selinux-policy/.gitignore

354 lines
9.1 KiB
Plaintext
Raw Normal View History

serefpolicy-2.0.0.tgz
2005-11-16 03:43:46 +00:00
serefpolicy-2.0.1.tgz
2005-11-18 21:35:08 +00:00
serefpolicy-2.0.2.tgz
2005-11-22 18:59:41 +00:00
serefpolicy-2.0.3.tgz
2005-11-22 22:46:58 +00:00
serefpolicy-2.0.4.tgz
2005-11-23 17:11:44 +00:00
serefpolicy-2.0.5.tgz
serefpolicy-2.0.6.tgz
2005-12-01 18:16:50 +00:00
serefpolicy-2.0.7.tgz
2005-12-02 22:58:20 +00:00
serefpolicy-2.0.8.tgz
2005-12-06 04:12:01 +00:00
serefpolicy-2.0.9.tgz
2005-12-06 17:44:30 +00:00
serefpolicy-2.0.10.tgz
2005-12-07 01:07:26 +00:00
serefpolicy-2.0.11.tgz
exclude
noarch
nsadiff
nsaserefpolicy
2005-12-08 05:02:10 +00:00
serefpolicy-2.1.0.tgz
serefpolicy-2.1.1.tgz
serefpolicy-2.1.2.tgz
2005-12-13 04:53:03 +00:00
serefpolicy-2.1.4.tgz
serefpolicy-2.1.5.tgz
serefpolicy-2.1.6.tgz
2006-01-04 19:21:36 +00:00
serefpolicy-2.1.7.tgz
2006-01-09 20:20:08 +00:00
serefpolicy-2.1.8.tgz
2006-01-11 22:25:06 +00:00
serefpolicy-2.1.9.tgz
2006-01-13 22:32:06 +00:00
serefpolicy-2.1.10.tgz
serefpolicy-2.1.11.tgz
2006-01-17 19:40:15 +00:00
serefpolicy-2.1.12.tgz
2006-01-17 22:47:12 +00:00
serefpolicy-2.1.13.tgz
serefpolicy-2.2.2.tgz
2006-01-24 15:41:46 +00:00
serefpolicy-2.2.4.tgz
serefpolicy-2.2.5.tgz
serefpolicy-2.2.6.tgz
2006-01-27 07:06:21 +00:00
serefpolicy-2.2.7.tgz
2006-01-28 04:52:34 +00:00
serefpolicy-2.2.8.tgz
serefpolicy-2.2.9.tgz
2006-02-03 14:59:07 +00:00
serefpolicy-2.2.10.tgz
2006-02-04 03:03:32 +00:00
serefpolicy-2.2.11.tgz
2006-02-09 13:56:52 +00:00
serefpolicy-2.2.12.tgz
2006-02-11 02:41:50 +00:00
serefpolicy-2.2.13.tgz
2006-02-13 15:55:10 +00:00
serefpolicy-2.2.14.tgz
2006-02-14 17:11:59 +00:00
serefpolicy-2.2.15.tgz
2006-02-19 12:17:15 +00:00
serefpolicy-2.2.16.tgz
2006-02-20 22:11:40 +00:00
serefpolicy-2.2.17.tgz
2006-02-21 15:36:15 +00:00
serefpolicy-2.2.18.tgz
2006-02-21 20:39:54 +00:00
serefpolicy-2.2.19.tgz
2006-02-22 22:46:02 +00:00
serefpolicy-2.2.20.tgz
2006-02-23 15:12:37 +00:00
serefpolicy-2.2.21.tgz
serefpolicy-2.2.22.tgz
serefpolicy-2.2.23.tgz
2006-03-18 04:09:10 +00:00
serefpolicy-2.2.24.tgz
2006-03-21 19:46:10 +00:00
serefpolicy-2.2.25.tgz
2006-03-24 16:44:06 +00:00
serefpolicy-2.2.26.tgz
2006-03-27 22:07:37 +00:00
serefpolicy-2.2.27.tgz
2006-03-27 22:47:14 +00:00
serefpolicy-2.2.28.tgz
2006-03-31 20:57:44 +00:00
serefpolicy-2.2.29.tgz
serefpolicy-2.2.30.tgz
serefpolicy-2.2.31.tgz
2006-04-14 19:50:03 +00:00
serefpolicy-2.2.32.tgz
serefpolicy-2.2.33.tgz
serefpolicy-2.2.34.tgz
selinux-policy-2.2.35-1.src.rpm
serefpolicy-2.2.35.tgz
2006-05-01 18:41:55 +00:00
serefpolicy-2.2.36.tgz
2006-05-04 17:39:16 +00:00
serefpolicy-2.2.37.tgz
2006-05-08 19:26:49 +00:00
serefpolicy-2.2.38.tgz
2006-05-15 16:20:58 +00:00
serefpolicy-2.2.39.tgz
2006-05-17 01:40:53 +00:00
serefpolicy-2.2.40.tgz
serefpolicy-2.2.41.tgz
2006-05-20 12:01:14 +00:00
serefpolicy-2.2.42.tgz
2006-05-28 10:56:26 +00:00
serefpolicy-2.2.43.tgz
2006-06-09 03:03:22 +00:00
serefpolicy-2.2.45.tgz
2006-06-13 18:26:00 +00:00
serefpolicy-2.2.46.tgz
2006-06-14 15:48:59 +00:00
serefpolicy-2.2.47.tgz
2006-06-21 14:01:45 +00:00
serefpolicy-2.2.48.tgz
2006-06-22 01:15:06 +00:00
serefpolicy-2.2.49.tgz
serefpolicy-2.3.1.tgz
2006-07-09 09:51:33 +00:00
serefpolicy-2.3.2.tgz
serefpolicy-2.3.3.tgz
2006-08-04 22:58:10 +00:00
serefpolicy-2.3.4.tgz
2006-08-08 00:26:46 +00:00
serefpolicy-2.3.5.tgz
2006-08-08 20:40:36 +00:00
serefpolicy-2.3.6.tgz
serefpolicy-2.3.7.tgz
serefpolicy-2.3.8.tgz
2006-08-23 20:42:38 +00:00
serefpolicy-2.3.9.tgz
2006-08-30 20:59:51 +00:00
serefpolicy-2.3.10.tgz
clog
2006-09-01 19:45:39 +00:00
serefpolicy-2.3.11.tgz
2006-09-05 12:03:37 +00:00
serefpolicy-2.3.12.tgz
2006-09-06 18:29:35 +00:00
serefpolicy-2.3.13.tgz
2006-09-15 18:28:09 +00:00
serefpolicy-2.3.14.tgz
2006-09-22 20:41:12 +00:00
serefpolicy-2.3.15.tgz
2006-09-26 14:59:58 +00:00
serefpolicy-2.3.16.tgz
2006-09-29 19:19:18 +00:00
serefpolicy-2.3.17.tgz
2006-10-03 18:47:06 +00:00
serefpolicy-2.3.18.tgz
2006-10-17 18:43:08 +00:00
serefpolicy-2.3.19.tgz
2006-10-19 15:52:02 +00:00
serefpolicy-2.4.tgz
serefpolicy-2.4.1.tgz
2006-10-27 19:16:43 +00:00
serefpolicy-2.4.2.tgz
2006-11-06 21:15:57 +00:00
serefpolicy-2.4.3.tgz
2006-11-15 15:22:30 +00:00
serefpolicy-2.4.4.tgz
serefpolicy-2.4.5.tgz
serefpolicy-2.4.6.tgz
serefpolicy-2.5.1.tgz
serefpolicy-2.5.2.tgz
2007-02-12 16:27:42 +00:00
serefpolicy-2.5.3.tgz
serefpolicy-2.5.4.tgz
2007-02-26 15:06:22 +00:00
serefpolicy-2.5.5.tgz
serefpolicy-2.5.6.tgz
serefpolicy-2.5.7.tgz
2007-03-11 05:19:36 +00:00
serefpolicy-2.5.8.tgz
2007-03-20 15:01:28 +00:00
serefpolicy-2.5.9.tgz
2007-03-23 17:31:13 +00:00
serefpolicy-2.5.10.tgz
2007-04-02 15:17:45 +00:00
serefpolicy-2.5.11.tgz
2007-04-11 20:55:28 +00:00
serefpolicy-2.5.12.tgz
2007-04-23 17:00:48 +00:00
serefpolicy-2.6.1.tgz
2007-05-01 20:53:29 +00:00
serefpolicy-2.6.2.tgz
2007-05-04 17:30:10 +00:00
serefpolicy-2.6.3.tgz
2007-05-14 18:10:58 +00:00
serefpolicy-2.6.4.tgz
2007-05-21 18:54:40 +00:00
serefpolicy-2.6.5.tgz
serefpolicy-3.0.1.tgz
serefpolicy-3.0.2.tgz
2007-07-19 14:45:16 +00:00
serefpolicy-3.0.3.tgz
serefpolicy-3.0.4.tgz
2007-08-03 19:53:44 +00:00
serefpolicy-3.0.5.tgz
2007-08-22 14:46:21 +00:00
serefpolicy-3.0.6.tgz
2007-08-27 21:43:05 +00:00
serefpolicy-3.0.7.tgz
serefpolicy-3.0.8.tgz
2007-10-23 23:13:09 +00:00
serefpolicy-3.1.0.tgz
2007-11-10 14:14:41 +00:00
serefpolicy-3.1.1.tgz
serefpolicy-3.1.2.tgz
serefpolicy-3.2.1.tgz
serefpolicy-3.2.2.tgz
serefpolicy-3.2.3.tgz
2007-12-13 21:40:00 +00:00
serefpolicy-3.2.4.tgz
2007-12-19 18:00:58 +00:00
serefpolicy-3.2.5.tgz
serefpolicy-3.2.6.tgz
2008-02-06 21:47:42 +00:00
serefpolicy-3.2.7.tgz
2008-02-18 21:31:18 +00:00
serefpolicy-3.2.8.tgz
serefpolicy-3.2.9.tgz
2008-02-22 20:32:52 +00:00
serefpolicy-3.3.0.tgz
2008-02-26 13:45:23 +00:00
serefpolicy-3.3.1.tgz
2008-05-19 13:02:56 +00:00
serefpolicy-3.4.1.tgz
2008-06-12 14:50:00 +00:00
serefpolicy-3.4.2.tgz
serefpolicy-3.5.1.tgz
serefpolicy-3.5.2.tgz
2008-08-07 20:05:57 +00:00
serefpolicy-3.5.3.tgz
2008-08-11 21:19:25 +00:00
serefpolicy-3.5.4.tgz
serefpolicy-3.5.5.tgz
serefpolicy-3.5.6.tgz
2008-09-08 21:01:42 +00:00
serefpolicy-3.5.7.tgz
serefpolicy-3.5.8.tgz
2008-09-26 12:38:56 +00:00
serefpolicy-3.5.9.tgz
serefpolicy-3.5.10.tgz
2008-10-09 10:48:56 +00:00
serefpolicy-3.5.11.tgz
2008-10-11 23:57:43 +00:00
serefpolicy-3.5.12.tgz
2008-10-17 22:03:34 +00:00
serefpolicy-3.5.13.tgz
2008-11-25 19:18:01 +00:00
serefpolicy-3.6.1.tgz
2009-01-05 22:55:20 +00:00
serefpolicy-3.6.2.tgz
2009-01-19 17:35:43 +00:00
serefpolicy-3.6.3.tgz
2009-02-04 04:02:17 +00:00
serefpolicy-3.6.4.tgz
2009-02-09 22:07:20 +00:00
serefpolicy-3.6.5.tgz
serefpolicy-3.6.6.tgz
2009-03-03 20:10:30 +00:00
serefpolicy-3.6.7.tgz
2009-03-05 21:05:47 +00:00
serefpolicy-3.6.8.tgz
2009-03-12 15:48:51 +00:00
serefpolicy-3.6.9.tgz
serefpolicy-3.6.10.tgz
serefpolicy-3.6.11.tgz
serefpolicy-3.6.12.tgz
2009-05-22 14:37:43 +00:00
serefpolicy-3.6.13.tgz
2009-06-09 02:15:29 +00:00
serefpolicy-3.6.14.tgz
2009-06-12 18:59:09 +00:00
serefpolicy-3.6.15.tgz
2009-06-15 17:59:49 +00:00
serefpolicy-3.6.16.tgz
serefpolicy-3.6.17.tgz
serefpolicy-3.6.18.tgz
2009-06-22 22:27:58 +00:00
serefpolicy-3.6.19.tgz
serefpolicy-3.6.20.tgz
2009-07-06 21:16:26 +00:00
serefpolicy-3.6.21.tgz
setroubleshoot-2.2.11.tar.gz
2009-07-15 19:12:04 +00:00
serefpolicy-3.6.22.tgz
2009-07-23 21:47:41 +00:00
serefpolicy-3.6.23.tgz
2009-07-28 19:08:17 +00:00
serefpolicy-3.6.24.tgz
serefpolicy-3.6.25.tgz
2009-07-30 21:38:54 +00:00
serefpolicy-3.6.26.tgz
serefpolicy-3.6.27.tgz
serefpolicy-3.6.28.tgz
2009-08-20 17:48:51 +00:00
setroubleshoot-2.2.21.tar.gz
2009-08-28 20:55:16 +00:00
serefpolicy-3.6.29.tgz
2009-08-31 21:27:50 +00:00
serefpolicy-3.6.30.tgz
2009-09-09 21:08:02 +00:00
serefpolicy-3.6.31.tgz
serefpolicy-3.6.32.tgz
2009-11-14 05:18:01 +00:00
serefpolicy-3.6.33.tgz
serefpolicy-3.7.1.tgz
2009-11-20 16:55:54 +00:00
serefpolicy-3.7.2.tgz
serefpolicy-3.7.3.tgz
2009-12-10 19:20:14 +00:00
serefpolicy-3.7.4.tgz
2009-12-18 21:09:01 +00:00
serefpolicy-3.7.5.tgz
2010-01-08 22:03:53 +00:00
serefpolicy-3.7.6.tgz
serefpolicy-3.7.7.tgz
2010-01-18 22:40:25 +00:00
serefpolicy-3.7.8.tgz
setroubleshoot-2.2.58.tar.gz
2010-02-16 22:10:14 +00:00
serefpolicy-3.7.9.tgz
2010-03-18 15:47:35 +00:00
serefpolicy-3.7.11.tgz
serefpolicy-3.7.12.tgz
serefpolicy-3.7.13.tgz
serefpolicy-3.7.14.tgz
serefpolicy-3.7.15.tgz
2010-05-26 21:15:42 +00:00
serefpolicy-3.7.16.tgz
serefpolicy-3.7.17.tgz
serefpolicy-3.7.18.tgz
serefpolicy-3.7.19.tgz
serefpolicy-3.8.1.tgz
serefpolicy-3.8.2.tgz
2010-06-08 21:23:21 +00:00
serefpolicy-3.8.3.tgz
2010-06-18 20:14:28 +00:00
serefpolicy-3.8.4.tgz
2010-06-21 14:31:26 +00:00
serefpolicy-3.8.5.tgz
2010-06-28 17:19:34 +00:00
serefpolicy-3.8.6.tgz
2010-07-15 13:11:25 +00:00
serefpolicy-3.8.7.tgz
2010-07-20 17:48:36 +00:00
serefpolicy-3.8.8.tgz
2010-08-27 00:35:53 +00:00
*.rpm
serefpolicy*
/serefpolicy-3.9.0.tgz
2010-08-30 21:34:52 +00:00
/serefpolicy-3.9.1.tgz
/serefpolicy-3.9.2.tgz
/serefpolicy-3.9.3.tgz
2010-09-13 20:17:15 +00:00
/serefpolicy-3.9.4.tgz
2010-09-16 11:59:03 +00:00
/serefpolicy-3.9.5.tgz
/serefpolicy-3.9.6.tgz
/serefpolicy-3.9.8.tgz
/serefpolicy-3.9.9.tgz
/serefpolicy-3.9.10.tgz
/serefpolicy-3.9.11.tgz
2010-12-20 17:43:48 +00:00
/serefpolicy-3.9.12.tgz
2011-01-17 18:42:12 +00:00
/serefpolicy-3.9.13.tgz
/selinux-policy-9ae373e.tar.gz
/selinux-policy-contrib-e269450.tar.gz
/container-selinux.tgz
/selinux-policy-contrib-a749579.tar.gz
/selinux-policy-f6aa4d6.tar.gz
/selinux-policy-cc4a892.tar.gz
/selinux-policy-contrib-68a780b.tar.gz
/selinux-policy-0087f3e.tar.gz
/selinux-policy-contrib-93c9a53.tar.gz
/selinux-policy-747f4e6.tar.gz
/selinux-policy-contrib-4fe9943.tar.gz
/selinux-policy-contrib-a1cd00e.tar.gz
/selinux-policy-642cc91.tar.gz
/selinux-policy-contrib-b657ba0.tar.gz
/selinux-policy-contrib-0311bf8.tar.gz
/selinux-policy-ef9ecd7.tar.gz
* Tue Feb 20 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-9 - Fix broken cups Security Module - Allow dnsmasq_t domain dbus chat with unconfined users. BZ(1532079) - Allow geoclue to connect to tcp nmea port BZ(1362118) - Allow pcp_pmcd_t to read mock lib files BZ(1536152) - Allow abrt_t domain to mmap passwd file BZ(1540666) - Allow gpsd_t domain to get session id of another process BZ(1540584) - Allow httpd_t domain to mmap httpd_tmpfs_t files BZ(1540405) - Allow cluster_t dbus chat with systemd BZ(1540163) - Add interface raid_stream_connect() - Allow nscd_t to mmap nscd_var_run_t files BZ(1536689) - Allow dovecot_delivery_t to mmap mail_home_rw_t files BZ(1531911) - Make cups_pdf_t domain system dbusd client BZ(1532043) - Allow logrotate to read auditd_log_t files BZ(1525017) - Improve snapperd SELinux policy BZ(1514272) - Allow virt_domain to read virt_image_t files BZ(1312572) - Allow openvswitch_t stream connect svirt_t - Update dbus_dontaudit_stream_connect_system_dbusd() interface - Allow openvswitch domain to manage svirt_tmp_t sock files - Allow named_filetrans_domain domains to create .heim_org.h5l.kcm-socket sock_file with label sssd_var_run_t BZ(1538210) - Merge pull request #50 from dodys/pkcs - Label tcp and udp ports 10110 as nmea_port_t BZ(1362118) - Allow systemd to access rfkill lib dirs BZ(1539733) - Allow systemd to mamange raid var_run_t sockfiles and files BZ(1379044) - Allow vxfs filesystem to use SELinux labels - Allow systemd to setattr on systemd_rfkill_var_lib_t dirs BZ(1512231) - Allow few services to dbus chat with snapperd BZ(1514272) - Allow systemd to relabel system unit symlink to systemd_unit_file_t. BZ(1535180) - Fix logging as staff_u into Fedora 27 - Fix broken systemd_tmpfiles_run() interface
2018-02-20 08:25:14 +00:00
/selinux-policy-8a10ba8.tar.gz
/selinux-policy-contrib-6777a17.tar.gz
/selinux-policy-contrib-27f5e51.tar.gz
/selinux-policy-2c13be1.tar.gz
2018-03-05 15:27:57 +00:00
/selinux-policy-e16d205.tar.gz
/selinux-policy-contrib-9facb1c.tar.gz
/selinux-policy-contrib-f564072.tar.gz
/selinux-policy-bd7ad92.tar.gz
* Mon Mar 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-5 - Allow bluetooth_t domain to create alg_socket BZ(1554410) - Allow tor_t domain to execute bin_t files BZ(1496274) - Allow iscsid_t domain to mmap kernel modules BZ(1553759) - Update minidlna SELinux policy BZ(1554087) - Allow motion_t domain to read sysfs_t files BZ(1554142) - Allow snapperd_t domain to getattr on all files,dirs,sockets,pipes BZ(1551738) - Allow l2tp_t domain to read ipsec config files BZ(1545348) - Allow colord_t to mmap home user files BZ(1551033) - Dontaudit httpd_t creating kobject uevent sockets BZ(1552536) - Allow ipmievd_t to mmap kernel modules BZ(1552535) - Allow boinc_t domain to read cgroup files BZ(1468381) - Backport allow rules from refpolicy upstream repo - Allow gpg_t domain to bind on all unereserved udp ports - Allow systemd to create systemd_rfkill_var_lib_t dirs BZ(1502164) - Allow netlabel_mgmt_t domain to read sssd public files, stream connect to sssd_t BZ(1483655) - Allow xdm_t domain to sys_ptrace BZ(1554150) - Allow application_domain_type also mmap inherited user temp files BZ(1552765) - Update ipsec_read_config() interface - Fix broken sysadm SELinux module - Allow ipsec_t to search for bind cache BZ(1542746) - Allow staff_t to send sigkill to mount_t domain BZ(1544272) - Label /run/systemd/resolve/stub-resolv.conf as net_conf_t BZ(1471545) - Label ip6tables.init as iptables_exec_t BZ(1551463) - Allow hostname_t to use usb ttys BZ(1542903) - Add fsetid capability to updpwd_t domain BZ(1543375) - Allow systemd machined send signal to all domains BZ(1372644) - Dontaudit create netlink selinux sockets for unpriv SELinux users BZ(1547876) - Allow sysadm_t to create netlink generic sockets BZ(1547874) - Allow passwd_t domain chroot - Dontaudit confined unpriviliged users setuid capability
2018-03-12 16:20:32 +00:00
/selinux-policy-9bd65d3.tar.gz
/selinux-policy-contrib-fbc0290.tar.gz
/selinux-policy-contrib-ce817e6.tar.gz
/selinux-policy-370bcfb.tar.gz
2018-03-20 11:21:39 +00:00
/selinux-policy-4b1f9bd.tar.gz
/selinux-policy-contrib-d2dd0ad.tar.gz
/selinux-policy-contrib-7ecfe28.tar.gz
/selinux-policy-116b85e.tar.gz
* Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-9 - Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795) - Allow nagios to exec itself and mmap nagios spool files BZ(1559683) - Allow nagios to mmap nagios config files BZ(1559683) - Fixing Ganesha module - Fix typo in NetworkManager module - Fix bug in gssproxy SELinux module - Allow abrt_t domain to mmap container_file_t files BZ(1525573) - Allow networkmanager to be run ssh client BZ(1558441) - Allow pcp domains to do dc override BZ(1557913) - Dontaudit pcp_pmie_t to reaquest lost kernel module - Allow pcp_pmcd_t to manage unpriv userdomains semaphores BZ(1554955) - Allow httpd_t to read httpd_log_t dirs BZ(1554912) - Allow fail2ban_t to read system network state BZ(1557752) - Allow dac override capability to mandb_t domain BZ(1529399) - Allow collectd_t domain to mmap collectd_var_lib_t files BZ(1556681) - Dontaudit bug in kernel 4.16 when domains requesting loading kernel modules BZ(1555369) - Add Domain transition from gssproxy_t to httpd_t domains BZ(1548439) - Allow httpd_t to mmap user_home_type files if boolean httpd_read_user_content is enabled BZ(1555359) - Allow snapperd to relabel snapperd_data_t - Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets - Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled - Allow insmod_t to load modules BZ(1544189) - Allow systemd_rfkill_t domain sys_admin capability BZ(1557595) - Allow systemd_networkd_t to read/write tun tap devices - Add shell_exec_t file as domain entry for init_t - Label also /run/systemd/resolved/ as systemd_resolved_var_run_t BZ(1556862) - Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module BZ(1557347) - Improve userdom_mmap_user_home_content_files - Allow systemd_logind_t domain to setattributes on fixed disk devices BZ(1555414) - Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module - Allow semanage_t domain mmap usr_t files - Add new boolean: ssh_use_tcpd()
2018-03-25 00:02:58 +00:00
/selinux-policy-154a8cf.tar.gz
/selinux-policy-contrib-504d76b.tar.gz
/selinux-policy-01924d8.tar.gz
/selinux-policy-contrib-1255203.tar.gz
/selinux-policy-contrib-10b75cc.tar.gz
/selinux-policy-bb22502.tar.gz
/selinux-policy-b8ddd7e.tar.gz
/selinux-policy-contrib-4b13776.tar.gz
* Fri Apr 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-14 - Add dac_override capability to mailman_mail_t domain - Add dac_override capability to radvd_t domain - Update openvswitch policy - Add dac_override capability to oddjob_homedir_t domain - Allow slapd_t domain to mmap slapd_var_run_t files - Rename tang policy to tangd - Allow virtd_t domain to relabel virt_var_lib_t files - Allow logrotate_t domain to stop services via systemd - Add tang policy - Allow mozilla_plugin_t to create mozilla.pdf file in user homedir with label mozilla_home_t - Allow snapperd_t daemon to create unlabeled dirs. - Make httpd_var_run_t mountpoint - Allow hsqldb_t domain to mmap own temp files - We have inconsistency in cgi templates with upstream, we use _content_t, but refpolicy use httpd__content_t. Created aliasses to make it consistence - Allow Openvswitch adding netdev bridge ovs 2.7.2.10 FDP - Add new Boolean tomcat_use_execmem - Allow nfsd_t domain to read/write sysctl fs files - Allow conman to read system state - Allow brltty_t domain to be dbusd system client - Allow zebra_t domain to bind on babel udp port - Allow freeipmi domain to read sysfs_t files - Allow targetd_t domain mmap lvm config files - Allow abrt_t domain to manage kdump crash files - Add capability dac_override to antivirus domain - Allow svirt_t domain mmap svirt_image_t files BZ(1514538) - Allow ftpd_t domain to chat with systemd - Allow systemd init named socket activation for uuidd policy - Allow networkmanager domain to write to ecryptfs_t files BZ(1566706) - Allow l2tpd domain to stream connect to sssd BZ(1568160) - Dontaudit abrt_t to write to lib_t dirs BZ(1566784) - Allow NetworkManager_ssh_t domain transition to insmod_t BZ(1567630) - Allow certwatch to manage cert files BZ(1561418) - Merge pull request #53 from tmzullinger/rawhide - Merge pull request #52 from thetra0/rawhide - Allow abrt_dump_oops_t domain to mmap all non security files BZ(1565748) - Allow gpg_t domain mmap cert_t files Allow gpg_t mmap gpg_agent_t files - Allow NetworkManager_ssh_t domain use generic ptys. BZ(1565851) - Allow pppd_t domain read/write l2tpd pppox sockets BZ(1566096) - Allow xguest user use bluetooth sockets if xguest_use_bluetooth boolean is turned on. - Allow pppd_t domain creating pppox sockets BZ(1566271) - Allow abrt to map var_lib_t files - Allow chronyc to read system state BZ(1565217) - Allow keepalived_t domain to chat with systemd via dbus - Allow git to mmap git_(sys|user)_content_t files BZ(1518027) - Allow netutils_t domain to create bluetooth sockets - Allow traceroute to bind on generic sctp node - Allow traceroute to search network sysctls - Allow systemd to use virtio console - Label /dev/op_panel and /dev/opal-prd as opal_device_t
2018-04-27 09:50:21 +00:00
/selinux-policy-fee4738.tar.gz
/selinux-policy-contrib-6c883f6.tar.gz
/selinux-policy-301aa80.tar.gz
/selinux-policy-contrib-01b5dd1.tar.gz
/selinux-policy-17160ee.tar.gz
/selinux-policy-contrib-4f6a859.tar.gz
2018-04-30 15:41:45 +00:00
/selinux-policy-718d75d.tar.gz
* Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-17 - Add dac_override capability to remote_login_t domain - Allow chrome_sandbox_t to mmap tmp files - Update ulogd SELinux security policy - Allow rhsmcertd_t domain send signull to apache processes - Allow systemd socket activation for modemmanager - Allow geoclue to dbus chat with systemd - Fix file contexts on conntrackd policy - Temporary fix for varnish and apache adding capability for DAC_OVERRIDE - Allow lsmd_plugin_t domain to getattr lsm_t unix stream sockets - Add label for /usr/sbin/pacemaker-remoted to have cluster_exec_t - Allow nscd_t domain to be system dbusd client - Allow abrt_t domain to read sysctl - Add dac_read_search capability for tangd - Allow systemd socket activation for rshd domain - Add label for /usr/libexec/cyrus-imapd/master as cyrus_exec_t to have proper SELinux domain transition from init_t to cyrus_t - Allow kdump_t domain to map /boot files - Allow conntrackd_t domain to send msgs to syslog - Label /usr/sbin/nhrpd and /usr/sbin/pimd binaries as zebra_exec_t - Allow swnserve_t domain to stream connect to sasl domain - Allow smbcontrol_t to create dirs with samba_var_t label - Remove execstack,execmem and execheap from domains setroubleshootd_t, locate_t and podsleuth_t to increase security. BZ(1579760) - Allow tangd to read public sssd files BZ(1509054) - Allow geoclue start with nnp systemd security feature with proper SELinux Domain transition BZ(1575212) - Allow ctdb_t domain modify ctdb_exec_t files - Allow firewalld_t domain to create netlink_netfilter sockets - Allow radiusd_t domain to read network sysctls - Allow pegasus_t domain to mount tracefs_t filesystem - Allow create systemd to mount pid files - Add files_map_boot_files() interface - Remove execstack,execmem and execheap from domain fsadm_t to increase security. BZ(1579760) - Fix typo xserver SELinux module - Allow systemd to mmap files with var_log_t label - Allow x_userdomains read/write to xserver session
2018-05-20 23:48:14 +00:00
/selinux-policy-cab8dc9.tar.gz
/selinux-policy-contrib-19624b4.tar.gz
/selinux-policy-contrib-5ae0301.tar.gz
/selinux-policy-ba72e52.tar.gz
/selinux-policy-877fde5.tar.gz
/selinux-policy-contrib-12d91da.tar.gz
/selinux-policy-contrib-6cf567f.tar.gz
/selinux-policy-a1ec13e.tar.gz
* Wed Jun 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-22 - Fix typo in authconfig policy - Update ctdb domain to support gNFS setup - Allow authconfig_t dbus chat with policykit - Allow lircd_t domain to read system state - Revert "Allow fsdaemon_t do send emails BZ(1582701)" - Typo in uuidd policy - Allow tangd_t domain read certs - Allow vpnc_t domain to read configfs_t files/dirs BZ(1583107) - Allow vpnc_t domain to read generic certs BZ(1583100) - Label /var/lib/phpMyAdmin directory as httpd_sys_rw_content_t BZ(1584811) - Allow NetworkManager_ssh_t domain to be system dbud client - Allow virt_qemu_ga_t read utmp - Add capability dac_override to system_mail_t domain - Update uuidd policy to reflect last changes from base branch - Add cap dac_override to procmail_t domain - Allow sendmail to mmap etc_aliases_t files BZ(1578569) - Add new interface dbus_read_pid_sock_files() - Allow mpd_t domain read config_home files if mpd_enable_homedirs boolean will be enabled - Allow fsdaemon_t do send emails BZ(1582701) - Allow firewalld_t domain to request kernel module BZ(1573501) - Allow chronyd_t domain to send send msg via dgram socket BZ(1584757) - Add sys_admin capability to fprint_t SELinux domain - Allow cyrus_t domain to create own files under /var/run BZ(1582885) - Allow cachefiles_kernel_t domain to have capability dac_override - Update policy for ypserv_t domain - Allow zebra_t domain to bind on tcp/udp ports labeled as qpasa_agent_port_t - Allow cyrus to have dac_override capability - Dontaudit action when abrt-hook-ccpp is writing to nscd sockets - Fix homedir polyinstantion under mls - Fixed typo in init.if file - Allow systemd to remove generic tmpt files BZ(1583144) - Update init_named_socket_activation() interface to also allow systemd create objects in /var/run with proper label during socket activation - Allow systemd-networkd and systemd-resolved services read system-dbusd socket BZ(1579075) - Fix typo in authlogin SELinux security module - Allod nsswitch_domain attribute to be system dbusd client BZ(1584632) - Allow audisp_t domain to mmap audisp_exec_t binary - Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file - Label tcp/udp ports 2612 as qpasa_agetn_port_t
2018-06-06 08:25:52 +00:00
/selinux-policy-contrib-93edf9a.tar.gz
/selinux-policy-d06c960.tar.gz
/selinux-policy-contrib-f1b2ca4.tar.gz
* Tue Jun 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-24 - /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type - Allow ntop_t domain to create/map various sockets/files. - Enable the dictd to communicate via D-bus. - Allow inetd_child process to chat via dbus with abrt - Allow zabbix_agent_t domain to connect to redis_port_t - Allow rhsmcertd_t domain to read xenfs_t files - Allow zabbix_agent_t to run zabbix scripts - Fix openvswith SELinux module - Fix wrong path in tlp context file BZ(1586329) - Update brltty SELinux module - Allow rabbitmq_t domain to create own tmp files/dirs - Allow policykit_t mmap policykit_auth_exec_t files - Allow ipmievd_t domain to read general certs - Add sys_ptrace capability to pcp_pmie_t domain - Allow squid domain to exec ldconfig - Update gpg SELinux policy module - Allow mailman_domain to read system network state - Allow openvswitch_t domain to read neutron state and read/write fixed disk devices - Allow antivirus_domain to read all domain system state - Allow targetd_t domain to red gconf_home_t files/dirs - Label /usr/libexec/bluetooth/obexd as obexd_exec_t - Add interface nagios_unconfined_signull() - Fix typos in zabbix.te file - Add missing requires - Allow tomcat domain sends email - Fix typo in sge policy - Merge pull request #214 from wrabcak/fb-dhcpc - Allow dhcpc_t creating own socket files inside /var/run/ Allow dhcpc_t creating netlink_kobject_uevent_socket, netlink_generic_socket, rawip_socket BZ(1585971) - Allow confined users get AFS tokens - Allow sysadm_t domain to chat via dbus - Associate sysctl_kernel_t type with filesystem attribute - Allow syslogd_t domain to send signull to nagios_unconfined_plugin_t - Fix typo in netutils.te file
2018-06-12 12:22:02 +00:00
/selinux-policy-ae55b01.tar.gz
/selinux-policy-contrib-d23eef1.tar.gz
* Thu Jun 14 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-25 - Merge pull request #60 from vmojzis/rawhide - Allow tangd_t domain stream connect to sssd - Allow oddjob_t domain to chat with systemd via dbus - Allow freeipmi domains to mmap sysfs files - Fix typo in logwatch interface file - Allow spamd_t to manage logwatch_cache_t files/dirs - Allow dnsmasw_t domain to create own tmp files and manage mnt files - Allow fail2ban_client_t to inherit rlimit information from parent process - Allow nscd_t to read kernel sysctls - Label /var/log/conman.d as conman_log_t - Add dac_override capability to tor_t domain - Allow certmonger_t to readwrite to user_tmp_t dirs - Allow abrt_upload_watch_t domain to read general certs - Allow chornyd_t read phc2sys_t shared memory - Add several allow rules for pesign policy: - Add setgid and setuid capabilities to mysqlfd_safe_t domain - Add tomcat_can_network_connect_db boolean - Update virt_use_sanlock() boolean to read sanlock state - Add sanlock_read_state() interface - Allow zoneminder_t to getattr of fs_t - Allow rhsmcertd_t domain to send signull to postgresql_t domain - Add log file type to collectd and allow corresponding access - Allow policykit_t domain to dbus chat with dhcpc_t - Allow traceroute_t domain to exec bin_t binaries - Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override - Add new interface dev_map_sysfs() - Allow sshd_keygen_t to execute plymouthd - Allow systemd_networkd_t create and relabel tun sockets - Add new interface postgresql_signull()
2018-06-14 13:31:59 +00:00
/selinux-policy-003cd80.tar.gz
/selinux-policy-contrib-494e26e.tar.gz
/selinux-policy-2248854.tar.gz
/selinux-policy-contrib-23a0603.tar.gz
* Wed Jul 18 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-28 - Allow cupsd_t domain to mmap cupsd_etc_t files - Allow kadmind_t domain to mmap krb5kdc_principal_t - Allow virtlogd_t domain to read virt_etc_t link files - Allow dirsrv_t domain to read crack db - Dontaudit pegasus_t to require sys_admin capability - Allow mysqld_t domain to exec mysqld_exec_t binary files - Allow abrt_t odmain to read rhsmcertd lib files - Allow winbind_t domain to request kernel module loads - Allow tomcat_domain to read cgroup_t files - Allow varnishlog_t domain to mmap varnishd_var_lib_t files - Allow innd_t domain to mmap news_spool_t files - Label HOME_DIR/mozilla.pdf file as mozilla_home_t instead of user_home_t - Allow fenced_t domain to reboot - Allow amanda_t domain to read network system state - Allow abrt_t domain to read rhsmcertd logs - Fix typo in radius policy - Update zoneminder policy to reflect latest features in zoneminder BZ(1592555) - Label /usr/bin/esmtp-wrapper as sendmail_exec_t - Update raid_access_check_mdadm() interface to dontaudit caller domain to mmap mdadm_exec_t binary files - Dontaudit thumb to read mmap_min_addr - Allow chronyd_t to send to system_cronjob_t via unix dgram socket BZ(1494904) - Allow mpd_t domain to mmap mpd_tmpfs_t files BZ(1585443) - Allow collectd_t domain to use ecryptfs files BZ(1592640) - Dontaudit mmap home type files for abrt_t domain - Allow fprintd_t domain creating own tmp files BZ(1590686) - Allow collectd_t domain to bind on bacula_port_t BZ(1590830) - Allow fail2ban_t domain to getpgid BZ(1591421) - Allow nagios_script_t domain to mmap nagios_log_t files BZ(1593808) - Allow pcp_pmcd_t domain to use sys_ptrace usernamespace cap - Allow sssd_selinux_manager_t to read/write to systemd sockets BZ(1595458) - Allow virt_qemu_ga_t domain to read network state BZ(1592145) - Allow radiusd_t domain to mmap radius_etc_rw_t files - Allow git_script_t domain to read and mmap gitosis_var_lib_t files BZ(1591729) - Add dac_read_search capability to thumb_t domain - Add dac_override capability to cups_pdf_t domain BZ(1594271) - Add net_admin capability to connntrackd_t domain BZ(1594221) - Allow gssproxy_t domain to domtrans into gssd_t domain BZ(1575234) - Fix interface init_dbus_chat in oddjob SELinux policy BZ(1590476) - Allow motion_t to mmap video devices BZ(1590446) - Add dac_override capability to mpd_t domain BZ(1585358) - Allow fsdaemon_t domain to write to mta home files BZ(1588212) - Allow virtlogd_t domain to chat via dbus with systemd_logind BZ(1589337) - Allow sssd_t domain to write to general cert files BZ(1589339) - Allow l2tpd_t domain to sends signull to ipsec domains BZ(1589483) - Allow cockpit_session_t to read kernel network state BZ(1596941) - Allow devicekit_power_t start with nnp systemd security feature with proper SELinux Domain transition BZ(1593817) - Update rhcs_rw_cluster_tmpfs() interface to allow caller domain to mmap cluster_tmpfs_t files - Allow chronyc_t domain to use nscd shm - Label /var/lib/tomcats dir as tomcat_var_lib_t
2018-07-18 15:37:07 +00:00
/selinux-policy-d616286.tar.gz
/selinux-policy-contrib-bfc11d6.tar.gz
* Wed Jul 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-29 - Allow aide to mmap all files - Revert "Allow firewalld to create rawip sockets" - Revert "Allow firewalld_t do read iptables_var_run_t files" - Allow svirt_tcg_t domain to read system state of virtd_t domains - Update rhcs contexts to reflects the latest fenced changes - Allow httpd_t domain to rw user_tmp_t files - Fix typo in openct policy - Allow winbind_t domian to connect to all ephemeral ports - Allow firewalld_t do read iptables_var_run_t files - Allow abrt_t domain to mmap data_home files - Allow glusterd_t domain to mmap user_tmp_t files - Allow mongodb_t domain to mmap own var_lib_t files - Allow firewalld to read kernel usermodehelper state - Allow modemmanager_t to read sssd public files - Allow openct_t domain to mmap own var_run_t files - Allow nnp transition for devicekit daemons - Allow firewalld to create rawip sockets - Allow firewalld to getattr proc filesystem - Dontaudit sys_admin capability for pcscd_t domain - Revert "Allow pcsd_t domain sys_admin capability" - Allow fetchmail_t domain to stream connect to sssd - Allow pcsd_t domain sys_admin capability - Allow cupsd_t to create cupsd_etc_t dirs - Allow varnishlog_t domain to list varnishd_var_lib_t dirs - Allow mongodb_t domain to read system network state BZ(1599230) - Allow tgtd_t domain to create dirs in /var/run labeled as tgtd_var_run_t BZ(1492377) - Allow iscsid_t domain to mmap sysfs_t files - Allow httpd_t domain to mmap own cache files - Add sys_resource capability to nslcd_t domain - Fixed typo in logging_audisp_domain interface - Add interface files_mmap_all_files() - Add interface iptables_read_var_run() - Allow systemd to mounton init_var_run_t files - Update policy rules for auditd_t based on changes in audit version 3 - Allow systemd_tmpfiles_t do mmap system db files - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Improve domain_transition_pattern to allow mmap entrypoint bin file. - Don't setup unlabeled_t as an entry_type - Allow unconfined_service_t to transition to container_runtime_t
2018-07-25 21:42:34 +00:00
/selinux-policy-cc3def4.tar.gz
/selinux-policy-contrib-f0ca657.tar.gz
/selinux-policy-contrib-6bfaa82.tar.gz
/selinux-policy-e08b2da.tar.gz
/selinux-policy-8555de5.tar.gz
/selinux-policy-contrib-ab97c9d.tar.gz
* Tue Aug 28 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-1 - Allow ovs-vswitchd labeled as openvswitch_t domain communicate with qemu-kvm via UNIX stream socket - Add interface devicekit_mounton_var_lib() - Allow httpd_t domain to mmap tmp files - Allow tcsd_t domain to have dac_override capability - Allow cupsd_t to rename cupsd_etc_t files - Allow iptables_t domain to create rawip sockets - Allow amanda_t domain to mmap own tmpfs files - Allow fcoemon_t domain to write to sysfs_t dirs - Allow dovecot_auth_t domain to have dac_override capability - Allow geoclue_t domain to mmap own tmp files - Allow chronyc_t domain to read network state - Allow apcupsd_t domain to execute itself - Allow modemmanager_t domain to stream connect to sssd - Allow chonyc_t domain to rw userdomain pipes - Update dirsrvadmin_script_t policy to allow read httpd_tmp_t symlinks - Update dirsrv_read_share() interface to allow caller domain to mmap dirsrv_share_t files - Allow nagios_script_t domain to mmap nagios_spool_t files - Allow geoclue_t domain to mmap geoclue_var_lib_t files - Allow geoclue_t domain to map generic certs - Update munin_manage_var_lib_files to allow manage also dirs - Allow nsd_t domain to create new socket file in /var/run/nsd.ctl - Fix typo in virt SELinux policy module - Allow virtd_t domain to create netlink_socket - Allow rpm_t domain to write to audit - Allow nagios_script_t domain to mmap nagios_etc_t files - Update nscd_socket_use() to allow caller domain to stream connect to nscd_t - Allow kdumpctl_t domain to getattr fixed disk device in mls - Fix typo in stapserver policy - Dontaudit abrt_t domain to write to usr_t dirs - Revert "Allow rpcbind to bind on all unreserved udp ports" - Allow rpcbind to bind on all unreserved udp ports - Allow virtlogd to execute itself - Allow stapserver several actions: - execute own tmp files - mmap stapserver_var_lib_t files - create stapserver_tmpfs_t files - Allow ypxfr_t domain to stream connect to rpcbind and allos search sssd libs - Allos systemd to socket activate ibacm service - Allow dirsrv_t domain to mmap user_t files - Allow kdumpctl_t domain to manage kdumpctl_tmp_t fifo files - Allow kdumpctl to write to files on all levels - Allow httpd_t domain to mmap httpd_config_t files - Allow sanlock_t domain to connectto to unix_stream_socket - Revert "Add same context for symlink as binary" - Allow mysql execute rsync - Update nfsd_t policy because of ganesha features - Allow conman to getattr devpts_t - Allow tomcat_domain to connect to smtp ports - Allow tomcat_t domain to mmap tomcat_var_lib_t files - Allow nagios_t domain to mmap nagios_log_t files - Allow kpropd_t domain to mmap krb5kdc_principal_t files - Allow kdumpctl_t domain to read fixed disk storage
2018-08-28 22:10:24 +00:00
/selinux-policy-c8dfe84.tar.gz
/selinux-policy-contrib-a342008.tar.gz
* Thu Sep 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-2 - Allow tomcat services create link file in /tmp - Label /etc/shorewall6 as shorewall_etc_t - Allow winbind_t domain kill in user namespaces - Allow firewalld_t domain to read random device - Allow abrt_t domain to do execmem - Allow geoclue_t domain to execute own var_lib_t files - Allow openfortivpn_t domain to read system network state - Allow dnsmasq_t domain to read networkmanager lib files - sssd: Allow to limit capabilities using libcap - sssd: Remove unnecessary capability - sssd: Do not audit usage of lib nss_systemd.so - Fix bug in nsd.fc, /var/run/nsd.ctl is socket file not file - Add correct namespace_init_exec_t context to /etc/security/namespace.d/* - Update nscd_socket_use to allow caller domain to mmap nscd_var_run_t files - Allow exim_t domain to mmap bin files - Allow mysqld_t domain to executed with nnp transition - Allow svirt_t domain to mmap svirt_image_t block files - Add caps dac_read_search and dav_override to pesign_t domain - Allow iscsid_t domain to mmap userio chr files - Add read interfaces for mysqld_log_t that was added in commit df832bf - Allow boltd_t to dbus chat with xdm_t - Conntrackd need to load kernel module to work - Allow mysqld sys_nice capability - Update boltd policy based on SELinux denials from rhbz#1607974 - Allow systemd to create symlinks in for /var/lib - Add comment to show that template call also allows changing shells - Document userdom_change_password_template() behaviour - update files_mounton_kernel_symbol_table() interface to allow caller domain also mounton system_map_t file - Fix typo in logging SELinux module - Allow usertype to mmap user_tmp_type files - In domain_transition_pattern there is no permission allowing caller domain to execu_no_trans on entrypoint, this patch fixing this issue - Revert "Add execute_no_trans permission to mmap_exec_file_perms pattern" - Add boolean: domain_can_mmap_files. - Allow ipsec_t domian to mmap own tmp files - Add .gitignore file - Add execute_no_trans permission to mmap_exec_file_perms pattern - Allow sudodomain to search caller domain proc info - Allow audisp_remote_t domain to read auditd_etc_t - netlabel: Remove unnecessary sssd nsswitch related macros - Allow to use sss module in auth_use_nsswitch - Limit communication with init_t over dbus - Add actual modules.conf to the git repo - Add few interfaces to optional block - Allow sysadm_t and staff_t domain to manage systemd unit files - Add interface dev_map_userio_dev()
2018-09-06 20:33:33 +00:00
/selinux-policy-contrib-5ed2192.tar.gz
/selinux-policy-38c6414.tar.gz
/selinux-policy-contrib-dab4b50.tar.gz
/selinux-policy-446ee2a.tar.gz
/selinux-policy-0813126.tar.gz
/selinux-policy-contrib-ff6d7f4.tar.gz
/selinux-policy-contrib-fdc0a2e.tar.gz
/selinux-policy-493101e.tar.gz
/selinux-policy-contrib-765b73a.tar.gz
/selinux-policy-8bcb254.tar.gz
/selinux-policy-contrib-5252fe6.tar.gz
/selinux-policy-2d39d24.tar.gz
/selinux-policy-contrib-a69f9e6.tar.gz
2018-11-04 01:05:17 +00:00
/selinux-policy-contrib-6c30b43.tar.gz
/selinux-policy-a46eac2.tar.gz
/selinux-policy-contrib-5a2a313.tar.gz
/selinux-policy-62d90da.tar.gz
/selinux-policy-contrib-a01743f.tar.gz
/selinux-policy-4cbc1ae.tar.gz
* Fri Dec 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-14 - Remove all ganesha bits from gluster and rpc policy - Label /usr/share/spamassassin/sa-update.cron as spamd_update_exec_t - Add dac_override capability to ssad_t domains - Allow pesign_t domain to read gnome home configs - Label /usr/libexec/lm_sensors/sensord-service-wrapper as lsmd_exec_t - Allow rngd_t domains read kernel state - Allow certmonger_t domains to read bind cache - Allow ypbind_t domain to stream connect to sssd - Allow rngd_t domain to setsched - Allow sanlock_t domain to read/write sysfs_t files - Add dac_override capability to postfix_local_t domain - Allow ypbind_t to search sssd_var_lib_t dirs - Allow virt_qemu_ga_t domain to write to user_tmp_t files - Allow systemd_logind_t to dbus chat with virt_qemu_ga_t - Update sssd_manage_lib_files() interface to allow also mmap sssd_var_lib_t files - Add new interface sssd_signal() - Update xserver_filetrans_home_content() and xserver_filetrans_admin_home_content() unterfaces to allow caller domain to create .vnc dir in users homedir labeled as xdm_home_t - Update logging_filetrans_named_content() to allow caller domains of this interface to create /var/log/journal/remote directory labeled as var_log_t - Add sys_resource capability to the systemd_passwd_agent_t domain - Allow ipsec_t domains to read bind cache - kernel/files.fc: Label /run/motd as etc_t - Allow systemd to stream connect to userdomain processes - Label /var/lib/private/systemd/ as init_var_lib_t - Allow initrc_t domain to create new socket labeled as init_T - Allow audisp_remote_t domain remote logging client to read local audit events from relevant socket. - Add tracefs_t type to mountpoint attribute - Allow useradd_t and groupadd_t domains to send signals to sssd_t - Allow systemd_logind_t domain to remove directories labeled as tmpfs_t BZ(1648636) - Allow useradd_t and groupadd_t domains to access sssd files because of the new feature in shadow-utils
2018-12-06 15:43:04 +00:00
/selinux-policy-contrib-a0e3869.tar.gz
/selinux-policy-509e071.tar.gz
* Fri Jan 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-16 - Allow sensord_t to execute own binary files - Allow pcp_pmlogger_t domain to getattr all filesystem BZ(1662432) - Allow virtd_lxc_t domains use BPF BZ(1662613) - Allow openvpn_t domain to read systemd state BZ(1661065) - Dontaudit ptrace all domains for blueman_t BZ(1653671) - Used correct renamed interface for imapd_t domain - Change label of /usr/libexec/lm_sensors/sensord-service-wrapper from lsmd_exec_t to sensord_exec_t BZ(1662922) - Allow hddtemp_t domain to read nvme block devices BZ(1663579) - Add dac_override capability to spamd_t domain BZ(1645667) - Allow pcp_pmlogger_t to mount tracefs_t filesystem BZ(1662983) - Allow pcp_pmlogger_t domain to read al sysctls BZ(1662441) - Specify recipients that will be notified about build CI results. - Allow saslauthd_t domain to mmap own pid files BZ(1653024) - Add dac_override capability for snapperd_t domain BZ(1619356) - Make kpatch_t domain application domain to allow users to execute kpatch in kpatch_t domain. - Add ipc_owner capability to pcp_pmcd_t domain BZ(1655282) - Update pulseaudio_stream_connect() to allow caller domain create stream sockets to cumminicate with pulseaudio - Allow pcp_pmlogger_t domain to send signals to rpm_script_t BZ(1651030) - Add new interface: rpm_script_signal() - Allow init_t domain to mmap init_var_lib_t files and dontaudit leaked fd. BZ(1651008) - Make workin: systemd-run --system --pty bash BZ(1647162) - Allow ipsec_t domain dbus chat with systemd_resolved_t BZ(1662443) - Allow staff_t to rw binfmt_misc_fs_t files BZ(1658975) - Specify recipients that will be notified about build CI results. - Label /usr/lib/systemd/user as systemd_unit_file_t BZ(1652814) - Allow sysadm_t,staff_t and unconfined_t domain to execute kpatch as kpatch_t domain - Add rules to allow systemd to mounton systemd_timedated_var_lib_t. - Allow x_userdomains to stream connect to pulseaudio BZ(1658286)
2019-01-11 11:46:15 +00:00
/selinux-policy-contrib-a265988.tar.gz
/selinux-policy-d0c5c81.tar.gz
/selinux-policy-0379b0e.tar.gz
/selinux-policy-contrib-2664b0a.tar.gz
/selinux-policy-35f00c1.tar.gz
2019-01-29 15:58:50 +00:00
/selinux-policy-5181cbd.tar.gz
/selinux-policy-contrib-992defd.tar.gz
/selinux-policy-contrib-b4944ea.tar.gz
/selinux-policy-07bdaa4.tar.gz
* Tue Feb 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-21 - Allow glusterd_t to write to automount unnamed pipe Resolves: rhbz#1674243 - Allow ddclient_t to setcap Resolves: rhbz#1674298 - Add dac_override capability to vpnc_t domain - Add dac_override capability to spamd_t domain - Allow ibacm_t domain to read system state and label all ibacm sockets and symlinks as ibacm_var_run_t in /var/run - Allow read network state of system for processes labeled as ibacm_t - Allow ibacm_t domain to send dgram sockets to kernel processes - Allow dovecot_t to connect to MySQL UNIX socket - Fix CI for use on forks - Fix typo bug in sensord policy - Update ibacm_t policy after testing lastest version of this component - Allow sensord_t domain to mmap own log files - Allow virt_doamin to read/write dev device - Add dac_override capability for ipa_helper_t - Update policy with multiple allow rules to make working installing VM in MLS policy - Allow syslogd_t domain to send null signal to all domains on system Resolves: rhbz#1673847 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow systemd-logind daemon to remove shared memory during logout Resolves: rhbz#1674172 - Always label /home symlinks as home_root_t - Update mount_read_pid_files macro to allow also list mount_var_run_t dirs - Fix typo bug in userdomain SELinux policy - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow user domains to stop systemd user sessions during logout process - Fix CI for use on forks - Label /dev/sev char device as sev_device_t - Add s_manage_fusefs_named_sockets interface - Allow systemd-journald to receive messages including a memfd
2019-02-12 16:05:35 +00:00
/selinux-policy-contrib-8b8ce9b.tar.gz
/selinux-policy-8258bc1.tar.gz
/selinux-policy-contrib-01421de.tar.gz
/selinux-policy-18ccb6c.tar.gz
2019-02-14 16:54:25 +00:00
/selinux-policy-contrib-7e2f178.tar.gz
/selinux-policy-contrib-af9fa4f.tar.gz
/selinux-policy-108b4cd.tar.gz
/selinux-policy-contrib-925fb5e.tar.gz
/selinux-policy-aa6253c.tar.gz
* Wed Mar 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-4 - Update vmtools policy - Allow virt_qemu_ga_t domain to read udev_var_run_t files - Update nagios_run_sudo boolean with few allow rules related to accessing sssd - Update travis CI to install selinux-policy dependencies without checking for gpg check - Allow journalctl_t domain to mmap syslogd_var_run_t files - Allow smokeping process to mmap own var lib files and allow set process group. Resolves: rhbz#1661046 - Allow sbd_t domain to bypass permission checks for sending signals - Allow sbd_t domain read/write all sysctls - Allow kpatch_t domain to communicate with policykit_t domsin over dbus - Allow boltd_t to stream connect to sytem dbus - Allow zabbix_t domain to create sockets labeled as zabbix_var_run_t BZ(1683820) - Allow all domains to send dbus msgs to vmtools_unconfined_t processes - Label /dev/pkey as crypt_device_t - Allow sudodomains to write to systemd_logind_sessions_t pipes. - Label /usr/lib64/libcuda.so.XX.XX library as textrel_shlib_t. - Allow ifconfig_t domain to read /dev/random BZ(1687516) - Fix interface modutils_run_kmod() where was used old interface modutils_domtrans_insmod instead of new one modutils_domtrans_kmod() Resolves: rhbz#1686660 - Update travis CI to install selinux-policy dependencies without checking for gpg check - Label /usr/sbin/nodm as xdm_exec_t same as other display managers - Update userdom_admin_user_template() and init_prog_run_bpf() interfaces to make working bpftool for confined admin - Label /usr/sbin/e2mmpstatus as fsadm_exec_t Resolves: rhbz#1684221 - Update unconfined_dbus_send() interface to allow both direction communication over dbus with unconfined process.
2019-03-12 17:42:45 +00:00
/selinux-policy-contrib-c199027.tar.gz
/selinux-policy-4c00590.tar.gz
/selinux-policy-b28842e.tar.gz
/selinux-policy-contrib-dc92f2d.tar.gz
/selinux-policy-b78306b.tar.gz
/selinux-policy-contrib-ef0c1e0.tar.gz