Fedora Packages

selinux-policy-37.12-2.fc37 in Fedora 37

↵ Return to the main page of selinux-policy
View build
Search for updates

Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files

Changelog

Date Author Change
2022-09-23 Zdenek Pytela <zpytela at redhat dot com> - 37.12-2 - Update make-rhat-patches.sh file to use the f37 dist-git branch in F37
2022-09-22 Zdenek Pytela <zpytela at redhat dot com> - 37.12-1 - nut-upsd: kernel_read_system_state, fs_getattr_cgroup - Add numad the ipc_owner capability - Allow gst-plugin-scanner read virtual memory sysctls - Allow init read/write inherited user fifo files - Update dnssec-trigger policy: setsched, module_request - added policy for systemd-socket-proxyd - Add the new 'cmd' permission to the 'io_uring' class - Allow winbind-rpcd read and write its key ring - Label /run/NetworkManager/no-stub-resolv.conf net_conf_t - blueman-mechanism can read ~/.local/lib/python*/site-packages directory - pidof executed by abrt can readlink /proc/*/exe - Fix typo in comment - Do not run restorecon /etc/NetworkManager/dispatcher.d in mls and minimum
2022-09-14 Zdenek Pytela <zpytela at redhat dot com> - 37.11-1 - Allow tor get filesystem attributes - Allow utempter append to login_userdomain stream - Allow login_userdomain accept a stream connection to XDM - Allow login_userdomain write to boltd named pipes - Allow staff_u and user_u users write to bolt pipe - Allow login_userdomain watch various directories - Update rhcd policy for executing additional commands 5 - Update rhcd policy for executing additional commands 4 - Allow rhcd create rpm hawkey logs with correct label - Allow systemd-gpt-auto-generator to check for empty dirs - Update rhcd policy for executing additional commands 3 - Allow journalctl read rhcd fifo files - Update insights-client policy for additional commands execution 5 - Allow init remount all file_type filesystems - Confine insights-client systemd unit - Update insights-client policy for additional commands execution 4 - Allow pcp pmcd search tracefs and acct_data dirs - Allow httpd read network sysctls - Dontaudit domain map permission on directories - Revert "Allow X userdomains to mmap user_fonts_cache_t dirs" - Revert "Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)" - Update insights-client policy for additional commands execution 3 - Allow systemd permissions needed for sandboxed services - Add rhcd module - Make dependency on rpm-plugin-selinux unordered
2022-09-02 Zdenek Pytela <zpytela at redhat dot com> - 37.10-1 - Allow ipsec_t read/write tpm devices - Allow rhcd execute all executables - Update rhcd policy for executing additional commands 2 - Update insights-client policy for additional commands execution 2 - Allow sysadm_t read raw memory devices - Allow chronyd send and receive chronyd/ntp client packets - Allow ssh client read kerberos homedir config files - Label /var/log/rhc-worker-playbook with rhcd_var_log_t - Update insights-client policy (auditctl, gpg, journal) - Allow system_cronjob_t domtrans to rpm_script_t - Allow smbd_t process noatsecure permission for winbind_rpcd_t - Update tor_bind_all_unreserved_ports interface - Allow chronyd bind UDP sockets to ptp_event ports. - Allow unconfined and sysadm users transition for /root/.gnupg - Add gpg_filetrans_admin_home_content() interface - Update rhcd policy for executing additional commands - Update insights-client policy for additional commands execution - Add userdom_view_all_users_keys() interface - Allow gpg read and write generic pty type - Allow chronyc read and write generic pty type - Allow system_dbusd ioctl kernel with a unix stream sockets - Allow samba-bgqd to read a printer list - Allow stalld get and set scheduling policy of all domains. - Allow unconfined_t transition to targetclid_home_t
2022-08-11 Zdenek Pytela <zpytela at redhat dot com> - 37.9-1 - Allow nm-dispatcher custom plugin dbus chat with nm - Allow nm-dispatcher sendmail plugin get status of systemd services - Allow xdm read the kernel key ring - Allow login_userdomain check status of mount units - Allow postfix/smtp and postfix/virtual read kerberos key table - Allow services execute systemd-notify - Do not allow login_userdomain use sd_notify() - Allow launch-xenstored read filesystem sysctls - Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd - Allow openvswitch fsetid capability - Allow openvswitch use its private tmpfs files and dirs - Allow openvswitch search tracefs dirs - Allow pmdalinux read files on an nfsd filesystem - Allow winbind-rpcd write to winbind pid files - Allow networkmanager to signal unconfined process - Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t - Allow samba-bgqd get a printer list - fix(init.fc): Fix section description - Allow fedora-third-party read the passwords file - Remove permissive domain for rhcd_t - Allow pmie read network state information and network sysctls - Revert "Dontaudit domain the fowner capability" - Allow sysadm_t to run bpftool on the userdomain attribute - Add the userdom_prog_run_bpf_userdomain() interface - Allow insights-client rpm named file transitions - Add /var/tmp/insights-archive to insights_client_filetrans_named_content
2022-08-01 Zdenek Pytela <zpytela at redhat dot com> - 37.8-1 - Allow sa-update to get init status and start systemd files - Use insights_client_filetrans_named_content - Make default file context match with named transitions - Allow nm-dispatcher tlp plugin send system log messages - Allow nm-dispatcher tlp plugin create and use unix_dgram_socket - Add permissions to manage lnk_files into gnome_manage_home_config - Allow rhsmcertd to read insights config files - Label /etc/insights-client/machine-id - fix(devices.fc): Replace single quote in comment to solve parsing issues - Make NetworkManager_dispatcher_custom_t an unconfined domain
2022-07-23 Fedora Release Engineering <releng at fedoraproject dot org> - 37.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
2022-07-14 Zdenek Pytela <zpytela at redhat dot com> - 37.7-1 - Update winbind_rpcd_t - Allow some domains use sd_notify() - Revert "Allow rabbitmq to use systemd notify" - fix(sedoctool.py): Fix syntax warning: "is not" with a literal - Allow nm-dispatcher console plugin manage etc files - Allow networkmanager_dispatcher_plugin list NetworkManager_etc_t dirs - Allow nm-dispatcher console plugin setfscreate - Support using systemd-update-helper in rpm scriptlets - Allow nm-dispatcher winbind plugin read samba config files - Allow domain use userfaultfd over all domains - Allow cups-lpd read network sysctls
2022-06-29 Zdenek Pytela <zpytela at redhat dot com> - 37.6-1 - Allow stalld set scheduling policy of kernel threads - Allow targetclid read /var/target files - Allow targetclid read generic SSL certificates (fixed) - Allow firewalld read the contents of the sysfs filesystem - Fix file context pattern for /var/target - Use insights_client_etc_t in insights_search_config() - Allow nm-dispatcher ddclient plugin handle systemd services - Allow nm-dispatcher winbind plugin run smbcontrol - Allow nm-dispatcher custom plugin create and use unix dgram socket - Update samba-dcerpcd policy for kerberos usage 2 - Allow keepalived read the contents of the sysfs filesystem - Allow amandad read network sysctls - Allow cups-lpd read network sysctls - Allow kpropd read network sysctls - Update insights_client_filetrans_named_content() - Allow rabbitmq to use systemd notify - Label /var/target with targetd_var_t - Allow targetclid read generic SSL certificates - Update rhcd policy - Allow rhcd search insights configuration directories - Add the kernel_read_proc_files() interface - Require policycoreutils >= 3.4-1 - Add a script for enclosing interfaces in ifndef statements - Disable rpm verification on interface_info
2022-06-22 Zdenek Pytela <zpytela at redhat dot com> - 37.5-1 - Allow transition to insights_client named content - Add the insights_client_filetrans_named_content() interface - Update policy for insights-client to run additional commands 3 - Allow dhclient manage pid files used by chronyd - Allow stalld get scheduling policy of kernel threads - Allow samba-dcerpcd work with sssd - Allow dlm_controld send a null signal to a cluster daemon - Allow ksmctl create hardware state information files - Allow winbind_rpcd_t connect to self over a unix_stream_socket - Update samba-dcerpcd policy for kerberos usage - Allow insights-client execute its private memfd: objects - Update policy for insights-client to run additional commands 2 - Use insights_client_tmp_t instead of insights_client_var_tmp_t - Change space indentation to tab in insights-client - Use socket permissions sets in insights-client - Update policy for insights-client to run additional commands - Change rpm_setattr_db_files() to use a pattern - Allow init_t to rw insights_client unnamed pipe - Add rpm setattr db files macro - Fix insights client - Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling - Allow rabbitmq to access its private memfd: objects - Update policy for samba-dcerpcd - Allow stalld setsched and sys_nice

Dependencies

Provides

  • config(selinux-policy)
  • rpm_macro(_file_context_file)
  • rpm_macro(_file_context_file_pre)
  • rpm_macro(_file_custom_defined_booleans)
  • rpm_macro(_file_custom_defined_booleans_tmp)
  • rpm_macro(_selinux_policy_version)
  • rpm_macro(_selinux_store_path)
  • rpm_macro(_selinux_store_policy_path)
  • rpm_macro(selinux_modules_install)
  • rpm_macro(selinux_modules_uninstall)
  • rpm_macro(selinux_relabel_post)
  • rpm_macro(selinux_relabel_pre)
  • rpm_macro(selinux_requires)
  • rpm_macro(selinux_set_booleans)
  • rpm_macro(selinux_unset_booleans)
  • selinux-policy
  • selinux-policy-base

Files


Sources on Pagure