fixes for mozilla_plugin to run google vidio chat Allow telepath_msn to execute ldconfig and its own tmp files Fix labels on hugepages Allow mdadm to read files on /dev Remove permissive domains and change back to unconfined Allow freshclam to execute shell and bin_t Allow devicekit_power to transition to dhcpc Add boolean to allow icecast to connect to any port- Merge upstream fix of mmap_zero - Allow mount to write files in debugfs_t - Allow corosync to communicate with clvmd via tmpfs - Allow certmaster to read usr_t files - Allow dbus system services to search cgroup_t - Define rlogind_t as a login pgm- Allow mdadm_t to read/write hugetlbfs- Dominic Grift Cleanup - Miroslav Grepl policy for jabberd - Various fixes for mount/livecd and prelink- Merge with upstream- More access needed for devicekit - Add dbadm policy- Merge with upstream- Allow seunshare to fowner- Allow cron to look at user_cron_spool links - Lots of fixes for mozilla_plugin_t - Add sysv file system - Turn unconfined domains to permissive to find additional avcs- Update policy for mozilla_plugin_t- Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying to write to security_t dir- Allow clamscan_t execmem if clamd_use_jit set - Add policy for firefox plugin-container- Fix /root/.forward definition- label dead.letter as mail_home_t- Allow login programs to search /cgroups- Fix cert handling- Fix devicekit_power bug - Allow policykit_auth_t more access.- Fix nis calls to allow bind to ports 512-1024 - Fix smartmon- Allow pcscd to read sysfs - systemd fixes - Fix wine_mmap_zero_ignore boolean- Apply Miroslav munin patch - Turn back on allow_execmem and allow_execmod booleans- Merge in fixes from dgrift repository- Update boinc policy - Fix sysstat policy to allow sys_admin - Change failsafe_context to unconfined_r:unconfined_t:s0- New paths for upstart- New permissions for syslog - New labels for /lib/upstart- Add mojomojo policy- Allow systemd to setsockcon on sockets to immitate other services- Remove debugfs label- Update to latest policy- Fix eclipse labeling from IBMSupportAssasstant packageing- Make boot with systemd in enforcing mode- Update to upstream- Add boolean to turn off port forwarding in sshd.- Add support for ebtables - Fixes for rhcs and corosync policy-Update to upstream-Update to upstream-Update to upstream- Add Zarafa policy- Cleanup of aiccu policy - initial mock policy- Lots of random fixes- Update to upstream- Update to upstream - Allow prelink script to signal itself - Cobbler fixes- Add xdm_var_run_t to xserver_stream_connect_xdm - Add cmorrord and mpd policy from Miroslav Grepl- Fix sshd creation of krb cc files for users to be user_tmp_t- Fixes for accountsdialog - Fixes for boinc- Fix label on /var/lib/dokwiki - Change permissive domains to enforcing - Fix libvirt policy to allow it to run on mls- Update to upstream- Allow procmail to execute scripts in the users home dir that are labeled home_bin_t - Fix /var/run/abrtd.lock label- Allow login programs to read krb5_home_t Resolves: 594833 - Add obsoletes for cachefilesfd-selinux package Resolves: #575084- Allow mount to r/w abrt fifo file - Allow svirt_t to getattr on hugetlbfs - Allow abrt to create a directory under /var/spool- Add labels for /sys - Allow sshd to getattr on shutdown - Fixes for munin - Allow sssd to use the kernel key ring - Allow tor to send syslog messages - Allow iptabels to read usr files - allow policykit to read all domains state- Fix path for /var/spool/abrt - Allow nfs_t as an entrypoint for http_sys_script_t - Add policy for piranha - Lots of fixes for sosreport- Allow xm_t to read network state and get and set capabilities - Allow policykit to getattr all processes - Allow denyhosts to connect to tcp port 9911 - Allow pyranha to use raw ip sockets and ptrace itself - Allow unconfined_execmem_t and gconfsd mechanism to dbus - Allow staff to kill ping process - Add additional MLS rules- Allow gdm to edit ~/.gconf dir Resolves: #590677 - Allow dovecot to create directories in /var/lib/dovecot Partially resolves 590224 - Allow avahi to dbus chat with NetworkManager - Fix cobbler labels - Dontaudit iceauth_t leaks - fix /var/lib/lxdm file context - Allow aiccu to use tun tap devices - Dontaudit shutdown using xserver.log- Fixes for sandbox_x_net_t to match access for sandbox_web_t ++ - Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory - Add dontaudit interface for bluetooth dbus - Add chronyd_read_keys, append_keys for initrc_t - Add log support for ksmtuned Resolves: #586663- Allow boinc to send mail- Allow initrc_t to remove dhcpc_state_t - Fix label on sa-update.cron - Allow dhcpc to restart chrony initrc - Don't allow sandbox to send signals to its parent processes - Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t Resolves: #589136- Fix location of oddjob_mkhomedir Resolves: #587385 - fix labeling on /root/.shosts and ~/.shosts - Allow ipsec_mgmt_t to manage net_conf_t Resolves: #586760- Dontaudit sandbox trying to connect to netlink sockets Resolves: #587609 - Add policy for piranha- Fixups for xguest policy - Fixes for running sandbox firefox- Allow ksmtuned to use terminals Resolves: #586663 - Allow lircd to write to generic usb devices- Allow sandbox_xserver to connectto unconfined stream Resolves: #585171- Allow initrc_t to read slapd_db_t Resolves: #585476 - Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf Resolves: #585963- Allow rlogind_t to search /root for .rhosts Resolves: #582760 - Fix path for cached_var_t - Fix prelink paths /var/lib/prelink - Allow confined users to direct_dri - Allow mls lvm/cryptosetup to work- Allow virtd_t to manage firewall/iptables config Resolves: #573585- Fix label on /root/.rhosts Resolves: #582760 - Add labels for Picasa - Allow openvpn to read home certs - Allow plymouthd_t to use tty_device_t - Run ncftool as iptables_t - Allow mount to unmount unlabeled_t - Dontaudit hal leaks- Allow livecd to transition to mount- Update to upstream - Allow abrt to delete sosreport Resolves: #579998 - Allow snmp to setuid and gid Resolves: #582155 - Allow smartd to use generic scsi devices Resolves: #582145- Allow ipsec_t to create /etc/resolv.conf with the correct label - Fix reserved port destination - Allow autofs to transition to showmount - Stop crashing tuned- Add telepathysofiasip policy- Update to upstream - Fix label for /opt/google/chrome/chrome-sandbox - Allow modemmanager to dbus with policykit- Fix allow_httpd_mod_auth_pam to use auth_use_pam(httpd_t) - Allow accountsd to read shadow file - Allow apache to send audit messages when using pam - Allow asterisk to bind and connect to sip tcp ports - Fixes for dovecot 2.0 - Allow initrc_t to setattr on milter directories - Add procmail_home_t for .procmailrc file- Fixes for labels during install from livecd- Fix /cgroup file context - Fix broken afs use of unlabled_t - Allow getty to use the console for s390- Fix cgroup handling adding policy for /cgroup - Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set- Merge patches from dgrift- Update upstream - Allow abrt to write to the /proc under any process- Fix ~/.fontconfig label - Add /root/.cert label - Allow reading of the fixed_file_disk_t:lnk_file if you can read file - Allow qemu_exec_t as an entrypoint to svirt_t- Update to upstream - Allow tmpreaper to delete sandbox sock files - Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems - Fixes for gitosis - No transition on livecd to passwd or chfn - Fixes for denyhosts- Add label for /var/lib/upower - Allow logrotate to run sssd - dontaudit readahead on tmpfs blk files - Allow tmpreaper to setattr on sandbox files - Allow confined users to execute dos files - Allow sysadm_t to kill processes running within its clearance - Add accountsd policy - Fixes for corosync policy - Fixes from crontab policy - Allow svirt to manage svirt_image_t chr files - Fixes for qdisk policy - Fixes for sssd policy - Fixes for newrole policy- make libvirt work on an MLS platform- Add qpidd policy- Update to upstream- Allow boinc to read kernel sysctl - Fix snmp port definitions - Allow apache to read anon_inodefs- Allow shutdown dac_override- Add device_t as a file system - Fix sysfs association- Dontaudit ipsec_mgmt sys_ptrace - Allow at to mail its spool files - Allow nsplugin to search in .pulse directory- Update to upstream- Allow users to dbus chat with xdm - Allow users to r/w wireless_device_t - Dontaudit reading of process states by ipsec_mgmt- Fix openoffice from unconfined_t- Add shutdown policy so consolekit can shutdown system- Update to upstream- Update to upstream- Update to upstream - These are merges of my patches - Remove 389 labeling conflicts - Add MLS fixes found in RHEL6 testing - Allow pulseaudio to run as a service - Add label for mssql and allow apache to connect to this database port if boolean set - Dontaudit searches of debugfs mount point - Allow policykit_auth to send signals to itself - Allow modcluster to call getpwnam - Allow swat to signal winbind - Allow usbmux to run as a system role - Allow svirt to create and use devpts- Add MLS fixes found in RHEL6 testing - Allow domains to append to rpm_tmp_t - Add cachefilesfd policy - Dontaudit leaks when transitioning- Change allow_execstack and allow_execmem booleans to on - dontaudit acct using console - Add label for fping - Allow tmpreaper to delete sandbox_file_t - Fix wine dontaudit mmap_zero - Allow abrt to read var_t symlinks- Additional policy for rgmanager- Allow sshd to setattr on pseudo terms- Update to upstream- Allow policykit to send itself signals- Fix duplicate cobbler definition- Fix file context of /var/lib/avahi-autoipd- Merge with upstream- Allow sandbox to work with MLS- Make Chrome work with staff user- Add icecast policy - Cleanup spec file- Add mcelog policy- Lots of fixes found in F12- Fix rpm_dontaudit_leaks- Add getsched to hald_t - Add file context for Fedora/Redhat Directory Server- Allow abrt_helper to getattr on all filesystems - Add label for /opt/real/RealPlayer/plugins/oggfformat\.so- Add gstreamer_home_t for ~/.gstreamer- Update to upstream- Fix git- Turn on puppet policy - Update to dgrift git policy- Move users file to selection by spec file. - Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t- Update to upstream- Remove most of the permissive domains from F12.- Add cobbler policy from dgrift- add usbmon device - Add allow rulse for devicekit_disk- Lots of fixes found in F12, fixes from Tom London- Cleanups from dgrift- Add back xserver_manage_home_fonts- Dontaudit sandbox trying to read nscd and sssd- Update to upstream- Rename udisks-daemon back to devicekit_disk_t policy- Fixes for abrt calls- Add tgtd policy- Update to upstream release- Add asterisk policy back in - Update to upstream release 2.20091117- Update to upstream release 2.20091117- Fixup nut policy- Update to upstream- Allow vpnc request the kernel to load modules- Fix minimum policy installs - Allow udev and rpcbind to request the kernel to load modules- Add plymouth policy - Allow local_login to sys_admin- Allow cupsd_config to read user tmp - Allow snmpd_t to signal itself - Allow sysstat_t to makedir in sysstat_log_t- Update rhcs policy- Allow users to exec restorecond- Allow sendmail to request kernel modules load- Fix all kernel_request_load_module domains- Fix all kernel_request_load_module domains- Remove allow_exec* booleans for confined users. Only available for unconfined_t- More fixes for sandbox_web_t- Allow sshd to create .ssh directory and content- Fix request_module line to module_request- Fix sandbox policy to allow it to run under firefox. - Dont audit leaks.- Fixes for sandbox- Update to upstream - Dontaudit nsplugin search /root - Dontaudit nsplugin sys_nice- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service - Remove policycoreutils-python requirement except for minimum- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files - Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)- Add wordpress/wp-content/uploads label - Fixes for sandbox when run from staff_t- Update to upstream - Fixes for devicekit_disk- More fixes- Lots of fixes for initrc and other unconfined domains- Allow xserver to use netlink_kobject_uevent_socket- Fixes for sandbox- Dontaudit setroubleshootfix looking at /root directory- Update to upsteam- Allow gssd to send signals to users - Fix duplicate label for apache content- Update to upstream- Remove polkit_auth on upgrades- Add back in unconfined.pp and unconfineduser.pp - Add Sandbox unshare- Fixes for cdrecord, mdadm, and others- Add capability setting to dhcpc and gpm- Allow cronjobs to read exim_spool_t- Add ABRT policy- Fix system-config-services policy- Allow libvirt to change user componant of virt_domain- Allow cupsd_config_t to be started by dbus - Add smoltclient policy- Add policycoreutils-python to pre install- Make all unconfined_domains permissive so we can see what AVC's happen- Add pt_chown policy- Add kdump policy for Miroslav Grepl - Turn off execstack boolean- Turn on execstack on a temporary basis (#512845)- Allow nsplugin to connecto the session bus - Allow samba_net to write to coolkey data- Allow devicekit_disk to list inotify- Allow svirt images to create sock_file in svirt_var_run_t- Allow exim to getattr on mountpoints - Fixes for pulseaudio- Allow svirt_t to stream_connect to virtd_t- Allod hald_dccm_t to create sock_files in /tmp- More fixes from upstream- Fix polkit label - Remove hidebrokensymptoms for nss_ldap fix - Add modemmanager policy - Lots of merges from upstream - Begin removing textrel_shlib_t labels, from fixed libraries- Update to upstream- Allow certmaster to override dac permissions- Update to upstream- Fix context for VirtualBox- Update to upstream- Allow clamscan read amavis spool files- Fixes for xguest- fix multiple directory ownership of mandirs- Update to upstream- Add rules for rtkit-daemon- Update to upstream - Fix nlscd_stream_connect- Add rtkit policy- Allow rpcd_t to stream connect to rpcbind- Allow kpropd to create tmp files- Fix last duplicate /var/log/rpmpkgs- Update to upstream * add sssd- Update to upstream * cleanup- Update to upstream - Additional mail ports - Add virt_use_usb boolean for svirt- Fix mcs rules to include chr_file and blk_file- Add label for udev-acl- Additional rules for consolekit/udev, privoxy and various other fixes- New version for upstream- Allow NetworkManager to read inotifyfs- Allow setroubleshoot to run mlocate- Update to upstream- Add fish as a shell - Allow fprintd to list usbfs_t - Allow consolekit to search mountpoints - Add proper labeling for shorewall- New log file for vmware - Allow xdm to setattr on user_tmp_t- Upgrade to upstream- Allow fprintd to access sys_ptrace - Add sandbox policy- Add varnishd policy- Fixes for kpropd- Allow brctl to r/w tun_tap_device_t- Add /usr/share/selinux/packages- Allow rpcd_t to send signals to kernel threads- Fix upgrade for F10 to F11- Add policy for /var/lib/fprint-Remove duplicate line- Allow svirt to manage pci and other sysfs device data- Fix package selection handling- Fix /sbin/ip6tables-save context - Allod udev to transition to mount - Fix loading of mls policy file- Add shorewall policy- Additional rules for fprintd and sssd- Allow nsplugin to unix_read unix_write sem for unconfined_java- Fix uml files to be owned by users- Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less- Allow confined users to manage virt_content_t, since this is home dir content - Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection- Fix labeling on /var/lib/misc/prelink* - Allow xserver to rw_shm_perms with all x_clients - Allow prelink to execute files in the users home directory- Allow initrc_t to delete dev_null - Allow readahead to configure auditing - Fix milter policy - Add /var/lib/readahead- Update to latest milter code from Paul Howarth- Additional perms for readahead- Allow pulseaudio to acquire_svc on session bus - Fix readahead labeling- Allow sysadm_t to run rpm directly - libvirt needs fowner- Allow sshd to read var_lib symlinks for freenx- Allow nsplugin unix_read and write on users shm and sem - Allow sysadm_t to execute su- Dontaudit attempts to getattr user_tmpfs_t by lvm - Allow nfs to share removable media- Add ability to run postdrop from confined users- Fixes for podsleuth- Turn off nsplugin transition - Remove Konsole leaked file descriptors for release- Allow cupsd_t to create link files in print_spool_t - Fix iscsi_stream_connect typo - Fix labeling on /etc/acpi/actions - Don't reinstall unconfine and unconfineuser on upgrade if they are not installed- Allow audioentroy to read etc files- Add fail2ban_var_lib_t - Fixes for devicekit_power_t- Separate out the ucnonfined user from the unconfined.pp package- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.- Upgrade to latest upstream - Allow devicekit_disk sys_rawio- Dontaudit binds to ports < 1024 for named - Upgrade to latest upstream- Allow podsleuth to use tmpfs files- Add customizable_types for svirt- Allow setroubelshoot exec* privs to prevent crash from bad libraries - add cpufreqselector- Dontaudit listing of /root directory for cron system jobs- Fix missing ld.so.cache label- Add label for ~/.forward and /root/.forward- Fixes for svirt- Fixes to allow svirt read iso files in homedir- Add xenner and wine fixes from mgrepl- Allow mdadm to read/write mls override- Change to svirt to only access svirt_image_t- Fix libvirt policy- Upgrade to latest upstream- Fixes for iscsid and sssd - More cleanups for upgrade from F10 to Rawhide.- Add pulseaudio, sssd policy - Allow networkmanager to exec udevadm- Add pulseaudio context- Upgrade to latest patches- Fixes for libvirt- Update to Latest upstream- Fix setrans.conf to show SystemLow for s0- Further confinement of qemu images via svirt- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- Allow NetworkManager to manage /etc/NetworkManager/system-connections- add virtual_image_context and virtual_domain_context files- Allow rpcd_t to send signal to mount_t - Allow libvirtd to run ranged- Fix sysnet/net_conf_t- Fix squidGuard labeling- Re-add corenet_in_generic_if(unlabeled_t)* Tue Feb 10 2009 Dan Walsh 3.6.5-2 - Add git web policy- Add setrans contains from upstream- Do transitions outside of the booleans- Allow xdm to create user_tmp_t sockets for switch user to work- Fix staff_t domain- Grab remainder of network_peer_controls patch- More fixes for devicekit- Upgrade to latest upstream- Add boolean to disallow unconfined_t login- Add back transition from xguest to mozilla- Add virt_content_ro_t and labeling for isos directory- Fixes for wicd daemon- More mls/rpm fixes- Add policy to make dbus/nm-applet work- Remove polgen-ifgen from post and add trigger to policycoreutils-python- Add wm policy - Make mls work in graphics mode- Fixed for DeviceKit- Add devicekit policy- Update to upstream- Define openoffice as an x_domain- Fixes for reading xserver_tmp_t- Allow cups_pdf_t write to nfs_t- Remove audio_entropy policy- Update to upstream- Allow hal_acl_t to getattr/setattr fixed_disk- Change userdom_read_all_users_state to include reading symbolic links in /proc- Fix dbus reading /proc information- Add missing alias for home directory content- Fixes for IBM java location- Allow unconfined_r unconfined_java_t- Add cron_role back to user domains- Fix sudo setting of user keys- Allow iptables to talk to terminals - Fixes for policy kit - lots of fixes for booting.- Cleanup policy- Rebuild for Python 2.6- Fix labeling on /var/spool/rsyslog- Allow postgresl to bind to udp nodes- Allow lvm to dbus chat with hal - Allow rlogind to read nfs_t- Fix cyphesis file context- Allow hal/pm-utils to look at /var/run/video.rom - Add ulogd policy- Additional fixes for cyphesis - Fix certmaster file context - Add policy for system-config-samba - Allow hal to read /var/run/video.rom- Allow dhcpc to restart ypbind - Fixup labeling in /var/run- Add certmaster policy- Fix confined users - Allow xguest to read/write xguest_dbusd_t- Allow openoffice execstack/execmem privs- Allow mozilla to run with unconfined_execmem_t- Dontaudit domains trying to write to .xsession-errors- Allow nsplugin to look at autofs_t directory- Allow kerneloops to create tmp files- More alias for fastcgi- Remove mod_fcgid-selinux package- Fix dovecot access- Policy cleanup- Remove Multiple spec - Add include - Fix makefile to not call per_role_expansion- Fix labeling of libGL- Update to upstream- Update to upstream policy- Fixes for confined xwindows and xdm_t- Allow confined users and xdm to exec wm - Allow nsplugin to talk to fifo files on nfs- Allow NetworkManager to transition to avahi and iptables - Allow domains to search other domains keys, coverup kernel bug- Fix labeling for oracle- Allow nsplugin to comminicate with xdm_tmp_t sock_file- Change all user tmpfs_t files to be labeled user_tmpfs_t - Allow radiusd to create sock_files- Upgrade to upstream- Allow confined users to login with dbus- Fix transition to nsplugin- Add file context for /dev/mspblk.*- Fix transition to nsplugin '- Fix labeling on new pm*log - Allow ssh to bind to all nodes- Merge upstream changes - Add Xavier Toth patches- Add qemu_cache_t for /var/cache/libvirt- Remove gamin policy- Add tinyxs-max file system support- Update to upstream - New handling of init scripts- Allow pcsd to dbus - Add memcache policy- Allow audit dispatcher to kill his children- Update to upstream - Fix crontab use by unconfined user- Allow ifconfig_t to read dhcpc_state_t- Update to upstream- Update to upstream- Allow system-config-selinux to work with policykit- Fix novel labeling- Consolodate pyzor,spamassassin, razor into one security domain - Fix xdm requiring additional perms.- Fixes for logrotate, alsa- Eliminate vbetool duplicate entry- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t - Change dhclient to be able to red networkmanager_var_run- Update to latest refpolicy - Fix libsemanage initial install bug- Add inotify support to nscd- Allow unconfined_t to setfcap- Allow amanda to read tape - Allow prewikka cgi to use syslog, allow audisp_t to signal cgi - Add support for netware file systems- Allow ypbind apps to net_bind_service- Allow all system domains and application domains to append to any log file- Allow gdm to read rpm database - Allow nsplugin to read mplayer config files- Allow vpnc to run ifconfig- Allow confined users to use postgres - Allow system_mail_t to exec other mail clients - Label mogrel_rails as an apache server- Apply unconfined_execmem_exec_t to haskell programs- Fix prelude file context- allow hplip to talk dbus - Fix context on ~/.local dir- Prevent applications from reading x_device- Add /var/lib/selinux context- Update to upstream- Add livecd policy- Dontaudit search of admin_home for init_system_domain - Rewrite of xace interfaces - Lots of new fs_list_inotify - Allow livecd to transition to setfiles_mac- Begin XAce integration- Merge Upstream- Allow amanada to create data files- Fix initial install, semanage setup- Allow system_r for httpd_unconfined_script_t- Remove dmesg boolean - Allow user domains to read/write game data- Change unconfined_t to transition to unconfined_mono_t when running mono - Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work- Remove old booleans from targeted-booleans.conf file- Add boolean to mmap_zero - allow tor setgid - Allow gnomeclock to set clock- Don't run crontab from unconfined_t- Change etc files to config files to allow users to read them- Lots of fixes for confined domains on NFS_t homedir- dontaudit mrtg reading /proc - Allow iscsi to signal itself - Allow gnomeclock sys_ptrace- Allow dhcpd to read kernel network state- Label /var/run/gdm correctly - Fix unconfined_u user creation- Allow transition from initrc_t to getty_t- Allow passwd to communicate with user sockets to change gnome-keyring- Fix initial install- Allow radvd to use fifo_file - dontaudit setfiles reading links - allow semanage sys_resource - add allow_httpd_mod_auth_ntlm_winbind boolean - Allow privhome apps including dovecot read on nfs and cifs home dirs if the boolean is set- Allow nsplugin to read /etc/mozpluggerrc, user_fonts - Allow syslog to manage innd logs. - Allow procmail to ioctl spamd_exec_t- Allow initrc_t to dbus chat with consolekit.- Additional access for nsplugin - Allow xdm setcap/getcap until pulseaudio is fixed- Allow mount to mkdir on tmpfs - Allow ifconfig to search debugfs- Fix file context for MATLAB - Fixes for xace- Allow stunnel to transition to inetd children domains - Make unconfined_dbusd_t an unconfined domain- Fixes for qemu/virtd- Fix bug in mozilla policy to allow xguest transition - This will fix the libsemanage.dbase_llist_query: could not find record value libsemanage.dbase_llist_query: could not query record value (No such file or directory) bug in xguest- Allow nsplugin to run acroread- Add cups_pdf policy - Add openoffice policy to run in xguest- prewika needs to contact mysql - Allow syslog to read system_map files- Change init_t to an unconfined_domain- Allow init to transition to initrc_t on shell exec. - Fix init to be able to sendto init_t. - Allow syslog to connect to mysql - Allow lvm to manage its own fifo_files - Allow bugzilla to use ldap - More mls fixes- fixes for init policy (#436988) - fix build- Additional changes for MLS policy- Fix initrc_context generation for MLS- Fixes for libvirt- Allow bitlebee to read locale_t- More xselinux rules- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t- Prepare policy for beta release - Change some of the system domains back to unconfined - Turn on some of the booleans- Allow nsplugin_config execstack/execmem - Allow nsplugin_t to read alsa config - Change apache to use user content- Add cyphesis policy- Fix Makefile.devel to build mls modules - Fix qemu to be more specific on labeling- Update to upstream fixes- Allow staff to mounton user_home_t- Add xace support- Add fusectl file system- Fixes from yum-cron - Update to latest upstream- Fix userdom_list_user_files- Merge with upstream- Allow udev to send audit messages- Add additional login users interfaces - userdom_admin_login_user_template(staff)- More fixes for polkit- Eliminate transition from unconfined_t to qemu by default - Fixes for gpg- Update to upstream- Fixes for staff_t- Add policy for kerneloops - Add policy for gnomeclock- Fixes for libvirt- Fixes for nsplugin- More fixes for qemu- Additional ports for vnc and allow qemu and libvirt to search all directories- Update to upstream - Add libvirt policy - add qemu policy- Allow fail2ban to create a socket in /var/run- Allow allow_httpd_mod_auth_pam to work- Add audisp policy and prelude- Allow all user roles to executae samba net command- Allow usertypes to read/write noxattr file systems- Fix nsplugin to allow flashplugin to work in enforcing mode- Allow pam_selinux_permit to kill all processes- Allow ptrace or user processes by users of same type - Add boolean for transition to nsplugin- Allow nsplugin sys_nice, getsched, setsched- Allow login programs to talk dbus to oddjob- Add procmail_log support - Lots of fixes for munin- Allow setroubleshoot to read policy config and send audit messages- Allow users to execute all files in homedir, if boolean set - Allow mount to read samba config- Fixes for xguest to run java plugin- dontaudit pam_t and dbusd writing to user_home_t- Update gpg to allow reading of inotify- Change user and staff roles to work correctly with varied perms- Fix munin log, - Eliminate duplicate mozilla file context - fix wpa_supplicant spec- Fix role transition from unconfined_r to system_r when running rpm - Allow unconfined_domains to communicate with user dbus instances- Fixes for xguest- Let all uncofined domains communicate with dbus unconfined- Run rpm in system_r- Zero out customizable types- Fix definiton of admin_home_t- Fix munin file context- Allow cron to run unconfined apps- Modify default login to unconfined_u- Dontaudit dbus user client search of /root- Update to upstream- Fixes for polkit - Allow xserver to ptrace- Add polkit policy - Symplify userdom context, remove automatic per_role changes- Update to upstream - Allow httpd_sys_script_t to search users homedirs- Allow rpm_script to transition to unconfined_execmem_t- Remove user based home directory separation- Remove user specific crond_t- Merge with upstream - Allow xsever to read hwdata_t - Allow login programs to setkeycreate- Update to upstream- Update to upstream- Allow XServer to read /proc/self/cmdline - Fix unconfined cron jobs - Allow fetchmail to transition to procmail - Fixes for hald_mac - Allow system_mail to transition to exim - Allow tftpd to upload files - Allow xdm to manage unconfined_tmp - Allow udef to read alsa config - Fix xguest to be able to connect to sound port- Fixes for hald_mac - Treat unconfined_home_dir_t as a home dir - dontaudit rhgb writes to fonts and root- Fix dnsmasq - Allow rshd full login privs- Allow rshd to connect to ports > 1023- Fix vpn to bind to port 4500 - Allow ssh to create shm - Add Kismet policy- Allow rpm to chat with networkmanager- Fixes for ipsec and exim mail - Change default to unconfined user- Pass the UNK_PERMS param to makefile - Fix gdm location- Make alsa work- Fixes for consolekit and startx sessions- Dontaudit consoletype talking to unconfined_t- Remove homedir_template- Check asound.state- Fix exim policy- Allow tmpreadper to read man_t - Allow racoon to bind to all nodes - Fixes for finger print reader- Allow xdm to talk to input device (fingerprint reader) - Allow octave to run as java- Allow login programs to set ioctl on /proc- Allow nsswitch apps to read samba_var_t- Fix maxima- Eliminate rpm_t:fifo_file avcs - Fix dbus path for helper app- Fix service start stop terminal avc's- Allow also to search var_lib - New context for dbus launcher- Allow cupsd_config_t to read/write usb_device_t - Support for finger print reader, - Many fixes for clvmd - dbus starting networkmanager- Fix java and mono to run in xguest account- Fix to add xguest account when inititial install - Allow mono, java, wine to run in userdomains- Allow xserver to search devpts_t - Dontaudit ldconfig output to homedir- Remove hplip_etc_t change back to etc_t.- Allow cron to search nfs and samba homedirs- Allow NetworkManager to dbus chat with yum-updated- Allow xfs to bind to port 7100- Allow newalias/sendmail dac_override - Allow bind to bind to all udp ports- Turn off direct transition- Allow wine to run in system role- Fix java labeling- Define user_home_type as home_type- Allow sendmail to create etc_aliases_t- Allow login programs to read symlinks on homedirs- Update an readd modules- Cleanup spec file- Allow xserver to be started by unconfined process and talk to tty- Upgrade to upstream to grab postgressql changes- Add setransd for mls policy- Add ldconfig_cache_t- Allow sshd to write to proc_t for afs login- Allow xserver access to urand- allow dovecot to search mountpoints- Fix Makefile for building policy modules- Fix dhcpc startup of service- Fix dbus chat to not happen for xguest and guest users- Fix nagios cgi - allow squid to communicate with winbind- Fixes for ldconfig- Update from upstream- Add nasd support- Fix new usb devices and dmfm- Eliminate mount_ntfs_t policy, merge into mount_t- Allow xserver to write to ramfs mounted by rhgb- Add context for dbus machine id- Update with latest changes from upstream- Fix prelink to handle execmod- Add ntpd_key_t to handle secret data- Add anon_inodefs - Allow unpriv user exec pam_exec_t - Fix trigger- Allow cups to use generic usb - fix inetd to be able to run random apps (git)- Add proper contexts for rsyslogd- Fixes for xguest policy- Allow execution of gconf- Fix moilscanner update problem- Begin adding policy to separate setsebool from semanage - Fix xserver.if definition to not break sepolgen.if- Add new devices- Add brctl policy- Fix root login to include system_r- Allow prelink to read kernel sysctls- Default to user_u:system_r:unconfined_t- fix squid - Fix rpm running as uid- Fix syslog declaration- Allow avahi to access inotify - Remove a lot of bogus security_t:filesystem avcs- Remove ifdef strict policy from upstream- Remove ifdef strict to allow user_u to login- Fix for amands - Allow semanage to read pp files - Allow rhgb to read xdm_xserver_tmp- Allow kerberos servers to use ldap for backing store- allow alsactl to read kernel state- More fixes for alsactl - Transition from hal and modutils - Fixes for suspend resume. - insmod domtrans to alsactl - insmod writes to hal log- Allow unconfined_t to transition to NetworkManager_t - Fix netlabel policy- Update to latest from upstream- Update to latest from upstream- Update to latest from upstream- Allow pcscd_t to send itself signals-- Fixes for unix_update - Fix logwatch to be able to search all dirs- Upstream bumped the version- Allow consolekit to syslog - Allow ntfs to work with hal- Allow iptables to read etc_runtime_t- MLS Fixes- Fix path of /etc/lvm/cache directory - Fixes for alsactl and pppd_t - Fixes for consolekit- Allow insmod_t to mount kvmfs_t filesystems- Rwho policy - Fixes for consolekit- fixes for fusefs- Fix samba_net to allow it to view samba_var_t- Update to upstream- Fix Sonypic backlight - Allow snmp to look at squid_conf_t- Fixes for pyzor, cyrus, consoletype on everything installs- Fix hald_acl_t to be able to getattr/setattr on usb devices - Dontaudit write to unconfined_pipes for load_policy- Allow bluetooth to read inotifyfs- Fixes for samba domain controller. - Allow ConsoleKit to look at ttys- Fix interface call- Allow syslog-ng to read /var - Allow locate to getattr on all filesystems - nscd needs setcap- Update to upstream- Allow samba to run groupadd- Update to upstream- Allow mdadm to access generic scsi devices- Fix labeling on udev.tbl dirs- Fixes for logwatch- Add fusermount and mount_ntfs policy- Update to upstream - Allow saslauthd to use kerberos keytabs- Fixes for samba_var_t- Allow networkmanager to setpgid - Fixes for hal_acl_t- Remove disable_trans booleans - hald_acl_t needs to talk to nscd- Fix prelink to be able to manage usr dirs.- Allow insmod to launch init scripts- Remove setsebool policy- Fix handling of unlabled_t packets- More of my patches from upstream- Update to latest from upstream - Add fail2ban policy- Update to remove security_t:filesystem getattr problems- Policy for consolekit- Update to latest from upstream- Revert Nemiver change - Set sudo as a corecmd so prelink will work, remove sudoedit mapping, since this will not work, it does not transition. - Allow samba to execute useradd- Upgrade to the latest from upstream- Add sepolgen support - Add bugzilla policy- Fix file context for nemiver- Remove include sym link- Allow mozilla, evolution and thunderbird to read dev_random. Resolves: #227002 - Allow spamd to connect to smtp port Resolves: #227184 - Fixes to make ypxfr work Resolves: #227237- Fix ssh_agent to be marked as an executable - Allow Hal to rw sound device- Fix spamassisin so crond can update spam files - Fixes to allow kpasswd to work - Fixes for bluetooth- Remove some targeted diffs in file context file- Fix squid cachemgr labeling- Add ability to generate webadm_t policy - Lots of new interfaces for httpd - Allow sshd to login as unconfined_t- Continue fixing, additional user domains- Begin adding user confinement to targeted policy- Fixes for prelink, ktalkd, netlabel- Allow prelink when run from rpm to create tmp files Resolves: #221865 - Remove file_context for exportfs Resolves: #221181 - Allow spamassassin to create ~/.spamassissin Resolves: #203290 - Allow ssh access to the krb tickets - Allow sshd to change passwd - Stop newrole -l from working on non securetty Resolves: #200110 - Fixes to run prelink in MLS machine Resolves: #221233 - Allow spamassassin to read var_lib_t dir Resolves: #219234- fix mplayer to work under strict policy - Allow iptables to use nscd Resolves: #220794- Add gconf policy and make it work with strict- Many fixes for strict policy and by extension mls.- Fix to allow ftp to bind to ports > 1024 Resolves: #219349- Allow semanage to exec it self. Label genhomedircon as semanage_exec_t Resolves: #219421 - Allow sysadm_lpr_t to manage other print spool jobs Resolves: #220080- allow automount to setgid Resolves: #219999- Allow cron to polyinstatiate - Fix creation of boot flags Resolves: #207433- Fixes for irqbalance Resolves: #219606- Fix vixie-cron to work on mls Resolves: #207433Resolves: #218978- Allow initrc to create files in /var directories Resolves: #219227- More fixes for MLS Resolves: #181566- More Fixes polyinstatiation Resolves: #216184- More Fixes polyinstatiation - Fix handling of keyrings Resolves: #216184- Fix polyinstatiation - Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350- More fixes for quota Resolves: #212957- ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014- Allow login programs to polyinstatiate homedirs Resolves: #216184 - Allow quotacheck to create database files Resolves: #212957- Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 Resolves: #217611 Resolves: #217640 Resolves: #217725- Fix context for helix players file_context #216942- Fix load_policy to be able to mls_write_down so it can talk to the terminal- Fixes for hwclock, clamav, ftp- Move to upstream version which accepted my patches- Fixes for nvidia driver- Allow semanage to signal mcstrans- Update to upstream- Allow modstorage to edit /etc/fstab file- Fix for qemu, /dev/- Fix path to realplayer.bin- Allow xen to connect to xen port- Allow cups to search samba_etc_t directory - Allow xend_t to list auto_mountpoints- Allow xen to search automount- Fix spec of jre files- Fix unconfined access to shadow file- Allow xend to create files in xen_image_t directories- Fixes for /var/lib/hal- Remove ability for sysadm_t to look at audit.log- Fix rpc_port_types - Add aide policy for mls- Merge with upstream- Lots of fixes for ricci- Allow xen to read/write fixed devices with a boolean - Allow apache to search /var/log- Fix policygentool specfile problem. - Allow apache to send signals to it's logging helpers. - Resolves: rhbz#212731- Add perms for swat- Add perms for swat- Allow daemons to dump core files to /- Fixes for ricci- Allow mount.nfs to work- Allow ricci-modstorage to look at lvm_etc_t- Fixes for ricci using saslauthd- Allow mountpoint on home_dir_t and home_t- Update xen to read nfs files- Allow noxattrfs to associate with other noxattrfs- Allow hal to use power_device_t- Allow procemail to look at autofs_t - Allow xen_image_t to work as a fixed device- Refupdate from upstream- Add lots of fixes for mls cups- Lots of fixes for ricci- Fix number of cats- Update to upstream- More iSCSI changes for #209854- Test ISCSI fixes for #209854- allow semodule to rmdir selinux_config_t dir- Fix boot_runtime_t problem on ppc. Should not be creating these files.- Fix context mounts on reboot - Fix ccs creation of directory in /var/log- Update for tallylog- Allow xend to rewrite dhcp conf files - Allow mgetty sys_admin capability- Make xentapctrl work- Don't transition unconfined_t to bootloader_t - Fix label in /dev/xen/blktap- Patch for labeled networking- Fix crond handling for mls- Update to upstream- Remove bluetooth-helper transition - Add selinux_validate for semanage - Require new version of libsemanage- Fix prelink- Fix rhgb- Fix setrans handling on MLS and useradd- Support for fuse - fix vigr- Fix dovecot, amanda - Fix mls- Allow java execheap for itanium- Update with upstream- mls fixes- Update from upstream- More fixes for mls - Revert change on automount transition to mount- Fix cron jobs to run under the correct context- Fixes to make pppd work- Multiple policy fixes - Change max categories to 1023- Fix transition on mcstransd- Add /dev/em8300 defs- Upgrade to upstream- Fix ppp connections from network manager- Add tty access to all domains boolean - Fix gnome-pty-helper context for ia64- Fixed typealias of firstboot_rw_t- Fix location of xel log files - Fix handling of sysadm_r -> rpm_exec_t- Fixes for autofs, lp- Update from upstream- Fixup for test6- Update to upstream- Update to upstream- Fix suspend to disk problems- Lots of fixes for restarting daemons at the console.- Fix audit line - Fix requires line- Upgrade to upstream- Fix install problems- Allow setroubleshoot to getattr on all dirs to gather RPM data- Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform - Fix spec for /dev/adsp- Fix xen tty devices- Fixes for setroubleshoot- Update to upstream- Fixes for stunnel and postgresql - Update from upstream- Update from upstream - More java fixes- Change allow_execstack to default to on, for RHEL5 Beta. This is required because of a Java compiler problem. Hope to turn off for next beta- Misc fixes- More fixes for strict policy- Quiet down anaconda audit messages- Fix setroubleshootd- Update to the latest from upstream- More fixes for xen- Fix anaconda transitions- yet more xen rules- more xen rules- Fixes for Samba- Fixes for xen- Allow setroubleshootd to send mail- Add nagios policy- fixes for setroubleshoot- Added Paul Howarth patch to only load policy packages shipped with this package - Allow pidof from initrc to ptrace higher level domains - Allow firstboot to communicate with hal via dbus- Add policy for /var/run/ldapi- Fix setroubleshoot policy- Fixes for mls use of ssh - named has a new conf file- Fixes to make setroubleshoot work- Cups needs to be able to read domain state off of printer client- add boolean to allow zebra to write config files- setroubleshootd fixes- Allow prelink to read bin_t symlink - allow xfs to read random devices - Change gfs to support xattr- Remove spamassassin_can_network boolean- Update to upstream - Fix lpr domain for mls- Add setroubleshoot policy- Turn off auditallow on setting booleans- Multiple fixes- Update to upstream- Update to upstream - Add new class for kernel key ring- Update to upstream- Update to upstream- Break out selinux-devel package- Add ibmasmfs- Fix policygentool gen_requires- Update from Upstream- Fix spec of realplay- Update to upstream- Fix semanage- Allow useradd to create_home_dir in MLS environment- Update from upstream- Update from upstream- Add oprofilefs- Fix for hplip and Picasus- Update to upstream- Update to upstream- fixes for spamd- fixes for java, openldap and webalizer- Xen fixes- Upgrade to upstream- allow hal to read boot_t files - Upgrade to upstream- allow hal to read boot_t files- Update from upstream- Fixes for amavis- Update from upstream- Allow auditctl to search all directories- Add acquire service for mono.- Turn off allow_execmem boolean - Allow ftp dac_override when allowed to access users homedirs- Clean up spec file - Transition from unconfined_t to prelink_t- Allow execution of cvs command- Update to upstream- Update to upstream- Fix libjvm spec- Update to upstream- Add xm policy - Fix policygentool- Update to upstream - Fix postun to only disable selinux on full removal of the packages- Allow mono to chat with unconfined- Allow procmail to sendmail - Allow nfs to share dosfs- Update to latest from upstream - Allow selinux-policy to be removed and kernel not to crash- Update to latest from upstream - Add James Antill patch for xen - Many fixes for pegasus- Add unconfined_mount_t - Allow privoxy to connect to httpd_cache - fix cups labeleing on /var/cache/cups- Update to latest from upstream- Update to latest from upstream - Allow mono and unconfined to talk to initrc_t dbus objects- Change libraries.fc to stop shlib_t form overriding texrel_shlib_t- Fix samba creating dirs in homedir - Fix NFS so its booleans would work- Allow secadm_t ability to relabel all files - Allow ftp to search xferlog_t directories - Allow mysql to communicate with ldap - Allow rsync to bind to rsync_port_t- Fixed mailman with Postfix #183928 - Allowed semanage to create file_context files. - Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t to bind to reserved ports. #149030 - Don't allow devpts_t to be associated with tmp_t. - Allow hald_t to stat all mountpoints. - Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts. - Make mount run in mount_t domain from unconfined_t to prevent mislabeling of /etc/mtab. - Changed the file_contexts to not have a regex before the first ^/[a-z]/ whenever possible, makes restorecon slightly faster. - Correct the label of /etc/named.caching-nameserver.conf - Now label /usr/src/kernels/.+/lib(/.*)? as usr_t instead of /usr/src(/.*)?/lib(/.*)? - I don't think we need anything else under /usr/src hit by this. - Granted xen access to /boot, allowed mounting on xend_var_lib_t, and allowed xenstored_t rw access to the xen device node.- More textrel_shlib_t file path fixes - Add ada support- Get auditctl working in MLS policy- Add mono dbus support - Lots of file_context fixes for textrel_shlib_t in FC5 - Turn off execmem auditallow since they are filling log files- Update to upstream- Allow automount and dbus to read cert files- Fix ftp policy - Fix secadm running of auditctl- Update to upstream- Update to upstream- Fix policyhelp- Fix pam_console handling of usb_device - dontaudit logwatch reading /mnt dir- Update to upstream- Get transition rules to create policy.20 at SystemHigh- Allow secadmin to shutdown system - Allow sendmail to exec newalias- MLS Fixes dmidecode needs mls_file_read_up - add ypxfr_t - run init needs access to nscd - udev needs setuid - another xen log file - Dontaudit mount getattr proc_kcore_t- fix buildroot usage (#185391)- Get rid of mount/fsdisk scan of /dev messages - Additional fixes for suspend/resume- Fake make to rebuild enableaudit.pp- Get xen networking running.- Fixes for Xen - enableaudit should not be the same as base.pp - Allow ps to work for all process- more xen policy fixups- more xen fixage (#184393)- Fix blkid specification - Allow postfix to execute mailman_que- Blkid changes - Allow udev access to usb_device_t - Fix post script to create targeted policy config file- Allow lvm tools to create drevice dir- Add Xen support- Fixes for cups - Make cryptosetup work with hal- Load Policy needs translock- Fix cups html interface- Add hal changes suggested by Jeremy - add policyhelp to point at policy html pages- Additional fixes for nvidia and cups- Update to upstream - Merged my latest fixes - Fix cups policy to handle unix domain sockets- NSCD socket is in nscd_var_run_t needs to be able to search dir- Fixes Apache interface file- Fixes for new version of cups- Turn off polyinstatiate util after FC5- Fix problem with privoxy talking to Tor- Turn on polyinstatiation- Don't transition from unconfined_t to fsadm_t- Fix policy update model.- Update to upstream- Fix load_policy to work on MLS - Fix cron_rw_system_pipes for postfix_postdrop_t - Allow audotmount to run showmount- Fix swapon - allow httpd_sys_script_t to be entered via a shell - Allow httpd_sys_script_t to read eventpolfs- Update from upstream- allow cron to read apache files- Fix vpnc policy to work from NetworkManager- Update to upstream - Fix semoudle polcy- Update to upstream - fix sysconfig/selinux link- Add router port for zebra - Add imaze port for spamd - Fixes for amanda and java- Fix bluetooth handling of usb devices - Fix spamd reading of ~/ - fix nvidia spec- Update to upsteam- Add users_extra files- Update to upstream- Add semodule policy- Update from upstream- Fix for spamd to use razor port- Fixes for mcs - Turn on mount and fsadm for unconfined_t- Fixes for the -devel package- Fix for spamd to use ldap- Update to upstream- Update to upstream - Fix rhgb, and other Xorg startups- Update to upstream- Separate out role of secadm for mls- Add inotifyfs handling- Update to upstream - Put back in changes for pup/zen- Many changes for MLS - Turn on strict policy- Update to upstream- Update to upstream - Fixes for booting and logging in on MLS machine- Update to upstream - Turn off execheap execstack for unconfined users - Add mono/wine policy to allow execheap and execstack for them - Add execheap for Xdm policy- Update to upstream - Fixes to fetchmail,- Update to upstream- Fix for procmail/spamassasin - Update to upstream - Add rules to allow rpcd to work with unlabeled_networks.- Update to upstream - Fix ftp Man page- Update to upstream- fix pup transitions (#177262) - fix xen disks (#177599)- Update to upstream- More Fixes for hal and readahead- Fixes for hal and readahead- Update to upstream - Apply- Add wine and fix hal problems- Handle new location of hal scripts- Allow su to read /etc/mtab- Update to upstream- Fix "libsemanage.parse_module_headers: Data did not represent a module." problem- Allow load_policy to read /etc/mtab- Fix dovecot to allow dovecot_auth to look at /tmp- Allow restorecon to read unlabeled_t directories in order to fix labeling.- Add Logwatch policy- Fix /dev/ub[a-z] file context- Fix library specification - Give kudzu execmem privs- Fix hostname in targeted policy- Fix passwd command on mls- Lots of fixes to make mls policy work- Add dri libs to textrel_shlib_t - Add system_r role for java - Add unconfined_exec_t for vncserver - Allow slapd to use kerberos- Add man pages- Add enableaudit.pp- Fix mls policy- Update mls file from old version- Add sids back in - Rebuild with update checkpolicy- Fixes to allow automount to use portmap - Fixes to start kernel in s0-s15:c0.c255- Add java unconfined/execmem policy- Add file context for /var/cvs - Dontaudit webalizer search of homedir- Update from upstream- Clean up spec - range_transition crond to SystemHigh- Fixes for hal - Update to upstream- Turn back on execmem since we need it for java, firefox, ooffice - Allow gpm to stream socket to itself- fix requirements to be on the actual packages so that policy can get created properly at install time- Allow unconfined_t to execmod texrel_shlib_t- Update to upstream - Turn off allow_execmem and allow_execmod booleans - Add tcpd and automount policies- Add two new httpd booleans, turned off by default * httpd_can_network_relay * httpd_can_network_connect_db- Add ghost for policy.20- Update to upstream - Turn off boolean allow_execstack- Change setrans-mls to use new libsetrans - Add default_context rule for xdm- Change Requires to PreReg for requiring of policycoreutils on install- New upstream releaseAdd xdm policyUpdate from upstreamUpdate from upstreamUpdate from upstream- Also trigger to rebuild policy for versions up to 2.0.7.- No longer installing policy.20 file, anaconda handles the building of the app.- Fixes for dovecot and saslauthd- Cleanup pegasus and named - Fix spec file - Fix up passwd changing applications-Update to latest from upstream- Add rules for pegasus and avahi- Start building MLS Policy- Update to upstream- Turn on bash- Initial version                                                                                                                                                                                                                                                                                                                                                                                                            &_)Z*^0e '\ n|f W>:5@=-1dRLx/c,MKbImysF`<gX3kG ?$684+~U iH!oN)tPJh .S2,!-;$O 9Aja]+wT" Q( D* (v7q&z%#lr C"# }B{%EpV.uY['83.9.16-52.fc15selinux-policy-3.9.16Makefile.exampleexample.fcexample.ifexample.tehtmladmin.htmladmin_acct.htmladmin_alsa.htmladmin_amanda.htmladmin_amtu.htmladmin_anaconda.htmladmin_apt.htmladmin_backup.htmladmin_bootloader.htmladmin_brctl.htmladmin_certwatch.htmladmin_consoletype.htmladmin_ddcprobe.htmladmin_dmesg.htmladmin_dmidecode.htmladmin_dpkg.htmladmin_firstboot.htmladmin_kdump.htmladmin_kismet.htmladmin_kudzu.htmladmin_logrotate.htmladmin_logwatch.htmladmin_mcelog.htmladmin_mrtg.htmladmin_ncftool.htmladmin_netutils.htmladmin_portage.htmladmin_prelink.htmladmin_quota.htmladmin_readahead.htmladmin_rpm.htmladmin_sectoolm.htmladmin_shorewall.htmladmin_shutdown.htmladmin_smoltclient.htmladmin_sosreport.htmladmin_su.htmladmin_sudo.htmladmin_sxid.htmladmin_tmpreaper.htmladmin_tripwire.htmladmin_tzdata.htmladmin_updfstab.htmladmin_usbmodules.htmladmin_usermanage.htmladmin_vbetool.htmladmin_vpn.htmlapps.htmlapps_ada.htmlapps_authbind.htmlapps_awstats.htmlapps_calamaris.htmlapps_cdrecord.htmlapps_chrome.htmlapps_cpufreqselector.htmlapps_evolution.htmlapps_execmem.htmlapps_firewallgui.htmlapps_games.htmlapps_gift.htmlapps_gitosis.htmlapps_gnome.htmlapps_gpg.htmlapps_irc.htmlapps_java.htmlapps_kde.htmlapps_kdumpgui.htmlapps_livecd.htmlapps_loadkeys.htmlapps_lockdev.htmlapps_mediawiki.htmlapps_mono.htmlapps_mozilla.htmlapps_mplayer.htmlapps_namespace.htmlapps_nsplugin.htmlapps_openoffice.htmlapps_podsleuth.htmlapps_ptchown.htmlapps_pulseaudio.htmlapps_qemu.htmlapps_rssh.htmlapps_sambagui.htmlapps_sandbox.htmlapps_screen.htmlapps_seunshare.htmlapps_slocate.htmlapps_telepathy.htmlapps_thunderbird.htmlapps_tvtime.htmlapps_uml.htmlapps_userhelper.htmlapps_usernetctl.htmlapps_vlock.htmlapps_vmware.htmlapps_webalizer.htmlapps_wine.htmlapps_wireshark.htmlapps_wm.htmlapps_xscreensaver.htmlapps_yam.htmlbooleans.htmlglobal_booleans.htmlglobal_tunables.htmlindex.htmlinterfaces.htmlkernel.htmlkernel_corecommands.htmlkernel_corenetwork.htmlkernel_devices.htmlkernel_domain.htmlkernel_files.htmlkernel_filesystem.htmlkernel_kernel.htmlkernel_mcs.htmlkernel_mls.htmlkernel_selinux.htmlkernel_storage.htmlkernel_terminal.htmlkernel_ubac.htmlkernel_unlabelednet.htmlroles.htmlroles_auditadm.htmlroles_dbadm.htmlroles_guest.htmlroles_logadm.htmlroles_secadm.htmlroles_staff.htmlroles_sysadm.htmlroles_unconfineduser.htmlroles_unprivuser.htmlroles_webadm.htmlroles_xguest.htmlservices.htmlservices_abrt.htmlservices_accountsd.htmlservices_afs.htmlservices_aiccu.htmlservices_aide.htmlservices_aisexec.htmlservices_ajaxterm.htmlservices_amavis.htmlservices_apache.htmlservices_apcupsd.htmlservices_apm.htmlservices_arpwatch.htmlservices_asterisk.htmlservices_audioentropy.htmlservices_automount.htmlservices_avahi.htmlservices_bind.htmlservices_bitlbee.htmlservices_bluetooth.htmlservices_boinc.htmlservices_bugzilla.htmlservices_cachefilesd.htmlservices_canna.htmlservices_ccs.htmlservices_certmaster.htmlservices_certmonger.htmlservices_cgroup.htmlservices_chronyd.htmlservices_cipe.htmlservices_clamav.htmlservices_clockspeed.htmlservices_clogd.htmlservices_cloudform.htmlservices_cmirrord.htmlservices_cobbler.htmlservices_collectd.htmlservices_colord.htmlservices_comsat.htmlservices_consolekit.htmlservices_corosync.htmlservices_courier.htmlservices_cpucontrol.htmlservices_cron.htmlservices_cups.htmlservices_cvs.htmlservices_cyphesis.htmlservices_cyrus.htmlservices_dante.htmlservices_dbskk.htmlservices_dbus.htmlservices_dcc.htmlservices_ddclient.htmlservices_denyhosts.htmlservices_devicekit.htmlservices_dhcp.htmlservices_dictd.htmlservices_dirsrv-admin.htmlservices_dirsrv.htmlservices_distcc.htmlservices_djbdns.htmlservices_dkim.htmlservices_dnsmasq.htmlservices_dovecot.htmlservices_drbd.htmlservices_exim.htmlservices_fail2ban.htmlservices_fetchmail.htmlservices_finger.htmlservices_firewalld.htmlservices_fprintd.htmlservices_ftp.htmlservices_gatekeeper.htmlservices_git.htmlservices_gnomeclock.htmlservices_gpm.htmlservices_gpsd.htmlservices_hadoop.htmlservices_hal.htmlservices_hddtemp.htmlservices_howl.htmlservices_i18n_input.htmlservices_icecast.htmlservices_ifplugd.htmlservices_imaze.htmlservices_inetd.htmlservices_inn.htmlservices_ircd.htmlservices_irqbalance.htmlservices_jabber.htmlservices_kerberos.htmlservices_kerneloops.htmlservices_keyboardd.htmlservices_ksmtuned.htmlservices_ktalk.htmlservices_l2tpd.htmlservices_ldap.htmlservices_likewise.htmlservices_lircd.htmlservices_lpd.htmlservices_mailman.htmlservices_matahari.htmlservices_memcached.htmlservices_milter.htmlservices_mock.htmlservices_modemmanager.htmlservices_mojomojo.htmlservices_monop.htmlservices_mpd.htmlservices_mta.htmlservices_munin.htmlservices_mysql.htmlservices_nagios.htmlservices_nessus.htmlservices_networkmanager.htmlservices_nis.htmlservices_nscd.htmlservices_nsd.htmlservices_nslcd.htmlservices_ntop.htmlservices_ntp.htmlservices_nut.htmlservices_nx.htmlservices_oav.htmlservices_oddjob.htmlservices_oident.htmlservices_openca.htmlservices_openct.htmlservices_openvpn.htmlservices_pads.htmlservices_passenger.htmlservices_pcscd.htmlservices_pegasus.htmlservices_perdition.htmlservices_pingd.htmlservices_piranha.htmlservices_plymouthd.htmlservices_policykit.htmlservices_portmap.htmlservices_portreserve.htmlservices_portslave.htmlservices_postfix.htmlservices_postfixpolicyd.htmlservices_postgresql.htmlservices_postgrey.htmlservices_ppp.htmlservices_prelude.htmlservices_privoxy.htmlservices_procmail.htmlservices_psad.htmlservices_publicfile.htmlservices_puppet.htmlservices_pxe.htmlservices_pyicqt.htmlservices_pyzor.htmlservices_qmail.htmlservices_qpidd.htmlservices_radius.htmlservices_radvd.htmlservices_razor.htmlservices_rdisc.htmlservices_remotelogin.htmlservices_resmgr.htmlservices_rgmanager.htmlservices_rhcs.htmlservices_rhgb.htmlservices_ricci.htmlservices_rlogin.htmlservices_roundup.htmlservices_rpc.htmlservices_rpcbind.htmlservices_rshd.htmlservices_rsync.htmlservices_rtkit.htmlservices_rwho.htmlservices_samba.htmlservices_samhain.htmlservices_sasl.htmlservices_sendmail.htmlservices_setroubleshoot.htmlservices_slrnpull.htmlservices_smartmon.htmlservices_smokeping.htmlservices_snmp.htmlservices_snort.htmlservices_soundserver.htmlservices_spamassassin.htmlservices_speedtouch.htmlservices_squid.htmlservices_ssh.htmlservices_sssd.htmlservices_stunnel.htmlservices_sysstat.htmlservices_tcpd.htmlservices_tcsd.htmlservices_telnet.htmlservices_tftp.htmlservices_tgtd.htmlservices_timidity.htmlservices_tor.htmlservices_transproxy.htmlservices_tuned.htmlservices_ucspitcp.htmlservices_ulogd.htmlservices_uptime.htmlservices_usbmuxd.htmlservices_uucp.htmlservices_uwimap.htmlservices_varnishd.htmlservices_vdagent.htmlservices_vhostmd.htmlservices_virt.htmlservices_vnstatd.htmlservices_w3c.htmlservices_watchdog.htmlservices_xfs.htmlservices_xprint.htmlservices_xserver.htmlservices_zabbix.htmlservices_zarafa.htmlservices_zebra.htmlservices_zosremote.htmlstyle.csssystem.htmlsystem_application.htmlsystem_authlogin.htmlsystem_clock.htmlsystem_daemontools.htmlsystem_fstools.htmlsystem_getty.htmlsystem_hostname.htmlsystem_hotplug.htmlsystem_init.htmlsystem_ipsec.htmlsystem_iptables.htmlsystem_iscsi.htmlsystem_libraries.htmlsystem_locallogin.htmlsystem_logging.htmlsystem_lvm.htmlsystem_miscfiles.htmlsystem_modutils.htmlsystem_mount.htmlsystem_netlabel.htmlsystem_pcmcia.htmlsystem_raid.htmlsystem_selinuxutil.htmlsystem_setrans.htmlsystem_sysnetwork.htmlsystem_systemd.htmlsystem_udev.htmlsystem_unconfined.htmlsystem_userdomain.htmlsystem_xen.htmltemplates.htmltunables.htmlpolicyhelp/usr/share/doc//usr/share/doc/selinux-policy-3.9.16//usr/share/doc/selinux-policy-3.9.16/html//usr/share/selinux/devel/-O2drpmnoarch-redhat-linux-gnuASCII textHTML document, ASCII textSE Linux policy interface sourceSE Linux policy module sourcedirectoryxz2?7zXZ !PH64Z]"k%Qkhuv_RwjH撫@_%No 9/֩ 1=8B-jypf5e,M:Hm9]+utK;8ZpB鄘Ӏ %g}*t~dL.Zp䚕+,|+)l'/oaE Rm ]_57w`l\g-!"ԉ&F4]hS4X x?}0e*ߘ<#ER]ʎF;ߺl>u[AOp?vU_jڃtLdTº3k@,EIÖҫj@ƼQylYKU~42/O.C_+rg;SaZ?GJ)}|җy}m <;eK"̽ncUXFiru$2K烺Ip}pc&M]R.1 OW:#W75y*4*dZ?'WYlSnP#螛P¡Ail =UHY+k~"C~].+sid'a6#R#օ*m _:B J˞MO)S94(uR w*FhܠvL\`zKkQ9?! U@\ ׊Μ78N ̢=R'nX0tG2c.N+9%pZ:P=uP SF]_ߠ>lcGHl@Q)EՈ9Q5 HXhKUX$9OM*< P׭MmW%@& lw?ވkFa#@v/":?7%QsufmLA_3ȷ%;J? /!ձ1ٿC-:wVQ.DI aɔ2e7 jٖ_O#h~5^-Ss+~+g[}A >S%CY lkS( :{$.:xg*^ AƲ8L'ojˡK=RV uBʋԧR$b]k,ɩ1Y+TeyudN1=HPLJ ǔؖ%bA4v!?d33V<},D^W;0n` #?ɾ~IrݪΊ<cP`w}6pM'8-?ߥ:TmDY#r߽Pr"D/F+T?>I(,WHpEB%%\;HxpvwIlNJ(bXÍ= 3s_B&l>|_}dJy<aSS-g$@{l݊P}WYھ!c˫^l ަ? sJdO>YRB 5J;5o֖Һؑ@F7*B:7Q V&0DC%y N;y&8O?{='Ac#QBRP_<:RzS3Y/v@9DZݑ'YSp4ϙo12Q5ZA2@4/WHew(;̚/MC .~eȺmޏPyIOWvED@DĆ~Xs[fR?5inZg=1viG9 hG(grWyϱ럐Đ`Awz8楻ßeSOko֙Wȸ W-͑/# ;}=vB`xKuGڧOW͹cV ͯbebq7Q*%DF 6͕FPWT<ZQU,DAQ+K{Uy\PrVSJzl40JIU;7qYtS}bԺ 嶽o90WK}e>D^o!6*1穤Z 3k$ڢݘnu7ͻ mH/,mمɇdʡx7 fQ$W R͸H'fV1w!@ôlD][B%ez& ,]c(1|[Ee,YߤTگu-lX۱{]Gt,S]@s^AuFl 'Z4G[a6n8;YU)0ƞ Oq_ZV!kYTU8&TaC;ҡ[%_MR#`"cȣY&&XxIdӥ/Ox\-b,'x aV}3j^] qlR7`2+\QL>^KUm(XuFC==06AA`K@E@+ַQ%2wS4bKW=Ök.SM ټ`~m%Wd* eH^T1iWH(ܫVZl37OIQU0rl'ʲe V1ij1e͟@'j q3SOZNE^Bf^]#DEEJ'vxo ؎ypMREa3m>pO )pKaFGlu>.)Ep) lARZ&9P;Mx~S"FnQzp S/8xUHā4|;qfc׌b$T-N#W1Z]!^w껠la)nsF\93M$Ag(&u-І°%hzݷg>:z_l)ĕOlxpM)-[q ±0I{5B+R" ֵ4y`VZ<`FT‹!y͹abPӣ'ضuLDә-T\./BܵzZ%`܊Is=`6NR1NK! hc^Vl/,bVoQ=zi"e^cm׵y2kmZWPyh؋lT h]8ɍ#e;BaZ n=ogv IPRp"7HLf-&q81ԶWffq< >?x̃t:JFR23ܖ2(j)+;"92}}qG^'ҕMcW'..q'سH: -턞)"l .]({о็``߼w6TG^F< uR* |㔵Zs@%ik @zT!!fFUGh'uTud_R} bpеz\1k-ÝHF0Qh'@E6YLU! 7 ߪD:6Rl9$$SUmT^%FDRXW8 M/.*w3HN(yhl+uŃ.Nxv+Y]:  Z`q =TKL,6::X茘-`2c!BYggѡ]ƥ@<.3g@9/]]Ui֡_0/z\Fz6&c E'i}('@KpW&f6X:m-߳x[FuM`9j?~cҳ 9-0R 5BÂmp" 45Jp.8퀵-6ߍMuy<FMi='\\8L&Ͳ?b4XmkŶMv{ 8_/n)}@~b2={=mg1-d qtTt+rp:5|MOX=Qnf@#I qblȏ0Ek#ڊ?amK4_) ApA؍Kg*R%WZ[X5t_3HABJAWr 8 3Cuq1ikR YZ