SELinux policy configuration
dfee3bea84
- auth_use_nsswitch can call only domain not attribute - Dontaudit net_admin cap for winbind_t - Allow tlp_t domain to stream connect to system bus - Allow tomcat_t domain read pki_common_t files - Add interface pki_read_common_files() - Fix broken cermonger module - Fix broken apache module - Allow hypervkvp_t domain execute hostname - Dontaudit sssd_selinux_manager_t use of net_admin capability - Allow tomcat_t stream connect to pki_common_t - Dontaudit xguest_t's attempts to listen to its tcp_socket - Allow sssd_selinux_manager_t to ioctl init_t sockets - Improve ipa_cert_filetrans_named_content() interface to also allow caller domain manage ipa_cert_t type. - Allow pki_tomcat_t domain read /etc/passwd. - Allow tomcat_t domain read ipa_tmp_t files - Label new path for ipa-otpd - Allow radiusd_t domain stream connect to postgresql_t - Allow rhsmcertd_t to execute hostname_exec_t binaries. - Allow virtlogd to append nfs_t files when virt_use_nfs=1 - Allow httpd_t domain read also httpd_user_content_type lnk_files. - Allow httpd_t domain create /etc/httpd/alias/ipaseesion.key with label ipa_cert_t - Dontaudit <user>_gkeyringd_t stream connect to system_dbusd_t - Label /var/www/html/nextcloud/data as httpd_sys_rw_content_t - Add interface ipa_filetrans_named_content() - Allow tomcat use nsswitch - Allow certmonger_t start/status generic services - Allow dirsrv read cgroup files. - Allow ganesha_t domain read/write infiniband devices. - Allow sendmail_t domain sysctl_net_t files - Allow targetd_t domain read network state and getattr on loop_control_device_t - Allow condor_schedd_t domain send mails. - Allow ntpd to creating sockets. BZ(1434395) - Alow certmonger to create own systemd unit files. - Add kill namespace capability to xdm_t domain - Revert "su using libselinux and creating netlink_selinux socket is needed to allow libselinux initialization." - Revert "Allow <role>_su_t to create netlink_selinux_socket" - Allow <role>_su_t to create netlink_selinux_socket - Allow unconfined_t to module_load any file - Allow staff to systemctl virt server when staff_use_svirt=1 - Allow unconfined_t create /tmp/ca.p12 file with ipa_tmp_t context - Allow netutils setpcap capability - Dontaudit leaked file descriptor happening in setfiles_t domain BZ(1388124) |
||
|---|---|---|
| .gitignore | ||
| booleans-minimum.conf | ||
| booleans-mls.conf | ||
| booleans-targeted.conf | ||
| booleans.subs_dist | ||
| config.tgz | ||
| container-selinux.tgz | ||
| COPYING | ||
| customizable_types | ||
| file_contexts.subs_dist | ||
| make-rhat-patches.sh | ||
| Makefile | ||
| Makefile.devel | ||
| manpages_html.tar.gz | ||
| manpages.tar.gz | ||
| modules-minimum.conf | ||
| modules-mls-base.conf | ||
| modules-mls-contrib.conf | ||
| modules-targeted-base.conf | ||
| modules-targeted-contrib.conf | ||
| modules-targeted.conf | ||
| permissivedomains.cil | ||
| policy-rawhide-base-cockpit.patch | ||
| policy-rawhide-base.patch | ||
| policy-rawhide-contrib.patch | ||
| rpm.macros | ||
| securetty_types-minimum | ||
| securetty_types-mls | ||
| securetty_types-targeted | ||
| selinux-factory-reset | ||
| selinux-factory-reset@.service | ||
| selinux-policy.conf | ||
| selinux-policy.spec | ||
| setrans-minimum.conf | ||
| setrans-mls.conf | ||
| setrans-targeted.conf | ||
| seusers | ||
| sources | ||
| users-minimum | ||
| users-mls | ||
| users-targeted | ||