selinux-policy/sources

SHA512 (container-selinux.tgz) = aeb4861d2f79b35ee10c1ad12280ea8d84ee33546eff2321287de98102093e2e004f689557ec884af929cc71bdcb38c9cc2ecf00226433a44a6e52d1d11959b4
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (selinux-policy-6a0cb45.tar.gz) = b0058489dffe2de2bebcb9f7b9a1bf6d143e5c6fa0ed50bd1fff1b52be052f5f958d0feb4b9bd82d763dd87d6979bd8a37a52f7be52bbf44f76a8bc90439c79e
SHA512 (selinux-policy-contrib-8ce79b2.tar.gz) = e36bb51c1bcb553a54a95a29cb6440b6f120c805d5fa34e324da181d45abc4c489db51b58296df73c45bc702a86eadbb13001c2e88efa590f18128fff6fe3e9e
* Wed Sep 04 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-2 - Allow zabbix_t domain to manage zabbix_var_lib_t sock files and connect to unix_stream_socket - Dontaudit sandbox web types to setattr lib_t dirs - Dontaudit system_mail_t domains to check for existence other applications on system BZ(1747369) - Allow haproxy_t domain to read network state of system - Allow processes labeled as keepalived_t domain to get process group - Introduce dbusd_unit_file_type - Allow pesign_t domain to read/write named cache files. - Label /var/log/hawkey.log as rpm_log_t and update rpm named filetrans interfaces. - Allow httpd_t domain to read/write named_cache_t files - Add new interface bind_rw_cache() - Allow cupsd_t domain to create directory with name ppd in dirs labeled as cupsd_etc_t with label cupsd_rw_etc_t. - Update cpucontrol_t SELinux policy - Allow pcp_pmcd_t domain to bind on udp port labeled as statsd_port_t - Run lldpd service as lldpad_t. - Allow spamd_update_t domain to create unix dgram sockets. - Update dbus role template for confined users to allow login into x session - Label /usr/libexec/microcode_ctl/reload_microcode as cpucontrol_exec_t - Fix typo in networkmanager_append_log() interface - Update collectd policy to allow daemon create /var/log/collectd with collectd_log_t label - Allow login user type to use systemd user session - Allow xdm_t domain to start dbusd services. - Introduce new type xdm_unit_file_t - Remove allowing all domain to communicate over pipes with all domain under rpm_transition_domain attribute - Allow systemd labeled as init_t to remove sockets with tmp_t label BZ(1745632) - Allow ipsec_t domain to read/write named cache files - Allow sysadm_t to create hawkey log file with rpm_log_t SELinux label - Allow domains systemd_networkd_t and systemd_logind_t to chat over dbus - Label udp 8125 port as statsd_port_t 2019-09-04 16:09:39 +00:00			`SHA512 (container-selinux.tgz) = aeb4861d2f79b35ee10c1ad12280ea8d84ee33546eff2321287de98102093e2e004f689557ec884af929cc71bdcb38c9cc2ecf00226433a44a6e52d1d11959b4`
* Wed Jul 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-24 - Label user cron spool file with user_cron_spool_t - Update gnome_role_template() template to allow sysadm_t confined user to login to xsession - Allow lograte_t domain to manage collect_rw_content files and dirs - Add interface collectd_manage_rw_content() - Allow systemd_hostnamed_t domain to dbus chat with sosreport_t domain - Update tomcat_can_network_connect_db boolean to allow tomcat domains also connect to redis ports - Allow mysqld_t domain to manage cluster pid files - Relabel /usr/sbin/virtlockd from virt_exec_t to virtlogd_exec_t. - Allow ptp4l_t domain to write to pmc socket which is created by pmc command line tool - Allow dkim-milter to send e-mails BZ(1716937) - Update spamassasin policy to make working /usr/share/spamassassin/sa-update.cron script BZ(1711799) - Update svnserve_t policy to make working svnserve hooks - Allow varnishlog_t domain to check for presence of varnishd_t domains - Update sandboxX policy to make working firefox inside SELinux sandbox - Remove allow rule from svirt_transition_svirt_sandbox interface to don't allow containers to connect to random services - Allow httpd_t domain to read /var/lib/softhsm/tokens to allow httpd daemon to use pkcs#11 devices - Allow gssd_t domain to list tmpfs_t dirs - Allow mdadm_t domain to read tmpfs_t files - Allow sbd_t domain to check presence of processes labeled as cluster_t - Dontaudit httpd_sys_script_t to read systemd unit files - Allow blkmapd_t domain to read nvme devices - Update cpucontrol_t domain to make working microcode service - Allow domain transition from logwatch_t do postfix_postqueue_t - Allow chronyc_t domain to create and write to non_security files in case when sysadmin is redirecting output to file e.g: 'chronyc -n tracking > /var/lib/test' - Allow httpd_sys_script_t domain to mmap httpcontent - Allow sbd_t to manage cgroups_t files - Update wireshark policy to make working tshar labeled as wireshark_t - Update virt_use_nfs boolean to allow svirt_t domain to mmap nfs_t files - Allow sysadm_t domain to create netlink selinux sockets - Make cgdcbxd active in Fedora upstream sources - Allow sysadm_t domain to dbus chat with rtkit daemon - Allow x_userdomains to nnp domain transition to thumb_t domain - Allow unconfined_domain_type to setattr own process lnk files. - Add interface files_write_generic_pid_sockets() - Dontaudit writing to user home dirs by gnome-keyring-daemon - Allow staff and admin domains to setpcap in user namespace - Allow staff and sysadm to use lockdev - Allow staff and sysadm users to run iotop. - Dontaudit traceroute_t domain require sys_admin capability - Dontaudit dbus chat between kernel_t and init_t - Allow systemd labeled as init_t to create mountpoints without any specific label as default_t 2019-07-17 15:58:49 +00:00			`SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4`
* Wed Sep 04 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-2 - Allow zabbix_t domain to manage zabbix_var_lib_t sock files and connect to unix_stream_socket - Dontaudit sandbox web types to setattr lib_t dirs - Dontaudit system_mail_t domains to check for existence other applications on system BZ(1747369) - Allow haproxy_t domain to read network state of system - Allow processes labeled as keepalived_t domain to get process group - Introduce dbusd_unit_file_type - Allow pesign_t domain to read/write named cache files. - Label /var/log/hawkey.log as rpm_log_t and update rpm named filetrans interfaces. - Allow httpd_t domain to read/write named_cache_t files - Add new interface bind_rw_cache() - Allow cupsd_t domain to create directory with name ppd in dirs labeled as cupsd_etc_t with label cupsd_rw_etc_t. - Update cpucontrol_t SELinux policy - Allow pcp_pmcd_t domain to bind on udp port labeled as statsd_port_t - Run lldpd service as lldpad_t. - Allow spamd_update_t domain to create unix dgram sockets. - Update dbus role template for confined users to allow login into x session - Label /usr/libexec/microcode_ctl/reload_microcode as cpucontrol_exec_t - Fix typo in networkmanager_append_log() interface - Update collectd policy to allow daemon create /var/log/collectd with collectd_log_t label - Allow login user type to use systemd user session - Allow xdm_t domain to start dbusd services. - Introduce new type xdm_unit_file_t - Remove allowing all domain to communicate over pipes with all domain under rpm_transition_domain attribute - Allow systemd labeled as init_t to remove sockets with tmp_t label BZ(1745632) - Allow ipsec_t domain to read/write named cache files - Allow sysadm_t to create hawkey log file with rpm_log_t SELinux label - Allow domains systemd_networkd_t and systemd_logind_t to chat over dbus - Label udp 8125 port as statsd_port_t 2019-09-04 16:09:39 +00:00			`SHA512 (selinux-policy-6a0cb45.tar.gz) = b0058489dffe2de2bebcb9f7b9a1bf6d143e5c6fa0ed50bd1fff1b52be052f5f958d0feb4b9bd82d763dd87d6979bd8a37a52f7be52bbf44f76a8bc90439c79e`
			`SHA512 (selinux-policy-contrib-8ce79b2.tar.gz) = e36bb51c1bcb553a54a95a29cb6440b6f120c805d5fa34e324da181d45abc4c489db51b58296df73c45bc702a86eadbb13001c2e88efa590f18128fff6fe3e9e`