selinux-policy-sandbox-41.20-1.fc41 in Fedora 41
↵ Return to the main page of selinux-policy-sandbox
View build
Search for updates
Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files
Changelog
| Date | Author | Change |
|---|---|---|
| 2024-10-04 | Zdenek Pytela <zpytela at redhat dot com> - 41.20-1 | - Remove the openct module sources - Remove the timidity module sources - Enable the slrn module - Remove i18n_input module sources - Enable the distcc module - Remove the ddcprobe module sources - Remove the timedatex module sources - Remove the djbdns module sources - Confine iio-sensor-proxy - Allow staff user nlmsg_write - Update policy for xdm with confined users - Allow virtnodedev watch mdevctl config dirs - Allow ssh watch home config dirs - Allow ssh map home configs files - Allow ssh read network sysctls - Allow chronyc sendto to chronyd-restricted - Allow cups sys_ptrace capability in the user namespace |
| 2024-09-25 | Zdenek Pytela <zpytela at redhat dot com> - 41.19-1 | - Add policy for systemd-homed - Remove fc entry for /usr/bin/pump - Label /usr/bin/noping and /usr/bin/oping with ping_exec_t - Allow accountsd read gnome-initial-setup tmp files - Allow xdm write to gnome-initial-setup fifo files - Allow rngd read and write generic usb devices - Allow qatlib search the content of the kernel debugging filesystem - Allow qatlib connect to systemd-machined over a unix socket |
| 2024-09-18 | Petr Lautrbach <lautrbach at redhat dot com> - 41.18-1 | - Drop ru man pages - mls/modules.conf - fix typo - Allow unprivileged user watch /run/systemd - Allow boothd connect to kernel over a unix socket |
| 2024-09-16 | Zdenek Pytela <zpytela at redhat dot com> - 41.17-2 | - Relabel /etc/mdevctl.d |
| 2024-09-12 | Petr Lautrbach <lautrbach at redhat dot com> - 41.17-1 | - Clean up and sync securetty_types - Bring config files from dist-git into the source repo - Confine gnome-remote-desktop - Allow virtstoraged execute mount programs in the mount domain - Make mdevctl_conf_t member of the file_type attribute |
| 2024-09-10 | Zdenek Pytela <zpytela at redhat dot com> - 41.16-2 | - Rebuild |
| 2024-09-10 | Zdenek Pytela <zpytela at redhat dot com> - 41.16-1 | - Label /etc/mdevctl.d with mdevctl_conf_t - Sync users with Fedora targeted users - Update policy for rpc-virtstorage - Allow virtstoraged get attributes of configfs dirs - Fix SELinux policy for sandbox X server to fix 'sandbox -X' command - Update bootupd policy when ESP is not mounted - Allow thumb_t map dri devices - Allow samba use the io_uring API - Allow the sysadm user use the secretmem API - Allow nut-upsmon read systemd-logind session files - Allow sysadm_t to create PF_KEY sockets - Update bootupd policy for the removing-state-file test - Allow coreos-installer-generator manage mdadm_conf_t files |
| 2024-08-29 | Zdenek Pytela <zpytela at redhat dot com> - 41.15-1 | - Allow setsebool_t relabel selinux data files - Allow virtqemud relabelfrom virtqemud_var_run_t dirs - Use better escape method for "interface" - Allow init and systemd-logind to inherit fds from sshd - Allow systemd-ssh-generator read sysctl files - Sync modules.conf with Fedora targeted modules - Allow virtqemud relabel user tmp files and socket files - Add missing sys_chroot capability to groupadd policy - Label /run/libvirt/qemu/channel with virtqemud_var_run_t - Allow virtqemud relabelfrom also for file and sock_file - Add virt_create_log() and virt_write_log() interfaces - Call binaries without full path |
| 2024-08-12 | Zdenek Pytela <zpytela at redhat dot com> - 41.14-1 | - Update libvirt policy - Add port 80/udp and 443/udp to http_port_t definition - Additional updates stalld policy for bpf usage - Label systemd-pcrextend and systemd-pcrlock properly - Allow coreos_installer_t work with partitions - Revert "Allow coreos-installer-generator work with partitions" - Add policy for systemd-pcrextend - Update policy for systemd-getty-generator - Allow ip command write to ipsec's logs - Allow virt_driver_domain read virtd-lxc files in /proc - Revert "Allow svirt read virtqemud fifo files" - Update virtqemud policy for libguestfs usage - Allow virtproxyd create and use its private tmp files - Allow virtproxyd read network state - Allow virt_driver_domain create and use log files in /var/log - Allow samba-dcerpcd work with ctdb cluster |
| 2024-08-06 | Zdenek Pytela <zpytela at redhat dot com> - 41.13-1 | - Allow NetworkManager_dispatcher_t send SIGKILL to plugins - Allow setroubleshootd execute sendmail with a domain transition - Allow key.dns_resolve set attributes on the kernel key ring - Update qatlib policy for v24.02 with new features - Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t - Allow tlp status power services - Allow virtqemud domain transition on passt execution - Allow virt_driver_domain connect to systemd-userdbd over a unix socket - Allow boothd connect to systemd-userdbd over a unix socket - Update policy for awstats scripts - Allow bitlbee execute generic programs in system bin directories - Allow login_userdomain read aliases file - Allow login_userdomain read ipsec config files - Allow login_userdomain read all pid files - Allow rsyslog read systemd-logind session files - Allow libvirt-dbus stream connect to virtlxcd |
Dependencies
- bash
- selinux-policy = 41.20-1.fc41
- selinux-policy-targeted = 41.20-1.fc41
Provides
- selinux-policy-sandbox
Files
- usr/
- share/
- selinux/
- packages/
- sandbox.pp
- packages/
- selinux/
- share/
Sources on Pagure