Fedora Packages

selinux-policy-targeted-39.4-1.fc39 in Fedora 39

↵ Return to the main page of selinux-policy-targeted
View build
Search for updates

Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files


Date Author Change
2024-01-25 Zdenek Pytela <zpytela at redhat dot com> - 39.4-1 - Allow collectd read raw fixed disk device - Allow collectd read udev pid files - Allow httpd work with PrivateTmp - Allow certmonger read network sysctls - Allow systemd-sleep set attributes of efivarfs files - Allow spamd_update_t the sys_ptrace capability in user namespace - Allow alsa get attributes filesystems with extended attributes - Allow systemd-sleep send a message to syslog over a unix dgram socket
2023-12-15 Zdenek Pytela <zpytela at redhat dot com> - 39.3-1 - Allow init create and use vsock sockets - Allow ddclient send e-mail notifications - Allow postfix_master_t map postfix data files - Allow thumb_t append to init unix domain stream sockets - Allow spamd_update_t read hardware state information - Allow systemd-sleep create efivarfs files
2023-11-14 Zdenek Pytela <zpytela at redhat dot com> - 39.2-1 - Allow graphical applications work in Wayland - Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on - Allow kdump work with PrivateTmp - Allow dovecot-auth work with PrivateTmp - Allow nfsd get attributes of all filesystems - Allow fido-device-onboard (FDO) read the crack database - Allow winbind_rpcd_t processes access when samba_export_all_* is on - Allow ntp to bind and connect to ntske port. - Allow apcupsd cgi scripts read /sys - Allow rpcbind read network sysctls
2023-11-02 Zdenek Pytela <zpytela at redhat dot com> - 39.1-1 - Support using systemd containers - Allow kernel_t to manage and relabel all files - Add missing optional_policy() to files_relabel_all_files() - Improve default file context(None) of /var/lib/authselect/backups - Allow targetd write to the syslog pid sock_file - Add ipa_pki_retrieve_key_exec() interface - Allow kdumpctl_t to list all directories with a filesystem type - Allow udev additional permissions - Allow udev load kernel module - Allow sysadm_t to mmap modules_object_t files - Add the unconfined_read_files() and unconfined_list_dirs() interfaces - Set default file context of HOME_DIR/tmp/.* to <<none>> - Allow kernel_generic_helper_t to execute mount(1)
2023-10-02 Zdenek Pytela <zpytela at redhat dot com> - 38.29-1 - Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t - Allow systemd-localed create Xserver config dirs - Allow sssd read symlinks in /etc/sssd - Label /dev/gnss[0-9] with gnss_device_t - Allow systemd-sleep read/write efivarfs variables - ci: Fix version number of packit generated srpms - Dontaudit rhsmcertd write memory device - Allow ssh_agent_type create a sockfile in /run/user/USERID - Set default file context of /var/lib/authselect/backups to <<none>> - Allow prosody read network sysctls - Allow cupsd_t to use bpf capability
2023-09-15 Zdenek Pytela <zpytela at redhat dot com> - 38.28-1 - Allow sssd domain transition on passkey_child execution conditionally - Allow login_userdomain watch lnk_files in /usr - Allow login_userdomain watch video4linux devices - Change systemd-network-generator transition to include class file - Revert "Change file transition for systemd-network-generator" - Allow nm-dispatcher winbind plugin read/write samba var files - Allow systemd-networkd write to cgroup files - Allow kdump create and use its memfd: objects
2023-08-31 Zdenek Pytela <zpytela at redhat dot com> - 38.27-1 - Allow fedora-third-party get generic filesystem attributes - Allow sssd use usb devices conditionally - Update policy for qatlib - Allow ssh_agent_type manage generic cache home files - Update make-rhat-patches.sh file to use the f39 dist-git branch in F39
2023-08-24 Zdenek Pytela <zpytela at redhat dot com> - 38.26-1 - Change file transition for systemd-network-generator - Additional support for gnome-initial-setup - Update gnome-initial-setup policy for geoclue - Allow openconnect vpn open vhost net device - Allow cifs.upcall to connect to SSSD also through the /var/run socket - Grant cifs.upcall more required capabilities - Allow xenstored map xenfs files - Update policy for fdo - Allow keepalived watch var_run dirs - Allow svirt to rw /dev/udmabuf - Allow qatlib to modify hardware state information. - Allow key.dns_resolve connect to avahi over a unix stream socket - Allow key.dns_resolve create and use unix datagram socket - Use quay.io as the container image source for CI
2023-08-11 Zdenek Pytela <zpytela at redhat dot com> - 38.25-1 - ci: Move srpm/rpm build to packit - .copr: Avoid subshell and changing directory - Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file - Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t - Make insights_client_t an unconfined domain - Allow insights-client manage user temporary files - Allow insights-client create all rpm logs with a correct label - Allow insights-client manage generic logs - Allow cloud_init create dhclient var files and init_t manage net_conf_t - Allow insights-client read and write cluster tmpfs files - Allow ipsec read nsfs files - Make tuned work with mls policy - Remove nsplugin_role from mozilla.if - allow mon_procd_t self:cap_userns sys_ptrace - Allow pdns name_bind and name_connect all ports - Set the MLS range of fsdaemon_t to s0 - mls_systemhigh - ci: Move to actions/checkout@v3 version - .copr: Replace chown call with standard workflow safe.directory setting - .copr: Enable `set -u` for robustness - .copr: Simplify root directory variable
2023-08-04 Zdenek Pytela <zpytela at redhat dot com> - 38.24-1 - Allow rhsmcertd dbus chat with policykit - Allow polkitd execute pkla-check-authorization with nnp transition - Allow user_u and staff_u get attributes of non-security dirs - Allow unconfined user filetrans chrome_sandbox_home_t - Allow svnserve execute postdrop with a transition - Do not make postfix_postdrop_t type an MTA executable file - Allow samba-dcerpc service manage samba tmp files - Add use_nfs_home_dirs boolean for mozilla_plugin - Fix labeling for no-stub-resolv.conf


  • config(selinux-policy-targeted)
  • selinux-policy-any
  • selinux-policy-targeted


Sources on Pagure