rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Commit Graph

  • 046dc6f583 * Fri Dec 20 2024 Petr Lautrbach <lautrbach@redhat.com> - 40.13.19-2 imports/c10s/selinux-policy-40.13.19-2.el10 c10s Petr Lautrbach 2024-12-20 09:08:58 +0100
  • 9ffb04b099 * Wed Dec 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.19-1 imports/c10s/selinux-policy-40.13.19-1.el10 Zdenek Pytela 2024-12-18 23:43:40 +0100
  • c10a7f5072 import UBI selinux-policy-3.14.3-139.el8_10.1 c8 imports/c8/selinux-policy-3.14.3-139.el8_10.1 eabdullin 2024-12-17 02:43:26 +0000
  • dfb01e2dd7 * Fri Dec 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.18-1 - Sync dist/targeted/modules.conf with Fedora 42 Resolves: RHEL-70850 - Add support for sap Resolves: RHEL-70850 - Allow sssd_selinux_manager_t the setcap process permission Resolves: RHEL-70822 - Allow virtqemud open svirt_devpts_t char files Resolves: RHEL-43446 - Fix the cups_read_pid_files() interface to use read_files_pattern Resolves: RHEL-69512 imports/c10s/selinux-policy-40.13.18-1.el10 Zdenek Pytela 2024-12-13 17:43:37 +0100
  • 9484341286 * Fri Dec 13 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.50-1 c9s Zdenek Pytela 2024-12-13 15:45:13 +0100
  • 655176404c Exclude container-selinux manpage from selinux-policy-doc Zdenek Pytela 2023-06-12 17:11:52 +0200
  • a789dba85b * Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1 imports/c10s/selinux-policy-40.13.17-1.el10 Zdenek Pytela 2024-12-12 21:18:45 +0100
  • 93f4aed9d6 * Fri Dec 06 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.49-1 Zdenek Pytela 2024-12-06 15:46:22 +0100
  • 29816f1443 try to enable CRB and EPEL repositories Milos Malik 2024-12-03 14:25:45 +0100
  • bfa35b4ec0 * Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1 imports/c10s/selinux-policy-40.13.16-1.el10 Zdenek Pytela 2024-11-29 15:11:11 +0100
  • d246bfd939 * Thu Nov 28 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.15-1 Zdenek Pytela 2024-11-28 22:16:34 +0100
  • a987ac34c6 import RHEL 10 Beta selinux-policy-40.13.9-1.el10 imports/c10-beta/selinux-policy-40.13.9-1.el10 c10-beta eabdullin 2024-11-20 13:49:47 +0000
  • efbe8c4f78 * Tue Nov 19 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.14-1 Zdenek Pytela 2024-11-19 19:42:04 +0100
  • 698afe1ad8 Update sources Petr Lautrbach 2024-11-19 17:12:27 +0100
  • 1584866ea6 Use install instead of cp Petr Lautrbach 2024-09-17 09:06:48 +0200
  • 9f39950991 Remove old triggers Petr Lautrbach 2024-09-17 08:52:42 +0200
  • 7dcb603438 Drop ru man pages Petr Lautrbach 2024-09-17 08:45:57 +0200
  • ed293503c6 Run restorecon on /etc/mdevctl.d temporarily Zdenek Pytela 2024-09-16 12:36:35 +0200
  • ddc0446829 Remove most config files from dist-git and take them from sources Ondrej Mosnacek 2021-04-04 13:15:10 +0200
  • de68c21d87 BuildRequires: groff Petr Lautrbach 2024-07-23 16:18:32 +0200
  • 4bb6c144e3 Move %postInstall to %posttrans Petr Lautrbach 2024-07-11 22:32:41 +0200
  • 3fed54cdcc Use Requires(meta): (rpm-plugin-selinux if rpm-libs) Colin Walters 2023-09-29 10:11:44 -0400
  • ac73ffca09 Drop obsolete modules from config Ondrej Mosnacek 2024-06-24 21:43:00 +0200
  • 53fd0a7aa2 Install dnf protected files only when policy is built Petr Lautrbach 2024-07-11 22:06:10 +0200
  • 488e7b1b79 Also relabel files under /usr/sbin Zbigniew Jędrzejewski-Szmek 2024-07-11 15:48:24 +0200
  • 5e1af34521 Relabel files under /usr/bin to fix stale context after sbin merge Zbigniew Jędrzejewski-Szmek 2024-07-11 13:31:53 +0200
  • fc93f2b404 Merge -base and -contrib Petr Lautrbach 2024-06-24 21:21:44 +0200
  • 4b190446b9 Include "mode" in the %verify-not configuration for extra_varrun Zdenek Pytela 2024-06-14 19:54:13 +0200
  • 43237dfd47 Rearrange file context equivalency for systemd generators Zdenek Pytela 2024-06-11 17:26:16 +0200
  • f98e465740 Use /usr/bin/bash in scripts as shebang Zdenek Pytela 2024-06-10 15:18:19 +0200
  • 2468f6a593 Install configuration files with 644 mode Zdenek Pytela 2024-06-10 15:14:46 +0200
  • 3d9c5beb8f Use RPM's build conditionals to control which policy types to build Ondrej Mosnáček 2023-01-27 17:03:38 +0100
  • d0e15905f2 Trim changelog so that it starts at F40 time Zdenek Pytela 2024-06-07 23:02:30 +0200
  • a6a5f1a3aa Drop removeVarrunModule macro Petr Lautrbach 2024-05-21 14:01:06 +0200
  • f5ea95981c Move changelog to changelog and use %autochangelog Petr Lautrbach 2024-05-21 10:42:51 +0200
  • 3c4abec1be Replace '%%' with '%' in the files section Zdenek Pytela 2024-05-31 18:05:54 +0200
  • c9eca3f2d7 Protect the targeted and mls subpackages Zdenek Pytela 2024-05-20 16:12:51 +0200
  • 579a5b4d7e Disable rpm verification for the extra_varrun module directory Zdenek Pytela 2024-05-20 15:57:23 +0200
  • bbd4056045 Call binaries without full path Zbigniew Jędrzejewski-Szmek 2024-07-13 20:10:04 +0200
  • bc2b5706de varrun-convert.sh: Backport changes from Rawhide Petr Lautrbach 2024-09-20 12:11:03 +0200
  • ea341191c4 * Tue Nov 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.48-1 Zdenek Pytela 2024-11-12 17:57:29 +0100
  • 278c1ad453 * Tue Nov 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.13-1 imports/c10s/selinux-policy-40.13.13-1.el10 Zdenek Pytela 2024-11-12 17:01:30 +0100
  • 686e38fda5 import CS selinux-policy-38.1.45-3.el9_5 imports/c9/selinux-policy-38.1.45-3.el9_5 c9 eabdullin 2024-11-12 08:43:56 +0000
  • 27a5e6df40 Bump release for October 2024 mass rebuild: imports/c10s/selinux-policy-40.13.12-2.el10 Troy Dawson 2024-10-29 09:13:57 -0700
  • 6d8789cb6b * Fri Oct 25 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-139.1 c8s Zdenek Pytela 2024-10-25 19:40:51 +0200
  • f4aa9187f8 * Thu Oct 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.12-1 imports/c10s/selinux-policy-40.13.12-1.el10 Zdenek Pytela 2024-10-24 22:27:53 +0200
  • 04fa3da045 Add the pcm module Zdenek Pytela 2024-10-23 22:30:14 +0200
  • 6c1a8e76be Add the iiosensorproxy module Zdenek Pytela 2024-10-23 22:29:16 +0200
  • 3c47586a8a Add the gnome_remote_desktop module Zdenek Pytela 2024-10-23 22:26:39 +0200
  • c615292dfa * Wed Oct 23 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.11-1 Zdenek Pytela 2024-10-23 22:23:35 +0200
  • a79b0f387d * Wed Oct 23 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.47-1 Zdenek Pytela 2024-10-23 13:11:34 +0200
  • b9f20bbf55 * Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1 imports/c10s/selinux-policy-40.13.10-1.el10 Zdenek Pytela 2024-10-16 16:29:52 +0200
  • b21b210b94 * Fri Oct 11 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.46-1 Zdenek Pytela 2024-10-11 15:33:47 +0200
  • 93538d0a93 * Thu Oct 10 2024 Zdenek Pytela <zpytela@redhat.com> - 35.1.46-1 Zdenek Pytela 2024-10-10 21:51:44 +0200
  • 0c8f629e44 Suppress semodule's stderr Petr Lautrbach 2024-10-09 12:17:01 +0200
  • a72b9af097 import CS selinux-policy-38.1.44-1.el9 imports/c9-beta/selinux-policy-38.1.44-1.el9 c9-beta eabdullin 2024-09-30 16:38:16 +0000
  • 6d48c6e32c * Mon Sep 16 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-3 - Rebuild Resolves: RHEL-55414 Zdenek Pytela 2024-09-16 17:29:25 +0200
  • 5273cf04c1 * Wed Sep 04 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-2 - Rebuild Resolves: RHEL-55414 Zdenek Pytela 2024-09-04 12:11:27 +0200
  • 6b28f7d202 * Thu Aug 29 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-1 - Allow setsebool_t relabel selinux data files Resolves: RHEL-55414 Zdenek Pytela 2024-08-29 14:28:06 +0200
  • 52526cb202 * Mon Aug 26 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.9-1 - Allow virtqemud relabelfrom also for file and sock_file Resolves: RHEL-49763 - Allow virtqemud relabel user tmp files and socket files Resolves: RHEL-49763 - Update virtqemud policy for libguestfs usage Resolves: RHEL-49763 - Label /run/libvirt/qemu/channel with virtqemud_var_run_t Resolves: RHEL-47274 imports/c10s/selinux-policy-40.13.9-1.el10 Zdenek Pytela 2024-08-26 19:42:36 +0200
  • 926debbc11 * Tue Aug 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.8-1 - Add virt_create_log() and virt_write_log() interfaces Resolves: RHEL-47274 - Update libvirt policy Resolves: RHEL-45464 Resolves: RHEL-49763 - Allow svirt_tcg_t map svirt_image_t files Resolves: RHEL-47274 - Allow svirt_tcg_t read vm sysctls Resolves: RHEL-47274 - Additional updates stalld policy for bpf usage Resolves: RHEL-50356 imports/c10s/selinux-policy-40.13.8-1.el10 Zdenek Pytela 2024-08-13 19:32:48 +0200
  • c72977faea * Mon Aug 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.44-1 - Allow coreos-installer-generator work with partitions Resolves: RHEL-38614 - Label /etc/mdadm.conf.d with mdadm_conf_t Resolves: RHEL-38614 - Change file context specification to /var/run/metadata Resolves: RHEL-49735 - Allow initrc_t transition to passwd_t Resolves: RHEL-17404 - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets Resolves: RHEL-25514 - systemd: allow sys_admin capability for systemd_notify_t Resolves: RHEL-25514 - Change systemd-network-generator transition to include class file Resolves: RHEL-47033 - Allow sshd_keygen_t connect to userdbd over a unix stream socket Resolves: RHEL-47033 Zdenek Pytela 2024-08-12 22:55:56 +0200
  • f5b3d7b772 * Thu Aug 08 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.7-1 - Add the swtpm.if interface file for interactions with other domains Resolves: RHEL-47274 - Allow virtproxyd create and use its private tmp files Resolves: RHEL-40499 - Allow virtproxyd read network state Resolves: RHEL-40499 - Allow virtqemud domain transition on swtpm execution Resolves: RHEL-47274 Resolves: RHEL-49763 - Allow virtqemud relabel virt_var_run_t directories Resolves: RHEL-47274 Resolves: RHEL-45464 Resolves: RHEL-49763 - Allow virtqemud domain transition on passt execution Resolves: RHEL-45464 - Allow virt_driver_domain create and use log files in /var/log Resolves: RHEL-40239 - Allow virt_driver_domain connect to systemd-userdbd over a unix socket Resolves: RHEL-44932 Resolves: RHEL-44898 - Update stalld policy for bpf usage Resolves: RHEL-50356 - Allow boothd connect to systemd-userdbd over a unix socket Resolves: RHEL-45907 - Allow linuxptp configure phc2sys and chronyd over a unix domain socket Resolves: RHEL-46011 - Allow systemd-machined manage runtime sockets Resolves: RHEL-49567 - Allow ip command write to ipsec's logs Resolves: RHEL-41222 - Allow init_t nnp domain transition to firewalld_t Resolves: RHEL-52481 - Update qatlib policy for v24.02 with new features Resolves: RHEL-50377 - Allow postfix_domain map postfix_etc_t files Resolves: RHEL-46327 Zdenek Pytela 2024-08-08 18:12:12 +0200
  • a922a23d90 * Wed Jul 31 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.43-1 - Allow rhsmcertd read/write access to /dev/papr-sysparm Resolves: RHEL-49599 - Label /dev/papr-sysparm and /dev/papr-vpd Resolves: RHEL-49599 - Allow rhsmcertd read, write, and map ica tmpfs files Resolves: RHEL-50926 - Update afterburn file transition policy Resolves: RHEL-49735 - Label /run/metadata with afterburn_runtime_t Resolves: RHEL-49735 - Allow afterburn list ssh home directory Resolves: RHEL-49735 - Support SGX devices Resolves: RHEL-50922 - Allow systemd-pstore send a message to syslogd over a unix domain Resolves: RHEL-45528 - Allow postfix_domain map postfix_etc_t files Resolves: RHEL-46332 - Allow microcode create /sys/devices/system/cpu/microcode/reload Resolves: RHEL-26821 - Allow svirt_tcg_t map svirt_image_t files Resolves: RHEL-27141 - Allow systemd-hostnamed shut down nscd Resolves: RHEL-45033 - Allow postfix_domain connect to postgresql over a unix socket Resolves: RHEL-6776 Zdenek Pytela 2024-07-31 18:07:13 +0200
  • 6ebbf22125 * Thu Jul 25 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.6-1 - Allow virtnodedevd run udev with a domain transition Resolves: RHEL-39890 - Allow virtnodedev_t create and use virtnodedev_lock_t Resolves: RHEL-39890 - Allow svirt attach_queue to a virtqemud tun_socket Resolves: RHEL-44312 - Label /run/systemd/machine with systemd_machined_var_run_t Resolves: RHEL-49567 imports/c10s/selinux-policy-40.13.6-1.el10 Zdenek Pytela 2024-07-25 19:35:27 +0200
  • b9a8e2c7de do not run tests which require EPEL repo Milos Malik 2024-05-22 19:52:19 +0200
  • 2271084e56 * Thu Jul 18 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.42-1 - Label samba certificates with samba_cert_t Resolves: RHEL-25724 - Allow systemd-coredumpd the sys_chroot capability Resolves: RHEL-45245 - Allow svirt_tcg_t read vm sysctls Resolves: RHEL-27141 - Label /usr/sbin/samba-gpupdate with samba_gpupdate_exec_t Resolves: RHEL-25724 - Label /var/run/coreos-installer-reboot with coreos_installer_var_run_t Resolves: RHEL-38614 - Allow coreos-installer add systemd unit file links Resolves: RHEL-38614 Zdenek Pytela 2024-07-18 13:52:06 +0200
  • 85e80ce5b4 * Tue Jul 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.5-1 - Allow to create and delete socket files created by rhsm.service Resolves: RHEL-40857 - Allow svirt read virtqemud fifo files Resolves: RHEL-40350 - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket Resolves: RHEL-37822 - Allow virtqemud read virt-dbus process state Resolves: RHEL-37822 - Allow virtqemud run ssh client with a transition Resolves: RHEL-43215 - Allow virtnetworkd exec shell when virt_hooks_unconfined is on Resolves: RHEL-41168 - Allow NetworkManager the sys_ptrace capability in user namespace Resolves: RHEL-46717 - Update keyutils policy Resolves: RHEL-38920 - Allow ip the setexec permission Resolves: RHEL-41182 Zdenek Pytela 2024-07-16 19:05:46 +0200
  • c74c6d2868 * Sun Jul 07 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.41-1 - Differentiate between staff and sysadm when executing crontab with sudo Resolves: RHEL-31888 - Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t Resolves: RHEL-25724 - Allow unconfined_service_t transition to passwd_t Resolves: RHEL-17404 - Allow sbd to trace processes in user namespace Resolves: RHEL-44680 - Allow systemd-coredumpd sys_admin and sys_resource capabilities Resolves: RHEL-45245 - Label /usr/lib/node_modules/npm/bin with bin_t Resolves: RHEL-36587 - Support /var is empty Resolves: RHEL-29331 - Allow timemaster write to sysfs files Resolves: RHEL-28777 - Don't audit crontab_domain write attempts to user home Resolves: RHEL-31888 - Transition from sudodomains to crontab_t when executing crontab_exec_t Resolves: RHEL-31888 - Fix label of pseudoterminals created from sudodomain Resolves: RHEL-31888 Zdenek Pytela 2024-07-07 20:02:06 +0200
  • cbb1ba3beb * Fri Jun 28 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.4-1 - Confine libvirt-dbus Resolves: RHEL-37822 - Allow sssd create and use io_uring Resolves: RHEL-43448 - Allow virtqemud the kill capability in user namespace Resolves: RHEL-44996 - Allow login_userdomain execute systemd-tmpfiles in the caller domain Resolves: RHEL-44191 - Allow virtqemud read vm sysctls Resolves: RHEL-40938 - Allow svirt_t read vm sysctls Resolves: RHEL-40938 - Allow rshim get options of the netlink class for KOBJECT_UEVENT family Resolves: RHEL-40859 - Allow systemd-hostnamed read the vsock device Resolves: RHEL-45309 - Allow systemd (PID 1) manage systemd conf files Resolves: RHEL-45304 - Allow journald read systemd config files and directories Resolves: RHEL-45304 - Allow systemd_domain read systemd_conf_t dirs Resolves: RHEL-45304 - Label systemd configuration files with systemd_conf_t Resolves: RHEL-45304 - Allow dhcpcd the kill capability Resolves: RHEL-43417 - Add support for libvirt hooks Resolves: RHEL-41168 Zdenek Pytela 2024-06-28 23:24:45 +0200
  • c4cc684f3c Bump release for June 2024 mass rebuild Troy Dawson 2024-06-24 09:24:07 -0700
  • b6e9c86706 import UBI selinux-policy-38.1.35-2.el9_4.2 imports/c9/selinux-policy-38.1.35-2.el9_4.2 eabdullin 2024-06-18 20:29:33 +0000
  • 9ff33f15d5 * Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.40-1 - Allow systemd-coredump read nsfs files Resolves: RHEL-39937 - Allow login_userdomain execute systemd-tmpfiles in the caller domain Resolves: RHEL-40374 - Allow ptp4l_t request that the kernel load a kernel module Resolves: RHEL-38905 - Allow collectd to trace processes in user namespace Resolves: RHEL-36293 Zdenek Pytela 2024-06-18 22:32:39 +0200
  • b2c25500b4 * Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.3-1 - Allow virtqemud manage nfs files when virt_use_nfs boolean is on Resolves: RHEL-40205 - Allow virt_driver_domain read files labeled unconfined_t Resolves: RHEL-40262 - Allow virt_driver_domain dbus chat with policykit Resolves: RHEL-40346 - Escape "interface" as a file name in a virt filetrans pattern Resolves: RHEL-34769 - Allow setroubleshootd get attributes of all sysctls Resolves: RHEL-40923 - Allow qemu-ga read vm sysctls Resolves: RHEL-40829 - Allow sbd to trace processes in user namespace Resolves: RHEL-39989 - Allow request-key execute scripts Resolves: RHEL-38920 - Update policy for haproxyd Resolves: RHEL-40877 Zdenek Pytela 2024-06-18 17:27:30 +0200
  • 1dacbf26a9 * Fri Jun 07 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.2-1 - Allow all domains read and write z90crypt device Resolves: RHEL-28539 - Allow dhcpc read /run/netns files Resolves: RHEL-39510 - Allow bootupd search efivarfs dirs Resolves: RHEL-39514 Zdenek Pytela 2024-06-07 20:10:33 +0200
  • 89ceaca299 * Thu Jun 06 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.39-1 - Add interfaces for watching and reading ifconfig_var_run_t Resolves: RHEL-39408 - Allow dhcpcd use unix_stream_socket Resolves: RHEL-39408 - Allow dhcpc read /run/netns files Resolves: RHEL-39408 - Allow all domains read and write z90crypt device Resolves: RHEL-38833 - Allow bootupd search efivarfs dirs Resolves: RHEL-36289 - Move unconfined_domain(sap_unconfined_t) to an optional block Resolves: RHEL-37663 Zdenek Pytela 2024-06-06 22:43:44 +0200
  • 4365f770e2 import CS selinux-policy-3.14.3-139.el8 imports/c8/selinux-policy-3.14.3-139.el8_10 eabdullin 2024-05-22 10:47:43 +0000
  • 51ba4f33dc Drop baseos-ci gating Petr Lautrbach 2024-05-21 11:02:06 +0200
  • 9359be591b * Fri May 17 2024 Zdenek Pytela <zpytela@redhat.com> - 40.19-1 - Allow postfix smtpd map aliases file - Ensure dbus communication is allowed bidirectionally - Label systemd configuration files with systemd_conf_t - Label /run/systemd/machine with systemd_machined_var_run_t - Allow systemd-hostnamed read the vsock device - Allow sysadm execute dmidecode using sudo - Allow sudodomain list files in /var - Allow setroubleshootd get attributes of all sysctls - Allow various services read and write z90crypt device - Allow nfsidmap connect to systemd-homed - Allow sandbox_x_client_t dbus chat with accountsd - Allow system_cronjob_t dbus chat with avahi_t - Allow staff_t the io_uring sqpoll permission - Allow staff_t use the io_uring API - Add support for secretmem anon inode - Backport /var/run change related improvements Zdenek Pytela 2024-05-18 00:46:09 +0200
  • fd660a4dde Correct some errors in the RPM macro changes from -2 Zdenek Pytela 2024-05-17 22:13:06 +0200
  • befd3d6c81 Update rpm configuration for the /var/run equivalency change Zdenek Pytela 2024-05-17 22:09:34 +0200
  • f05cd533e6 Update repository link and branches names for c10s Zdenek Pytela 2024-05-17 21:47:38 +0200
  • df730c18c8 * Thu May 16 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.38-1 - Add boolean qemu-ga to run unconfined script Resolves: RHEL-31211 - Ensure dbus communication is allowed bidirectionally Resolves: RHEL-35782 - Allow logwatch_mail_t read network sysctls Resolves: RHEL-34135 - Allow sysadm execute dmidecode using sudo Resolves: RHEL-16104 - Allow sudodomain list files in /var Resolves: RHEL-16104 - Allow various services read and write z90crypt device Resolves: RHEL-33361 - Allow system_cronjob_t dbus chat with avahi_t Resolves: RHEL-32290 - Allow setroubleshootd get attributes of all sysctls Resolves: RHEL-34078 - Remove permissive domain for bootupd_t Resolves: RHEL-22173 Zdenek Pytela 2024-05-16 18:15:13 +0200
  • 1292191ae3 * Tue May 07 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.37-1 - Allow numad to trace processes in user namespace Resolves: RHEL-33994 - Remove permissive domain for rshim_t Resolves: RHEL-22173 - Remove permissive domain for mptcpd_t Resolves: RHEL-22173 - Remove permissive domain for coreos_installer_t Resolves: RHEL-22173 - Remove permissive domain for afterburn_t Resolves: RHEL-22173 - Update afterburn policy Resolves: RHEL-22173 - Allow bootupd search EFI directory Resolves: RHEL-22172 - Add the bootupd module Resolves: RHEL-22172 - Add policy for bootupd Resolves: RHEL-22172 - Label /dev/mmcblk0rpmb character device with removable_device_t Resolves: RHEL-28080 - Differentiate between staff and sysadm when executing crontab with sudo Resolves: RHEL-31888 - Add crontab_admin_domtrans interface Resolves: RHEL-31888 - Add crontab_domtrans interface Resolves: RHEL-31888 - Allow svirt_t read vm sysctls Resolves: RHEL-32296 Zdenek Pytela 2024-05-07 22:23:57 +0200
  • 52c9844480 import CS selinux-policy-38.1.35-2.el9_3 imports/c9/selinux-policy-38.1.35-2.el9_4 eabdullin 2024-04-30 11:41:37 +0000
  • eab0528813 * Mon Apr 15 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.36-1 - Allow systemd-timedated get the timemaster service status Resolves: RHEL-25978 - postfix: allow qmgr to delete mails in bounce/ directory Resolves: RHEL-30271 - Allow NetworkManager the sys_ptrace capability in user namespace Resolves: RHEL-24346 - Label /dev/iommu with iommu_device_t Resolves: RHEL-22063 - Allow qemu-ga read vm sysctls Resolves: RHEL-31892 - Update repository link and branches names for c9s Related: RHEL-22960 Zdenek Pytela 2024-04-15 15:04:15 +0200
  • e04ed68484 Update repository link and branches names for c9s Zdenek Pytela 2024-04-15 14:52:52 +0200
  • 2a0889385e Import 135 released from CS c8-beta-135 eabdullin 2024-04-11 12:07:58 +0300
  • 7cad329921 enable the gating Milos Malik 2024-04-10 08:27:53 +0200
  • b7711cdc83 import CS selinux-policy-38.1.33-1.el9 imports/c9-beta/selinux-policy-38.1.33-1.el9 eabdullin 2024-03-28 11:48:22 +0000
  • afa009bf11 import CS selinux-policy-3.14.3-137.el8 imports/c8-beta/selinux-policy-3.14.3-137.el8 c8-beta eabdullin 2024-03-27 20:29:59 +0000
  • 1b5f5feb56 * Thu Mar 14 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.35-2 - Rebuild Resolves: RHEL-26663 Zdenek Pytela 2024-03-14 15:02:43 +0100
  • 0853e85626 * Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-139 - Allow wdmd read hardware state information Resolves: RHEL-27507 Zdenek Pytela 2024-03-08 18:57:11 +0100
  • 56acbf608d * Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.35-1 - Allow wdmd read hardware state information Resolves: RHEL-26663 Zdenek Pytela 2024-03-08 18:32:26 +0100
  • 832df72f06 * Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.34-1 - Allow wdmd list the contents of the sysfs directories Resolves: RHEL-26663 - Allow linuxptp configure phc2sys and chronyd over a unix domain socket Resolves: RHEL-26660 Zdenek Pytela 2024-03-08 12:03:52 +0100
  • fe855b4c90 * Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-138 - Allow wdmd list the contents of the sysfs directories Resolves: RHEL-27507 - Allow linuxptp configure phc2sys and chronyd over a unix domain socket Resolves: RHEL-27394 Zdenek Pytela 2024-03-08 10:25:36 +0100
  • 46be9da4df * Thu Feb 22 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.33-1 - Allow thumb_t to watch and watch_reads mount_var_run_t Resolves: RHEL-26073 - Allow opafm create NFS files and directories Resolves: RHEL-17820 - Label /tmp/libdnf.* with user_tmp_t Resolves: RHEL-11250 Juraj Marcin 2024-02-22 18:19:15 +0100
  • 66e607f19e * Thu Feb 22 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-137 - Differentiate between staff and sysadm when executing crontab with sudo Resolves: RHEL-1388 - Allow su domains write login records Resolves: RHEL-2606 - Revert "Allow su domains write login records" Resolves: RHEL-2606 - Add crontab_admin_domtrans interface Resolves: RHEL-1388 - Allow gpg manage rpm cache Resolves: RHEL-11249 Zdenek Pytela 2024-02-22 17:27:43 +0100
  • 6d154864b5 * Thu Feb 15 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.32-1 - Dontaudit subscription manager setfscreate and read file contexts Resolves: RHEL-21635 - Allow xdm_t to watch and watch_reads mount_var_run_t Resolves: RHEL-24841 - Allow unix dgram sendto between exim processes Resolves: RHEL-21902 - Allow utempter_t use ptmx Resolves: RHEL-24946 - Only allow confined user domains to login locally without unconfined_login Resolves: RHEL-1551 - Add userdom_spec_domtrans_confined_admin_users interface Resolves: RHEL-1551 - Only allow admindomain to execute shell via ssh with ssh_sysadm_login Resolves: RHEL-1551 - Add userdom_spec_domtrans_admin_users interface Resolves: RHEL-1551 - Move ssh dyntrans to unconfined inside unconfined_login tunable policy Resolves: RHEL-1551 Juraj Marcin 2024-02-15 17:11:49 +0100
  • 72be2b6d57 * Thu Feb 15 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-136 - Transition from sudodomains to crontab_t when executing crontab_exec_t Resolves: RHEL-1388 - Fix label of pseudoterminals created from sudodomain Resolves: RHEL-1388 - Allow login_userdomain to manage session_dbusd_tmp_t dirs/files Resolves: RHEL-22500 - Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t Resolves: RHEL-23442 - Allow admin user read/write on fixed_disk_device_t Resolves: RHEL-23434 - Only allow confined user domains to login locally without unconfined_login Resolves: RHEL-1628 - Add userdom_spec_domtrans_confined_admin_users interface Resolves: RHEL-1628 - Only allow admindomain to execute shell via ssh with ssh_sysadm_login Resolves: RHEL-1628 - Add userdom_spec_domtrans_admin_users interface Resolves: RHEL-1628 - Move ssh dyntrans to unconfined inside unconfined_login tunable policy Resolves: RHEL-1628 - Allow utempter_t use ptmx Resolves: RHEL-25002 - Dontaudit subscription manager setfscreate and read file contexts Resolves: RHEL-21639 - Don't audit crontab_domain write attempts to user home Resolves: RHEL-1388 - Add crontab_domtrans interface Resolves: RHEL-1388 - Add dbus_manage_session_tmp_files interface Resolves: RHEL-22500 - Allow httpd read network sysctls Resolves: RHEL-22748 - Allow keepalived_unconfined_script_t dbus chat with init Resolves: RHEL-22843 Zdenek Pytela 2024-02-15 18:25:24 +0100