SELinux policy configuration
c0884791ad
- Allow tlp_t domain to ioctl removable devices BZ(1436830) - Allow tlp_t domain domtrans into mount_t BZ(1442571) - Allow lircd_t to read/write to sysfs BZ(1442443) - Fix policy to reflect all changes in new IPA release - Allow virtlogd_t to creating tmp files with virt_tmp_t labels. - Allow sbd_t to read/write fixed disk devices - Add sys_ptrace capability to radiusd_t domain - Allow cockpit_session_t domain connects to ssh tcp ports. - Update tomcat policy to make working ipa install process - Allow pcp_pmcd_t net_admin capability. Allow pcp_pmcd_t read net sysctls Allow system_cronjob_t create /var/run/pcp with pcp_var_run_t - Fix all AVC denials during pkispawn of CA Resolves: rhbz#1436383 - Update pki interfaces and tomcat module - Allow sendmail to search network sysctls - Add interface gssd_noatsecure() - Add interface gssproxy_noatsecure() - Allow chronyd_t net_admin capability to allow support HW timestamping. - Update tomcat policy. - Allow certmonger to start haproxy service - Fix init Module - Make groupadd_t domain as system bus client BZ(1416963) - Make useradd_t domain as system bus client BZ(1442572) - Allow xdm_t to gettattr /dev/loop-control device BZ(1385090) - Dontaudit gdm-session-worker to view key unknown. BZ(1433191) - Allow init noatsecure for gssd and gssproxy - Allow staff user to read fwupd_cache_t files - Remove typo bugs - Remove /proc <<none>> from fedora policy, it's no longer necessary |
||
|---|---|---|
| .gitignore | ||
| booleans-minimum.conf | ||
| booleans-mls.conf | ||
| booleans-targeted.conf | ||
| booleans.subs_dist | ||
| config.tgz | ||
| container-selinux.tgz | ||
| COPYING | ||
| customizable_types | ||
| file_contexts.subs_dist | ||
| make-rhat-patches.sh | ||
| Makefile | ||
| Makefile.devel | ||
| manpages_html.tar.gz | ||
| manpages.tar.gz | ||
| modules-minimum.conf | ||
| modules-mls-base.conf | ||
| modules-mls-contrib.conf | ||
| modules-targeted-base.conf | ||
| modules-targeted-contrib.conf | ||
| modules-targeted.conf | ||
| permissivedomains.cil | ||
| policy-rawhide-base-cockpit.patch | ||
| policy-rawhide-base.patch | ||
| policy-rawhide-contrib.patch | ||
| rpm.macros | ||
| securetty_types-minimum | ||
| securetty_types-mls | ||
| securetty_types-targeted | ||
| selinux-factory-reset | ||
| selinux-factory-reset@.service | ||
| selinux-policy.conf | ||
| selinux-policy.spec | ||
| setrans-minimum.conf | ||
| setrans-mls.conf | ||
| setrans-targeted.conf | ||
| seusers | ||
| sources | ||
| users-minimum | ||
| users-mls | ||
| users-targeted | ||