selinux-policy

Author	SHA1	Message	Date
Zdenek Pytela	8430de8220	* Fri Apr 11 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.55-1 - Allow tuned-ppd read sssd public files Resolves: RHEL-69526 - Allow systemd-journal-upload read init pid files Resolves: RHEL-62196 - Label SetroubleshootPrivileged.py with setroubleshootd_exec_t Resolves: RHEL-77319 - Allow chronyd-restricted sendto to chronyc Resolves: RHEL-82308 - Allow chronyc sendto to chronyd-restricted Resolves: RHEL-82308	2025-04-11 15:16:25 +02:00
Zdenek Pytela	2ec69036cd	* Mon Mar 31 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.54-1 - Confine tuned-ppd Resolves: RHEL-69526 - Make tuned work with mls policy Resolves: RHEL-69526 - Allow afterburn to mount and read config drives Resolves: RHEL-79319	2025-03-31 17:52:52 +02:00
Zdenek Pytela	b26904931e	* Fri Mar 14 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.53-4 - Allow afterburn to mount and read config drives Resolves: RHEL-82276	2025-03-14 19:01:37 +01:00
Vit Mojzis	d094438fe9	automotive: remove dependency on policycoreutils-python-utils Since selinux-policy-automotive does not use the triggerpostun scriptlet that targeted/mls/minimum use, there is no need for policycoreutils-python-utils (only semodule, restorecon and load_policy are used, all of which is provided by policycoreutils). Resolves: RHEL-82883	2025-03-10 14:43:18 +01:00
Vit Mojzis	bbd06ec607	Add selinux-policy-automotive sub-package The package is modeled after selinux-policy-minimum in that it contains all the modules that are present in selinux-policy-targeted, but most of them are disabled (content of module-automotive-contrib.conf). The rest of the configuration files is copied from targeted, only booleans-automotive.conf and users-automotive are missing booleans and users defined in disabled modules. Resolves: RHEL-69666	2025-02-17 10:54:59 +01:00
Zdenek Pytela	b7b5e03b7e	* Fri Feb 07 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.53-1 - Allow svirt_t to connect to nbdkit over a unix stream socket Resolves: RHEL-56029 - Allow power-profiles-daemon the bpf capability Resolves: RHEL-61117 - Allow systemd-machined the kill user-namespace capability Resolves: RHEL-76352	2025-02-07 17:43:02 +01:00
Zdenek Pytela	bbd11ae656	* Fri Jan 31 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.52-1 - Add the files_read_root_files() interface Resolves: RHEL-70849 - Dontaudit systemd-logind remove all files Resolves: RHEL-59145 - Add the files_dontaudit_read_all_dirs() interface Resolves: RHEL-59145 - Add the files_dontaudit_delete_all_files() interface Resolves: RHEL-59145 - Allow rhsmcertd notify virt-who Resolves: RHEL-77152 - Allow irqbalance to run unconfined scripts conditionally Resolves: RHEL-1556 - Backport bootupd policy from current Fedora rawhide Resolves: RHEL-70849 - Support using systemd containers Resolves: RHEL-76352 - Allow svirt_t connect to unconfined_t over a unix domain socket Resolves: RHEL-37539 - Allow virt_domain to use pulseaudio - conditional Resolves: RHEL-1379 - Allow telnetd read network sysctls Resolves: RHEL-58825 - Allow alsa watch generic device directories Resolves: RHEL-61472 - Update switcheroo policy Resolves: RHEL-24268	2025-02-01 00:21:27 +01:00
Zdenek Pytela	adb3a2ba50	* Wed Jan 15 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.51-1 - Allow rsyslog read systemd-logind session files Resolves: RHEL-73839 - Allow samba-bgqd connect to cupsd over an unix domain stream socket Resolves: RHEL-72860 - Allow svirt_t read sysfs files Resolves: RHEL-70839 - Allow xdm dbus chat with power-profiles-daemon Resolves: RHEL-61117 - Update power-profiles-daemon policy Resolves: RHEL-61117 - Confine power-profiles-daemon Resolves: RHEL-61117 - Allow virtqemud domain transition to nbdkit Resolves: RHEL-56029 - Add nbdkit interfaces defined conditionally Resolves: RHEL-56029 - Confine the switcheroo-control service Resolves: RHEL-24268	2025-01-15 18:34:17 +01:00
Zdenek Pytela	ac1613aab5	Add powerprofiles and switcheroo modules Resolves: RHEL-24268	2025-01-15 18:29:54 +01:00
Zdenek Pytela	9484341286	* Fri Dec 13 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.50-1 - Allow auditctl signal auditd Resolves: RHEL-68969 - Fix the cups_read_pid_files() interface to use read_files_pattern Resolves: RHEL-69517 - Dontaudit systemd-coredump the sys_resource capability Resolves: RHEL-46339 - Allow rpcd read network sysctls Resolves: RHEL-1558 - Allow irqbalance setpcap capability in the user namespace Resolves: RHEL-69564 - Allow traceroute_t bind rawip sockets to unreserved ports Resolves: RHEL-54561 - Allow svirt_t the sys_rawio capability Resolves: RHEL-56955 - Change /run/sysctl\.d(/.)? fc entry to /var/run/sysctl\.d(/.)? Resolves: RHEL-56988 - Exclude container-selinux manpage from selinux-policy-doc Resolves: RHEL-69916	2024-12-13 15:45:13 +01:00
Zdenek Pytela	655176404c	Exclude container-selinux manpage from selinux-policy-doc The container_selinux.8 manpage is a part of the upstream container-selinux package and it should rather be a part of container-selinux. Resolves: RHEL-69916	2024-12-13 14:47:24 +01:00
Zdenek Pytela	93f4aed9d6	* Fri Dec 06 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.49-1 - Update virtlogd policy Resolves: RHEL-69433 - Allow svirt_t the sys_rawio capability Resolves: RHEL-56955 - Allow qemu-ga the dac_override and dac_read_search capabilities Resolves: RHEL-52476 - Allow ip the setexec permission Resolves: RHEL-62923 - Allow alsa get attributes filesystems with extended attributes Resolves: RHEL-61472 - Allow bacula execute container in the container domain Resolves: RHEL-21168 - Allow httpd get attributes of dirsrv unit files Resolves: RHEL-46808 - Update samba-bgqd policy Resolves: RHEL-69517 - Allow samba-bgqd read cups config files Resolves: RHEL-69517 - Update policy for samba-bgqd Resolves: RHEL-69517 - Update bootupd policy for the removing-state-file test Resolves: RHEL-66584 - Allow qatlib search the content of the kernel debugging filesystem Resolves: RHEL-53864 - Allow qatlib connect to systemd-machined over a unix socket Resolves: RHEL-53864 - Update qatlib policy for v24.02 with new features Resolves: RHEL-53864	2024-12-06 17:19:42 +00:00
Milos Malik	29816f1443	try to enable CRB and EPEL repositories Try to enable the following repositories: * EPEL * CRB Do not fail when something goes wrong.	2024-12-03 15:51:58 +01:00
Zdenek Pytela	ea341191c4	* Tue Nov 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.48-1 - Revert "Allow unconfined_t execute kmod in the kmod domain" Resolves: RHEL-65008 - Add policy for /usr/libexec/samba/samba-bgqd Resolves: RHEL-53124	2024-11-12 17:57:29 +01:00
Zdenek Pytela	a79b0f387d	* Wed Oct 23 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.47-1 - Label /etc/sysctl.d and /run/sysctl.d with system_conf_t Resolves: RHEL-56988 - Allow lldpad create and use netlink_generic_socket Resolves: RHEL-61832 - Allow unconfined_t execute kmod in the kmod domain Resolves: RHEL-54710 - Allow confined users r/w to screen unix stream socket Resolves: RHEL-50379 - Label /root/.screenrc and /root/.tmux.conf with screen_home_t Resolves: RHEL-50375 - Allow iio-sensor-proxy the bpf capability Resolves: RHEL-17346	2024-10-23 13:11:34 +02:00
Zdenek Pytela	b21b210b94	* Fri Oct 11 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.46-1 - Rebuild	2024-10-11 15:33:47 +02:00
Zdenek Pytela	93538d0a93	* Thu Oct 10 2024 Zdenek Pytela <zpytela@redhat.com> - 35.1.46-1 - Label /run/modprobe.d with modules_conf_t Resolves: RHEL-61453 - Allow boothd connect to kernel over a unix socket Resolves: RHEL-57104 - Allow boothd connect to systemd-userdbd over a unix socket Resolves: RHEL-57104 - Additional updates stalld policy for bpf usage Resolves: RHEL-57075 - Update stalld policy for bpf usage Resolves: RHEL-57075 - Allow ptp4l the sys_admin capability Resolves: RHEL-55133 - Label /dev/hfi1_[0-9]+ devices Resolves: RHEL-54996 - Confine iio-sensor-proxy Resolves: RHEL-17346	2024-10-10 21:54:48 +02:00
Zdenek Pytela	6d48c6e32c	* Mon Sep 16 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-3 - Rebuild Resolves: RHEL-55414	2024-09-16 17:29:25 +02:00
Zdenek Pytela	5273cf04c1	* Wed Sep 04 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-2 - Rebuild Resolves: RHEL-55414	2024-09-04 12:11:27 +02:00
Zdenek Pytela	6b28f7d202	* Thu Aug 29 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-1 - Allow setsebool_t relabel selinux data files Resolves: RHEL-55414	2024-08-29 14:28:06 +02:00
Zdenek Pytela	c72977faea	* Mon Aug 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.44-1 - Allow coreos-installer-generator work with partitions Resolves: RHEL-38614 - Label /etc/mdadm.conf.d with mdadm_conf_t Resolves: RHEL-38614 - Change file context specification to /var/run/metadata Resolves: RHEL-49735 - Allow initrc_t transition to passwd_t Resolves: RHEL-17404 - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets Resolves: RHEL-25514 - systemd: allow sys_admin capability for systemd_notify_t Resolves: RHEL-25514 - Change systemd-network-generator transition to include class file Resolves: RHEL-47033 - Allow sshd_keygen_t connect to userdbd over a unix stream socket Resolves: RHEL-47033	2024-08-12 22:55:56 +02:00
Zdenek Pytela	a922a23d90	* Wed Jul 31 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.43-1 - Allow rhsmcertd read/write access to /dev/papr-sysparm Resolves: RHEL-49599 - Label /dev/papr-sysparm and /dev/papr-vpd Resolves: RHEL-49599 - Allow rhsmcertd read, write, and map ica tmpfs files Resolves: RHEL-50926 - Update afterburn file transition policy Resolves: RHEL-49735 - Label /run/metadata with afterburn_runtime_t Resolves: RHEL-49735 - Allow afterburn list ssh home directory Resolves: RHEL-49735 - Support SGX devices Resolves: RHEL-50922 - Allow systemd-pstore send a message to syslogd over a unix domain Resolves: RHEL-45528 - Allow postfix_domain map postfix_etc_t files Resolves: RHEL-46332 - Allow microcode create /sys/devices/system/cpu/microcode/reload Resolves: RHEL-26821 - Allow svirt_tcg_t map svirt_image_t files Resolves: RHEL-27141 - Allow systemd-hostnamed shut down nscd Resolves: RHEL-45033 - Allow postfix_domain connect to postgresql over a unix socket Resolves: RHEL-6776	2024-07-31 18:07:13 +02:00
Zdenek Pytela	2271084e56	* Thu Jul 18 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.42-1 - Label samba certificates with samba_cert_t Resolves: RHEL-25724 - Allow systemd-coredumpd the sys_chroot capability Resolves: RHEL-45245 - Allow svirt_tcg_t read vm sysctls Resolves: RHEL-27141 - Label /usr/sbin/samba-gpupdate with samba_gpupdate_exec_t Resolves: RHEL-25724 - Label /var/run/coreos-installer-reboot with coreos_installer_var_run_t Resolves: RHEL-38614 - Allow coreos-installer add systemd unit file links Resolves: RHEL-38614	2024-07-18 13:52:06 +02:00
Zdenek Pytela	c74c6d2868	* Sun Jul 07 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.41-1 - Differentiate between staff and sysadm when executing crontab with sudo Resolves: RHEL-31888 - Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t Resolves: RHEL-25724 - Allow unconfined_service_t transition to passwd_t Resolves: RHEL-17404 - Allow sbd to trace processes in user namespace Resolves: RHEL-44680 - Allow systemd-coredumpd sys_admin and sys_resource capabilities Resolves: RHEL-45245 - Label /usr/lib/node_modules/npm/bin with bin_t Resolves: RHEL-36587 - Support /var is empty Resolves: RHEL-29331 - Allow timemaster write to sysfs files Resolves: RHEL-28777 - Don't audit crontab_domain write attempts to user home Resolves: RHEL-31888 - Transition from sudodomains to crontab_t when executing crontab_exec_t Resolves: RHEL-31888 - Fix label of pseudoterminals created from sudodomain Resolves: RHEL-31888	2024-07-07 22:17:56 +02:00
Zdenek Pytela	9ff33f15d5	* Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.40-1 - Allow systemd-coredump read nsfs files Resolves: RHEL-39937 - Allow login_userdomain execute systemd-tmpfiles in the caller domain Resolves: RHEL-40374 - Allow ptp4l_t request that the kernel load a kernel module Resolves: RHEL-38905 - Allow collectd to trace processes in user namespace Resolves: RHEL-36293	2024-06-18 22:32:39 +02:00
Zdenek Pytela	89ceaca299	* Thu Jun 06 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.39-1 - Add interfaces for watching and reading ifconfig_var_run_t Resolves: RHEL-39408 - Allow dhcpcd use unix_stream_socket Resolves: RHEL-39408 - Allow dhcpc read /run/netns files Resolves: RHEL-39408 - Allow all domains read and write z90crypt device Resolves: RHEL-38833 - Allow bootupd search efivarfs dirs Resolves: RHEL-36289 - Move unconfined_domain(sap_unconfined_t) to an optional block Resolves: RHEL-37663	2024-06-06 23:54:31 +02:00
Zdenek Pytela	df730c18c8	* Thu May 16 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.38-1 - Add boolean qemu-ga to run unconfined script Resolves: RHEL-31211 - Ensure dbus communication is allowed bidirectionally Resolves: RHEL-35782 - Allow logwatch_mail_t read network sysctls Resolves: RHEL-34135 - Allow sysadm execute dmidecode using sudo Resolves: RHEL-16104 - Allow sudodomain list files in /var Resolves: RHEL-16104 - Allow various services read and write z90crypt device Resolves: RHEL-33361 - Allow system_cronjob_t dbus chat with avahi_t Resolves: RHEL-32290 - Allow setroubleshootd get attributes of all sysctls Resolves: RHEL-34078 - Remove permissive domain for bootupd_t Resolves: RHEL-22173	2024-05-16 18:15:13 +02:00
Zdenek Pytela	1292191ae3	* Tue May 07 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.37-1 - Allow numad to trace processes in user namespace Resolves: RHEL-33994 - Remove permissive domain for rshim_t Resolves: RHEL-22173 - Remove permissive domain for mptcpd_t Resolves: RHEL-22173 - Remove permissive domain for coreos_installer_t Resolves: RHEL-22173 - Remove permissive domain for afterburn_t Resolves: RHEL-22173 - Update afterburn policy Resolves: RHEL-22173 - Allow bootupd search EFI directory Resolves: RHEL-22172 - Add the bootupd module Resolves: RHEL-22172 - Add policy for bootupd Resolves: RHEL-22172 - Label /dev/mmcblk0rpmb character device with removable_device_t Resolves: RHEL-28080 - Differentiate between staff and sysadm when executing crontab with sudo Resolves: RHEL-31888 - Add crontab_admin_domtrans interface Resolves: RHEL-31888 - Add crontab_domtrans interface Resolves: RHEL-31888 - Allow svirt_t read vm sysctls Resolves: RHEL-32296	2024-05-07 22:35:20 +02:00
Zdenek Pytela	eab0528813	* Mon Apr 15 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.36-1 - Allow systemd-timedated get the timemaster service status Resolves: RHEL-25978 - postfix: allow qmgr to delete mails in bounce/ directory Resolves: RHEL-30271 - Allow NetworkManager the sys_ptrace capability in user namespace Resolves: RHEL-24346 - Label /dev/iommu with iommu_device_t Resolves: RHEL-22063 - Allow qemu-ga read vm sysctls Resolves: RHEL-31892 - Update repository link and branches names for c9s Related: RHEL-22960	2024-04-15 15:04:15 +02:00
Zdenek Pytela	e04ed68484	Update repository link and branches names for c9s Now the fedora-selinux/selinux-policy repository is used for policy sources and both git and dist-git use the c9s branch. Related: RHEL-22960	2024-04-15 15:00:51 +02:00
Zdenek Pytela	1b5f5feb56	* Thu Mar 14 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.35-2 - Rebuild Resolves: RHEL-26663	2024-03-14 15:02:43 +01:00
Zdenek Pytela	56acbf608d	* Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.35-1 - Allow wdmd read hardware state information Resolves: RHEL-26663	2024-03-08 18:32:26 +01:00
Zdenek Pytela	832df72f06	* Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.34-1 - Allow wdmd list the contents of the sysfs directories Resolves: RHEL-26663 - Allow linuxptp configure phc2sys and chronyd over a unix domain socket Resolves: RHEL-26660	2024-03-08 12:03:52 +01:00
Juraj Marcin	46be9da4df	* Thu Feb 22 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.33-1 - Allow thumb_t to watch and watch_reads mount_var_run_t Resolves: RHEL-26073 - Allow opafm create NFS files and directories Resolves: RHEL-17820 - Label /tmp/libdnf.* with user_tmp_t Resolves: RHEL-11250	2024-02-22 18:19:15 +01:00
Juraj Marcin	6d154864b5	* Thu Feb 15 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.32-1 - Dontaudit subscription manager setfscreate and read file contexts Resolves: RHEL-21635 - Allow xdm_t to watch and watch_reads mount_var_run_t Resolves: RHEL-24841 - Allow unix dgram sendto between exim processes Resolves: RHEL-21902 - Allow utempter_t use ptmx Resolves: RHEL-24946 - Only allow confined user domains to login locally without unconfined_login Resolves: RHEL-1551 - Add userdom_spec_domtrans_confined_admin_users interface Resolves: RHEL-1551 - Only allow admindomain to execute shell via ssh with ssh_sysadm_login Resolves: RHEL-1551 - Add userdom_spec_domtrans_admin_users interface Resolves: RHEL-1551 - Move ssh dyntrans to unconfined inside unconfined_login tunable policy Resolves: RHEL-1551	2024-02-15 18:32:21 +01:00
Juraj Marcin	f9546d9349	* Thu Jan 25 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.31-1 - Allow chronyd-restricted read chronyd key files Resolves: RHEL-18219 - Allow conntrackd_t to use bpf capability2 Resolves: RHEL-22277 - Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on Resolves: RHEL-14735 - Allow hypervkvp_t write access to NetworkManager_etc_rw_t Resolves: RHEL-14505 - Add interface for write-only access to NetworkManager rw conf Resolves: RHEL-14505 - Allow unconfined_domain_type use IORING_OP_URING_CMD on all device nodes Resolves: RHEL-11792	2024-01-25 14:18:27 +01:00
Zdenek Pytela	88b880c6c7	* Fri Jan 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.30-1 - Allow sysadm execute traceroute in sysadm_t domain using sudo Resolves: RHEL-14077 - Allow qatlib set attributes of vfio device files Resolves: RHEL-19051 - Allow qatlib load kernel modules Resolves: RHEL-19051 - Allow qatlib run lspci Resolves: RHEL-19051 - Allow qatlib manage its private runtime socket files Resolves: RHEL-19051 - Allow qatlib read/write vfio devices Resolves: RHEL-19051 - Allow syslog to run unconfined scripts conditionally Resolves: RHEL-11174 - Allow syslogd_t nnp_transition to syslogd_unconfined_script_t Resolves: RHEL-11174 - Allow sendmail MTA connect to sendmail LDA Resolves: RHEL-15175 - Allow sysadm execute tcpdump in sysadm_t domain using sudo Resolves: RHEL-15432 - Allow opafm search nfs directories Resolves: RHEL-17820 - Allow mdadm list stratisd data directories Resolves: RHEL-19276 - Update cyrus_stream_connect() to use sockets in /run Resolves: RHEL-19282 - Allow collectd connect to statsd port Resolves: RHEL-21044 - Allow insights-client transition to sap unconfined domain Resolves: RHEL-21452 - Create the sap module Resolves: RHEL-21452	2024-01-13 00:24:21 +01:00
Zdenek Pytela	05d668a2ce	Add the sap module to modules-targeted-contrib.conf Resolves: RHEL-21452	2024-01-12 19:14:13 +01:00
Juraj Marcin	c2074133ec	* Thu Dec 14 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.29-1 - Add init_explicit_domain() interface Resolves: RHEL-18219 - Allow dovecot_auth_t connect to postgresql using UNIX socket Resolves: RHEL-16850 - Allow keepalived_t to use sys_ptrace of cap_userns Resolves: RHEL-17156 - Make `bootc` be `install_exec_t` Resolves: RHEL-19199 - Add support for chronyd-restricted Resolves: RHEL-18219 - Label /dev/vas with vas_device_t Resolves: RHEL-17336 - Allow gpsd use /dev/gnss devices Resolves: RHEL-16676 - Allow sendmail manage its runtime files Resolves: RHEL-15175 - Add support for syslogd unconfined scripts Resolves: RHEL-11174	2023-12-14 14:17:21 +01:00
Juraj Marcin	575be8bea0	Add /bin = /usr/bin file context equivalency Resolves: RHEL-5032	2023-12-14 14:00:17 +01:00
Juraj Marcin	a53a4197a0	* Thu Nov 30 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.28-1 - Create interface selinux_watch_config and add it to SELinux users Resolves: RHEL-1555 - Allow winbind_rpcd_t processes access when samba_export_all_* is on Resolves: RHEL-16273 - Allow samba-dcerpcd connect to systemd_machined over a unix socket Resolves: RHEL-16273 - Allow winbind-rpcd make a TCP connection to the ldap port Resolves: RHEL-16273 - Allow sudodomain read var auth files Resolves: RHEL-16708 - Allow auditd read all domains process state Resolves: RHEL-14285 - Allow rsync read network sysctls Resolves: RHEL-14638 - Add dhcpcd bpf capability to run bpf programs Resolves: RHEL-15326 - Allow systemd-localed create Xserver config dirs Resolves: RHEL-16716 - Label /var/run/tmpfiles.d/static-nodes.conf with kmod_var_run_t Resolves: RHEL-1553 - Update sendmail policy module for opensmtpd Resolves: RHEL-15175	2023-11-30 11:37:06 +01:00
Juraj Marcin	4715f116ff	* Tue Nov 14 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.27-1 - Remove glusterd module Resolves: RHEL-1548 - Improve default file context(None) of /var/lib/authselect/backups Resolves: RHEL-15220 - Set default file context of /var/lib/authselect/backups to <<none>> Resolves: RHEL-15220 - Create policy for afterburn Resolves: RHEL-12591 - Allow unconfined_domain_type use io_uring cmd on domain Resolves: RHEL-11792 - Add policy for coreos installer Resovles: RHEL-5164 - Add policy for nvme-stas Resolves: RHEL-1557 - Label /var/run/auditd.state as auditd_var_run_t Resolves: RHEL-14374 - Allow ntp to bind and connect to ntske port. Resolves: RHEL-15085 - Allow ip an explicit domain transition to other domains Resolves: RHEL-14246 - Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t Resolves: RHEL-14289 - Allow sssd domain transition on passkey_child execution conditionally Resolves: RHEL-14014 - Allow sssd use usb devices conditionally Resolves: RHEL-14014 - Allow kdump create and use its memfd: objects Resolves: RHEL-14413	2023-11-14 20:51:42 +01:00
Juraj Marcin	dbd1e9f272	Remove glusterd from modules-targeted-*.conf Resolves: RHEL-1548	2023-11-14 20:51:42 +01:00
Juraj Marcin	13b73ff37a	Add afterburn to modules-targeted-contrib.conf Resolves: RHEL-12591	2023-11-14 20:51:42 +01:00
Zdenek Pytela	04adb244ee	Add coreos_installer to modules-targeted-contrib.conf Resolves: RHEL-5164	2023-11-14 20:51:29 +01:00
Zdenek Pytela	eccb49870a	Add nvme_stas to modules-targeted-contrib.conf Resolves: RHEL-1557	2023-11-14 20:51:12 +01:00
Milos Malik	f8347e3b30	fix the sequence of script commands A missing ';' character can cause an error when the script lines get concatenated and executed on RHEL-9 machines.	2023-11-09 08:08:39 +01:00
Milos Malik	bd4dd09bb0	run relevant Tier1 tests via TMT From now on, all relevant Tier1 tests will be executed via TMT.	2023-11-02 14:05:24 +01:00
Zdenek Pytela	78a1079d35	* Tue Oct 31 2023 Zdenek Pytela <zpytela@redhat.com> - 38.1.26-1 - Allow kdump create and use its memfd: objects Resolves: RHEL-14413	2023-10-31 11:17:20 +01:00
Zdenek Pytela	01fb30d35f	* Fri Oct 20 2023 Zdenek Pytela <zpytela@redhat.com> - 38.1.25-1 - Add map_read map_write to kernel_prog_run_bpf Resolves: RHEL-2653 - Allow sysadm_t read nsfs files Resolves: RHEL-5146 - Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t Resolves: RHEL-14029 - Allow system_mail_t manage exim spool files and dirs Resolves: RHEL-14110 - Label /run/pcsd.socket with cluster_var_run_t Resolves: RHEL-1664	2023-10-20 14:55:36 +02:00

1 2 3 4

179 Commits