Commit Graph

31 Commits

Author SHA1 Message Date
Lukas Vrabec
1826d51b0d * Wed Oct 04 2023 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-130
- Label msmtp and msmtpd with sendmail_exec_t
Resolves: RHEL-1678
- Set default file context of HOME_DIR/tmp/.* to <<none>>
Resolves: RHEL-1099
- Improve default file context(None) of /var/lib/authselect/backups
Resolves: RHEL-3539
2023-10-04 13:20:31 +02:00
Lukas Vrabec
728deb0464 * Fri Sep 29 2023 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-129
- Set default file context of /var/lib/authselect/backups to <<none>>
Resolves: RHEL-3539
- Add file context specification for /usr/libexec/realmd
Resolves: RHEL-2147
- Add numad the ipc_owner capability
Resolves: RHEL-2415
2023-09-29 20:44:20 +02:00
Zdenek Pytela
d3c8942890 * Fri Aug 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-128
- Allow ssh_agent_type manage generic cache home files
Resolves: rhbz#2177704
- Add chromium_sandbox_t setcap capability
Resolves: rhbz#2221573
2023-08-25 14:02:35 +02:00
Zdenek Pytela
ef4e39e85f * Thu Aug 17 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-127
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 3
Resolves: rhbz#2229726
2023-08-17 13:47:08 +02:00
Zdenek Pytela
29d572116d * Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-126
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 1/2
Resolves: rhbz#2229726
- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
Resolves: rhbz#2177704
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 2/2
Resolves: rhbz#2229726
- Make insights_client_t an unconfined domain
Resolves: rhbz#2225527
- Allow insights-client create all rpm logs with a correct label
Resolves: rhbz#2229559
- Allow insights-client manage generic logs
Resolves: rhbz#2229559
2023-08-11 20:39:42 +02:00
Zdenek Pytela
1b1eb8edb4 * Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-125
- Allow user_u and staff_u get attributes of non-security dirs
Resolves: rhbz#2216151
- Allow unconfined user filetrans chrome_sandbox_home_t 1/2
Resolves: rhbz#2221573
- Allow unconfined user filetrans chrome_sandbox_home_t 2/2
Resolves: rhbz#2221573
- Allow insights-client execmem
Resolves: rhbz#2225233
- Allow svnserve execute postdrop with a transition
Resolves: rhbz#2004843
- Do not make postfix_postdrop_t type an MTA executable file
Resolves: rhbz#2004843
- Allow samba-dcerpc service manage samba tmp files
Resolves: rhbz#2210771
- Update samba-dcerpc policy for printing
Resolves: rhbz#2210771
2023-08-04 16:16:26 +02:00
Zdenek Pytela
edd3ad31f7 * Thu Jul 20 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-124
- Add the files_getattr_non_auth_dirs() interface
Resolves: rhbz#2076937
- Update policy for the sblim-sfcb service
Resolves: rhbz#2076937
- Dontaudit sfcbd sys_ptrace cap_userns
Resolves: rhbz#2076937
- Label /usr/sbin/sos with sosreport_exec_t
Resolves: rhbz#2167731
- Allow sa-update manage spamc home files
Resolves: rhbz#2222200
- Allow sa-update connect to systemlog services
Resolves: rhbz#2222200
- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
Resolves: rhbz#2222200
2023-07-20 17:52:48 +02:00
Zdenek Pytela
01e007e93d Exclude container-selinux manpage from selinux-policy-doc
The container_selinux.8 manpage is a part of the upstream
container-selinux package and it should rather be a part
of container-selinux.

Resolves: rhbz#2218362
2023-06-29 12:38:57 +02:00
Zdenek Pytela
23e1dd29b9 * Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-123
- Label only /usr/sbin/ripd and ripngd with zebra_exec_t
Resolves: rhbz#2213606
- Allow httpd tcp connect to redis port conditionally
Resolves: rhbz#2213965
- Exclude container-selinux manpage from selinux-policy-doc
Resolves: rhbz#2218362
2023-06-29 12:37:59 +02:00
Nikola Knazekova
289f477398 * Thu Jun 15 2023 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-122
- Update cyrus_stream_connect() to use sockets in /run
Resolves: rhbz#2165752
- Allow insights-client map generic log files
Resolves: rhbz#2214572
- Allow insights-client work with pipe and socket tmp files
Resolves: rhbz#2207819
- Allow insights-client getsession process permission
Resolves: rhbz#2207819
- Allow keepalived to manage its tmp files
Resolves: rhbz#2179335
2023-06-15 22:06:42 +02:00
Zdenek Pytela
534ee173e7 * Thu May 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-121
- Update pkcsslotd policy for sandboxing 2/2
Resolves: rhbz#2208162
- Update pkcsslotd policy for sandboxing 1/2
Resolves: rhbz#2208162
- Allow abrt_t read kernel persistent storage files
Resolves: rhbz#2207914
- Add allow rules for lttng-sessiond domain
Resolves: rhbz#2203509
- Allow rpcd_lsad setcap and use generic ptys
Resolves: rhbz#2107106
- Allow samba-dcerpcd connect to systemd_machined over a unix socket
Resolves: rhbz#2107106
- Dontaudit targetd search httpd config dirs
Resolves: rhbz#2203720
2023-05-25 21:29:12 +02:00
Zdenek Pytela
fc4cf3fb79 * Thu May 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-120
- Allow unconfined service inherit signal state from init
Resolves: rhbz#2177254
- Allow systemd-pstore delete kernel persistent storage files
Resolves: rhbz#2181558
- Add fs_delete_pstore_files() interface
Resolves: rhbz#2181558
- Allow certmonger manage cluster library files
Resolves: rhbz#2177836
- Allow samba-rpcd work with passwords
Resolves: rhbz#2107106
- Allow snmpd read raw disk data
Resolves: rhbz#2160000
- Allow cluster_t dbus chat with various services
Resolves: rhbz#2196524
2023-05-11 19:40:42 +02:00
Zdenek Pytela
b48de44518 * Fri Apr 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-119
- Add unconfined_server_read_semaphores() interface
Resolves: rhbz#2183351
- Allow systemd-pstore read kernel persistent storage files
Resolves: rhbz#2181558
- Add fs_read_pstore_files() interface
Resolves: rhbz#2181558
- Allow insights-client work with teamdctl
Resolves: rhbz#2185158
- Allow insights-client read unconfined service semaphores
Resolves: rhbz#2183351
- Allow insights-client get quotas of all filesystems
Resolves: rhbz#2183351
2023-04-21 17:08:40 +02:00
Zdenek Pytela
009a32345a * Thu Apr 13 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-118
- Allow login_pgm setcap permission
Resolves: rhbz#2172541
- Label /run/fsck with fsadm_var_run_t
Resolves: rhbz#2184348
- Add boolean qemu-ga to run unconfined script
Resolves: rhbz#2028762
- Allow dovecot-deliver write to the main process runtime fifo files
Resolves: rhbz#2170495
- Allow certmonger dbus chat with the cron system domain
Resolves: rhbz#2173289
- Allow insights-client read all sysctls
Resolves: rhbz#2177607
2023-04-14 09:54:39 +02:00
CentOS Sources
7d8f8c5a54 Auto sync2gitlab import of selinux-policy-3.14.3-117.el8.src.rpm 2023-02-18 02:11:46 +00:00
CentOS Sources
88f724ac2c Auto sync2gitlab import of selinux-policy-3.14.3-115.el8.src.rpm 2023-01-28 08:08:34 +00:00
CentOS Sources
3db2fd1ef3 Auto sync2gitlab import of selinux-policy-3.14.3-114.el8.src.rpm 2023-01-14 10:10:16 +00:00
CentOS Sources
738125b00d Auto sync2gitlab import of selinux-policy-3.14.3-113.el8.src.rpm 2022-12-19 16:09:18 +00:00
CentOS Sources
f7adb29799 Auto sync2gitlab import of selinux-policy-3.14.3-112.el8.src.rpm 2022-12-04 06:09:15 +00:00
CentOS Sources
e408680df8 Auto sync2gitlab import of selinux-policy-3.14.3-111.el8.src.rpm 2022-11-22 18:09:09 +00:00
CentOS Sources
bac7993408 Auto sync2gitlab import of selinux-policy-3.14.3-110.el8.src.rpm 2022-10-26 10:09:34 +00:00
CentOS Sources
f244f04ef7 Auto sync2gitlab import of selinux-policy-3.14.3-109.el8.src.rpm 2022-10-15 20:11:40 +00:00
CentOS Sources
28b22b85f1 Auto sync2gitlab import of selinux-policy-3.14.3-108.el8.src.rpm 2022-09-09 12:09:46 +00:00
CentOS Sources
28da52cae8 Auto sync2gitlab import of selinux-policy-3.14.3-107.el8.src.rpm 2022-08-27 14:20:01 +00:00
CentOS Sources
020b5dcec8 Auto sync2gitlab import of selinux-policy-3.14.3-106.el8.src.rpm 2022-08-16 02:10:51 +00:00
CentOS Sources
6ef9bd966b Auto sync2gitlab import of selinux-policy-3.14.3-105.el8.src.rpm 2022-08-02 22:11:21 +00:00
CentOS Sources
66163acd0f Auto sync2gitlab import of selinux-policy-3.14.3-104.el8.src.rpm 2022-07-02 00:14:29 +00:00
CentOS Sources
09418e83d2 Auto sync2gitlab import of selinux-policy-3.14.3-100.el8.src.rpm 2022-06-11 10:09:54 +00:00
James Antill
291ee391b8 Auto sync2gitlab import of selinux-policy-3.14.3-99.el8.src.rpm 2022-06-07 00:01:12 -04:00
James Antill
bbc61bc528 Auto sync2gitlab import of selinux-policy-3.14.3-98.el8.src.rpm 2022-05-31 15:00:30 -04:00
James Antill
70d901a9e4 Auto sync2gitlab import of selinux-policy-3.14.3-95.el8.src.rpm 2022-05-26 14:23:57 -04:00