Commit Graph

118 Commits

Author SHA1 Message Date
Zdenek Pytela
d71412e8ad Add the kafs module 2023-06-23 17:09:10 +02:00
Zdenek Pytela
c7eb7f478f Add booth module 2023-05-26 22:05:40 +02:00
Zdenek Pytela
dfde7d3e7a * Mon May 22 2023 Zdenek Pytela <zpytela@redhat.com> - 38.13-1
- Add initial policy for cifs-helper
- Label key.dns_resolver with keyutils_dns_resolver_exec_t
- Allow unconfined_service_t to create .gnupg labeled as gpg_secret_t
- Allow some systemd services write to cgroup files
- Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files
- Allow systemd resolved to bind to arbitrary nodes
- Allow plymouthd_t bpf capability to run bpf programs
- Allow cupsd to create samba_var_t files
- Allow rhsmcert request the kernel to load a module
- Allow virsh name_connect virt_port_t
- Allow certmonger manage cluster library files
- Allow plymouthd read init process state
- Add chromium_sandbox_t setcap capability
- Allow snmpd read raw disk data
- Allow samba-rpcd work with passwords
- Allow unconfined service inherit signal state from init
- Allow cloud-init manage gpg admin home content
- Allow cluster_t dbus chat with various services
- Allow nfsidmapd work with systemd-userdbd and sssd
- Allow unconfined_domain_type use IORING_OP_URING_CMD on all device nodes
- Allow plymouthd map dri and framebuffer devices
- Allow rpmdb_migrate execute rpmdb
- Allow logrotate dbus chat with systemd-hostnamed
- Allow icecast connect to kernel using a unix stream socket
- Allow lldpad connect to systemd-userdbd over a unix socket
- Allow journalctl open user domain ptys and ttys
- Allow keepalived to manage its tmp files
- Allow ftpd read network sysctls
- Label /run/bgpd with zebra_var_run_t
- Allow gssproxy read network sysctls
- Add the cifsutils module
2023-05-22 09:00:23 +02:00
Zdenek Pytela
0d20c35838 * Wed Feb 08 2023 Zdenek Pytela <zpytela@redhat.com> - 38.7-1
- Allowing snapper to create snapshots of /home/ subvolume/partition
- Add boolean qemu-ga to run unconfined script
- Label systemd-journald feature LogNamespace
- Add none file context for polyinstantiated tmp dirs
- Allow certmonger read the contents of the sysfs filesystem
- Add journalctl the sys_resource capability
- Allow nm-dispatcher plugins read generic files in /proc
- Add initial policy for the /usr/sbin/request-key helper
- Additional support for rpmdb_migrate
- Add the keyutils module
2023-02-08 21:31:38 +01:00
Zdenek Pytela
6a5242edba Add mptcpd and rshim modules 2022-12-15 11:31:44 +01:00
Zdenek Pytela
17a6cf70e4 * Mon Nov 21 2022 Zdenek Pytela <zpytela@redhat.com> - 38.1-1
- Revert "Allow sysadm_t read raw memory devices"
- Allow systemd-socket-proxyd get attributes of cgroup filesystems
- Allow rpc.gssd read network sysctls
- Allow winbind-rpcd get attributes of device and pty filesystems
- Allow insights-client domain transition on semanage execution
- Allow insights-client create gluster log dir with a transition
- Allow insights-client manage generic locks
- Allow insights-client unix_read all domain semaphores
- Add domain_unix_read_all_semaphores() interface
- Allow winbind-rpcd use the terminal multiplexor
- Allow mrtg send mails
- Allow systemd-hostnamed dbus chat with init scripts
- Allow sssd dbus chat with system cronjobs
- Add interface to watch all filesystems
- Add watch_sb interfaces
- Add watch interfaces
- Allow dhcpd bpf capability to run bpf programs
- Allow netutils and traceroute bpf capability to run bpf programs
- Allow pkcs_slotd_t bpf capability to run bpf programs
- Allow xdm bpf capability to run bpf programs
- Allow pcscd bpf capability to run bpf programs
- Allow lldpad bpf capability to run bpf programs
- Allow keepalived bpf capability to run bpf programs
- Allow ipsec bpf capability to run bpf programs
- Allow fprintd bpf capability to run bpf programs
- Allow systemd-socket-proxyd get filesystems attributes
- Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files
2022-11-21 17:04:56 +01:00
Zdenek Pytela
bee780fc8d Remove "ipa = module" from modules-targeted-contrib.conf 2022-10-03 18:02:43 +02:00
Zdenek Pytela
faefd4829c Remove "cockpit = module" from modules-targeted-contrib.conf 2022-09-30 15:08:32 +02:00
Zdenek Pytela
d02146ba68 * Wed Sep 14 2022 Zdenek Pytela <zpytela@redhat.com> - 37.11-1
- Allow tor get filesystem attributes
- Allow utempter append to login_userdomain stream
- Allow login_userdomain accept a stream connection to XDM
- Allow login_userdomain write to boltd named pipes
- Allow staff_u and user_u users write to bolt pipe
- Allow login_userdomain watch various directories
- Update rhcd policy for executing additional commands 5
- Update rhcd policy for executing additional commands 4
- Allow rhcd create rpm hawkey logs with correct label
- Allow systemd-gpt-auto-generator to check for empty dirs
- Update rhcd policy for executing additional commands 3
- Allow journalctl read rhcd fifo files
- Update insights-client policy for additional commands execution 5
- Allow init remount all file_type filesystems
- Confine insights-client systemd unit
- Update insights-client policy for additional commands execution 4
- Allow pcp pmcd search tracefs and acct_data dirs
- Allow httpd read network sysctls
- Dontaudit domain map permission on directories
- Revert "Allow X userdomains to mmap user_fonts_cache_t dirs"
- Revert "Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)"
- Update insights-client policy for additional commands execution 3
- Allow systemd permissions needed for sandboxed services
- Add rhcd module
- Make dependency on rpm-plugin-selinux unordered
2022-09-14 09:14:08 +02:00
Zdenek Pytela
8e34354093 Add stalld module to modules-targeted-contrib.conf 2022-04-21 09:10:30 +02:00
Zdenek Pytela
e42de71056 Add insights_client module to modules-targeted-contrib.conf 2022-02-23 18:43:55 +01:00
Zdenek Pytela
a38b01faa8 * Thu Oct 07 2021 Zdenek Pytela <zpytela@redhat.com> - 35.1-1
- Add fedoratp module
- Allow xdm_t domain transition to fedoratp_t
- Allow ModemManager create and use netlink route socket
- Add default file context for /run/gssproxy.default.sock
- Allow xdm_t watch fonts directories
- Allow xdm_t watch generic directories in /lib
- Allow xdm_t watch generic pid directories
2021-10-07 18:06:06 +02:00
Zdenek Pytela
9365468edb * Fri Aug 27 2021 Zdenek Pytela <zpytela@redhat.com> - 34.17-5
- Add ica module to modules-targeted-contrib.conf
2021-08-27 13:46:07 +02:00
Zdenek Pytela
b7b2c03ca7 * Tue Apr 16 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-12
- Allow rngd create netlink_kobject_uevent_socket and read udev runtime files
- Allow ssh-keygen create file in /var/lib/glusterd
- Update ctdbd_manage_lib_files() to also allow mmap ctdbd_var_lib_t files
- Merge ipa and ipa_custodia modules
- Allow NetworkManager_ssh_t to execute_no_trans for binary ssh_exec_t
- Introduce daemons_dontaudit_scheduling boolean
- Modify path for arping in netutils.fc to match both bin and sbin
- Change file context for /var/run/pam_ssh to match file transition
- Add file context entry and file transition for /var/run/pam_timestamp
2020-04-14 16:43:04 +02:00
Lukas Vrabec
ecab8b5cc3
Make ipa_custodia policy active 2019-09-20 14:58:18 +02:00
Lukas Vrabec
72de5a3804
Make stratisd policy active 2019-09-10 15:28:53 +02:00
Lukas Vrabec
b711f66972
Make rrdcached policy active 2019-07-29 15:33:56 +02:00
Lukas Vrabec
0244479d79
Make timedatex module active 2019-07-23 12:49:04 +02:00
Lukas Vrabec
4086d43dcb
Make kpatch policy active 2018-11-27 13:52:09 +01:00
Lukas Vrabec
4b05ad26d8
* Sat Oct 13 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-8
- ejabberd SELinux module removed, it's shipped by ejabberd-selinux package
2018-10-13 22:39:48 +02:00
Lukas Vrabec
75a1d62043
Make boltd policy active 2018-08-07 15:19:00 +02:00
Lukas Vrabec
47801d873a
Enable opafm policy module 2018-08-06 06:31:51 +02:00
Lukas Vrabec
113644e361
Make ibacm policy active 2018-06-29 15:32:02 +02:00
Lukas Vrabec
11e95ea76d
Make tangd policy active 2018-04-25 11:01:01 +02:00
Lukas Vrabec
a0b507db50 Remove ganesha module from active modules 2017-12-06 10:11:13 +01:00
Lukas Vrabec
67f96cfe2c Make conntrackd policy active 2017-10-16 14:41:30 +02:00
Lukas Vrabec
52a7727e8d Make active ejabberd SELinux module 2017-05-15 22:03:01 +02:00
Lukas Vrabec
181568df60 Make ganesha module active 2017-02-16 22:11:52 +01:00
Lukas Vrabec
12b9bf40f9 Remove gear policy from selinux-policy package 2016-12-14 15:58:36 +01:00
Lukas Vrabec
42206f3502 Make tlp policy active 2016-11-16 14:33:40 +01:00
Lukas Vrabec
acb4d9f0be Revert "Make udisks2 SELinux module active"
This reverts commit 0c6f87bc1e.
2016-08-31 10:13:08 +02:00
Lukas Vrabec
0c6f87bc1e Make udisks2 SELinux module active 2016-08-24 10:49:51 +02:00
Lukas Vrabec
7ea7c37249 Make sbd SELinux module active 2016-07-05 13:50:18 +02:00
Lukas Vrabec
8759fb6a8e Make hwloc module active 2016-06-09 16:38:56 +02:00
Lukas Vrabec
c85e72ce63 Make opendnssec module active 2016-05-25 12:20:13 +02:00
Lukas Vrabec
b07cbca68f Make rkt policy active. 2016-02-26 17:34:45 +01:00
Lukas Vrabec
93a03bbf67 Make lttng-tools SELinux module active 2016-02-15 21:34:40 +01:00
Lukas Vrabec
0cb9270926 Add fwupd module to modules-targeted-contrib.conf file. 2016-01-18 14:50:53 +01:00
Miroslav Grepl
5c3fd596c9 Add support for openfortivpn 2015-11-10 08:18:14 +01:00
Vit Mojzis
263716cfef Set recently created domains as permissive for testing period. Enable new ipmievd domain. #1241453 2015-10-15 13:40:32 +02:00
Lukas Vrabec
23d80687e0 Make pkcs11proxyd policy active 2015-09-29 18:16:18 +02:00
Vit Mojzis
53aa42deae Activate new blkmapd policy. 2015-08-20 12:37:22 +02:00
Vit Mojzis
c4a368df4f Activate new hsqldb policy. 2015-08-17 15:05:14 +02:00
Lukas Vrabec
cfb63d8e0e Make targetd policy active. 2015-08-04 14:16:26 +02:00
Lukas Vrabec
a82345f380 Make sslh policy active 2015-08-03 10:16:38 +02:00
Lukas Vrabec
6ca75adfd3 Make pdns policy active. 2015-07-28 16:56:19 +02:00
Lukas Vrabec
f9d97717a8 * Wed Mar 18 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-119
- build without docker
2015-03-18 17:03:21 +01:00
Miroslav Grepl
b97a0c7a41 Turn on rolekit in F22 2015-03-06 17:11:00 +01:00
Dan Walsh
800a85e70f Add new policy for hostapd 2015-01-03 09:32:33 -05:00
Lukas Vrabec
bfb6adef8b Added support for linuxptp policy. 2014-11-07 19:12:59 +01:00