rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Commit Graph

  • 52c9844480 import CS selinux-policy-38.1.35-2.el9_3 imports/c9/selinux-policy-38.1.35-2.el9_4 c9 eabdullin 2024-04-30 11:41:37 +0000
  • 2a0889385e Import 135 released from CS c8-beta-135 eabdullin 2024-04-11 12:07:58 +0300
  • b7711cdc83 import CS selinux-policy-38.1.33-1.el9 imports/c9-beta/selinux-policy-38.1.33-1.el9 c9-beta eabdullin 2024-03-28 11:48:22 +0000
  • afa009bf11 import CS selinux-policy-3.14.3-137.el8 imports/c8-beta/selinux-policy-3.14.3-137.el8 c8-beta eabdullin 2024-03-27 20:29:59 +0000
  • 46be9da4df * Thu Feb 22 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.33-1 - Allow thumb_t to watch and watch_reads mount_var_run_t Resolves: RHEL-26073 - Allow opafm create NFS files and directories Resolves: RHEL-17820 - Label /tmp/libdnf.* with user_tmp_t Resolves: RHEL-11250 c9s Juraj Marcin 2024-02-22 18:19:15 +0100
  • 6d154864b5 * Thu Feb 15 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.32-1 - Dontaudit subscription manager setfscreate and read file contexts Resolves: RHEL-21635 - Allow xdm_t to watch and watch_reads mount_var_run_t Resolves: RHEL-24841 - Allow unix dgram sendto between exim processes Resolves: RHEL-21902 - Allow utempter_t use ptmx Resolves: RHEL-24946 - Only allow confined user domains to login locally without unconfined_login Resolves: RHEL-1551 - Add userdom_spec_domtrans_confined_admin_users interface Resolves: RHEL-1551 - Only allow admindomain to execute shell via ssh with ssh_sysadm_login Resolves: RHEL-1551 - Add userdom_spec_domtrans_admin_users interface Resolves: RHEL-1551 - Move ssh dyntrans to unconfined inside unconfined_login tunable policy Resolves: RHEL-1551 Juraj Marcin 2024-02-15 17:11:49 +0100
  • fa31a515e6 import UBI selinux-policy-38.1.23-1.el9_3.2 imports/c9/selinux-policy-38.1.23-1.el9_3.2 eabdullin 2024-02-12 08:55:25 +0000
  • f9546d9349 * Thu Jan 25 2024 Juraj Marcin <jmarcin@redhat.com> - 38.1.31-1 - Allow chronyd-restricted read chronyd key files Resolves: RHEL-18219 - Allow conntrackd_t to use bpf capability2 Resolves: RHEL-22277 - Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on Resolves: RHEL-14735 - Allow hypervkvp_t write access to NetworkManager_etc_rw_t Resolves: RHEL-14505 - Add interface for write-only access to NetworkManager rw conf Resolves: RHEL-14505 - Allow unconfined_domain_type use IORING_OP_URING_CMD on all device nodes Resolves: RHEL-11792 Juraj Marcin 2024-01-25 13:44:44 +0100
  • 59b137280d import UBI selinux-policy-38.1.23-1.el9_3.1 imports/c9/selinux-policy-38.1.23-1.el9_3.1 eabdullin 2024-01-24 21:04:40 +0000
  • 88b880c6c7 * Fri Jan 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.30-1 - Allow sysadm execute traceroute in sysadm_t domain using sudo Resolves: RHEL-14077 - Allow qatlib set attributes of vfio device files Resolves: RHEL-19051 - Allow qatlib load kernel modules Resolves: RHEL-19051 - Allow qatlib run lspci Resolves: RHEL-19051 - Allow qatlib manage its private runtime socket files Resolves: RHEL-19051 - Allow qatlib read/write vfio devices Resolves: RHEL-19051 - Allow syslog to run unconfined scripts conditionally Resolves: RHEL-11174 - Allow syslogd_t nnp_transition to syslogd_unconfined_script_t Resolves: RHEL-11174 - Allow sendmail MTA connect to sendmail LDA Resolves: RHEL-15175 - Allow sysadm execute tcpdump in sysadm_t domain using sudo Resolves: RHEL-15432 - Allow opafm search nfs directories Resolves: RHEL-17820 - Allow mdadm list stratisd data directories Resolves: RHEL-19276 - Update cyrus_stream_connect() to use sockets in /run Resolves: RHEL-19282 - Allow collectd connect to statsd port Resolves: RHEL-21044 - Allow insights-client transition to sap unconfined domain Resolves: RHEL-21452 - Create the sap module Resolves: RHEL-21452 Zdenek Pytela 2024-01-13 00:24:21 +0100
  • 05d668a2ce Add the sap module to modules-targeted-contrib.conf Zdenek Pytela 2024-01-12 19:14:13 +0100
  • 7815a6c36b import UBI selinux-policy-3.14.3-128.el8_9.1 c8 imports/c8/selinux-policy-3.14.3-128.el8_9.1 eabdullin 2024-01-10 13:23:18 +0000
  • c2074133ec * Thu Dec 14 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.29-1 - Add init_explicit_domain() interface Resolves: RHEL-18219 - Allow dovecot_auth_t connect to postgresql using UNIX socket Resolves: RHEL-16850 - Allow keepalived_t to use sys_ptrace of cap_userns Resolves: RHEL-17156 - Make `bootc` be `install_exec_t` Resolves: RHEL-19199 - Add support for chronyd-restricted Resolves: RHEL-18219 - Label /dev/vas with vas_device_t Resolves: RHEL-17336 - Allow gpsd use /dev/gnss devices Resolves: RHEL-16676 - Allow sendmail manage its runtime files Resolves: RHEL-15175 - Add support for syslogd unconfined scripts Resolves: RHEL-11174 Juraj Marcin 2023-12-14 14:17:21 +0100
  • 575be8bea0 Add /bin = /usr/bin file context equivalency Juraj Marcin 2023-12-13 15:26:43 +0100
  • a53a4197a0 * Thu Nov 30 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.28-1 - Create interface selinux_watch_config and add it to SELinux users Resolves: RHEL-1555 - Allow winbind_rpcd_t processes access when samba_export_all_* is on Resolves: RHEL-16273 - Allow samba-dcerpcd connect to systemd_machined over a unix socket Resolves: RHEL-16273 - Allow winbind-rpcd make a TCP connection to the ldap port Resolves: RHEL-16273 - Allow sudodomain read var auth files Resolves: RHEL-16708 - Allow auditd read all domains process state Resolves: RHEL-14285 - Allow rsync read network sysctls Resolves: RHEL-14638 - Add dhcpcd bpf capability to run bpf programs Resolves: RHEL-15326 - Allow systemd-localed create Xserver config dirs Resolves: RHEL-16716 - Label /var/run/tmpfiles.d/static-nodes.conf with kmod_var_run_t Resolves: RHEL-1553 - Update sendmail policy module for opensmtpd Resolves: RHEL-15175 Juraj Marcin 2023-11-30 11:37:06 +0100
  • 4715f116ff * Tue Nov 14 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.27-1 - Remove glusterd module Resolves: RHEL-1548 - Improve default file context(None) of /var/lib/authselect/backups Resolves: RHEL-15220 - Set default file context of /var/lib/authselect/backups to <<none>> Resolves: RHEL-15220 - Create policy for afterburn Resolves: RHEL-12591 - Allow unconfined_domain_type use io_uring cmd on domain Resolves: RHEL-11792 - Add policy for coreos installer Resovles: RHEL-5164 - Add policy for nvme-stas Resolves: RHEL-1557 - Label /var/run/auditd.state as auditd_var_run_t Resolves: RHEL-14374 - Allow ntp to bind and connect to ntske port. Resolves: RHEL-15085 - Allow ip an explicit domain transition to other domains Resolves: RHEL-14246 - Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t Resolves: RHEL-14289 - Allow sssd domain transition on passkey_child execution conditionally Resolves: RHEL-14014 - Allow sssd use usb devices conditionally Resolves: RHEL-14014 - Allow kdump create and use its memfd: objects Resolves: RHEL-14413 Juraj Marcin 2023-11-14 19:35:13 +0100
  • dbd1e9f272 Remove glusterd from modules-targeted-*.conf Juraj Marcin 2023-11-14 19:25:45 +0100
  • 13b73ff37a Add afterburn to modules-targeted-contrib.conf Juraj Marcin 2023-11-14 14:03:04 +0100
  • 04adb244ee Add coreos_installer to modules-targeted-contrib.conf Zdenek Pytela 2023-10-18 11:41:18 +0200
  • eccb49870a Add nvme_stas to modules-targeted-contrib.conf Zdenek Pytela 2023-10-17 20:58:06 +0200
  • 5e3d4c805f import UBI selinux-policy-3.14.3-128.el8 imports/c8/selinux-policy-3.14.3-128.el8 eabdullin 2023-11-14 18:50:07 +0000
  • f8347e3b30 fix the sequence of script commands Milos Malik 2023-11-09 08:08:39 +0100
  • ef87d821a3 import UBI selinux-policy-38.1.23-1.el9 imports/c9/selinux-policy-38.1.23-1.el9 eabdullin 2023-11-07 11:24:37 +0000
  • bd4dd09bb0 run relevant Tier1 tests via TMT Milos Malik 2023-11-01 15:04:17 +0100
  • 78a1079d35 * Tue Oct 31 2023 Zdenek Pytela <zpytela@redhat.com> - 38.1.26-1 - Allow kdump create and use its memfd: objects Resolves: RHEL-14413 Zdenek Pytela 2023-10-31 11:17:20 +0100
  • 01fb30d35f * Fri Oct 20 2023 Zdenek Pytela <zpytela@redhat.com> - 38.1.25-1 - Add map_read map_write to kernel_prog_run_bpf Resolves: RHEL-2653 - Allow sysadm_t read nsfs files Resolves: RHEL-5146 - Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t Resolves: RHEL-14029 - Allow system_mail_t manage exim spool files and dirs Resolves: RHEL-14110 - Label /run/pcsd.socket with cluster_var_run_t Resolves: RHEL-1664 Zdenek Pytela 2023-10-20 14:55:36 +0200
  • 8f1dc2715d * Fri Sep 29 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.24-1 - Allow cupsd_t to use bpf capability Resolves: RHEL-3633 - Label /dev/gnss[0-9] with gnss_device_t Resolves: RHEL-9936 - Dontaudit rhsmcertd write memory device Resolves: RHEL-1547 Juraj Marcin 2023-09-29 16:03:24 +0200
  • dbf07eba2d Update source branches to build a new package for RHEL 9.4.0 Resolves: RHEL-1547 Juraj Marcin 2023-09-29 20:20:48 +0200
  • 64c741479f import CS selinux-policy-3.14.3-128.el8 imports/c8-beta/selinux-policy-3.14.3-128.el8 eabdullin 2023-09-27 14:11:30 +0000
  • 81fc94fa79 import CS selinux-policy-38.1.23-1.el9 imports/c9-beta/selinux-policy-38.1.23-1.el9 eabdullin 2023-09-21 20:25:40 +0000
  • fd4ae372bc import UBI selinux-policy-3.14.3-117.el8_8.3 imports/c8/selinux-policy-3.14.3-117.el8_8.3 eabdullin 2023-09-21 07:45:03 +0000
  • 973e5990a6 import UBI selinux-policy-38.1.11-2.el9_2.4 imports/c9/selinux-policy-38.1.11-2.el9_2.4 eabdullin 2023-09-12 09:43:36 +0000
  • 33abfa2432 * Fri Aug 25 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.23-1 - Allow cups-pdf connect to the system log service Resolves: rhbz#2234765 - Update policy for qatlib Resolves: rhbz#2080443 Nikola Knazekova 2023-08-25 21:11:09 +0200
  • 80c07f8e7b * Thu Aug 24 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.22-1 - Allow qatlib to modify hardware state information. Resolves: rhbz#2080443 - Update policy for fdo Resolves: rhbz#2229722 - Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file Resolves: rhbz#2223305 - Allow svirt to rw /dev/udmabuf Resolves: rhbz#2223727 - Allow keepalived watch var_run dirs Resolves: rhbz#2186759 Nikola Knazekova 2023-08-24 16:07:28 +0200
  • dfa70ba52b * Thu Aug 17 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.21-1 - Allow logrotate_t to map generic files in /etc Resolves: rhbz#2231257 - Allow insights-client manage user temporary files Resolves: rhbz#2224737 - Make insights_client_t an unconfined domain Resolves: rhbz#2225526 Nikola Knazekova 2023-08-17 16:29:24 +0200
  • d504b523d0 * Fri Aug 11 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.20-1 - Allow user_u and staff_u get attributes of non-security dirs Resolves: rhbz#2215507 - Allow cloud_init create dhclient var files and init_t manage net_conf_t Resolves: rhbz#2225418 - Allow samba-dcerpc service manage samba tmp files Resolves: rhbz#2230365 - Update samba-dcerpc policy for printing Resolves: rhbz#2230365 - Allow sysadm_t run kernel bpf programs Resolves: rhbz#2229936 - allow mon_procd_t self:cap_userns sys_ptrace Resolves: rhbz#2221986 - Remove nsplugin_role from mozilla.if Resolves: rhbz#2221251 - Allow unconfined user filetrans chrome_sandbox_home_t Resolves: rhbz#2187893 - Allow pdns name_bind and name_connect all ports Resolves: rhbz#2047945 - Allow insights-client read and write cluster tmpfs files Resolves: rhbz#2221631 - Allow ipsec read nsfs files Resolves: rhbz#2230277 - Allow upsmon execute upsmon via a helper script Resolves: rhbz#2228403 - Fix labeling for no-stub-resolv.conf Resolves: rhbz#2148390 - Add use_nfs_home_dirs boolean for mozilla_plugin Resolves: rhbz#2214298 - Change wording in /etc/selinux/config Resolves: rhbz#2143153 Nikola Knazekova 2023-08-11 18:37:49 +0200
  • f44c4567b9 Change wording in /etc/selinux/config Nikola Knazekova 2023-08-11 18:32:54 +0200
  • 32396fb0bc * Thu Aug 03 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.19-1 - Allow qatlib to read sssd public files Resolves: rhbz#2080443 - Fix location for /run/nsd Resolves: rhbz#2181600 - Allow samba-rpcd work with passwords Resolves: rhbz#2107092 - Allow rpcd_lsad setcap and use generic ptys Resolves: rhbz#2107092 - Allow gpsd,oddjob,oddjob_mkhomedir rw user domain pty Resolves: rhbz#2223305 - Allow keepalived to manage its tmp files Resolves: rhbz#2179212 - Allow nscd watch system db dirs Resolves: rhbz#2152124 Nikola Knazekova 2023-08-03 20:10:18 +0200
  • ebddc59c06 * Fri Jul 21 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.18-1 - Boolean: Allow virt_qemu_ga create ssh directory Resolves: rhbz#2181402 - Allow virt_qemu_ga_t create .ssh dir with correct label Resolves: rhbz#2181402 - Set default ports for keylime policy Resolves: RHEL-594 - Allow unconfined service inherit signal state from init Resolves: rhbz#2186233 - Allow sa-update connect to systemlog services Resolves: rhbz#2220643 - Allow sa-update manage spamc home files Resolves: rhbz#2220643 - Label only /usr/sbin/ripd and ripngd with zebra_exec_t Resolves: rhbz#2213605 - Add the files_getattr_non_auth_dirs() interface Resolves: rhbz#2076933 - Update policy for the sblim-sfcb service Resolves: rhbz#2076933 - Define equivalency for /run/systemd/generator.early Resolves: rhbz#2213516 Nikola Knazekova 2023-07-21 16:40:49 +0200
  • 4004f169e9 Define equivalency for /run/systemd/generator.early Zdenek Pytela 2023-07-13 21:41:25 +0200
  • a387b6cd18 import selinux-policy-3.14.3-117.el8_8.2 imports/c8/selinux-policy-3.14.3-117.el8_8.2 Andrew Lukoshko 2023-06-29 19:07:51 +0000
  • c639faa84e import selinux-policy-38.1.11-2.el9_2.3 imports/c9/selinux-policy-38.1.11-2.el9_2.3 Andrew Lukoshko 2023-06-29 18:54:56 +0000
  • 914941a2d8 * Thu Jun 29 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.17-1 - Add the qatlib module Resolves: rhbz#2080443 - Add the fdo module Resolves: rhbz#2026795 - Add the booth module to modules.conf Resolves: rhbz#2128833 Nikola Knazekova 2023-06-29 16:21:48 +0200
  • d02fad6b26 Add the qatlib module Zdenek Pytela 2023-06-27 15:26:02 +0200
  • 30ffa3999c Add the fdo module Zdenek Pytela 2023-06-27 15:23:13 +0200
  • 17816ad3cc Add the booth module to modules.conf Zdenek Pytela 2023-05-26 22:23:01 +0200
  • 1e0560a070 * Thu Jun 29 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.16-1 - Remove permissive from fdo Resolves: rhbz#2026795 - Add the qatlib module Resolves: rhbz#2080443 - Add the fdo module Resolves: rhbz#2026795 - Add the booth module to modules.conf Resolves: rhbz#2128833 - Add policy for FIDO Device Onboard Resolves: rhbz#2026795 - Create policy for qatlib Resolves: rhbz#2080443 - Add policy for boothd Resolves: rhbz#2128833 - Add list_dir_perms to kerberos_read_keytab Resolves: rhbz#2112729 - Allow nsd_crond_t write nsd_var_run_t & connectto nsd_t Resolves: rhbz#2209973 - Allow collectd_t read network state symlinks Resolves: rhbz#2209650 - Revert "Allow collectd_t read proc_net link files" Resolves: rhbz#2209650 - Allow insights-client execmem Resolves: rhbz#2207894 - Label udf tools with fsadm_exec_t Resolves: rhbz#2039774 Nikola Knazekova 2023-06-29 11:15:17 +0200
  • ca4271f5cc * Thu Jun 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.1.15-1 - Add fs_delete_pstore_files() interface Resolves: rhbz#2181565 - Add fs_read_pstore_files() interface Resolves: rhbz#2181565 - Allow insights-client getsession process permission Resolves: rhbz#2214581 - Allow insights-client work with pipe and socket tmp files Resolves: rhbz#2214581 - Allow insights-client map generic log files Resolves: rhbz#2214581 - Allow insights-client read unconfined service semaphores Resolves: rhbz#2214581 - Allow insights-client get quotas of all filesystems Resolves: rhbz#2214581 - Allow haproxy read hardware state information Resolves: rhbz#2164691 - Allow cupsd dbus chat with xdm Resolves: rhbz#2143641 - Allow dovecot_deliver_t create/map dovecot_spool_t dir/file Resolves: rhbz#2165863 - Add none file context for polyinstantiated tmp dirs Resolves: rhbz#2099194 - Add support for the systemd-pstore service Resolves: rhbz#2181565 - Label /dev/userfaultfd with userfaultfd_t Resolves: rhbz#2175290 - Allow collectd_t read proc_net link files Resolves: rhbz#2209650 - Label smtpd with sendmail_exec_t Resolves: rhbz#2213573 - Label msmtp and msmtpd with sendmail_exec_t Resolves: rhbz#2213573 - Allow dovecot-deliver write to the main process runtime fifo files Resolves: rhbz#2211787 - Allow subscription-manager execute ip Resolves: rhbz#2211566 - Allow ftpd read network sysctls Resolves: rhbz#2175856 Zdenek Pytela 2023-06-15 21:48:19 +0200
  • e6300e8cc0 * Fri May 26 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.14-1 - Allow firewalld rw ica_tmpfs_t files Resolves: rhbz#2207487 - Add chromium_sandbox_t setcap capability Resolves: rhbz#2187893 - Allow certmonger manage cluster library files Resolves: rhbz#2179022 - Allow wireguard to rw network sysctls Resolves: rhbz#2192154 - Label /usr/lib/systemd/system/proftpd.* & vsftpd.* with ftpd_unit_file_t Resolves: rhbz#2188173 - Allow plymouthd_t bpf capability to run bpf programs Resolves: rhbz#2184803 - Update pkcsslotd policy for sandboxing Resolves: rhbz#2209235 - Allow unconfined_service_t to create .gnupg labeled as gpg_secret_t Resolves: rhbz#2203201 Nikola Knazekova 2023-05-26 15:00:57 +0200
  • 0dcfe8ecd1 * Thu May 18 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.13-1 - Allow insights-client work with teamdctl Resolves: rhbz#2190178 - Allow virsh name_connect virt_port_t Resolves: rhzb#2187290 - Allow cupsd to create samba_var_t files Resolves: rhbz#2174445 - Allow dovecot to map files in /var/spool/dovecot Resolves: rhbz#2165863 - Add tunable to allow squid bind snmp port Resolves: rhbz#2151378 - Allow rhsmcert request the kernel to load a module Resolves: rhbz#2203359 - Allow snmpd read raw disk data Resolves: rhbz#2196528 Nikola Knazekova 2023-05-18 17:43:11 +0200
  • 5d7ac82501 import selinux-policy-3.14.3-117.el8 imports/c8/selinux-policy-3.14.3-117.el8 CentOS Sources 2023-05-16 06:23:37 +0000
  • 944dbdc144 import selinux-policy-38.1.11-2.el9_2.2 imports/c9/selinux-policy-38.1.11-2.el9_2.2 CentOS Sources 2023-05-09 10:17:42 +0000
  • e07f6f9c71 import selinux-policy-38.1.11-2.el9_2 imports/c9/selinux-policy-38.1.11-2.el9_2 CentOS Sources 2023-05-09 05:36:11 +0000
  • db469cf496 * Fri Apr 14 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.12-1 - Allow cloud-init domain transition to insights-client domain Resolves: rhbz#2162663 - Allow chronyd send a message to cloud-init over a datagram socket Resolves: rhbz#2162663 - Allow dmidecode write to cloud-init tmp files Resolves: rhbz#2162663 - Allow login_pgm setcap permission Resolves: rhbz#2174331 - Allow tshark the setsched capability Resolves: rhbz#2165634 - Allow chronyc read network sysctls Resolves: rhbz#2173604 - Allow systemd-timedated watch init runtime dir Resolves: rhbz#2175137 - Add journalctl the sys_resource capability Resolves: rhbz#2153782 - Allow system_cronjob_t transition to rpm_script_t Resolves: rhbz#2173685 - Revert "Allow system_cronjob_t domtrans to rpm_script_t" Resolves: rhbz#2173685 - Allow insights-client tcp connect to all ports Resolves: rhbz#2183083 - Allow insights-client work with su and lpstat Resolves: rhbz#2183083 - Allow insights-client manage fsadm pid files Resolves: rhbz#2183083 - Allow insights-client read all sysctls Resolves: rhbz#2183083 - Allow rabbitmq to read network sysctls Resolves: rhbz#2184999 Nikola Knazekova 2023-04-14 19:02:00 +0200
  • 1a981477e7 Update source branches to build a new package for RHEL 9.3.0 Resolves: rhbz#2174331 Nikola Knazekova 2023-04-14 18:46:41 +0200
  • 0a0f01d4b6 import selinux-policy-3.14.3-108.el8_7.2 imports/c8/selinux-policy-3.14.3-108.el8_7.2 CentOS Sources 2023-04-04 08:52:17 +0000
  • f8e06be086 import selinux-policy-38.1.8-1.el9 imports/c9-beta/selinux-policy-38.1.8-1.el9 CentOS Sources 2023-03-28 09:27:04 +0000
  • 822017147e import selinux-policy-3.14.3-117.el8 imports/c8-beta/selinux-policy-3.14.3-117.el8 CentOS Sources 2023-03-28 09:06:52 +0000
  • 2d6e758511 * Tue Mar 28 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.11-2 - rebuilt Resolves: rhbz#2172268 Nikola Knazekova 2023-03-28 14:38:51 +0200
  • 33e3d41b2a * Mon Mar 27 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.11-1 - Allow passt manage qemu pid sock files Resolves: rhbz#2172268 - Exclude passt.if from selinux-policy-devel Resolves: rhbz#2172268 Nikola Knazekova 2023-03-27 18:35:13 +0200
  • 71d7401739 Exclude passt.if from selinux-policy-devel Nikola Knazekova 2023-03-27 18:25:56 +0200
  • 2c29fc7c57 * Fri Mar 24 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.10-1 - Add support for the passt_t domain Resolves: rhbz#2172268 - Allow virtd_t and svirt_t work with passt Resolves: rhbz#2172268 - Add new interfaces in the virt module Resolves: rhbz#2172268 - Add passt interfaces defined conditionally Resolves: rhbz#2172268 Nikola Knazekova 2023-03-24 19:20:55 +0100
  • 72e4cffc96 * Thu Mar 16 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.9-1 - Boolean: allow qemu-ga manage ssh home directory Resolves: rhbz#2178612 - Allow wg load kernel modules, search debugfs dir Resolves: rhbz#2176487 Nikola Knazekova 2023-03-16 14:46:03 +0100
  • 23e0b7b99b import selinux-policy-34.1.43-1.el9_1.2 imports/c9/selinux-policy-34.1.43-1.el9_1.2 CentOS Sources 2023-02-28 07:54:31 +0000
  • 29dda2cac7 import selinux-policy-3.14.3-117.el8 imports/c8s/selinux-policy-3.14.3-117.el8 c8s CentOS Sources 2023-02-18 02:11:29 +0000
  • 6295fa58f7 * Thu Feb 16 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.8-1 - Allow svirt to map svirt_image_t char files Resolves: rhbz#2170482 - Fix opencryptoki file names in /dev/shm Resolves: rhbz#2166283 Nikola Knazekova 2023-02-16 15:18:17 +0100
  • 574fe08af1 * Wed Feb 15 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.7-1 - Allow staff_t getattr init pid chr & blk files and read krb5 Resolves: rhbz#2112729 - Allow firewalld to rw z90crypt device Resolves: rhbz#2166877 - Allow httpd work with tokens in /dev/shm Resolves: rhbz#2166283 Nikola Knazekova 2023-02-16 08:18:04 +0100
  • 4bffbbb0dc import selinux-policy-34.1.43-1.el9_1.1 imports/c9/selinux-policy-34.1.43-1.el9_1.1 CentOS Sources 2023-02-08 10:25:07 -0500
  • 948f3028ea * Thu Feb 09 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.6-1 - Allow modemmanager create hardware state information files Resolves: rhbz#2149560 - Dontaudit ftpd the execmem permission Resolves: rhbz#2164434 - Allow nm-dispatcher plugins read generic files in /proc Resolves: rhbz#2164845 - Label systemd-journald feature LogNamespace Resolves: rhbz#2124797 - Boolean: allow qemu-ga read ssh home directory Resolves: rhbz#1917024 Nikola Knazekova 2023-02-09 17:33:00 +0100
  • 067af939a4 import selinux-policy-3.14.3-115.el8 imports/c8s/selinux-policy-3.14.3-115.el8 CentOS Sources 2023-01-28 08:08:19 +0000
  • f7cdf9eba8 * Thu Jan 26 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.5-1 - Reuse tmpfs_t also for the ramfs filesystem Resolves: rhbz#2160391 - Allow systemd-resolved watch tmpfs directories Resolves: rhbz#2160391 - Allow hostname_t to read network sysctls. Resolves: rhbz#2161958 - Allow ModemManager all permissions for netlink route socket Resolves: rhbz#2149560 - Allow unconfined user filetransition for sudo log files Resolves: rhbz#2160388 - Allow sudodomain use sudo.log as a logfile Resolves: rhbz#2160388 - Allow nm-cloud-setup dispatcher plugin restart nm services Resolves: rhbz#2154414 - Allow wg to send msg to kernel, write to syslog and dbus connections Resolves: rhbz#2149452 - Allow rshim bpf cap2 and read sssd public files Resolves: rhbz#2080439 - Allow svirt request the kernel to load a module Resolves: rhbz#2144735 - Rebase selinux-policy to the latest one in rawhide Resolves: rhbz#2014606 Nikola Knazekova 2023-01-26 18:00:30 +0100
  • e64262046b import selinux-policy-3.14.3-114.el8 imports/c8s/selinux-policy-3.14.3-114.el8 CentOS Sources 2023-01-14 10:10:01 +0000
  • c4ce76dfb1 * Thu Jan 12 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.4-1 - Add lpr_roles to system_r roles Resolves: rhbz#2152150 - Allow insights client work with gluster and pcp Resolves: rhbz#2152150 - Add interfaces in domain, files, and unconfined modules Resolves: rhbz#2152150 - Label fwupdoffline and fwupd-detect-cet with fwupd_exec_t Resolves: rhbz#2152150 - Add insights additional capabilities Resolves: rhbz#2152150 - Revert "Allow insights-client run lpr and allow the proper role" Resolves: rhbz#2152150 - Allow prosody manage its runtime socket files Resolves: rhbz#2157891 - Allow syslogd read network sysctls Resolves: rhbz#2156068 - Allow NetworkManager and wpa_supplicant the bpf capability Resolves: rhbz#2137085 - Allow sysadm_t read/write ipmi devices Resolves: rhbz#2158419 - Allow wireguard to create udp sockets and read net_conf Resolves: rhbz#2149452 - Allow systemd-rfkill the bpf capability Resolves: rhbz#2149390 - Allow load_policy_t write to unallocated ttys Resolves: rhbz#2145181 - Allow winbind-rpcd manage samba_share_t files and dirs Resolves: rhbz#2150680 Nikola Knazekova 2023-01-12 16:36:53 +0100
  • 1ba21bd295 import selinux-policy-3.14.3-108.el8_7.1 imports/c8/selinux-policy-3.14.3-108.el8_7.1 CentOS Sources 2023-01-12 03:27:17 -0500
  • 8c112be2d7 import selinux-policy-3.14.3-113.el8 imports/c8s/selinux-policy-3.14.3-113.el8 CentOS Sources 2022-12-19 16:08:28 +0000
  • ff00f2a45f * Thu Dec 15 2022 Nikola Knazekova <nknazeko@redhat.com> - 38.1.3-1 - Allow stalld to read /sys/kernel/security/lockdown file Resolves: rhbz#2140673 - Allow syslog the setpcap capability Resolves: rhbz#2151841 - Allow pulseaudio to write to session_dbusd tmp socket files Resolves: rhbz#2132942 - Allow keepalived to set resource limits Resolves: rhbz#2151212 - Add policy for mptcpd Resolves: bz#1972222 - Add policy for rshim Resolves: rhbz#2080439 - Allow insights-client dbus chat with abrt Resolves: rhbz#2152166 - Allow insights-client work with pcp and manage user config files Resolves: rhbz#2152150 - Allow insights-client run lpr and allow the proper role Resolves: rhbz#2152150 - Allow insights-client tcp connect to various ports Resolves: rhbz#2152150 - Allow insights-client dbus chat with various services Resolves: rhbz#2152150 - Allow journalctl relabel with var_log_t and syslogd_var_run_t files Resolves: rhbz#2152823 Nikola Knazekova 2022-12-15 14:21:45 +0100
  • 7d36c033b1 Trim changelog so that it starts at RHEL 9 beta time Zdenek Pytela 2022-12-13 11:40:31 +0100
  • 9485470a23 import selinux-policy-3.14.3-112.el8 imports/c8s/selinux-policy-3.14.3-112.el8 CentOS Sources 2022-12-04 06:08:27 +0000
  • 81d47cf9bd * Wed Nov 30 2022 Zdenek Pytela <zpytela@redhat.com> - 38.1.2-1 - Allow insights client communicate with cupsd, mysqld, openvswitch, redis Resolves: rhbz#2124549 - Allow insights client read raw memory devices Resolves: rhbz#2124549 - Allow networkmanager_dispatcher_plugin work with nscd Resolves: rhbz#2149317 - Allow ipsec_t only read tpm devices Resolves: rhbz#2147380 - Watch_sb all file type directories. Resolves: rhbz#2139363 - Add watch and watch_sb dosfs interface Resolves: rhbz#2139363 - Revert "define lockdown class and access" Resolves: rhbz#2145266 - Allow postfix/smtpd read kerberos key table Resolves: rhbz#2145266 - Remove the lockdown class from the policy Resolves: rhbz#2145266 - Remove label for /usr/sbin/bgpd Resolves: rhbz#2145266 - Revert "refpolicy: drop unused socket security classes" Resolves: rhbz#2145266 Zdenek Pytela 2022-11-30 15:15:51 +0100
  • f1a5394bed import selinux-policy-3.14.3-111.el8 imports/c8s/selinux-policy-3.14.3-111.el8 CentOS Sources 2022-11-22 18:08:52 +0000
  • 9caf659df2 * Mon Nov 21 2022 Zdenek Pytela <zpytela@redhat.com> - 38.1.1-1 - Rebase selinux-policy to the latest one in rawhide Resolves: rhbz#2082524 Zdenek Pytela 2022-11-22 10:46:45 +0100
  • 08558d4729 Change %{_usr}/share to %{_datadir} in specfile %exclude Zdenek Pytela 2022-11-22 10:44:46 +0100
  • da2a39485f Remove "cockpit = module" from modules-targeted-contrib.conf Zdenek Pytela 2022-09-30 15:08:32 +0200
  • bd3e84d988 Add unowned dir to the macro Michael Scherer 2021-02-11 15:59:16 +0100
  • b5863057a5 Force a rebuild of policy unconditionally Zdenek Pytela 2022-01-19 13:25:07 +0100
  • 6ff7178e84 Make dependency on rpm-plugin-selinux unordered Petr Lautrbach 2022-09-07 10:38:06 +0200
  • 0901a1fa24 Add a script for enclosing interfaces in ifndef statements Vit Mojzis 2021-09-03 16:15:57 +0200
  • e7dbfb2605 Add a systemd service to check that SELinux is disabled properly Ondrej Mosnacek 2021-05-13 16:23:31 +0200
  • ee689a17c7 Disable rpm verification on interface_info Zdenek Pytela 2022-11-16 09:12:28 +0100
  • a88094d17d * Wed Nov 16 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.47-1 - Add domain_unix_read_all_semaphores() interface Resolves: rhbz#2123358 - Allow chronyd talk with unconfined user over unix domain dgram socket Resolves: rhbz#2141255 - Allow unbound connectto unix_stream_socket Resolves: rhbz#2141236 - added policy for systemd-socket-proxyd Resolves: rhbz#2141606 - Allow samba-dcerpcd use NSCD services over a unix stream socket Resolves: rhbz#2121729 - Allow insights-client unix_read all domain semaphores Resolves: rhbz#2123358 - Allow insights-client manage generic locks Resolves: rhbz#2123358 - Allow insights-client create gluster log dir with a transition Resolves: rhbz#2123358 - Allow insights-client domain transition on semanage execution Resolves: rhbz#2123358 - Disable rpm verification on interface_info Resolves: rhbz#2134515 Zdenek Pytela 2022-11-16 09:10:02 +0100
  • edb05e924a import selinux-policy-34.1.43-1.el9 imports/c9/selinux-policy-34.1.43-1.el9 CentOS Sources 2022-11-15 02:00:33 -0500
  • 2caa19eb77 import selinux-policy-3.14.3-108.el8 imports/c8/selinux-policy-3.14.3-108.el8 CentOS Sources 2022-11-08 01:54:46 -0500
  • d5d3e43046 Update source branches to build a new package for RHEL 9.2.0 Resolves: rhbz#2134827 Nikola Knazekova 2022-11-04 14:11:35 +0100
  • 9da9be36e0 * Thu Nov 03 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.45-1 - Add watch_sb interfaces Resolves: rhbz#2139363 - Add watch interfaces Resolves: rhbz#2139363 - Allow dhcpd bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow netutils and traceroute bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow pkcs_slotd_t bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow xdm bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow pcscd bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow lldpad bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow keepalived bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow ipsec bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow fprintd bpf capability to run bpf programs Resolves: rhbz#2134827 - Allow iptables list cgroup directories Resolves: rhbz#2134829 - Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files Resolves: rhbz#2042515 - Dontaudit dirsrv search filesystem sysctl directories Resolves: rhbz#2134726 Nikola Knazekova 2022-11-03 18:43:25 +0100
  • 8cb5af548e import selinux-policy-3.14.3-110.el8 imports/c8s/selinux-policy-3.14.3-110.el8 CentOS Sources 2022-10-26 10:08:44 +0000
  • 4286741250 import selinux-policy-3.14.3-109.el8 imports/c8s/selinux-policy-3.14.3-109.el8 CentOS Sources 2022-10-15 20:10:51 +0000
  • 7825dbb2e4 Thu Oct 13 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.44-1 Nikola Knazekova 2022-10-13 19:54:36 +0200
  • 30844ae27f import selinux-policy-34.1.41-1.el9 imports/c9-beta/selinux-policy-34.1.41-1.el9 CentOS Sources 2022-09-27 10:18:03 -0400
  • d39caaffc8 import selinux-policy-3.14.3-107.el8 imports/c8-beta/selinux-policy-3.14.3-107.el8 CentOS Sources 2022-09-27 16:08:29 -0400
  • 8b59b80eb1 import selinux-policy-3.14.3-108.el8 imports/c8s/selinux-policy-3.14.3-108.el8 CentOS Sources 2022-09-09 12:08:57 +0000