↵ Return to the main page of selinux-policy-sandbox
View build
Search for updates
Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files
Date | Author | Change |
---|---|---|
2024-10-02 | Zdenek Pytela <zpytela at redhat dot com> - 40.28-1 | - Allow chronyc sendto to chronyd-restricted - Allow cups sys_ptrace capability in the user namespace - Allow abrt-dump-journal-core connect to winbindd - Allow sysadm_t to create PF_KEY sockets - Allow init and systemd-logind to inherit fds from sshd - Label /usr/bin/noping and /usr/bin/oping with ping_exec_t - Allow virtstoraged get attributes of configfs dirs - Update policy for rpc-virtstorage - Allow thumb_t map dri devices - Allow samba use the io_uring API - Allow nut-upsmon read systemd-logind session files - Support SGX devices |
2024-08-06 | Zdenek Pytela <zpytela at redhat dot com> - 40.27-1 | - Allow NetworkManager_dispatcher_t send SIGKILL to plugins - Allow setroubleshootd execute sendmail with a domain transition - Allow key.dns_resolve set attributes on the kernel key ring - Update fstab and cryptsetup generators policy - Allow cryptsetup-generator read and write fstab-generator unit file - Allow postfix_domain map postfix_etc_t files - Update qatlib policy for v24.02 with new features - Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t - Allow tlp status power services - Allow login_userdomain read aliases file - Allow login_userdomain read ipsec config files - Allow login_userdomain read all pid files - Allow xdm_t read and write the dma device - Allow rsyslog read systemd-logind session files |
2024-07-25 | Zdenek Pytela <zpytela at redhat dot com> - 40.26-1 | - Label /run/modprobe.d with modules_conf_t - Allow virtstoraged manage files with virt_content_t type - Allow virtqemud unmount a filesystem with extended attributes - Allow svirt_t connect to unconfined_t over a unix domain socket - Allow ssh_t to change role to system_r - Allow systemd_getty_generator_t to read and write to tty_device_t |
2024-07-23 | Zdenek Pytela <zpytela at redhat dot com> - 40.25-1 | - Allow virtqemud connect to sanlock over a unix stream socket - Allow virtqemud relabel virt_var_run_t directories - Allow svirt_tcg_t read vm sysctls - Allow virtnodedevd connect to systemd-userdbd over a unix socket - Allow svirt read virtqemud fifo files - Allow svirt attach_queue to a virtqemud tun_socket - Allow virtqemud run ssh client with a transition - Sync systemd-generator policy with rawhide - Allow staff use watch /run/systemd - Update keyutils policy - Allow updatedb connect to userdbd over a unix stream socket - Allow systemd-coredump read nsfs files |
2024-07-17 | Zdenek Pytela <zpytela at redhat dot com> - 40.24-1 | - Allow the staff user use wireshark - Allow locate stream connect to systemd-userdbd - Allow postfix-smtpd read mysql config files - Allow virtnetworkd exec shell when virt_hooks_unconfined is on - Allow systemd-networkd write files in /var/lib/systemd/network - Allow systemd-networkd list /var/lib/systemd/network - Allow abrt-dump-journal read all non_security socket files - Add support for libvirt hooks - Allow to create and delete socket files created by rhsm.service |
2024-06-20 | Zdenek Pytela <zpytela at redhat dot com> - 40.23-1 | - Synchronize policy for systemd-generators with rawhide - Allow certmonger read and write tpm devices - Allow virt_driver_domain dbus chat with policykit - Allow login_userdomain execute systemd-tmpfiles in the caller domain - Revert "Allow systemd-machined manage runtime sockets" - Label /usr/bin/ntfsck with fsadm_exec_t - Escape "interface" as a file name in a virt filetrans pattern - Allow gnome-software work for login_userdomain |
2024-06-08 | Zdenek Pytela <zpytela at redhat dot com> - 40.22-1 | - Allow systemd-machined manage runtime sockets - Allow systemd-gpt-generator setfscreate - Allow bootupd search efivarfs dirs - Sync policy for confined systemd generators with rawhide - Update policy for fstab and gpt generators - Allow systemd (PID 1) manage systemd conf files - Allow pulseaudio map its runtime files - Update policy for getty-generator - Allow systemd-machined manage runtime sockets - Allow fstab-generator create unit file symlinks - Dontaudit systemd-coredump sys_admin capability - Update policy for fstab-generator - Allow virtqemud read vm sysctls - Add policy for second batch of generators - Update policy for systemd generators - ci: Adjust Cockpit test plans |
2024-05-31 | Zdenek Pytela <zpytela at redhat dot com> - 40.21-1 | - Add policy for second batch of generators - Update policy for systemd generators - ci: Adjust Cockpit test plans |
2024-05-20 | Zdenek Pytela <zpytela at redhat dot com> - 40.20-1 | - Allow journald read systemd config files and directories - Allow systemd_domain read systemd_conf_t dirs - Fix bad Python regexp escapes - Allow fido services connect to postgres database |
2024-05-17 | Zdenek Pytela <zpytela at redhat dot com> - 40.19-1 | - Allow postfix smtpd map aliases file - Ensure dbus communication is allowed bidirectionally - Label systemd configuration files with systemd_conf_t - Label /run/systemd/machine with systemd_machined_var_run_t - Allow systemd-hostnamed read the vsock device - Allow sysadm execute dmidecode using sudo - Allow sudodomain list files in /var - Allow setroubleshootd get attributes of all sysctls - Allow various services read and write z90crypt device - Allow nfsidmap connect to systemd-homed - Allow sandbox_x_client_t dbus chat with accountsd - Allow system_cronjob_t dbus chat with avahi_t - Allow staff_t the io_uring sqpoll permission - Allow staff_t use the io_uring API - Add support for secretmem anon inode |