diff --git a/firewalld/firewalld.conf b/firewalld/firewalld.conf index a0556c0..c387f87 100644 --- a/firewalld/firewalld.conf +++ b/firewalld/firewalld.conf @@ -7,10 +7,17 @@ DefaultZone=public # Clean up on exit # If set to no or false the firewall configuration will not get cleaned up -# on exit or stop of firewalld +# on exit or stop of firewalld. # Default: yes CleanupOnExit=yes +# Clean up kernel modules on exit +# If set to yes or true the firewall related kernel modules will be +# unloaded on exit or stop of firewalld. This might attempt to unload +# modules not originally loaded by firewalld. +# Default: yes +CleanupModulesOnExit=yes + # Lockdown # If set to enabled, firewall changes with the D-Bus interface will be limited # to applications that are listed in the lockdown whitelist. diff --git a/selinux/targeted/.policy.sha512 b/selinux/targeted/.policy.sha512 index 501df9a..5246f3a 100644 --- a/selinux/targeted/.policy.sha512 +++ b/selinux/targeted/.policy.sha512 @@ -1 +1 @@ -f308dd7499dbc714124943f8747e2de25cb210df714b86d12d1bcab3aba47d7ae0f11c11e7a0dfa333a6b57e2a77efaf5663d7ce9d384c3ef76a517c22bd5de5 +06e4c548ce738335fc48192f279ecf41bf778d6eced7291c554b5536033ea0912d55c0b99e06375624da3bb919efb3f23912239e9253c8073b67be806e65552b diff --git a/selinux/targeted/contexts/files/file_contexts b/selinux/targeted/contexts/files/file_contexts index 9527ed3..cbcff4b 100644 --- a/selinux/targeted/contexts/files/file_contexts +++ b/selinux/targeted/contexts/files/file_contexts @@ -1818,6 +1818,7 @@ /var/lib/fail2ban(/.*)? system_u:object_r:fail2ban_var_lib_t:s0 /var/lib/freeipmi(/.*)? system_u:object_r:freeipmi_var_lib_t:s0 /var/lib/gssproxy(/.*)? system_u:object_r:gssproxy_var_lib_t:s0 +/var/lib/insights(/.*)? system_u:object_r:insights_client_var_lib_t:s0 /var/lib/kdcproxy(/.*)? system_u:object_r:krb5kdc_var_lib_t:s0 /var/lib/keystone(/.*)? system_u:object_r:keystone_var_lib_t:s0 /var/lib/lighttpd(/.*)? system_u:object_r:httpd_var_lib_t:s0 @@ -2390,6 +2391,7 @@ /var/run/\.iroha_unix/.* -s system_u:object_r:canna_var_run_t:s0 /var/run/haproxy\.sock.* -s system_u:object_r:haproxy_var_run_t:s0 /usr/sbin/lightparser.pl -- system_u:object_r:squid_cron_exec_t:s0 +/etc/insights-client/[^/]+ -- system_u:object_r:insights_client_etc_t:s0 /etc/libvirt/virtlogd.conf -- system_u:object_r:virtlogd_etc_t:s0 /usr/share/wordpress/.*\.php -- system_u:object_r:httpd_sys_script_exec_t:s0 /var/qmail/supervise/.*/run -- system_u:object_r:svc_run_exec_t:s0 @@ -2699,6 +2701,7 @@ /var/lib/subversion/repo(/.*)? system_u:object_r:svnserve_content_t:s0 /var/lib/tftpboot/images(/.*)? system_u:object_r:cobbler_var_lib_t:s0 /var/log/deltacloud-core(/.*)? system_u:object_r:deltacloudd_log_t:s0 +/var/log/insights-client(/.*)? system_u:object_r:insights_client_var_log_t:s0 /var/run/DeviceKit-disks(/.*)? system_u:object_r:devicekit_var_run_t:s0 /var/run/PackageKit/udev(/.*)? system_u:object_r:udev_var_run_t:s0 /var/run/libvirt-sandbox(/.*)? system_u:object_r:virt_lxc_var_run_t:s0 @@ -4862,6 +4865,7 @@ /var/run/syslogd\.pid -- system_u:object_r:syslogd_var_run_t:s0 /var/run/varnish\.pid -- system_u:object_r:varnishd_var_run_t:s0 /var/tinydns/log/run -- system_u:object_r:svc_run_exec_t:s0 +/etc/insights-client -d system_u:object_r:insights_client_etc_t:s0 /var/lib/likewise/db -d system_u:object_r:likewise_var_lib_t:s0 /var/run/\.iroha_unix -d system_u:object_r:canna_var_run_t:s0 /dev/cpu_dma_latency -c system_u:object_r:netcontrol_device_t:s0 @@ -5373,6 +5377,7 @@ /usr/bin/glance-registry -- system_u:object_r:glance_registry_exec_t:s0 /usr/bin/glance-scrubber -- system_u:object_r:glance_scrubber_exec_t:s0 /usr/bin/gpe-soundserver -- system_u:object_r:soundd_exec_t:s0 +/usr/bin/insights-client -- system_u:object_r:insights_client_exec_t:s0 /usr/bin/nova-direct-api -- system_u:object_r:nova_exec_t:s0 /usr/bin/nova-novncproxy -- system_u:object_r:nova_exec_t:s0 /usr/bin/package-cleanup -- system_u:object_r:rpm_exec_t:s0 @@ -5842,6 +5847,7 @@ /var/lib/tftpboot/pxelinux\.0 -- system_u:object_r:cobbler_var_lib_t:s0 /var/run/aeolus/dbomatic\.pid -- system_u:object_r:mongod_var_run_t:s0 /var/run/initiatorname\.iscsi -- system_u:object_r:iscsi_var_run_t:s0 +/var/run/insights-client\.pid -- system_u:object_r:insights_client_var_run_t:s0 /var/run/milter-greylist\.pid -- system_u:object_r:greylist_milter_data_t:s0 /var/run/nm-dns-dnsmasq\.conf -- system_u:object_r:NetworkManager_var_run_t:s0 /var/run/samba/sessionid\.tdb -- system_u:object_r:smbd_var_run_t:s0 @@ -5997,6 +6003,7 @@ /usr/bin/gsf-office-thumbnailer -- system_u:object_r:thumb_exec_t:s0 /usr/bin/mimedefang-multiplexor -- system_u:object_r:spamd_exec_t:s0 /usr/bin/neutron-metadata-agent -- system_u:object_r:neutron_exec_t:s0 +/usr/bin/redhat-access-insights -- system_u:object_r:insights_client_exec_t:s0 /usr/bin/swift-container-server -- system_u:object_r:swift_exec_t:s0 /usr/kerberos/sbin/kadmin\.local -- system_u:object_r:kadmind_exec_t:s0 /usr/lib/mailman/bin/mailmanctl -- system_u:object_r:mailman_mail_exec_t:s0 @@ -6037,6 +6044,7 @@ /etc/firestarter/firestarter\.sh system_u:object_r:dhcpc_helper_exec_t:s0 /usr/libexec/qemu-bridge-helper system_u:object_r:virt_bridgehelper_exec_t:s0 /var/www/html/configuration\.php system_u:object_r:httpd_sys_rw_content_t:s0 +/etc/insights-client/\.cache\.json -- system_u:object_r:insights_client_etc_rw_t:s0 /etc/rc\.d/init\.d/prelude-manager -- system_u:object_r:prelude_initrc_exec_t:s0 /etc/rc\.d/init\.d/rabbitmq-server -- system_u:object_r:rabbitmq_initrc_exec_t:s0 /etc/xen/scripts/launch-xenstore -- system_u:object_r:xenstored_exec_t:s0 @@ -6195,6 +6203,7 @@ /var/lib/likewise-open/\.pstore\.lock -- system_u:object_r:likewise_pstore_lock_t:s0 /var/lib/likewise-open/rpc/epmapper -s system_u:object_r:dcerpcd_var_socket_t:s0 /etc/Pegasus/cimserver_current\.conf system_u:object_r:pegasus_data_t:s0 +/etc/insights-client/\.cache\.json\.asc -- system_u:object_r:insights_client_etc_rw_t:s0 /lib/systemd/system/svnserve\.service -- system_u:object_r:svnserve_unit_file_t:s0 /usr/lib/ladspa/analogue_osc_1416\.so -- system_u:object_r:textrel_shlib_t:s0 /usr/lib/ladspa/bandpass_iir_1892\.so -- system_u:object_r:textrel_shlib_t:s0 @@ -6270,6 +6279,7 @@ /usr/share/switchdesk/switchdesk-gui\.py -- system_u:object_r:bin_t:s0 /var/lib/likewise-open/db/lwi_events\.db -- system_u:object_r:eventlogd_var_lib_t:s0 /etc/NetworkManager/NetworkManager\.conf system_u:object_r:NetworkManager_etc_rw_t:s0 +/etc/insights-client/\.insights-core\.etag -- system_u:object_r:insights_client_etc_rw_t:s0 /etc/likewise-open/likewise-krb5-ad\.conf -- system_u:object_r:likewise_krb5_ad_t:s0 /lib/security/pam_krb5/pam_krb5_storetmp -- system_u:object_r:bin_t:s0 /opt/google/chrome/nacl_helper_bootstrap -- system_u:object_r:chrome_sandbox_nacl_exec_t:s0 @@ -6334,6 +6344,8 @@ /usr/libexec/pegasus/cmpiLMI_Service-cimprovagt -- system_u:object_r:pegasus_openlmi_admin_exec_t:s0 /usr/share/cluster/fence_mpath_check_hardreboot -- system_u:object_r:fenced_exec_t:s0 /usr/share/system-logviewer/system-logviewer\.py -- system_u:object_r:bin_t:s0 +/etc/insights-client/\.insights-core-gpg-sig\.etag -- system_u:object_r:insights_client_etc_rw_t:s0 +/etc/insights-client/insights-client-egg-release -- system_u:object_r:insights_client_etc_rw_t:s0 /usr/lib/systemd/system/systemd-machined\.service -- system_u:object_r:systemd_machined_unit_file_t:s0 /usr/libexec/pegasus/cmpiLMI_Hardware-cimprovagt -- system_u:object_r:pegasus_openlmi_storage_exec_t:s0 /usr/libexec/pegasus/cmpiLMI_Journald-cimprovagt -- system_u:object_r:pegasus_openlmi_admin_exec_t:s0 diff --git a/selinux/targeted/contexts/files/file_contexts.bin b/selinux/targeted/contexts/files/file_contexts.bin index 9cccd93..d54fd3c 100644 Binary files a/selinux/targeted/contexts/files/file_contexts.bin and b/selinux/targeted/contexts/files/file_contexts.bin differ diff --git a/selinux/targeted/policy/policy.31 b/selinux/targeted/policy/policy.31 index 9abfc15..6a1b9e3 100644 Binary files a/selinux/targeted/policy/policy.31 and b/selinux/targeted/policy/policy.31 differ