selinux-policy/sources

SHA512 (selinux-policy-contrib-c55a896.tar.gz) = 6a0388a314ccb52b18636c91f8398b3ed930e2a7b42e3f2106bd1bca9df19bdc089367d970b4a1f7be3ea425b047028c38ebb31fded74f4080297b18241f9970
SHA512 (selinux-policy-b313a79.tar.gz) = eadcceeb207448aa38a3826e3dc444602abfc42c67543ae5a58c2379f78b209fe578bd50101e628d99a02282ba9d473dee3126462f172b68b2c39b889dd8062c
SHA512 (container-selinux.tgz) = af6b07cd90cad7ddbd42a4c33fa7527177c7ec0b7d4ba330699f9916daba8c8d7edfb5ad358d4ecccb3bf4943ce786faf35a011fb107203b1d73081c4f6c197d
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-31 - Update timedatex policy BZ(1734197) 2019-08-13 17:06:46 +00:00			`SHA512 (selinux-policy-contrib-c55a896.tar.gz) = 6a0388a314ccb52b18636c91f8398b3ed930e2a7b42e3f2106bd1bca9df19bdc089367d970b4a1f7be3ea425b047028c38ebb31fded74f4080297b18241f9970`
* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-30 - cockpit: Allow cockpit-session to read cockpit-tls state - Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983) - Allow named_t domain to read/write samba_var_t files BZ(1738794) - Dontaudit abrt_t domain to read root_t files - Allow ipa_dnskey_t domain to read kerberos keytab - Allow mongod_t domain to read cgroup_t files BZ(1739357) - Update ibacm_t policy - Allow systemd to relabel all files on system. - Revert "Add new boolean systemd_can_relabel" - Allow xdm_t domain to read kernel sysctl BZ(1740385) - Add sys_admin capability for xdm_t in user namespace. BZ(1740386) - Allow dbus communications with resolved for DNS lookups - Add new boolean systemd_can_relabel - Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp - Label '/var/usrlocal/(./)?sbin(/.)?' as bin_t - Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs - Run lvmdbusd service as lvm_t 2019-08-13 15:59:35 +00:00			`SHA512 (selinux-policy-b313a79.tar.gz) = eadcceeb207448aa38a3826e3dc444602abfc42c67543ae5a58c2379f78b209fe578bd50101e628d99a02282ba9d473dee3126462f172b68b2c39b889dd8062c`
* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-31 - Update timedatex policy BZ(1734197) 2019-08-13 17:06:46 +00:00			`SHA512 (container-selinux.tgz) = af6b07cd90cad7ddbd42a4c33fa7527177c7ec0b7d4ba330699f9916daba8c8d7edfb5ad358d4ecccb3bf4943ce786faf35a011fb107203b1d73081c4f6c197d`
* Wed Jul 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-24 - Label user cron spool file with user_cron_spool_t - Update gnome_role_template() template to allow sysadm_t confined user to login to xsession - Allow lograte_t domain to manage collect_rw_content files and dirs - Add interface collectd_manage_rw_content() - Allow systemd_hostnamed_t domain to dbus chat with sosreport_t domain - Update tomcat_can_network_connect_db boolean to allow tomcat domains also connect to redis ports - Allow mysqld_t domain to manage cluster pid files - Relabel /usr/sbin/virtlockd from virt_exec_t to virtlogd_exec_t. - Allow ptp4l_t domain to write to pmc socket which is created by pmc command line tool - Allow dkim-milter to send e-mails BZ(1716937) - Update spamassasin policy to make working /usr/share/spamassassin/sa-update.cron script BZ(1711799) - Update svnserve_t policy to make working svnserve hooks - Allow varnishlog_t domain to check for presence of varnishd_t domains - Update sandboxX policy to make working firefox inside SELinux sandbox - Remove allow rule from svirt_transition_svirt_sandbox interface to don't allow containers to connect to random services - Allow httpd_t domain to read /var/lib/softhsm/tokens to allow httpd daemon to use pkcs#11 devices - Allow gssd_t domain to list tmpfs_t dirs - Allow mdadm_t domain to read tmpfs_t files - Allow sbd_t domain to check presence of processes labeled as cluster_t - Dontaudit httpd_sys_script_t to read systemd unit files - Allow blkmapd_t domain to read nvme devices - Update cpucontrol_t domain to make working microcode service - Allow domain transition from logwatch_t do postfix_postqueue_t - Allow chronyc_t domain to create and write to non_security files in case when sysadmin is redirecting output to file e.g: 'chronyc -n tracking > /var/lib/test' - Allow httpd_sys_script_t domain to mmap httpcontent - Allow sbd_t to manage cgroups_t files - Update wireshark policy to make working tshar labeled as wireshark_t - Update virt_use_nfs boolean to allow svirt_t domain to mmap nfs_t files - Allow sysadm_t domain to create netlink selinux sockets - Make cgdcbxd active in Fedora upstream sources - Allow sysadm_t domain to dbus chat with rtkit daemon - Allow x_userdomains to nnp domain transition to thumb_t domain - Allow unconfined_domain_type to setattr own process lnk files. - Add interface files_write_generic_pid_sockets() - Dontaudit writing to user home dirs by gnome-keyring-daemon - Allow staff and admin domains to setpcap in user namespace - Allow staff and sysadm to use lockdev - Allow staff and sysadm users to run iotop. - Dontaudit traceroute_t domain require sys_admin capability - Dontaudit dbus chat between kernel_t and init_t - Allow systemd labeled as init_t to create mountpoints without any specific label as default_t 2019-07-17 15:58:49 +00:00			`SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4`