ID | 341691 |
Package Name | selinux-policy |
Version | 41.20 |
Release | 1.fc41 |
Epoch | |
Summary |
Description |
Built by | davidlt |
State |
complete
|
Volume |
DEFAULT |
Started | Wed, 23 Oct 2024 10:51:11 UTC |
Completed | Wed, 23 Oct 2024 10:51:11 UTC |
Tags |
|
RPMs |
src | |
|
selinux-policy-41.20-1.fc41.src.rpm (info) (download) |
noarch |
|
selinux-policy-41.20-1.fc41.noarch.rpm (info) (download)
|
|
selinux-policy-devel-41.20-1.fc41.noarch.rpm (info) (download)
|
|
selinux-policy-doc-41.20-1.fc41.noarch.rpm (info) (download)
|
|
selinux-policy-minimum-41.20-1.fc41.noarch.rpm (info) (download)
|
|
selinux-policy-mls-41.20-1.fc41.noarch.rpm (info) (download)
|
|
selinux-policy-sandbox-41.20-1.fc41.noarch.rpm (info) (download)
|
|
selinux-policy-targeted-41.20-1.fc41.noarch.rpm (info) (download)
|
|
Changelog |
* Fri Oct 04 2024 Zdenek Pytela <zpytela@redhat.com> - 41.20-1
- Remove the openct module sources
- Remove the timidity module sources
- Enable the slrn module
- Remove i18n_input module sources
- Enable the distcc module
- Remove the ddcprobe module sources
- Remove the timedatex module sources
- Remove the djbdns module sources
- Confine iio-sensor-proxy
- Allow staff user nlmsg_write
- Update policy for xdm with confined users
- Allow virtnodedev watch mdevctl config dirs
- Allow ssh watch home config dirs
- Allow ssh map home configs files
- Allow ssh read network sysctls
- Allow chronyc sendto to chronyd-restricted
- Allow cups sys_ptrace capability in the user namespace
* Wed Sep 25 2024 Zdenek Pytela <zpytela@redhat.com> - 41.19-1
- Add policy for systemd-homed
- Remove fc entry for /usr/bin/pump
- Label /usr/bin/noping and /usr/bin/oping with ping_exec_t
- Allow accountsd read gnome-initial-setup tmp files
- Allow xdm write to gnome-initial-setup fifo files
- Allow rngd read and write generic usb devices
- Allow qatlib search the content of the kernel debugging filesystem
- Allow qatlib connect to systemd-machined over a unix socket
* Wed Sep 18 2024 Petr Lautrbach <lautrbach@redhat.com> - 41.18-1
- Drop ru man pages
- mls/modules.conf - fix typo
- Allow unprivileged user watch /run/systemd
- Allow boothd connect to kernel over a unix socket
* Mon Sep 16 2024 Zdenek Pytela <zpytela@redhat.com> - 41.17-2
- Relabel /etc/mdevctl.d
* Thu Sep 12 2024 Petr Lautrbach <lautrbach@redhat.com> - 41.17-1
- Clean up and sync securetty_types
- Bring config files from dist-git into the source repo
- Confine gnome-remote-desktop
- Allow virtstoraged execute mount programs in the mount domain
- Make mdevctl_conf_t member of the file_type attribute
* Tue Sep 10 2024 Zdenek Pytela <zpytela@redhat.com> - 41.16-2
- Rebuild
* Tue Sep 10 2024 Zdenek Pytela <zpytela@redhat.com> - 41.16-1
- Label /etc/mdevctl.d with mdevctl_conf_t
- Sync users with Fedora targeted users
- Update policy for rpc-virtstorage
- Allow virtstoraged get attributes of configfs dirs
- Fix SELinux policy for sandbox X server to fix 'sandbox -X' command
- Update bootupd policy when ESP is not mounted
- Allow thumb_t map dri devices
- Allow samba use the io_uring API
- Allow the sysadm user use the secretmem API
- Allow nut-upsmon read systemd-logind session files
- Allow sysadm_t to create PF_KEY sockets
- Update bootupd policy for the removing-state-file test
- Allow coreos-installer-generator manage mdadm_conf_t files
* Thu Aug 29 2024 Zdenek Pytela <zpytela@redhat.com> - 41.15-1
- Allow setsebool_t relabel selinux data files
- Allow virtqemud relabelfrom virtqemud_var_run_t dirs
- Use better escape method for "interface"
- Allow init and systemd-logind to inherit fds from sshd
- Allow systemd-ssh-generator read sysctl files
- Sync modules.conf with Fedora targeted modules
- Allow virtqemud relabel user tmp files and socket files
- Add missing sys_chroot capability to groupadd policy
- Label /run/libvirt/qemu/channel with virtqemud_var_run_t
- Allow virtqemud relabelfrom also for file and sock_file
- Add virt_create_log() and virt_write_log() interfaces
- Call binaries without full path
* Mon Aug 12 2024 Zdenek Pytela <zpytela@redhat.com> - 41.14-1
- Update libvirt policy
- Add port 80/udp and 443/udp to http_port_t definition
- Additional updates stalld policy for bpf usage
- Label systemd-pcrextend and systemd-pcrlock properly
- Allow coreos_installer_t work with partitions
- Revert "Allow coreos-installer-generator work with partitions"
- Add policy for systemd-pcrextend
- Update policy for systemd-getty-generator
- Allow ip command write to ipsec's logs
- Allow virt_driver_domain read virtd-lxc files in /proc
- Revert "Allow svirt read virtqemud fifo files"
- Update virtqemud policy for libguestfs usage
- Allow virtproxyd create and use its private tmp files
- Allow virtproxyd read network state
- Allow virt_driver_domain create and use log files in /var/log
- Allow samba-dcerpcd work with ctdb cluster
* Tue Aug 06 2024 Zdenek Pytela <zpytela@redhat.com> - 41.13-1
- Allow NetworkManager_dispatcher_t send SIGKILL to plugins
- Allow setroubleshootd execute sendmail with a domain transition
- Allow key.dns_resolve set attributes on the kernel key ring
- Update qatlib policy for v24.02 with new features
- Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t
- Allow tlp status power services
- Allow virtqemud domain transition on passt execution
- Allow virt_driver_domain connect to systemd-userdbd over a unix socket
- Allow boothd connect to systemd-userdbd over a unix socket
- Update policy for awstats scripts
- Allow bitlbee execute generic programs in system bin directories
- Allow login_userdomain read aliases file
- Allow login_userdomain read ipsec config files
- Allow login_userdomain read all pid files
- Allow rsyslog read systemd-logind session files
- Allow libvirt-dbus stream connect to virtlxcd
* Wed Jul 31 2024 Zdenek Pytela <zpytela@redhat.com> - 41.12-1
- Update bootupd policy
- Allow rhsmcertd read/write access to /dev/papr-sysparm
- Label /dev/papr-sysparm and /dev/papr-vpd
- Allow abrt-dump-journal-core connect to winbindd
- Allow systemd-hostnamed shut down nscd
- Allow systemd-pstore send a message to syslogd over a unix domain
- Allow postfix_domain map postfix_etc_t files
- Allow microcode create /sys/devices/system/cpu/microcode/reload
- Allow rhsmcertd read, write, and map ica tmpfs files
- Support SGX devices
- Allow initrc_t transition to passwd_t
- Update fstab and cryptsetup generators policy
- Allow xdm_t read and write the dma device
- Update stalld policy for bpf usage
- Allow systemd_gpt_generator to getattr on DOS directories
* Thu Jul 25 2024 Zdenek Pytela <zpytela@redhat.com> - 41.11-1
- Make cgroup_memory_pressure_t a part of the file_type attribute
- Allow ssh_t to change role to system_r
- Update policy for coreos generators
- Allow init_t nnp domain transition to firewalld_t
- Label /run/modprobe.d with modules_conf_t
- Allow virtnodedevd run udev with a domain transition
- Allow virtnodedev_t create and use virtnodedev_lock_t
- Allow virtstoraged manage files with virt_content_t type
- Allow virtqemud unmount a filesystem with extended attributes
- Allow svirt_t connect to unconfined_t over a unix domain socket
* Mon Jul 22 2024 Zdenek Pytela <zpytela@redhat.com> - 41.10-1
- Update afterburn file transition policy
- Allow systemd_generator read attributes of all filesystems
- Allow fstab-generator read and write cryptsetup-generator unit file
- Allow cryptsetup-generator read and write fstab-generator unit file
- Allow systemd_generator map files in /etc
- Allow systemd_generator read init's process state
- Allow coreos-installer-generator read sssd public files
- Allow coreos-installer-generator work with partitions
- Label /etc/mdadm.conf.d with mdadm_conf_t
- Confine coreos generators
- Label /run/metadata with afterburn_runtime_t
- Allow afterburn list ssh home directory
- Label samba certificates with samba_cert_t
- Label /run/coreos-installer-reboot with coreos_installer_var_run_t
- Allow virtqemud read virt-dbus process state
- Allow staff user dbus chat with virt-dbus
- Allow staff use watch /run/systemd
- Allow systemd_generator to write kmsg
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 41.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 16 2024 Zdenek Pytela <zpytela@redhat.com> - 41.9-1
- Allow virtqemud connect to sanlock over a unix stream socket
- Allow virtqemud relabel virt_var_run_t directories
- Allow svirt_tcg_t read vm sysctls
- Allow virtnodedevd connect to systemd-userdbd over a unix socket
- Allow svirt read virtqemud fifo files
- Allow svirt attach_queue to a virtqemud tun_socket
- Allow virtqemud run ssh client with a transition
- Allow virt_dbus_t connect to virtqemud_t over a unix stream socket
- Update keyutils policy
- Allow sshd_keygen_t connect to userdbd over a unix stream socket
- Allow postfix-smtpd read mysql config files
- Allow locate stream connect to systemd-userdbd
- Allow the staff user use wireshark
- Allow updatedb connect to userdbd over a unix stream socket
- Allow gpg_t set attributes of public-keys.d
- Allow gpg_t get attributes of login_userdomain stream
- Allow systemd_getty_generator_t read /proc/1/environ
- Allow systemd_getty_generator_t to read and write to tty_device_t
* Thu Jul 11 2024 Petr Lautrbach <lautrbach@redhat.com> 41.8-4
- Move %postInstall to %posttrans
- Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)`
- Drop obsolete modules from config
- Install dnf protected files only when policy is built
* Thu Jul 11 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 41.8-3
- Relabel files under /usr/bin to fix stale context after sbin merge
* Mon Jun 24 2024 Petr Lautrbach <lautrbach@redhat.com> 41.8-2
- Merge -base and -contrib
|