Commit Graph

37 Commits

Author SHA1 Message Date
Zdenek Pytela
fe855b4c90 * Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-138
- Allow wdmd list the contents of the sysfs directories
Resolves: RHEL-27507
- Allow linuxptp configure phc2sys and chronyd over a unix domain socket
Resolves: RHEL-27394
2024-03-08 10:25:36 +01:00
Zdenek Pytela
66e607f19e * Thu Feb 22 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-137
- Differentiate between staff and sysadm when executing crontab with sudo
Resolves: RHEL-1388
- Allow su domains write login records
Resolves: RHEL-2606
- Revert "Allow su domains write login records"
Resolves: RHEL-2606
- Add crontab_admin_domtrans interface
Resolves: RHEL-1388
- Allow gpg manage rpm cache
Resolves: RHEL-11249
2024-02-22 17:27:43 +01:00
Zdenek Pytela
72be2b6d57 * Thu Feb 15 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-136
- Transition from sudodomains to crontab_t when executing crontab_exec_t
Resolves: RHEL-1388
- Fix label of pseudoterminals created from sudodomain
Resolves: RHEL-1388
- Allow login_userdomain to manage session_dbusd_tmp_t dirs/files
Resolves: RHEL-22500
- Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t
Resolves: RHEL-23442
- Allow admin user read/write on fixed_disk_device_t
Resolves: RHEL-23434
- Only allow confined user domains to login locally without unconfined_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_confined_admin_users interface
Resolves: RHEL-1628
- Only allow admindomain to execute shell via ssh with ssh_sysadm_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_admin_users interface
Resolves: RHEL-1628
- Move ssh dyntrans to unconfined inside unconfined_login tunable policy
Resolves: RHEL-1628
- Allow utempter_t use ptmx
Resolves: RHEL-25002
- Dontaudit subscription manager setfscreate and read file contexts
Resolves: RHEL-21639
- Don't audit crontab_domain write attempts to user home
Resolves: RHEL-1388
- Add crontab_domtrans interface
Resolves: RHEL-1388
- Add dbus_manage_session_tmp_files interface
Resolves: RHEL-22500
- Allow httpd read network sysctls
Resolves: RHEL-22748
- Allow keepalived_unconfined_script_t dbus chat with init
Resolves: RHEL-22843
2024-02-15 18:25:24 +01:00
Zdenek Pytela
d620ca1705 * Fri Jan 26 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-135
- Label /tmp/libdnf.* with user_tmp_t
Resolves: RHEL-11249
- Allow su domains write login records
Resolves: RHEL-2606
- Allow gpg read rpm cache
Resolves: RHEL-11249
- Allow unix dgram sendto between exim processes
Resolves: RHEL-21903
- Allow hypervkvp_t write access to NetworkManager_etc_rw_t
Resolves: RHEL-17687
- Add interface for write-only access to NetworkManager rw conf
Resolves: RHEL-17687
- Allow conntrackd_t to use sys_admin capability
Resolves: RHEL-22276
2024-01-26 17:47:29 +01:00
Zdenek Pytela
a99bd017ea * Fri Jan 12 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-134
- Allow syslog to run unconfined scripts conditionally
Resolves: RHEL-10087
- Allow syslogd_t nnp_transition to syslogd_unconfined_script_t
Resolves: RHEL-10087
- Allow collectd connect to statsd port
Resolves: RHEL-19482
- Allow collectd_t read network state symlinks
Resolves: RHEL-19482
- Allow collectd_t domain to create netlink_generic_socket sockets
Resolves: RHEL-19482
- Allow opafm search nfs directories
Resolves: RHEL-19426
- Allow mdadm list stratisd data directories
Resolves: RHEL-21374
2024-01-12 16:52:31 +01:00
Zdenek Pytela
bbcf1324a4 * Wed Dec 13 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-133
- Label /dev/acpi_thermal_rel char device with acpi_device_t
Resolves: RHEL-18027
- Allow sysadm execute traceroute in sysadm_t domain using sudo
Resolves: RHEL-9947
- Allow sysadm execute tcpdump in sysadm_t domain using sudo
Resolves: RHEL-15398
- Add support for syslogd unconfined scripts
Resolves: RHEL-10087
- Label /dev/wmi/dell-smbios as acpi_device_t
Resolves: RHEL-18027
- Make named_zone_t and named_var_run_t a part of the mountpoint attribute
Resolves: RHEL-1954
- Dontaudit rhsmcertd write memory device
Resolves: RHEL-17721
2023-12-13 17:45:32 +01:00
Zdenek Pytela
83b950022b * Tue Nov 28 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-132
- Allow sudodomain read var auth files
Resolves: RHEL-16567
- Update cifs interfaces to include fs_search_auto_mountpoints()
Resolves: RHEL-14072
- Allow systemd-localed create Xserver config dirs
Resolves: RHEL-16715
- Label /var/run/auditd.state as auditd_var_run_t
Resolves: RHEL-14376
- Allow auditd read all domains process state
Resolves: RHEL-14471
- Allow sudo userdomain to run rpm related commands
Resolves: RHEL-1679
- Remove insights_client_watch_lib_dirs() interface
Resolves: RHEL-16185
2023-11-28 16:32:42 +00:00
Lukas Vrabec
1826d51b0d * Wed Oct 04 2023 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-130
- Label msmtp and msmtpd with sendmail_exec_t
Resolves: RHEL-1678
- Set default file context of HOME_DIR/tmp/.* to <<none>>
Resolves: RHEL-1099
- Improve default file context(None) of /var/lib/authselect/backups
Resolves: RHEL-3539
2023-10-04 13:20:31 +02:00
Zdenek Pytela
d3c8942890 * Fri Aug 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-128
- Allow ssh_agent_type manage generic cache home files
Resolves: rhbz#2177704
- Add chromium_sandbox_t setcap capability
Resolves: rhbz#2221573
2023-08-25 14:02:35 +02:00
Zdenek Pytela
ef4e39e85f * Thu Aug 17 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-127
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 3
Resolves: rhbz#2229726
2023-08-17 13:47:08 +02:00
Zdenek Pytela
29d572116d * Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-126
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 1/2
Resolves: rhbz#2229726
- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
Resolves: rhbz#2177704
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 2/2
Resolves: rhbz#2229726
- Make insights_client_t an unconfined domain
Resolves: rhbz#2225527
- Allow insights-client create all rpm logs with a correct label
Resolves: rhbz#2229559
- Allow insights-client manage generic logs
Resolves: rhbz#2229559
2023-08-11 20:39:42 +02:00
Zdenek Pytela
1b1eb8edb4 * Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-125
- Allow user_u and staff_u get attributes of non-security dirs
Resolves: rhbz#2216151
- Allow unconfined user filetrans chrome_sandbox_home_t 1/2
Resolves: rhbz#2221573
- Allow unconfined user filetrans chrome_sandbox_home_t 2/2
Resolves: rhbz#2221573
- Allow insights-client execmem
Resolves: rhbz#2225233
- Allow svnserve execute postdrop with a transition
Resolves: rhbz#2004843
- Do not make postfix_postdrop_t type an MTA executable file
Resolves: rhbz#2004843
- Allow samba-dcerpc service manage samba tmp files
Resolves: rhbz#2210771
- Update samba-dcerpc policy for printing
Resolves: rhbz#2210771
2023-08-04 16:16:26 +02:00
Zdenek Pytela
edd3ad31f7 * Thu Jul 20 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-124
- Add the files_getattr_non_auth_dirs() interface
Resolves: rhbz#2076937
- Update policy for the sblim-sfcb service
Resolves: rhbz#2076937
- Dontaudit sfcbd sys_ptrace cap_userns
Resolves: rhbz#2076937
- Label /usr/sbin/sos with sosreport_exec_t
Resolves: rhbz#2167731
- Allow sa-update manage spamc home files
Resolves: rhbz#2222200
- Allow sa-update connect to systemlog services
Resolves: rhbz#2222200
- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
Resolves: rhbz#2222200
2023-07-20 17:52:48 +02:00
Zdenek Pytela
23e1dd29b9 * Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-123
- Label only /usr/sbin/ripd and ripngd with zebra_exec_t
Resolves: rhbz#2213606
- Allow httpd tcp connect to redis port conditionally
Resolves: rhbz#2213965
- Exclude container-selinux manpage from selinux-policy-doc
Resolves: rhbz#2218362
2023-06-29 12:37:59 +02:00
Nikola Knazekova
289f477398 * Thu Jun 15 2023 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-122
- Update cyrus_stream_connect() to use sockets in /run
Resolves: rhbz#2165752
- Allow insights-client map generic log files
Resolves: rhbz#2214572
- Allow insights-client work with pipe and socket tmp files
Resolves: rhbz#2207819
- Allow insights-client getsession process permission
Resolves: rhbz#2207819
- Allow keepalived to manage its tmp files
Resolves: rhbz#2179335
2023-06-15 22:06:42 +02:00
Zdenek Pytela
534ee173e7 * Thu May 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-121
- Update pkcsslotd policy for sandboxing 2/2
Resolves: rhbz#2208162
- Update pkcsslotd policy for sandboxing 1/2
Resolves: rhbz#2208162
- Allow abrt_t read kernel persistent storage files
Resolves: rhbz#2207914
- Add allow rules for lttng-sessiond domain
Resolves: rhbz#2203509
- Allow rpcd_lsad setcap and use generic ptys
Resolves: rhbz#2107106
- Allow samba-dcerpcd connect to systemd_machined over a unix socket
Resolves: rhbz#2107106
- Dontaudit targetd search httpd config dirs
Resolves: rhbz#2203720
2023-05-25 21:29:12 +02:00
Zdenek Pytela
fc4cf3fb79 * Thu May 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-120
- Allow unconfined service inherit signal state from init
Resolves: rhbz#2177254
- Allow systemd-pstore delete kernel persistent storage files
Resolves: rhbz#2181558
- Add fs_delete_pstore_files() interface
Resolves: rhbz#2181558
- Allow certmonger manage cluster library files
Resolves: rhbz#2177836
- Allow samba-rpcd work with passwords
Resolves: rhbz#2107106
- Allow snmpd read raw disk data
Resolves: rhbz#2160000
- Allow cluster_t dbus chat with various services
Resolves: rhbz#2196524
2023-05-11 19:40:42 +02:00
Zdenek Pytela
b48de44518 * Fri Apr 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-119
- Add unconfined_server_read_semaphores() interface
Resolves: rhbz#2183351
- Allow systemd-pstore read kernel persistent storage files
Resolves: rhbz#2181558
- Add fs_read_pstore_files() interface
Resolves: rhbz#2181558
- Allow insights-client work with teamdctl
Resolves: rhbz#2185158
- Allow insights-client read unconfined service semaphores
Resolves: rhbz#2183351
- Allow insights-client get quotas of all filesystems
Resolves: rhbz#2183351
2023-04-21 17:08:40 +02:00
Zdenek Pytela
009a32345a * Thu Apr 13 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-118
- Allow login_pgm setcap permission
Resolves: rhbz#2172541
- Label /run/fsck with fsadm_var_run_t
Resolves: rhbz#2184348
- Add boolean qemu-ga to run unconfined script
Resolves: rhbz#2028762
- Allow dovecot-deliver write to the main process runtime fifo files
Resolves: rhbz#2170495
- Allow certmonger dbus chat with the cron system domain
Resolves: rhbz#2173289
- Allow insights-client read all sysctls
Resolves: rhbz#2177607
2023-04-14 09:54:39 +02:00
James Antill
9db2d9539c Import rpm: c8s 2023-02-27 15:25:04 -05:00
CentOS Sources
7d8f8c5a54 Auto sync2gitlab import of selinux-policy-3.14.3-117.el8.src.rpm 2023-02-18 02:11:46 +00:00
CentOS Sources
88f724ac2c Auto sync2gitlab import of selinux-policy-3.14.3-115.el8.src.rpm 2023-01-28 08:08:34 +00:00
CentOS Sources
3db2fd1ef3 Auto sync2gitlab import of selinux-policy-3.14.3-114.el8.src.rpm 2023-01-14 10:10:16 +00:00
CentOS Sources
738125b00d Auto sync2gitlab import of selinux-policy-3.14.3-113.el8.src.rpm 2022-12-19 16:09:18 +00:00
CentOS Sources
f7adb29799 Auto sync2gitlab import of selinux-policy-3.14.3-112.el8.src.rpm 2022-12-04 06:09:15 +00:00
CentOS Sources
e408680df8 Auto sync2gitlab import of selinux-policy-3.14.3-111.el8.src.rpm 2022-11-22 18:09:09 +00:00
CentOS Sources
bac7993408 Auto sync2gitlab import of selinux-policy-3.14.3-110.el8.src.rpm 2022-10-26 10:09:34 +00:00
CentOS Sources
f244f04ef7 Auto sync2gitlab import of selinux-policy-3.14.3-109.el8.src.rpm 2022-10-15 20:11:40 +00:00
CentOS Sources
28b22b85f1 Auto sync2gitlab import of selinux-policy-3.14.3-108.el8.src.rpm 2022-09-09 12:09:46 +00:00
CentOS Sources
28da52cae8 Auto sync2gitlab import of selinux-policy-3.14.3-107.el8.src.rpm 2022-08-27 14:20:01 +00:00
CentOS Sources
020b5dcec8 Auto sync2gitlab import of selinux-policy-3.14.3-106.el8.src.rpm 2022-08-16 02:10:51 +00:00
CentOS Sources
6ef9bd966b Auto sync2gitlab import of selinux-policy-3.14.3-105.el8.src.rpm 2022-08-02 22:11:21 +00:00
CentOS Sources
66163acd0f Auto sync2gitlab import of selinux-policy-3.14.3-104.el8.src.rpm 2022-07-02 00:14:29 +00:00
CentOS Sources
09418e83d2 Auto sync2gitlab import of selinux-policy-3.14.3-100.el8.src.rpm 2022-06-11 10:09:54 +00:00
James Antill
291ee391b8 Auto sync2gitlab import of selinux-policy-3.14.3-99.el8.src.rpm 2022-06-07 00:01:12 -04:00
James Antill
bbc61bc528 Auto sync2gitlab import of selinux-policy-3.14.3-98.el8.src.rpm 2022-05-31 15:00:30 -04:00
James Antill
70d901a9e4 Auto sync2gitlab import of selinux-policy-3.14.3-95.el8.src.rpm 2022-05-26 14:23:57 -04:00