f1d354de29
- Add sys_ptrace capability to pcp_pmlogger_t domain BZ(1751816) - Allow gssproxy_t domain read state of all processes on system - Fix typo in cachefilesd module - Allow cachefilesd_t domain to read/write cachefiles_device_t devices - Remove setting label for /dev/cachefilesd char device from cachefilesd policy. This should be added in base policy - Add sys_admin capability for keepalived_t labeled processes - Allow user_mail_domain attribute to manage files labeled as etc_aliases_t. - Create new type ipmievd_helper_t domain for loading kernel modules. - Run stratisd service as stratisd_t - Fix abrt_upload_watch_t in abrt policy - Update keepalived policy - Update cron_role, cron_admin_role and cron_unconfined_role to avoid *_t_t types - Revert "Create admin_crontab_t and admin_crontab_tmp_t types" - Revert "Update cron_role() template to accept third parameter with SELinux domain prefix" - Allow amanda_t to manage its var lib files and read random_device_t - Create admin_crontab_t and admin_crontab_tmp_t types - Add setgid and setuid capabilities to keepalived_t domain - Update cron_role() template to accept third parameter with SELinux domain prefix - Allow psad_t domain to create tcp diag sockets BZ(1750324) - Allow systemd to mount fwupd_cache_t BZ(1750288) - Allow chronyc_t domain to append to all non_security files - Update zebra SELinux policy to make it work also with frr service - Allow rtkit_daemon_t domain set process nice value in user namespaces BZ(1750024) - Dontaudit rhsmcertd_t to write to dirs labeled as lib_t BZ(1556763) - Label /var/run/mysql as mysqld_var_run_t - Allow chronyd_t domain to manage and create chronyd_tmp_t dirs,files,sock_file objects. - Update timedatex policy to manage localization - Allow sandbox_web_type domains to sys_ptrace and sys_chroot in user namespaces - Update gnome_dontaudit_read_config - Allow devicekit_var_lib_t dirs to be created by systemd during service startup. BZ(1748997) - Allow systemd labeled as init_t domain to remount rootfs filesystem - Add interface files_remount_rootfs() - Dontaudit sys_admin capability for iptables_t SELinux domain - Label /dev/cachefilesd as cachefiles_device_t - Make stratisd policy active - Allow userdomains to dbus chat with policykit daemon - Update userdomains to pass correct parametes based on updates from cron_*_role interfaces - New interface files_append_non_security_files() - Label 2618/tcp and 2618/udp as priority_e_com_port_t - Label 2616/tcp and 2616/udp as appswitch_emp_port_t - Label 2615/tcp and 2615/udp as firepower_port_t - Label 2610/tcp and 2610/udp as versa_tek_port_t - Label 2613/tcp and 2613/udp as smntubootstrap_port_t - Label 3784/tcp and 3784/udp as bfd_control_port_t - Remove rule allowing all processes to stream connect to unconfined domains
5 lines
665 B
Plaintext
5 lines
665 B
Plaintext
SHA512 (selinux-policy-contrib-c5a8fd2.tar.gz) = 57fb899c9c7501272d9e773774b9c1dfae97274ddfcfa7698ac34c803722b51c1282bcc4b6aa35292d93ce3063395298ef3b794f191698d6b6e6b1968d376685
|
|
SHA512 (selinux-policy-3e6f5ff.tar.gz) = a5f2bfd9f6a9ad4fb857f432b02cae4b259399d1d00a807d0403bd5c4d05a9ce1c23a522c5a71c21953005ee96988cbf6a0e49cc46ba5a3be4f65d5b39cb3f9b
|
|
SHA512 (container-selinux.tgz) = 632dfadfbe4f94867194f77ef5bcd8348b08288ab943091f1def637ad826dd1e3a88f998dd0cc154c860c6cc4a8281da6759fc484bcd133424a4a5dea75ed6f8
|
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|