SELinux policy configuration
fac3fc97fa
- Allow dovecot_auth_t domain to manage also dovecot_var_run_t fifo files. BZ(1320415) - Allow colord to read /etc/udev/hwdb.bin. rhzb#1316514 - sandboxX.te: Allow sandbox domain to have entrypoint access only for executables and mountpoints. - Allow sandbox domain to have entrypoint access only for executables and mountpoints. - Allow bitlee to create bitlee_var_t dirs. - Allow CIM provider to read sssd public files. - Fix some broken interfaces in distro policy. - Allow power button to shutdown the laptop. - Allow lsm plugins to create named fixed disks. rhbz#1238066 - Allow hyperv domains to rw hyperv devices. rhbz#1241636 - Label /var/www/html(/.*)?/wp_backups(/.*)? as httpd_sys_rw_content_t. - Create conman_unconfined_script_t type for conman script stored in /use/share/conman/exec/ - Allow rsync_export_all_ro boolean to read also non_auth_dirs/files/symlinks. - Allow pmdaapache labeled as pcp_pmcd_t access to port 80 for apache diagnostics - Label nagios scripts as httpd_sys_script_exec_t. - Allow nsd_t to bind on nsf_control tcp port. Allow nsd_crond_t to read nsd pid. - Fix couple of cosmetic thing in new virtlogd_t policy. rhbz #1311576 - Merge pull request #104 from berrange/rawhide-contrib-virtlogd - Label /var/run/ecblp0 as cupsd_var_run_t due to this fifo_file is used by epson drivers. rhbz#1310336 - Dontaudit logrotate to setrlimit itself. rhbz#1309604 - Add filename transition that /etc/princap will be created with cupsd_rw_etc_t label in cups_filetrans_named_content() interface. - Allow pcp_pmie and pcp_pmlogger to read all domains state. - Allow systemd-gpt-generator to create and manage systemd gpt generator unit files. BZ(1319446) - Merge pull request #115 from rhatdan/nvidea - Label all nvidia binaries as xserver_exec_t - Add new systemd_hwdb_read_config() interface. rhbz#1316514 - Add back corecmd_read_all_executables() interface. - Call files_type() instead of file_type() for unlabeled_t. - Add files_entrypoint_all_mountpoint() interface. - Make unlabeled only as a file_type type. It is a type for fallback if there is an issue with labeling. - Add corecmd_entrypoint_all_executables() interface. - Create hyperv* devices and create rw interfaces for this devices. rhbz#1309361 - Add neverallow assertion for unlabaled_t to increase policy security. - Allow systemd-rfkill to create /var/lib/systemd/rfkill dir. rhbz#1319499 - Label 8952 tcp port as nsd_control. - Allow to log out to gdm after screen was resized in session via vdagent. Resolves: rhbz#1249020 |
||
|---|---|---|
| .gitignore | ||
| booleans-minimum.conf | ||
| booleans-mls.conf | ||
| booleans-targeted.conf | ||
| booleans.subs_dist | ||
| config.tgz | ||
| COPYING | ||
| customizable_types | ||
| docker-selinux.tgz | ||
| file_contexts.subs_dist | ||
| make-rhat-patches.sh | ||
| Makefile | ||
| Makefile.devel | ||
| manpages_html.tgz | ||
| manpages_man.tgz | ||
| modules-minimum.conf | ||
| modules-mls-base.conf | ||
| modules-mls-contrib.conf | ||
| modules-targeted-base.conf | ||
| modules-targeted-contrib.conf | ||
| modules-targeted.conf | ||
| permissivedomains.cil | ||
| policy-rawhide-base-cockpit.patch | ||
| policy-rawhide-base.patch | ||
| policy-rawhide-contrib.patch | ||
| securetty_types-minimum | ||
| securetty_types-mls | ||
| securetty_types-targeted | ||
| selinux-policy.conf | ||
| selinux-policy.spec | ||
| setrans-minimum.conf | ||
| setrans-mls.conf | ||
| setrans-targeted.conf | ||
| seusers | ||
| sources | ||
| users-minimum | ||
| users-mls | ||
| users-targeted | ||