5db7d069a4
fix the sequence of script commands
...
A missing ';' character causes an error when the script lines get
concatenated and executed on RHEL-8 machine.
2023-11-09 07:00:01 +01:00
e756dec2b1
* Wed Nov 08 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-131
...
- Additional permissions for ip-vrf
Resolves: RHEL-9981
- Allow ip an explicit domain transition to other domains
Resolves: RHEL-9981
- Allow winbind_rpcd_t processes access when samba_export_all_* is on
Resolves: RHEL-5845
- Allow system_mail_t manage exim spool files and dirs
Resolves: RHEL-14186
2023-11-08 12:13:14 +01:00
95f948b470
improve the Tier1 test plan
...
To avoid known failures, do not run the tests which have the
failinfedora tag.
To make more tests working, enable the EPEL repository too.
2023-11-03 20:58:29 +01:00
1826d51b0d
* Wed Oct 04 2023 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-130
...
- Label msmtp and msmtpd with sendmail_exec_t
Resolves: RHEL-1678
- Set default file context of HOME_DIR/tmp/.* to <<none>>
Resolves: RHEL-1099
- Improve default file context(None) of /var/lib/authselect/backups
Resolves: RHEL-3539
2023-10-04 13:20:31 +02:00
728deb0464
* Fri Sep 29 2023 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-129
...
- Set default file context of /var/lib/authselect/backups to <<none>>
Resolves: RHEL-3539
- Add file context specification for /usr/libexec/realmd
Resolves: RHEL-2147
- Add numad the ipc_owner capability
Resolves: RHEL-2415
2023-09-29 20:44:20 +02:00
d3c8942890
* Fri Aug 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-128
...
- Allow ssh_agent_type manage generic cache home files
Resolves: rhbz#2177704
- Add chromium_sandbox_t setcap capability
Resolves: rhbz#2221573
2023-08-25 14:02:35 +02:00
ef4e39e85f
* Thu Aug 17 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-127
...
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 3
Resolves: rhbz#2229726
2023-08-17 13:47:08 +02:00
29d572116d
* Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-126
...
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 1/2
Resolves: rhbz#2229726
- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
Resolves: rhbz#2177704
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 2/2
Resolves: rhbz#2229726
- Make insights_client_t an unconfined domain
Resolves: rhbz#2225527
- Allow insights-client create all rpm logs with a correct label
Resolves: rhbz#2229559
- Allow insights-client manage generic logs
Resolves: rhbz#2229559
2023-08-11 20:39:42 +02:00
1b1eb8edb4
* Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-125
...
- Allow user_u and staff_u get attributes of non-security dirs
Resolves: rhbz#2216151
- Allow unconfined user filetrans chrome_sandbox_home_t 1/2
Resolves: rhbz#2221573
- Allow unconfined user filetrans chrome_sandbox_home_t 2/2
Resolves: rhbz#2221573
- Allow insights-client execmem
Resolves: rhbz#2225233
- Allow svnserve execute postdrop with a transition
Resolves: rhbz#2004843
- Do not make postfix_postdrop_t type an MTA executable file
Resolves: rhbz#2004843
- Allow samba-dcerpc service manage samba tmp files
Resolves: rhbz#2210771
- Update samba-dcerpc policy for printing
Resolves: rhbz#2210771
2023-08-04 16:16:26 +02:00
edd3ad31f7
* Thu Jul 20 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-124
...
- Add the files_getattr_non_auth_dirs() interface
Resolves: rhbz#2076937
- Update policy for the sblim-sfcb service
Resolves: rhbz#2076937
- Dontaudit sfcbd sys_ptrace cap_userns
Resolves: rhbz#2076937
- Label /usr/sbin/sos with sosreport_exec_t
Resolves: rhbz#2167731
- Allow sa-update manage spamc home files
Resolves: rhbz#2222200
- Allow sa-update connect to systemlog services
Resolves: rhbz#2222200
- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
Resolves: rhbz#2222200
2023-07-20 17:52:48 +02:00
01e007e93d
Exclude container-selinux manpage from selinux-policy-doc
...
The container_selinux.8 manpage is a part of the upstream
container-selinux package and it should rather be a part
of container-selinux.
Resolves: rhbz#2218362
2023-06-29 12:38:57 +02:00
23e1dd29b9
* Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-123
...
- Label only /usr/sbin/ripd and ripngd with zebra_exec_t
Resolves: rhbz#2213606
- Allow httpd tcp connect to redis port conditionally
Resolves: rhbz#2213965
- Exclude container-selinux manpage from selinux-policy-doc
Resolves: rhbz#2218362
2023-06-29 12:37:59 +02:00
289f477398
* Thu Jun 15 2023 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-122
...
- Update cyrus_stream_connect() to use sockets in /run
Resolves: rhbz#2165752
- Allow insights-client map generic log files
Resolves: rhbz#2214572
- Allow insights-client work with pipe and socket tmp files
Resolves: rhbz#2207819
- Allow insights-client getsession process permission
Resolves: rhbz#2207819
- Allow keepalived to manage its tmp files
Resolves: rhbz#2179335
2023-06-15 22:06:42 +02:00
534ee173e7
* Thu May 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-121
...
- Update pkcsslotd policy for sandboxing 2/2
Resolves: rhbz#2208162
- Update pkcsslotd policy for sandboxing 1/2
Resolves: rhbz#2208162
- Allow abrt_t read kernel persistent storage files
Resolves: rhbz#2207914
- Add allow rules for lttng-sessiond domain
Resolves: rhbz#2203509
- Allow rpcd_lsad setcap and use generic ptys
Resolves: rhbz#2107106
- Allow samba-dcerpcd connect to systemd_machined over a unix socket
Resolves: rhbz#2107106
- Dontaudit targetd search httpd config dirs
Resolves: rhbz#2203720
2023-05-25 21:29:12 +02:00
fc4cf3fb79
* Thu May 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-120
...
- Allow unconfined service inherit signal state from init
Resolves: rhbz#2177254
- Allow systemd-pstore delete kernel persistent storage files
Resolves: rhbz#2181558
- Add fs_delete_pstore_files() interface
Resolves: rhbz#2181558
- Allow certmonger manage cluster library files
Resolves: rhbz#2177836
- Allow samba-rpcd work with passwords
Resolves: rhbz#2107106
- Allow snmpd read raw disk data
Resolves: rhbz#2160000
- Allow cluster_t dbus chat with various services
Resolves: rhbz#2196524
2023-05-11 19:40:42 +02:00
b48de44518
* Fri Apr 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-119
...
- Add unconfined_server_read_semaphores() interface
Resolves: rhbz#2183351
- Allow systemd-pstore read kernel persistent storage files
Resolves: rhbz#2181558
- Add fs_read_pstore_files() interface
Resolves: rhbz#2181558
- Allow insights-client work with teamdctl
Resolves: rhbz#2185158
- Allow insights-client read unconfined service semaphores
Resolves: rhbz#2183351
- Allow insights-client get quotas of all filesystems
Resolves: rhbz#2183351
2023-04-21 17:08:40 +02:00
009a32345a
* Thu Apr 13 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-118
...
- Allow login_pgm setcap permission
Resolves: rhbz#2172541
- Label /run/fsck with fsadm_var_run_t
Resolves: rhbz#2184348
- Add boolean qemu-ga to run unconfined script
Resolves: rhbz#2028762
- Allow dovecot-deliver write to the main process runtime fifo files
Resolves: rhbz#2170495
- Allow certmonger dbus chat with the cron system domain
Resolves: rhbz#2173289
- Allow insights-client read all sysctls
Resolves: rhbz#2177607
2023-04-14 09:54:39 +02:00
c38b24eb7c
Synchronize the repo content with the previous state
...
After the automated creation of the c8s branch, not all files tracked
previously in dist-git were added to the repository. This commit adds
all required files and also makes necessary changes.
Related: rhbz#2093355
2023-04-13 21:02:31 +02:00
79f7948acd
Bring gating.yaml over from Brew dist-git
...
Signed-off-by: Troy Dawson <tdawson@redhat.com>
2023-03-10 11:25:41 -08:00
9db2d9539c
Import rpm: c8s
2023-02-27 15:25:04 -05:00
7d8f8c5a54
Auto sync2gitlab import of selinux-policy-3.14.3-117.el8.src.rpm
2023-02-18 02:11:46 +00:00
88f724ac2c
Auto sync2gitlab import of selinux-policy-3.14.3-115.el8.src.rpm
2023-01-28 08:08:34 +00:00
3db2fd1ef3
Auto sync2gitlab import of selinux-policy-3.14.3-114.el8.src.rpm
2023-01-14 10:10:16 +00:00
738125b00d
Auto sync2gitlab import of selinux-policy-3.14.3-113.el8.src.rpm
2022-12-19 16:09:18 +00:00
f7adb29799
Auto sync2gitlab import of selinux-policy-3.14.3-112.el8.src.rpm
2022-12-04 06:09:15 +00:00
e408680df8
Auto sync2gitlab import of selinux-policy-3.14.3-111.el8.src.rpm
2022-11-22 18:09:09 +00:00
bac7993408
Auto sync2gitlab import of selinux-policy-3.14.3-110.el8.src.rpm
2022-10-26 10:09:34 +00:00
f244f04ef7
Auto sync2gitlab import of selinux-policy-3.14.3-109.el8.src.rpm
2022-10-15 20:11:40 +00:00
28b22b85f1
Auto sync2gitlab import of selinux-policy-3.14.3-108.el8.src.rpm
2022-09-09 12:09:46 +00:00
28da52cae8
Auto sync2gitlab import of selinux-policy-3.14.3-107.el8.src.rpm
2022-08-27 14:20:01 +00:00
020b5dcec8
Auto sync2gitlab import of selinux-policy-3.14.3-106.el8.src.rpm
2022-08-16 02:10:51 +00:00
6ef9bd966b
Auto sync2gitlab import of selinux-policy-3.14.3-105.el8.src.rpm
2022-08-02 22:11:21 +00:00
66163acd0f
Auto sync2gitlab import of selinux-policy-3.14.3-104.el8.src.rpm
2022-07-02 00:14:29 +00:00
09418e83d2
Auto sync2gitlab import of selinux-policy-3.14.3-100.el8.src.rpm
2022-06-11 10:09:54 +00:00
291ee391b8
Auto sync2gitlab import of selinux-policy-3.14.3-99.el8.src.rpm
2022-06-07 00:01:12 -04:00
bbc61bc528
Auto sync2gitlab import of selinux-policy-3.14.3-98.el8.src.rpm
2022-05-31 15:00:30 -04:00
70d901a9e4
Auto sync2gitlab import of selinux-policy-3.14.3-95.el8.src.rpm
2022-05-26 14:23:57 -04:00
d550681291
Initial c8s branch.
2022-05-26 14:23:53 -04:00
Milos Malik
Zdenek Pytela
Lukas Vrabec
Nikola Knazekova
Troy Dawson
James Antill
CentOS Sources