Fedora Packages

selinux-policy-mls-41.38-1.fc43 in Fedora Rawhide

↵ Return to the main page of selinux-policy-mls
View build
Search for updates

Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files

Changelog

Date Author Change
2025-04-17 Zdenek Pytela <zpytela at redhat dot com> - 41.38-1 - Allow init and login_pgm connect to systemd-logind over a unix socket - Allow login_userdomain read pressure stall information - Allow systemd-journald create and use vsock socket - Update systemd-pcrextend policy - Allow systemd watch/watch_reads usb ttys - Update coreos-installer-generator policy - Update systemd-homed policy - Allow systemd-user-runtime-dir get/set tmpfs quotas - Allow systemd-rfkill read nsfs files - Dontaudit bootc-systemd-generator search sssd lib directories - Allow systemd-user-runtime-dir delete gnome homedir content
2025-04-11 Zdenek Pytela <zpytela at redhat dot com> - 41.37-1 - Allow tuned-ppd read sssd public files - Allow tuned-ppd watch_reads sysfs directories - Confine /usr/lib/systemd/systemd-user-runtime-dir - Revert "Dontaudit systemd-logind remove all files" - Make bootupd use bootupd_tmp_t as its private type for files in /tmp - Label SetroubleshootPrivileged.py with setroubleshootd_exec_t - Allow power-profiles-daemon watch sysfs directories - systemd: allow reading /dev/cpu/0/msr - Update the pcmsensor policy - Allow chronyd-restricted sendto to chronyc - Allow system_dbusd_t r/w unix stream sockets of unconfined_service_t - Allow dovecot-deliver read mail aliases
2025-04-07 Zdenek Pytela <zpytela at redhat dot com> - 41.36-1 - Confine systemd-factory-reset system generator - Allow systemd debug generator read tmpfs files - Allow gnome-shell get attributes of systemd inhibit pipes - Allow tuned-ppd watch sysfs directories - Fix the storage_rw_inherited_removable_device() interface - Allow sadc read global pressure stall information - Allow virtqemud read sblim-gatherd process state - Allow switcheroo-control dbus chat with xdm - Fix typo in calling unconfined_dbus_chat for switcheroo-control - Allow sysadm_t to write to /dev/kmsg - Allow init_t nnp domain transition to pcscd_t - Fix the genfscon statement for pidfs filesystem - Allow tuned-ppd dbus chat with xdm
2025-03-28 Zdenek Pytela <zpytela at redhat dot com> - 41.35-1 - Update INSTALL to describe necessary steps to build it - Rename the default policy to fedora-selinux - Update COPYING to the latest version of GPLv2 - Allow traceroute_t bind rawip sockets to unreserved ports - Revert "Allow traceroute_t bind rawip sockets to unreserved ports" - Change the bootc system generator name to bootc-systemd-generator - Allow mpd use the io_uring API - Confine tuned-ppd - Add the switcheroo module - Label wine's windows libraries as textrel_shlib_t - Allow systemd domains write global pressure stall information - Add label and interfaces for kernel PSI files - Update bootupd policy - Update ktls policy - Add policy for systemd-bootc-generator - Allow blueman the kill capability
2025-03-07 Zdenek Pytela <zpytela at redhat dot com> - 41.34-1 - Add context for plymouth debug log files - Allow rlimit inheritance for domains transitioning to local_login_t - Update insights-core policy - Allow insights-core map all non-security files - Allow insights-core map audit config and log files - Allow insights-client manage insights_client_var_log_t files - Remove duplicate dev_rw_dma_dev(xdm_t) - Allow thumbnailer read and write the dma device - Allow named_filetrans_domain filetrans raid/mdadm named content - Allow afterburn to mount and read config drives - Allow mptcpd the net_admin capability
2025-02-07 Zdenek Pytela <zpytela at redhat dot com> - 41.33-1 - Allow systemd-networkd the sys_admin capability - Update systemd-networkd policy in systemd v257 - Separate insights-core from insights-client - Removed unused insights_client interfaces calls from other modules - Update policy for insights_client wrt new rules for insights_core_t - Add policy for insights-core - Allow systemd-networkd use its private tmpfs files - Allow boothd connect to systemd-machined over a unix socket - Update init_explicit_domain() interface - Allow tlp to read/write nmi_watchdog state information - Allow power-profiles-daemon the bpf capability - Allow svirt_t to connect to nbdkit over a unix stream socket - Update ktlshd policy to read /proc/keys and domain keyrings - Allow virt_domain read hardware state information unconditionally - Allow init mounton crypto sysctl files - Rename winbind_rpcd_* types to samba_dcerpcd_* - Support peer-to-peer migration of vms using ssh
2025-02-05 Zdenek Pytela <zpytela at redhat dot com> - 41.32-1 - Allow virtqemud use hostdev usb devices conditionally - Allow virtqemud map svirt_image_t plain files - Allow virtqemud work with nvdimm devices - Support saving and restoring a VM to/from a block device - Allow virtnwfilterd dbus chat with firewalld - Dontaudit systemd-logind remove all files - Add the files_dontaudit_read_all_dirs() interface - Add the files_dontaudit_delete_all_files() interface - Allow rhsmcertd notify virt-who - Allow irqbalance to run unconfined scripts conditionally - Fix binsbin-convert.sh to handle exceptions
2025-01-31 Zdenek Pytela <zpytela at redhat dot com> - 41.31-1 - Allow snapperd execute systemctl in the caller domain - Allow svirt_tcg_t to connect to nbdkit over a unix stream socket - Allow iio-sensor-proxy read iio devices - Label /dev/iio:device[0-9]+ devices - Allow systemd-coredump the sys_admin capability - Allow apcupsd's apccontrol to send messages using wall - contrib/thumb: also allow per-user thumbnailers - contrib/thumb: fix thunar thumbnailer (rhbz#2315893) - Allow virt_domain to use pulseaudio - conditional - Allow pcmsensor read nmi_watchdog state information - Allow init_t nnp domain transition to gssproxy_t
2025-01-27 Zdenek Pytela <zpytela at redhat dot com> - 41.30-1 - Allow systemd-generator connect to syslog over a unix stream socket - Allow virtqemud manage fixed disk device nodes - Allow iio-sensor-proxy connect to syslog over a unix stream socket - Allow virtstoraged write to sysfs files - Allow power-profiles-daemon write sysfs files - Update iiosensorproxy policy - Allow pcmsensor write nmi_watchdog state information - Label /proc/sys/kernel/nmi_watchdog with sysctl_nmi_watchdog_t - Allow virtnodedev create /etc/mdevctl.d/scripts.d with bin_t type - Add the gpg_read_user_secrets() interface - Allow gnome-remote-desktop read resolv.conf - Update switcheroo policy - Allow nfsidmap connect to systemd-homed over a unix socket - Add the auth_write_motd_var_run_files() interface - Add the bind_exec_named_checkconf() interface - Add the virt_exec_virsh() interface
2025-01-15 Zdenek Pytela <zpytela at redhat dot com> - 41.29-1 - Allow virtqemud domain transition to nbdkit - Add nbdkit interfaces defined conditionally - Allow samba-bgqd connect to cupsd over an unix domain stream socket - Confine the switcheroo-control service - Allow svirt_t read sysfs files - Add rhsmcertd interfaces - Add the ssh_exec_sshd() interface - Add the gpg_domtrans_agent() interface - Label /usr/bin/dnf5 with rpm_exec_t - Label /dev/pmem[0-9]+ with fixed_disk_device_t - allow kdm to create /root/.kde/ with correct label - Change /usr/sbin entries to use /usr/bin or remove them - Allow systemd-homed get filesystem quotas - Allow login_userdomain getattr nsfs files - Allow virtqemud send a generic signal to the ssh client domain - Dontaudit request-key read /etc/passwd

Dependencies

Provides

  • config(selinux-policy-mls)
  • selinux-policy-any
  • selinux-policy-mls

Files


Sources on Pagure