↵ Return to the main page of selinux-policy-sandbox
View build
Search for updates
Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files
Date | Author | Change |
---|---|---|
2024-05-09 | Zdenek Pytela <zpytela at redhat dot com> - 39.7-1 | - Add interfaces for watching and reading ifconfig_var_run_t - Allow svirt_tcg_t map svirt_image_t files - Allow logwatch_mail_t read/write to init over a unix stream socket - Allow logwatch read logind sessions files - Allow dhcpc read /run/netns files - Allow init_t nnp domain transition to colord_t - Allow unconfined_domain_type use io_uring cmd on domain |
2024-04-23 | Zdenek Pytela <zpytela at redhat dot com> - 39.6-1 | - Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on - Allow auditd read all domains process state - Allow keyutils-dns-resolver connect to the system log service - dontaudit execmem for modemmanager - Dontaudit systemd-hwdb dac_override capability - Allow plymouthd log during shutdown - Allow journalctl_t read filesystem sysctls - Replace init domtrans rule for confined users to allow exec init - Allow sulogin relabel tty1 - Dontaudit sulogin the checkpoint_restore capability - Allow wireguard work with firewall-cmd |
2024-02-27 | Zdenek Pytela <zpytela at redhat dot com> - 39.5-1 | - Allow userdomain get attributes of files on an nsfs filesystem - Allow login_userdomain map files in /var - Update ssh_role_template() for user ssh-agent type - Dontaudit getty and plymouth the checkpoint_restore capability - Allow sendmail MTA connect to sendmail LDA - Allow system_mail_t manage exim spool files and dirs |
2024-01-25 | Zdenek Pytela <zpytela at redhat dot com> - 39.4-1 | - Allow collectd read raw fixed disk device - Allow collectd read udev pid files - Allow httpd work with PrivateTmp - Allow certmonger read network sysctls - Allow systemd-sleep set attributes of efivarfs files - Allow spamd_update_t the sys_ptrace capability in user namespace - Allow alsa get attributes filesystems with extended attributes - Allow systemd-sleep send a message to syslog over a unix dgram socket |
2023-12-15 | Zdenek Pytela <zpytela at redhat dot com> - 39.3-1 | - Allow init create and use vsock sockets - Allow ddclient send e-mail notifications - Allow postfix_master_t map postfix data files - Allow thumb_t append to init unix domain stream sockets - Allow spamd_update_t read hardware state information - Allow systemd-sleep create efivarfs files |
2023-11-14 | Zdenek Pytela <zpytela at redhat dot com> - 39.2-1 | - Allow graphical applications work in Wayland - Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on - Allow kdump work with PrivateTmp - Allow dovecot-auth work with PrivateTmp - Allow nfsd get attributes of all filesystems - Allow fido-device-onboard (FDO) read the crack database - Allow winbind_rpcd_t processes access when samba_export_all_* is on - Allow ntp to bind and connect to ntske port. - Allow apcupsd cgi scripts read /sys - Allow rpcbind read network sysctls |
2023-11-02 | Zdenek Pytela <zpytela at redhat dot com> - 39.1-1 | - Support using systemd containers - Allow kernel_t to manage and relabel all files - Add missing optional_policy() to files_relabel_all_files() - Improve default file context(None) of /var/lib/authselect/backups - Allow targetd write to the syslog pid sock_file - Add ipa_pki_retrieve_key_exec() interface - Allow kdumpctl_t to list all directories with a filesystem type - Allow udev additional permissions - Allow udev load kernel module - Allow sysadm_t to mmap modules_object_t files - Add the unconfined_read_files() and unconfined_list_dirs() interfaces - Set default file context of HOME_DIR/tmp/.* to <<none>> - Allow kernel_generic_helper_t to execute mount(1) |
2023-10-02 | Zdenek Pytela <zpytela at redhat dot com> - 38.29-1 | - Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t - Allow systemd-localed create Xserver config dirs - Allow sssd read symlinks in /etc/sssd - Label /dev/gnss[0-9] with gnss_device_t - Allow systemd-sleep read/write efivarfs variables - ci: Fix version number of packit generated srpms - Dontaudit rhsmcertd write memory device - Allow ssh_agent_type create a sockfile in /run/user/USERID - Set default file context of /var/lib/authselect/backups to <<none>> - Allow prosody read network sysctls - Allow cupsd_t to use bpf capability |
2023-09-15 | Zdenek Pytela <zpytela at redhat dot com> - 38.28-1 | - Allow sssd domain transition on passkey_child execution conditionally - Allow login_userdomain watch lnk_files in /usr - Allow login_userdomain watch video4linux devices - Change systemd-network-generator transition to include class file - Revert "Change file transition for systemd-network-generator" - Allow nm-dispatcher winbind plugin read/write samba var files - Allow systemd-networkd write to cgroup files - Allow kdump create and use its memfd: objects |
2023-08-31 | Zdenek Pytela <zpytela at redhat dot com> - 38.27-1 | - Allow fedora-third-party get generic filesystem attributes - Allow sssd use usb devices conditionally - Update policy for qatlib - Allow ssh_agent_type manage generic cache home files - Update make-rhat-patches.sh file to use the f39 dist-git branch in F39 |