Remove nfs_export_all_rw tunable in kernel.te (This is now a boolean).

Add audit_control to cron.

fsadm needs DAC capabilities for manipulating removable media (ZIP drives).

passwd needs access to sysctl

Lots of changes to alsa domain for strict policy.  Allowing it to 
communicate with userspace

Add new domain anonymous_domain so domains can share the ftpd_anon_t and 
ftpd_anon_rw_t types.  (ftpd, rsync, httpd, smbd)

Eliminate a few more transition of sysadm_t (unconfined_t) to domains 
for targeted policy.

Bluetooth needs to run helper apps in bin_t.

Add certwatch domain.

Cups confing needs to communicate with itself using unix_dgram_sockets.

Allow cvs to use kerberos.

Allow cyrus to use saslaudthd.

Fixes for latest version of dbus.

Allow NetworkManager and dhcpc to better communicate using dbus.

Cleanup firstboot.

Fixes for ipsec to allow netlink_route_socket and additional privs of 
unix_dgram_socketet.

Allow networkmanager to communicate with isakmp_port and use vpnc.


Lots of fixed for pppd and pptp.

Allow samba to commucate with smbd_port_t

Fixes for saslauthd.  Needs to be able to communicate with mysql.

Change vpnc to application_domain.

Several updates to file_contexts.

Created authentication_domain for anything that supports 
pam_authentication. 

Fixed for ethereal domain to handle fallback with new version of userhelper.

Allow evolution to read cert files.

Allow userspace to kill thunderbird

Add mcs stuff to Makefile.

Remove netifcon calls and default to netif_t.  So that we can start 
isolation individual ethernet devices.






















--