Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: selinux-policy-sandbox | Distribution: Fedora Project |
Version: 37.23 | Vendor: Fedora Project |
Release: 1.fc37 | Build date: Wed Oct 18 09:58:57 2023 |
Group: Unspecified | Build host: buildvm-ppc64le-19.iad2.fedoraproject.org |
Size: 87263 | Source RPM: selinux-policy-37.23-1.fc37.src.rpm |
Packager: Fedora Project | |
Url: https://github.com/fedora-selinux/selinux-policy | |
Summary: SELinux sandbox policy |
SELinux sandbox policy for use with the sandbox utility.
GPLv2+
* Tue Oct 17 2023 Zdenek Pytela <zpytela@redhat.com> - 37.23-1 - Allow apcupsd cgi scripts read /sys - Allow named and ndc the io_uring sqpoll permission - Allow sssd io_uring sqpoll permission * Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 37.22-1 - Allow exim read network sysctls - Allow kernel to manage its own BPF objects - Allow plymouthd read/write X server miscellaneous devices - Allow blueman send general signals to unprivileged user domains - Allow logwatch_mail_t read network sysctls * Mon May 15 2023 Zdenek Pytela <zpytela@redhat.com> - 37.21-2 - Trim changelog so that it starts at F36 time * Mon May 15 2023 Zdenek Pytela <zpytela@redhat.com> - 37.21-1 - Allow rpmdb_migrate execute rpmdb - Allow logrotate dbus chat with systemd-hostnamed - Allow modemmanager create hardware state information files - Allow ModemManager all permissions for netlink route socket - Add journalctl the sys_resource capability * Wed Apr 26 2023 Zdenek Pytela <zpytela@redhat.com> - 37.20-1 - Allow mongodb read filesystem sysctls - Allow mongodb read network sysctls - Allow blueman watch generic device dirs - Allow nm-dispatcher tlp plugin create tlp dirs - Allow systemd-coredump mounton /usr - Allow system_cronjob_t transition to rpm_script_t - Revert "Allow system_cronjob_t domtrans to rpm_script_t" - Allow systemd-resolved send a datagram to journald * Fri Feb 03 2023 Zdenek Pytela <zpytela@redhat.com> - 37.19-1 - Allow systemd-userdbd the sys_resource capability - Additional support for rpmdb_migrate - Allow nm-cloud-setup dispatcher plugin restart nm services - Dontaudit ftpd the execmem permission - Allow icecast rename its log files - Allow systemd-rfkill the bpf capability * Mon Jan 16 2023 Zdenek Pytela <zpytela@redhat.com> - 37.18-1 - Allow apcupsd dbus chat with systemd-logind - Allow nut_domain manage also files and sock_files in /var/run - Label /usr/lib/rpm/rpmdb_migrate with rpmdb_exec_t - Allow tlp read generic SSL certificates - Allow systemd-resolved watch tmpfs directories - Revert "Allow systemd-resolved watch tmpfs directories" - Allow stalld to read /sys/kernel/security/lockdown file * Mon Dec 19 2022 Zdenek Pytela <zpytela@redhat.com> - 37.17-1 - Allow gpsd the sys_ptrace userns capability - Introduce gpsd_tmp_t for sockfiles managed by gpsd_t - Allow ndc read hardware state information - Allow journalctl relabel with var_log_t and syslogd_var_run_t files - Allow systemd-resolved watch tmpfs directories - Allow systemd-timedated watch init runtime dir - donaudit virtlogd and dnsmasq execmem - Do not run restorecon /etc/NetworkManager/dispatcher.d in targeted - Trim changelog so that it starts at F35 time * Tue Dec 06 2022 Zdenek Pytela <zpytela@redhat.com> - 37.16-1 - Reuse tmpfs_t also for the ramfs filesystem - Allow spamc read hardware state information files - Dontaudit systemd-gpt-generator the sys_admin capability - Allow syslogd read network sysctls * Wed Nov 23 2022 Zdenek Pytela <zpytela@redhat.com> - 37.15-1 - Revert "Allow sysadm_t read raw memory devices" - Allow systemd-socket-proxyd get attributes of cgroup filesystems - Allow rpc.gssd read network sysctls - Allow winbind-rpcd get attributes of device and pty filesystems - Allow insights-client domain transition on semanage execution - Allow insights-client create gluster log dir with a transition - Allow insights-client manage generic locks - Allow insights-client unix_read all domain semaphores - Add domain_unix_read_all_semaphores() interface - Allow winbind-rpcd use the terminal multiplexor - Allow mrtg send mails - Allow systemd-hostnamed dbus chat with init scripts - Allow sssd dbus chat with system cronjobs - Add interface to watch all filesystems - Add watch_sb interfaces - Add watch interfaces - Allow dhcpd bpf capability to run bpf programs - Allow netutils and traceroute bpf capability to run bpf programs - Allow pkcs_slotd_t bpf capability to run bpf programs - Allow xdm bpf capability to run bpf programs - Allow pcscd bpf capability to run bpf programs - Allow lldpad bpf capability to run bpf programs - Allow keepalived bpf capability to run bpf programs - Allow ipsec bpf capability to run bpf programs - Allow fprintd bpf capability to run bpf programs - Allow systemd-socket-proxyd get filesystems attributes - Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files * Tue Nov 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.14-1 - Allow systemd-gpt-generator raw write to a fixed disk - Allow rotatelogs read httpd_log_t symlinks - Add winbind-rpcd to samba_enable_home_dirs boolean - Allow system cronjobs dbus chat with setroubleshoot - Allow setroubleshootd read device sysctls - Allow virt_domain read device sysctls - Allow rhcd compute selinux access vector - Allow insights-client manage samba var dirs - Label ports 10161-10162 tcp/udp with snmp - Allow aide to connect to systemd_machined with a unix socket. - Allow samba-dcerpcd use NSCD services over a unix stream socket - Allow vlock search the contents of the /dev/pts directory - Allow insights-client send null signal to rpm and system cronjob - Label port 15354/tcp and 15354/udp with opendnssec - Allow ftpd map ftpd_var_run files - Allow targetclid to manage tmp files - Allow insights-client connect to postgresql with a unix socket - Allow insights-client domtrans on unix_chkpwd execution - Add file context entries for insights-client and rhc - Allow pulseaudio create gnome content (~/.config) - Allow login_userdomain dbus chat with rhsmcertd - Allow sbd the sys_ptrace capability - Allow ptp4l_t name_bind ptp_event_port_t * Mon Oct 03 2022 Zdenek Pytela <zpytela@redhat.com> - 37.13-1 - Remove the ipa module - Allow sss daemons read/write unnamed pipes of cloud-init - Allow postfix_mailqueue create and use unix dgram sockets - Allow xdm watch user home directories - Allow nm-dispatcher ddclient plugin load a kernel module - Stop ignoring standalone interface files - Drop cockpit module - Allow init map its private tmp files - Allow xenstored change its hard resource limits - Allow system_mail-t read network sysctls - Add bgpd sys_chroot capability * Fri Sep 23 2022 Zdenek Pytela <zpytela@redhat.com> - 37.12-2 - Update make-rhat-patches.sh file to use the f37 dist-git branch in F37 * Thu Sep 22 2022 Zdenek Pytela <zpytela@redhat.com> - 37.12-1 - nut-upsd: kernel_read_system_state, fs_getattr_cgroup - Add numad the ipc_owner capability - Allow gst-plugin-scanner read virtual memory sysctls - Allow init read/write inherited user fifo files - Update dnssec-trigger policy: setsched, module_request - added policy for systemd-socket-proxyd - Add the new 'cmd' permission to the 'io_uring' class - Allow winbind-rpcd read and write its key ring - Label /run/NetworkManager/no-stub-resolv.conf net_conf_t - blueman-mechanism can read ~/.local/lib/python*/site-packages directory - pidof executed by abrt can readlink /proc/*/exe - Fix typo in comment - Do not run restorecon /etc/NetworkManager/dispatcher.d in mls and minimum * Wed Sep 14 2022 Zdenek Pytela <zpytela@redhat.com> - 37.11-1 - Allow tor get filesystem attributes - Allow utempter append to login_userdomain stream - Allow login_userdomain accept a stream connection to XDM - Allow login_userdomain write to boltd named pipes - Allow staff_u and user_u users write to bolt pipe - Allow login_userdomain watch various directories - Update rhcd policy for executing additional commands 5 - Update rhcd policy for executing additional commands 4 - Allow rhcd create rpm hawkey logs with correct label - Allow systemd-gpt-auto-generator to check for empty dirs - Update rhcd policy for executing additional commands 3 - Allow journalctl read rhcd fifo files - Update insights-client policy for additional commands execution 5 - Allow init remount all file_type filesystems - Confine insights-client systemd unit - Update insights-client policy for additional commands execution 4 - Allow pcp pmcd search tracefs and acct_data dirs - Allow httpd read network sysctls - Dontaudit domain map permission on directories - Revert "Allow X userdomains to mmap user_fonts_cache_t dirs" - Revert "Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)" - Update insights-client policy for additional commands execution 3 - Allow systemd permissions needed for sandboxed services - Add rhcd module - Make dependency on rpm-plugin-selinux unordered * Fri Sep 02 2022 Zdenek Pytela <zpytela@redhat.com> - 37.10-1 - Allow ipsec_t read/write tpm devices - Allow rhcd execute all executables - Update rhcd policy for executing additional commands 2 - Update insights-client policy for additional commands execution 2 - Allow sysadm_t read raw memory devices - Allow chronyd send and receive chronyd/ntp client packets - Allow ssh client read kerberos homedir config files - Label /var/log/rhc-worker-playbook with rhcd_var_log_t - Update insights-client policy (auditctl, gpg, journal) - Allow system_cronjob_t domtrans to rpm_script_t - Allow smbd_t process noatsecure permission for winbind_rpcd_t - Update tor_bind_all_unreserved_ports interface - Allow chronyd bind UDP sockets to ptp_event ports. - Allow unconfined and sysadm users transition for /root/.gnupg - Add gpg_filetrans_admin_home_content() interface - Update rhcd policy for executing additional commands - Update insights-client policy for additional commands execution - Add userdom_view_all_users_keys() interface - Allow gpg read and write generic pty type - Allow chronyc read and write generic pty type - Allow system_dbusd ioctl kernel with a unix stream sockets - Allow samba-bgqd to read a printer list - Allow stalld get and set scheduling policy of all domains. - Allow unconfined_t transition to targetclid_home_t * Thu Aug 11 2022 Zdenek Pytela <zpytela@redhat.com> - 37.9-1 - Allow nm-dispatcher custom plugin dbus chat with nm - Allow nm-dispatcher sendmail plugin get status of systemd services - Allow xdm read the kernel key ring - Allow login_userdomain check status of mount units - Allow postfix/smtp and postfix/virtual read kerberos key table - Allow services execute systemd-notify - Do not allow login_userdomain use sd_notify() - Allow launch-xenstored read filesystem sysctls - Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd - Allow openvswitch fsetid capability - Allow openvswitch use its private tmpfs files and dirs - Allow openvswitch search tracefs dirs - Allow pmdalinux read files on an nfsd filesystem - Allow winbind-rpcd write to winbind pid files - Allow networkmanager to signal unconfined process - Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t - Allow samba-bgqd get a printer list - fix(init.fc): Fix section description - Allow fedora-third-party read the passwords file - Remove permissive domain for rhcd_t - Allow pmie read network state information and network sysctls - Revert "Dontaudit domain the fowner capability" - Allow sysadm_t to run bpftool on the userdomain attribute - Add the userdom_prog_run_bpf_userdomain() interface - Allow insights-client rpm named file transitions - Add /var/tmp/insights-archive to insights_client_filetrans_named_content * Mon Aug 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.8-1 - Allow sa-update to get init status and start systemd files - Use insights_client_filetrans_named_content - Make default file context match with named transitions - Allow nm-dispatcher tlp plugin send system log messages - Allow nm-dispatcher tlp plugin create and use unix_dgram_socket - Add permissions to manage lnk_files into gnome_manage_home_config - Allow rhsmcertd to read insights config files - Label /etc/insights-client/machine-id - fix(devices.fc): Replace single quote in comment to solve parsing issues - Make NetworkManager_dispatcher_custom_t an unconfined domain * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 37.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jul 14 2022 Zdenek Pytela <zpytela@redhat.com> - 37.7-1 - Update winbind_rpcd_t - Allow some domains use sd_notify() - Revert "Allow rabbitmq to use systemd notify" - fix(sedoctool.py): Fix syntax warning: "is not" with a literal - Allow nm-dispatcher console plugin manage etc files - Allow networkmanager_dispatcher_plugin list NetworkManager_etc_t dirs - Allow nm-dispatcher console plugin setfscreate - Support using systemd-update-helper in rpm scriptlets - Allow nm-dispatcher winbind plugin read samba config files - Allow domain use userfaultfd over all domains - Allow cups-lpd read network sysctls * Wed Jun 29 2022 Zdenek Pytela <zpytela@redhat.com> - 37.6-1 - Allow stalld set scheduling policy of kernel threads - Allow targetclid read /var/target files - Allow targetclid read generic SSL certificates (fixed) - Allow firewalld read the contents of the sysfs filesystem - Fix file context pattern for /var/target - Use insights_client_etc_t in insights_search_config() - Allow nm-dispatcher ddclient plugin handle systemd services - Allow nm-dispatcher winbind plugin run smbcontrol - Allow nm-dispatcher custom plugin create and use unix dgram socket - Update samba-dcerpcd policy for kerberos usage 2 - Allow keepalived read the contents of the sysfs filesystem - Allow amandad read network sysctls - Allow cups-lpd read network sysctls - Allow kpropd read network sysctls - Update insights_client_filetrans_named_content() - Allow rabbitmq to use systemd notify - Label /var/target with targetd_var_t - Allow targetclid read generic SSL certificates - Update rhcd policy - Allow rhcd search insights configuration directories - Add the kernel_read_proc_files() interface - Require policycoreutils >= 3.4-1 - Add a script for enclosing interfaces in ifndef statements - Disable rpm verification on interface_info * Wed Jun 22 2022 Zdenek Pytela <zpytela@redhat.com> - 37.5-1 - Allow transition to insights_client named content - Add the insights_client_filetrans_named_content() interface - Update policy for insights-client to run additional commands 3 - Allow dhclient manage pid files used by chronyd - Allow stalld get scheduling policy of kernel threads - Allow samba-dcerpcd work with sssd - Allow dlm_controld send a null signal to a cluster daemon - Allow ksmctl create hardware state information files - Allow winbind_rpcd_t connect to self over a unix_stream_socket - Update samba-dcerpcd policy for kerberos usage - Allow insights-client execute its private memfd: objects - Update policy for insights-client to run additional commands 2 - Use insights_client_tmp_t instead of insights_client_var_tmp_t - Change space indentation to tab in insights-client - Use socket permissions sets in insights-client - Update policy for insights-client to run additional commands - Change rpm_setattr_db_files() to use a pattern - Allow init_t to rw insights_client unnamed pipe - Add rpm setattr db files macro - Fix insights client - Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling - Allow rabbitmq to access its private memfd: objects - Update policy for samba-dcerpcd - Allow stalld setsched and sys_nice * Tue Jun 07 2022 Zdenek Pytela <zpytela@redhat.com> - 37.4-1 - Allow auditd_t noatsecure for a transition to audisp_remote_t - Allow ctdbd nlmsg_read on netlink_tcpdiag_socket - Allow pcp_domain execute its private memfd: objects - Add support for samba-dcerpcd - Add policy for wireguard - Confine targetcli - Allow systemd work with install_t unix stream sockets - Allow iscsid the sys_ptrace userns capability - Allow xdm connect to unconfined_service_t over a unix stream socket * Fri May 27 2022 Zdenek Pytela <zpytela@redhat.com> - 37.3-1 - Allow nm-dispatcher custom plugin execute systemctl - Allow nm-dispatcher custom plugin dbus chat with nm - Allow nm-dispatcher custom plugin create and use udp socket - Allow nm-dispatcher custom plugin create and use netlink_route_socket - Use create_netlink_socket_perms in netlink_route_socket class permissions - Add support for nm-dispatcher sendmail scripts - Allow sslh net_admin capability - Allow insights-client manage gpg admin home content - Add the gpg_manage_admin_home_content() interface - Allow rhsmcertd create generic log files - Update logging_create_generic_logs() to use create_files_pattern() - Label /var/cache/insights with insights_client_cache_t - Allow insights-client search gconf homedir - Allow insights-client create and use unix_dgram_socket - Allow blueman execute its private memfd: files - Move the chown call into make-srpm.sh * Fri May 06 2022 Zdenek Pytela <zpytela@redhat.com> - 37.2-1 - Use the networkmanager_dispatcher_plugin attribute in allow rules - Make a custom nm-dispatcher plugin transition - Label port 4784/tcp and 4784/udp with bfd_multi - Allow systemd watch and watch_reads user ptys - Allow sblim-gatherd the kill capability - Label more vdsm utils with virtd_exec_t - Add ksm service to ksmtuned - Add rhcd policy - Dontaudit guest attempts to dbus chat with systemd domains - Dontaudit guest attempts to dbus chat with system bus types - Use a named transition in systemd_hwdb_manage_config() - Add default fc specifications for patterns in /opt - Add the files_create_etc_files() interface - Allow nm-dispatcher console plugin create and write files in /etc - Allow nm-dispatcher console plugin transition to the setfiles domain - Allow more nm-dispatcher plugins append to init stream sockets - Allow nm-dispatcher tlp plugin dbus chat with nm - Reorder networkmanager_dispatcher_plugin_template() calls - Allow svirt connectto virtlogd - Allow blueman map its private memfd: files - Allow sysadm user execute init scripts with a transition - Allow sblim-sfcbd connect to sblim-reposd stream - Allow keepalived_unconfined_script_t dbus chat with init - Run restorecon with "-i" not to report errors * Mon May 02 2022 Zdenek Pytela <zpytela@redhat.com> - 37.1-1 - Fix users for SELinux userspace 3.4 - Label /var/run/machine-id as machineid_t - Add stalld to modules.conf - Use files_tmpfs_file() for rhsmcertd_tmpfs_t - Allow blueman read/write its private memfd: objects - Allow insights-client read rhnsd config files - Allow insights-client create_socket_perms for tcp/udp sockets * Tue Apr 26 2022 Zdenek Pytela <zpytela@redhat.com> - 36.8-1 - Allow nm-dispatcher chronyc plugin append to init stream sockets - Allow tmpreaper the sys_ptrace userns capability - Label /usr/libexec/vdsm/supervdsmd and vdsmd with virtd_exec_t - Allow nm-dispatcher tlp plugin read/write the wireless device - Allow nm-dispatcher tlp plugin append to init socket - Allow nm-dispatcher tlp plugin be client of a system bus - Allow nm-dispatcher list its configuration directory - Ecryptfs-private support - Allow colord map /var/lib directories - Allow ntlm_auth read the network state information - Allow insights-client search rhnsd configuration directory * Thu Apr 21 2022 Zdenek Pytela <zpytela@redhat.com> - 36.7-3 - Add support for nm-dispatcher tlp-rdw scripts - Update github actions to satisfy git 2.36 stricter rules - New policy for stalld - Allow colord read generic files in /var/lib - Allow xdm mounton user temporary socket files - Allow systemd-gpt-auto-generator create and use netlink_kobject_uevent_socket - Allow sssd domtrans to pkcs_slotd_t - Allow keepalived setsched and sys_nice - Allow xdm map generic files in /var/lib - Allow xdm read generic symbolic links in /var/lib - Allow pppd create a file in the locks directory - Add file map permission to lpd_manage_spool() interface - Allow system dbus daemon watch generic directories in /var/lib - Allow pcscd the sys_ptrace userns capability - Add the corecmd_watch_bin_dirs() interface * Thu Apr 21 2022 Zdenek Pytela <zpytela@redhat.com> - 36.7-2 - Relabel explicitly some dirs in %posttrans scriptlets * Thu Apr 21 2022 Zdenek Pytela <zpytela@redhat.com> - 36.7-1 - Add stalld module to modules-targeted-contrib.conf * Mon Apr 04 2022 Zdenek Pytela <zpytela@redhat.com> - 36.6-1 - Add support for systemd-network-generator - Add the io_uring class - Allow nm-dispatcher dhclient plugin append to init stream sockets - Relax the naming pattern for systemd private shared libraries - Allow nm-dispatcher iscsid plugin append to init socket - Add the init_append_stream_sockets() interface - Allow nm-dispatcher dnssec-trigger script to execute pidof - Add support for nm-dispatcher dnssec-trigger scripts - Allow chronyd talk with unconfined user over unix domain dgram socket - Allow fenced read kerberos key tables - Add support for nm-dispatcher ddclient scripts - Add systemd_getattr_generic_unit_files() interface - Allow fprintd read and write hardware state information - Allow exim watch generic certificate directories - Remove duplicate fc entries for corosync and corosync-notifyd - Label corosync-cfgtool with cluster_exec_t - Allow qemu-kvm create and use netlink rdma sockets - Allow logrotate a domain transition to cluster administrative domain * Fri Mar 18 2022 Zdenek Pytela <zpytela@redhat.com> - 36.5-1 - Add support for nm-dispatcher console helper scripts - Allow nm-dispatcher plugins read its directory and sysfs - Do not let system_cronjob_t create redhat-access-insights.log with var_log_t - devices: Add a comment about cardmgr_dev_t - Add basic policy for BinderFS - Label /var/run/ecblp0 pipe with cupsd_var_run_t - Allow rpmdb create directory in /usr/lib/sysimage - Allow rngd drop privileges via setuid/setgid/setcap - Allow init watch and watch_reads user ttys - Allow systemd-logind dbus chat with sosreport - Allow chronyd send a message to sosreport over datagram socket - Remove unnecessary /etc file transitions for insights-client - Label all content in /var/lib/insights with insights_client_var_lib_t - Update insights-client policy * Wed Feb 23 2022 Zdenek Pytela <zpytela@redhat.com> - 36.4-2 - Add insights_client module to modules-targeted-contrib.conf * Wed Feb 23 2022 Zdenek Pytela <zpytela@redhat.com> - 36.4-1 - Update NetworkManager-dispatcher cloud and chronyc policy - Update insights-client: fc pattern, motd, writing to etc - Allow systemd-sysctl read the security state information - Allow init create and mounton to support PrivateDevices - Allow sosreport dbus chat abrt systemd timedatex * Tue Feb 22 2022 Zdenek Pytela <zpytela@redhat.com> - 36.3-2 - Update specfile to buildrequire policycoreutils-devel >= 3.3-4 - Add modules_checksum to %files * Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 36.3-1 - Update NetworkManager-dispatcher policy to use scripts - Allow init mounton kernel messages device - Revert "Make dbus-broker service working on s390x arch" - Remove permissive domain for insights_client_t - Allow userdomain read symlinks in /var/lib - Allow iptables list cgroup directories - Dontaudit mdadm list dirsrv tmpfs dirs - Dontaudit dirsrv search filesystem sysctl directories - Allow chage domtrans to sssd - Allow postfix_domain read dovecot certificates - Allow systemd-networkd create and use netlink netfilter socket - Allow nm-dispatcher read nm-dispatcher-script symlinks - filesystem.te: add genfscon rule for ntfs3 filesystem - Allow rhsmcertd get attributes of cgroup filesystems - Allow sandbox_web_client_t watch various dirs - Exclude container.if from policy devel files - Run restorecon on /usr/lib/sysimage/rpm instead of /var/lib/rpm * Fri Feb 11 2022 Zdenek Pytela <zpytela@redhat.com> - 36.2-1 - Allow sysadm_passwd_t to relabel passwd and group files - Allow confined sysadmin to use tool vipw - Allow login_userdomain map /var/lib/directories - Allow login_userdomain watch library and fonts dirs - Allow login_userdomain watch system configuration dirs - Allow login_userdomain read systemd runtime files - Allow ctdb create cluster logs - Allow alsa bind mixer controls to led triggers - New policy for insight-client - Add mctp_socket security class and access vectors - Fix koji repo URL pattern - Update chronyd_pid_filetrans() to allow create dirs - Update NetworkManager-dispatcher policy - Allow unconfined to run virtd bpf - Allow nm-privhelper setsched permission and send system logs - Add the map permission to common_anon_inode_perm permission set - Rename userfaultfd_anon_inode_perms to common_inode_perms - Allow confined users to use kinit,klist and etc. - Allow rhsmcertd create rpm hawkey logs with correct label * Thu Feb 03 2022 Zdenek Pytela <zpytela@redhat.com> - 36.1-1 - Label exFAT utilities at /usr/sbin - policy/modules/contrib: Support /usr/lib/sysimage/rpm as the rpmdb path - Enable genfs_seclabel_symlinks policy capability - Sync policy/policy_capabilities with refpolicy - refpolicy: drop unused socket security classes - Label new utility of NetworkManager nm-priv-helper - Label NetworkManager-dispatcher service with separate context - Allow sanlock get attributes of filesystems with extended attributes - Associate stratisd_data_t with device filesystem - Allow init read stratis data symlinks
/usr/share/selinux/packages/sandbox.pp
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu May 9 18:23:28 2024