This website requires JavaScript.
da1accb7ff
* Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.43-1 - Update rhcd policy for executing additional commands 5 Resolves: rhbz#2119351 - Update rhcd policy for executing additional commands 4 Resolves: rhbz#2119351 - Allow rhcd create rpm hawkey logs with correct label Resolves: rhbz#2119351 - Update rhcd policy for executing additional commands 3 Resolves: rhbz#2119351 - Allow sssd to set samba setting Resolves: rhbz#2121125 - Allow journalctl read rhcd fifo files Resolves: rhbz#2119351 - Update insights-client policy for additional commands execution 5 Resolves: rhbz#2121125 - Confine insights-client systemd unit Resolves: rhbz#2121125 - Update insights-client policy for additional commands execution 4 Resolves: rhbz#2121125 - Update insights-client policy for additional commands execution 3 Resolves: rhbz#2121125 - Allow rhcd execute all executables Resolves: rhbz#2119351 - Update rhcd policy for executing additional commands 2 Resolves: rhbz#2119351 - Update insights-client policy for additional commands execution 2 Resolves: rhbz#2121125
2022-09-02 12:07:49 +0200
781039be23
* Mon Aug 29 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.42-1 - Label /var/log/rhc-worker-playbook with rhcd_var_log_t Resolves: rhbz#2119351 - Update insights-client policy (auditctl, gpg, journal) Resolves: rhbz#2107363
2022-08-29 15:12:23 +0200
91869e6a9b
import selinux-policy-3.14.3-107.el8
2022-08-27 14:19:43 +0000
d1c3472797
* Thu Aug 25 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.41-1 - Allow unconfined domains to bpf all other domains Resolves: RHBZ#2112014 - Allow stalld get and set scheduling policy of all domains. Resolves: rhbz#2105038 - Allow unconfined_t transition to targetclid_home_t Resolves: RHBZ#2106360 - Allow samba-bgqd to read a printer list Resolves: rhbz#2118977 - Allow system_dbusd ioctl kernel with a unix stream sockets Resolves: rhbz#2085392 - Allow chronyd bind UDP sockets to ptp_event ports. Resolves: RHBZ#2118631 - Update tor_bind_all_unreserved_ports interface Resolves: RHBZ#2089486 - Remove permissive domain for rhcd_t Resolves: rhbz#2119351 - Allow unconfined and sysadm users transition for /root/.gnupg Resolves: rhbz#2121125 - Add gpg_filetrans_admin_home_content() interface Resolves: rhbz#2121125 - Update rhcd policy for executing additional commands Resolves: rhbz#2119351 - Update insights-client policy for additional commands execution Resolves: rhbz#2119507 - Add rpm setattr db files macro Resolves: rhbz#2119507 - Add userdom_view_all_users_keys() interface Resolves: rhbz#2119507 - Allow gpg read and write generic pty type Resolves: rhbz#2119507 - Allow chronyc read and write generic pty type Resolves: rhbz#2119507
2022-08-25 18:10:43 +0200
0fcafaead6
Update POLICYCOREUTILSVER to 3.4-1
2022-08-25 16:08:42 +0200
cd23a37542
import selinux-policy-3.14.3-95.el8_6.4
2022-08-24 04:17:53 -0400
7c6344649f
import selinux-policy-34.1.29-1.el9_0.2
2022-08-24 04:17:33 -0400
58f4ff021b
import selinux-policy-3.14.3-106.el8
2022-08-16 02:10:34 +0000
48cb3e3e93
* Wed Aug 10 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.40-1 - Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd Resolves: RHBZ#2088257 - Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t Resolves: RHBZ#1976684 - Allow samba-bgqd get a printer list Resolves: rhbz#2112395 - Allow networkmanager to signal unconfined process Resolves: RHBZ#2074414 - Update NetworkManager-dispatcher policy Resolves: RHBZ#2101910 - Allow openvswitch search tracefs dirs Resolves: rhbz#1988164 - Allow openvswitch use its private tmpfs files and dirs Resolves: rhbz#1988164 - Allow openvswitch fsetid capability Resolves: rhbz#1988164
2022-08-10 17:49:53 +0200
f4a8d98cf7
import selinux-policy-3.14.3-105.el8
2022-08-02 22:11:05 +0000
3bda17335b
* Tue Aug 02 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.39-1 - Add support for systemd-network-generator Resolves: RHBZ#2111069 - Allow systemd work with install_t unix stream sockets Resolves: rhbz#2111206 - Allow sa-update to get init status and start systemd files Resolves: RHBZ#2061844
2022-08-02 22:59:23 +0200
10566bff3f
import selinux-policy-3.14.3-95.el8_6.1
2022-08-02 03:02:37 -0400
91720b42e6
* Fri Jul 15 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.38-1 - Allow some domains use sd_notify() Resolves: rhbz#2056565 - Revert "Allow rabbitmq to use systemd notify" Resolves: rhbz#2056565 - Update winbind_rpcd_t Resolves: rhbz#2102084 - Update chronyd_pid_filetrans() to allow create dirs Resolves: rhbz#2101910 - Allow keepalived read the contents of the sysfs filesystem Resolves: rhbz#2098130 - Define LIBSEPOL version 3.4-1 Resolves: rhbz#2095688
2022-07-15 16:05:08 +0200
1478384cd2
Define LIBSEPOL version 3.4-1
2022-07-15 09:46:27 +0200
06f68b9a6f
import selinux-policy-3.14.3-104.el8
2022-07-02 00:14:11 +0000
ab0fff6428
* Wed Jun 29 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.37-1 - Allow targetclid read /var/target files Resolves: rhbz#2020169 - Update samba-dcerpcd policy for kerberos usage 2 Resolves: rhbz#2096521 - Allow samba-dcerpcd work with sssd Resolves: rhbz#2096521 - Allow stalld set scheduling policy of kernel threads Resolves: rhbz#2102224
2022-06-29 16:10:16 +0200
8d1d780d0b
* Tue Jun 28 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.36-1 - Allow targetclid read generic SSL certificates (fixed) Resolves: rhbz#2020169 - Fix file context pattern for /var/target Resolves: rhbz#2020169 - Use insights_client_etc_t in insights_search_config() Resolves: rhbz#1965013
2022-06-28 19:30:35 +0200
64a29f1839
* Fri Jun 24 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.35-1 -Add the corecmd_watch_bin_dirs() interface Resolves: rhbz#1965013 - Update rhcd policy Resolves: rhbz#1965013 - Allow rhcd search insights configuration directories Resolves: rhbz#1965013 - Add the kernel_read_proc_files() interface Resolves: rhbz#1965013 - Update insights_client_filetrans_named_content() Resolves: rhbz#2081425 - Allow transition to insights_client named content Resolves: rhbz#2081425 - Add the insights_client_filetrans_named_content() interface Resolves: rhbz#2081425 - Update policy for insights-client to run additional commands 3 Resolves: rhbz#2081425 - Allow insights-client execute its private memfd: objects Resolves: rhbz#2081425 - Update policy for insights-client to run additional commands 2 Resolves: rhbz#2081425 - Use insights_client_tmp_t instead of insights_client_var_tmp_t Resolves: rhbz#2081425 - Change space indentation to tab in insights-client Resolves: rhbz#2081425 - Use socket permissions sets in insights-client Resolves: rhbz#2081425 - Update policy for insights-client to run additional commands Resolves: rhbz#2081425 - Allow init_t to rw insights_client unnamed pipe Resolves: rhbz#2081425 - Fix insights client Resolves: rhbz#2081425 - Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling Resolves: rhbz#2081425 - Do not let system_cronjob_t create redhat-access-insights.log with var_log_t Resolves: rhbz#2081425 - Allow stalld get scheduling policy of kernel threads Resolves: rhbz#2096776 - Update samba-dcerpcd policy for kerberos usage Resolves: rhbz#2096521 - Allow winbind_rpcd_t connect to self over a unix_stream_socket Resolves: rhbz#2096255 - Allow dlm_controld send a null signal to a cluster daemon Resolves: rhbz#2095884 - Allow dhclient manage pid files used by chronyd The chronyd_manage_pid_files() interface was added. - Resolves: rhbz#2094155 Allow install_t nnp_domtrans to setfiles_mac_t - Resolves: rhbz#2073010 - Allow rabbitmq to use systemd notify Resolves: rhbz#2056565 - Allow ksmctl create hardware state information files Resolves: rhbz#2021131 - Label /var/target with targetd_var_t Resolves: rhbz#2020169 - Allow targetclid read generic SSL certificates Resolves: rhbz#2020169
2022-06-24 23:20:46 +0200
cec5ade880
import selinux-policy-3.14.3-100.el8
2022-06-11 10:09:05 +0000
14f9935fa0
* Thu Jun 09 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.34-1 - Allow stalld setsched and sys_nice Resolves: rhbz#2092864 - Allow rhsmcertd to create cache file in /var/cache/cloud-what Resolves: rhbz#2092333 - Update policy for samba-dcerpcd Resolves: rhbz#2083509 - Add support for samba-dcerpcd Resolves: rhbz#2083509 - Allow rabbitmq to access its private memfd: objects Resolves: rhbz#2056565 - Confine targetcli Resolves: rhbz#2020169 - Add policy for wireguard Resolves: 1964862 - Label /var/cache/insights with insights_client_cache_t Resolves: rhbz#2062136 - Allow ctdbd nlmsg_read on netlink_tcpdiag_socket Resolves: rhbz#2094489 - Allow auditd_t noatsecure for a transition to audisp_remote_t Resolves: rhbz#2081907
2022-06-09 16:26:59 +0200
1cc1f4ddfc
Connect triggerin to pcre2 instead of pcre
2021-10-18 14:44:42 +0200
e59ad3159d
Add wireguard module to modules-targeted-contrib.conf
2022-06-09 16:01:15 +0200
f4e876e432
import selinux-policy-3.14.3-99.el8
2022-05-30 20:09:51 +0000
b3c14aca87
* Fri May 27 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.33-1 - Allow insights-client manage gpg admin home content Resolves: rhbz#2062136 - Add the gpg_manage_admin_home_content() interface Resolves: rhbz#2062136 - Add rhcd policy Resolves: bz#1965013 - Allow svirt connectto virtlogd Resolves: rhbz#2000881 - Add ksm service to ksmtuned Resolves: rhbz#2021131 - Allow nm-privhelper setsched permission and send system logs Resolves: rhbz#2053639 - Update the policy for systemd-journal-upload Resolves: rhbz#2085369 - Allow systemd-journal-upload watch logs and journal Resolves: rhbz#2085369 - Create a policy for systemd-journal-upload Resolves: rhbz#2085369 - Allow insights-client create and use unix_dgram_socket Resolves: rhbz#2087765 - Allow insights-client search gconf homedir Resolves: rhbz#2087765
2022-05-27 17:03:29 +0200
7b45c2b424
Add rhcd module to modules-targeted-contrib.conf
2022-05-27 16:58:53 +0200
6f5dd4b697
import selinux-policy-34.1.29-1.el9_0
2022-05-17 06:24:44 -0400
29a520ae24
* Wed May 11 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.32-1
2022-05-11 20:55:03 +0200
527e11b6c8
Users have to be generated is policy/users to make 3.4 userspace happy
2022-04-14 13:53:53 +0200
2726dc48f2
import selinux-policy-3.14.3-95.el8
2022-05-10 03:13:52 -0400
1f963fdee4
import selinux-policy-3.14.3-98.el8
2022-05-07 12:08:42 +0000
5fd82ec867
* Wed May 04 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.31-2 - Remove letter v from version Related: rhbz#2061680
2022-05-04 10:27:22 +0200
e67d11e38d
Mon May 02 2022 Nikola Knazekova <nknazeko@redhat.com> - v34.1.31-1
2022-05-02 14:19:14 +0200
637873d5ad
Add stalld module to modules-targeted-contrib.conf
2022-05-02 14:10:20 +0200
d5d18f13f7
Exclude container.if from selinux-policy-devel The container-selinux has been separated from selinux-policy, but selinux-policy still contains the interface in selinux-policy-devel subpackage, which can result in errors like
2022-05-02 13:59:29 +0200
c4a5cce598
import selinux-policy-3.14.3-97.el8
2022-04-30 08:11:18 +0000
98a41b6a2c
* Tue Apr 19 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.30-2 - Update source branches to build a new package for RHEL 9.1.0 Resolves: rhbz#2070982
2022-04-19 17:39:29 +0200
5d8c009a98
Tue Apr 12 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.30-1
2022-04-12 13:22:32 +0200
0bd517d749
import selinux-policy-3.14.3-96.el8
2022-04-13 04:08:55 +0000
d16a3024e0
* Thu Mar 31 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.29-1 - Allow qemu-kvm create and use netlink rdma sockets Resolves: rhbz#2070569 - Label corosync-cfgtool with cluster_exec_t Resolves: rhbz#2067501
2022-03-31 19:38:05 +0200
ac95e7125b
import selinux-policy-34.1.28-1.el9_0
2022-04-05 07:02:16 -0400
cab4d847c2
* Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.28-1 - Allow logrotate a domain transition to cluster administrative domain Resolves: rhbz#2061277 - Change the selinuxuser_execstack boolean value to true Resolves: rhbz#2064274
2022-03-24 15:56:48 +0100
d0c8cc2186
Change the selinuxuser_execstack boolean value to true
2022-03-24 15:22:33 +0100
6c178f644a
import selinux-policy-3.14.3-93.el8
2022-03-29 14:10:06 -0400
3058c67a35
import selinux-policy-3.14.3-95.el8
2022-03-26 12:14:14 +0000
d329b24f22
import selinux-policy-3.14.3-94.el8
2022-03-11 22:12:25 +0000
842d9c9cdb
import selinux-policy-34.1.26-1.el9
2022-03-01 08:15:03 -0500
6b1418ae16
import selinux-policy-3.14.3-93.el8
2022-02-27 05:26:39 +0000
f60c51e134
* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.27-1 - Allow ModemManager connect to the unconfined user domain Resolves: rhbz#2000196 - Label /dev/wwan.+ with modem_manager_t Resolves: rhbz#2000196 - Allow systemd-coredump userns capabilities and root mounton Resolves: rhbz#2057435 - Allow systemd-coredump read and write usermodehelper state Resolves: rhbz#2057435 - Allow sysadm_passwd_t to relabel passwd and group files Resolves: rhbz#2053458 - Allow systemd-sysctl read the security state information Resolves: rhbz#2056999 - Remove unnecessary /etc file transitions for insights-client Resolves: rhbz#2055823 - Label all content in /var/lib/insights with insights_client_var_lib_t Resolves: rhbz#2055823 - Update insights-client policy Resolves: rhbz#2055823 - Update insights-client: fc pattern, motd, writing to etc Resolves: rhbz#2055823 - Update specfile to buildrequire policycoreutils-devel >= 3.3-5 - Add modules_checksum to %files
2022-02-24 12:24:53 +0100
2cdf9ca305
import selinux-policy-3.14.3-92.el8
2022-02-23 14:25:13 +0000
8a1fd2d0a4
* Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.26-1 - Remove permissive domain for insights_client_t Resolves: rhbz#2055823 - New policy for insight-client Resolves: rhbz#2055823 - Allow confined sysadmin to use tool vipw Resolves: rhbz#2053458 - Allow chage domtrans to sssd Resolves: rhbz#2054657 - Remove label for /usr/sbin/bgpd Resolves: rhbz#2055578 - Dontaudit pkcsslotd sys_admin capability Resolves: rhbz#2055639 - Do not change selinuxuser_execmod and selinuxuser_execstack Resolves: rhbz#2055822 - Allow tuned to read rhsmcertd config files Resolves: rhbz#2055823
2022-02-17 22:06:31 +0100
d5bb233ea2
Do not change selinuxuser_execmod and selinuxuser_execstack
2022-02-17 22:02:29 +0100
be2e9e731d
Add the insights_client module
2022-02-17 22:02:02 +0100
34edc3e97a
* Mon Feb 14 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.25-1 - Allow systemd watch unallocated ttys Resolves: rhbz#2054150 - Allow alsa bind mixer controls to led triggers Resolves: rhbz#2049732 - Allow alsactl set group Process ID of a process Resolves: rhbz#2049732 - Allow unconfined to run virtd bpf Resolves: rhbz#2033504
2022-02-14 15:33:14 +0100
7ea9c9ad66
import selinux-policy-3.14.3-91.el8
2022-02-11 05:32:48 +0000
93570f083c
* Fri Feb 04 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.24-1 - Allow tumblerd write to session_dbusd tmp socket files Resolves: rhbz#2000039 - Allow login_userdomain write to session_dbusd tmp socket files Resolves: rhbz#2000039 - Allow login_userdomain create session_dbusd tmp socket files Resolves: rhbz#2000039 - Allow gkeyringd_domain write to session_dbusd tmp socket files Resolves: rhbz#2000039 - Allow systemd-logind delete session_dbusd tmp socket files Resolves: rhbz#2000039 - Allow gdm-x-session write to session dbus tmp sock files Resolves: rhbz#2000039 - Allow sysadm_t nnp_domtrans to systemd_tmpfiles_t Resolves: rhbz#2039453 - Label exFAT utilities at /usr/sbin Resolves: rhbz#1972225
2022-02-04 17:43:05 +0100
4d21d7d728
* Wed Feb 02 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.23-1 - Allow systemd nnp_transition to login_userdomain Resolves: rhbz#2039453 - Label /var/run/user/%{USERID}/dbus with session_dbusd_tmp_t Resolves: rhbz#2000039 - Change /run/user/[0-9]+ to /run/user/%{USERID} for proper labeling Resolves: rhbz#2000039 - Allow scripts to enter LUKS password Resolves: rhbz#2048521 - Allow system_mail_t read inherited apache system content rw files Resolves: rhbz#2049372 - Add apache_read_inherited_sys_content_rw_files() interface Related: rhbz#2049372 - Allow sanlock get attributes of filesystems with extended attributes Resolves: rhbz#2047811 - Associate stratisd_data_t with device filesystem Resolves: rhbz#2039974 - Allow init read stratis data symlinks Resolves: rhbz#2039974 - Label /run/stratisd with stratisd_var_run_t Resolves: rhbz#2039974 - Allow domtrans to sssd_t and role access to sssd Resolves: rhbz#2039757 - Creating interface sssd_run_sssd() Resolves: rhbz#2039757 - Fix badly indented used interfaces Resolves: rhbz#2039757 - Allow domain transition to sssd_t Resolves: rhbz#2039757 - Label /dev/nvme-fabrics with fixed_disk_device_t Resolves: rhbz#2039759 - Allow local_login_t nnp_transition to login_userdomain Resolves: rhbz#2039453 - Allow xdm_t nnp_transition to login_userdomain Resolves: rhbz#2039453 - Make cupsd_lpd_t a daemon Resolves: rhbz#2039449 - Label utilities for exFAT filesystems with fsadm_exec_t Resolves: rhbz#1972225 - Dontaudit sfcbd sys_ptrace cap_userns Resolves: rhbz#2040311
2022-02-02 20:25:06 +0100
aa60c4739e
import selinux-policy-34.1.22-1.el9
2022-02-01 13:18:34 -0500
a6acbb622f
import selinux-policy-3.14.3-89.el8
2022-01-28 04:21:25 +0000
ef40c9474b
import selinux-policy-3.14.3-88.el8
2022-01-27 05:04:42 +0000
df436d0ce3
import selinux-policy-34.1.20-1.el9
2022-01-11 13:19:15 -0500
c264d943f0
* Tue Jan 11 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.22-1 - Allow sshd read filesystem sysctl files Resolves: rhbz#2036585 - Revert "Allow sshd read sysctl files" Resolves: rhbz#2036585
2022-01-11 16:16:07 +0100
38bdf8abba
* Mon Jan 10 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.21-1 - Remove the lockdown class from the policy Resolves: rhbz#2017848 - Revert "define lockdown class and access" Resolves: rhbz#2017848 - Allow gssproxy access to various system files. Resolves: rhbz#2026974 - Allow gssproxy read, write, and map ica tmpfs files Resolves: rhbz#2026974 - Allow gssproxy read and write z90crypt device Resolves: rhbz#2026974 - Allow sssd_kcm read and write z90crypt device Resolves: rhbz#2026974 - Allow abrt_domain read and write z90crypt device Resolves: rhbz#2026974 - Allow NetworkManager read and write z90crypt device Resolves: rhbz#2026974 - Allow smbcontrol read the network state information Resolves: rhbz#2038157 - Allow virt_domain map vhost devices Resolves: rhbz#2035702 - Allow fcoemon request the kernel to load a module Resolves: rhbz#2034463 - Allow lldpd connect to snmpd with a unix domain stream socket Resolves: rhbz#2033315 - Allow ModemManager create a qipcrtr socket Resolves: rhbz#2036582 - Allow ModemManager request to load a kernel module Resolves: rhbz#2036582 - Allow sshd read sysctl files Resolves: rhbz#2036585
2022-01-10 21:09:15 +0100
1a9ce8c7b6
import selinux-policy-3.14.3-86.el8
2022-01-05 04:20:39 +0000
78bb608bb7
import selinux-policy-3.14.3-80.el8_5.2
2021-12-16 04:38:46 -0500
6bc3bd6ac4
* Wed Dec 15 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.20-1 - Allow dnsmasq watch /etc/dnsmasq.d directories Resolves: rhbz#2029866 - Label /usr/lib/pcs/pcs_snmp_agent with cluster_exec_t Resolves: rhbz#2029316 - Allow lldpd use an snmp subagent over a tcp socket Resolves: rhbz#2028561 - Allow smbcontrol use additional socket types Resolves: rhbz#2027751 - Add write permisson to userfaultfd_anon_inode_perms Resolves: rhbz#2027660 - Allow xdm_t watch generic directories in /lib Resolves: rhbz#1960010 - Allow xdm_t watch fonts directories Resolves: rhbz#1960010 - Label /dev/ngXnY and /dev/nvme-subsysX with fixed_disk_device_t Resolves: rhbz#2027994 - Add hwtracing_device_t type for hardware-level tracing and debugging Resolves: rhbz#2029392 - Change dev_getattr_infiniband_dev() to use getattr_chr_files_pattern() Resolves: rhbz#2028791 - Allow arpwatch get attributes of infiniband_device_t devices Resolves: rhbz#2028791 - Allow tcpdump and nmap get attributes of infiniband_device_t Resolves: rhbz#2028791
2021-12-15 17:27:25 +0100
0cd1ddb1a9
import selinux-policy-34.1.18-1.el9
2021-12-07 13:59:00 -0500
5da303c3e2
import selinux-policy-34.1.16-1.el9_b
2021-11-03 20:48:28 -0400
9b13d2bd84
import selinux-policy-3.14.3-85.el8
2021-12-09 04:20:51 +0000
364d6b7216
import selinux-policy-3.14.3-84.el8
2021-12-04 06:57:24 +0000
470eea63e8
* Mon Nov 29 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.19-1 - Allow redis get attributes of filesystems with extended attributes Resolves: rhbz#2014611 - Allow dirsrv read slapd tmpfs files Resolves: rhbz#2015928 - Revert "Label /dev/shm/dirsrv/ with dirsrv_tmpfs_t label" Resolves: rhbz#2015928 - Allow login_userdomain open/read/map system journal Resolves: rhbz#2017838 - Allow login_userdomain read and map /var/lib/systemd files Resolves: rhbz#2017838 - Allow nftables read NetworkManager unnamed pipes Resolves: rhbz#2023456 - Allow xdm watch generic directories in /var/lib Resolves: rhbz#1960010 - Allow xdm_t watch generic pid directories Resolves: rhbz#1960010
2021-11-29 15:31:44 +0100
df4c557eb7
import selinux-policy-3.14.3-83.el8
2021-11-12 04:22:54 +0000
2523996829
import selinux-policy-3.14.3-80.el8
2021-11-09 05:06:27 -0500
89586f9eb1
* Mon Nov 01 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.18-1 - Allow fetchmail search cgroup directories Resolves: rhbz#2015118 - Add the auth_read_passwd_file() interface Resolves: rhbz#2014611 - Allow redis-sentinel execute a notification script Resolves: rhbz#2014611 - Support new PING_CHECK health checker in keepalived Resolves: rhbz#2014423
2021-11-01 11:51:58 +0100
46cf579c12
import selinux-policy-3.14.3-82.el8
2021-10-26 12:23:16 +0000
99baee805d
import selinux-policy-3.14.3-81.el8
2021-10-15 16:38:21 +0000
16d5820b15
* Thu Oct 14 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.17-1 - Label /usr/sbin/virtproxyd as virtd_exec_t Resolves: rhbz#2002143 - Allow at-spi-bus-launcher read and map xdm pid files Resolves: rhbz#2011772 - Remove references to init_watch_path_type attribute Resolves: rhbz#2007960 - Remove all redundant watch permissions for systemd Resolves: rhbz#2007960 - Allow systemd watch non_security_file_type dirs, files, lnk_files Resolves: rhbz#2007960 - Allow systemd-resolved watch /run/systemd Resolves: rhbz#1992461 - Allow sssd watch /run/systemd Resolves: rhbz#1992461
2021-10-14 09:34:25 +0200
410c78c03b
import selinux-policy-3.14.3-79.el8
2021-10-06 07:17:05 -0400
dca2cf68db
import selinux-policy-3.14.3-65.el8
2021-03-30 15:41:57 -0400
e479b42144
import selinux-policy-3.14.3-48.el8
2020-07-28 08:31:06 -0400
34aba96502
import selinux-policy-3.14.3-30.el8
2020-01-21 14:59:04 -0500
c3537309fd
import selinux-policy-3.14.3-9.el8
2019-07-31 20:50:49 -0400
5ad9abab43
* Thu Sep 23 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.16-1 - Allow fprintd install a sleep delay inhibitor Resolves: rhbz#1999537 - Update mount_manage_pid_files() to use manage_files_pattern Resolves: rhbz#1999997 - Allow gnome at-spi processes create and use stream sockets Resolves: rhbz#2004885 - Allow haproxy list the sysfs directories content Resolves: rhbz#1986823 - Allow virtlogd_t read process state of user domains Resolves: rhbz#1994592 - Support hitless reloads feature in haproxy Resolves: rhbz#1997182 - Allow firewalld load kernel modules Resolves: rhbz#1999152 - Allow communication between at-spi and gdm processes Resolves: rhbz#2003037
2021-09-23 20:42:44 +0200
c024fd84d4
Remove "ipa = module" from modules-targeted-contrib.conf
2021-09-23 20:21:36 +0200
48b808b710
import selinux-policy-3.14.3-80.el8
2021-09-21 04:20:49 +0000
8130e1f80f
import selinux-policy-3.14.3-67.el8_4.2
2021-09-21 03:15:49 -0400
01c784bc42
import selinux-policy-3.14.3-79.el8
2021-08-31 06:19:01 +0000
8dd2fca76e
import selinux-policy-3.14.3-78.el8
2021-08-25 18:19:23 +0000
4c08b05cb2
import selinux-policy-3.14.3-77.el8
2021-08-24 22:42:18 +0000
5550a28ea8
import selinux-policy-3.14.3-76.el8
2021-08-12 04:22:23 +0000
dcedb58659
import selinux-policy-3.14.3-75.el8
2021-07-30 04:21:34 +0000
6709cac2df
import selinux-policy-3.14.3-67.el8_4.1
2021-08-10 07:57:46 -0400
2c272bbe31
import selinux-policy-3.14.3-67.el8
2021-05-18 02:37:22 -0400
3a97f77985
import selinux-policy-3.14.3-54.el8_3.4
2021-04-26 06:30:45 -0400
1923aa9cbf
import selinux-policy-3.14.3-54.el8_3.3
2021-04-06 09:35:49 -0400
ccc3a73eb9
import selinux-policy-3.14.3-54.el8_3.2
2021-02-01 18:03:58 -0500
ddedf0d0b5
* Mon Aug 30 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.15-1 - Update ica_filetrans_named_content() with create_file_perms Resolves: rhbz#1976180 - Allow various domains work with ICA crypto accelerator Resolves: rhbz#1976180 - Add ica module Resolves: rhbz#1976180 - Revert "Support using ICA crypto accelerator on s390x arch" Resolves: rhbz#1976180 - Fix the gnome_atspi_domtrans() interface summary Resolves: rhbz#1972655 - Add support for at-spi Resolves: rhbz#1972655 - Add permissions for system dbus processes Resolves: rhbz#1972655 - Allow /tmp file transition for dbus-daemon also for sock_file Resolves: rhbz#1972655
2021-08-30 16:11:20 +0200
b42446e02d
* Wed Aug 25 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.14-1 - Support using ICA crypto accelerator on s390x arch Resolves: rhbz#1976180 - Allow systemd delete /run/systemd/default-hostname Resolves: rhbz#1978507 - Label /usr/bin/Xwayland with xserver_exec_t Resolves: rhbz#1993151 - Label /usr/libexec/gdm-runtime-config with xdm_exec_t Resolves: rhbz#1993151 - Allow tcpdump read system state information in /proc Resolves: rhbz#1972577 - Allow firewalld drop capabilities Resolves: rhbz#1989641
2021-08-25 18:48:38 +0200
cf60736fb6
* Thu Aug 12 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.13-1 - Add "/" at the beginning of dev/shm/var\.lib\.opencryptoki.* regexp Resolves: rhbz#1977915 - Set default file context for /sys/firmware/efi/efivars Resolves: rhbz#1972372 - Allow tcpdump run as a systemd service Resolves: rhbz#1972577 - Allow nmap create and use netlink generic socket Resolves: rhbz#1985212 - Allow nscd watch system db files in /var/db Resolves: rhbz#1989416 - Allow systemd-gpt-auto-generator read udev pid files Resolves: rhbz#1992638
2021-08-12 16:15:32 +0200
991febef9c
* Tue Aug 10 2021 Zdenek Pytela <zpytela@redhat.com> - 34.1.12-1 - Revert "update libs_filetrans_named_content() to have support for /usr/lib/debug directory" Resolves: rhbz#1990813 - Label /dev/crypto/nx-gzip with accelerator_device_t Resolves: rhbz#1973953 - Label /usr/bin/qemu-storage-daemon with virtd_exec_t Resolves: rhbz#1977245 - Allow systemd-machined stop generic service units Resolves: rhbz#1979522 - Label /.k5identity file allow read of this file to rpc.gssd Resolves: rhbz#1980610
2021-08-10 16:28:03 +0200
57b195c83b
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
2021-08-10 00:49:40 +0000
Zdenek Pytela
CentOS Sources
Nikola Knazekova
Petr Lautrbach
Mohan Boddu