- Update to version 20230125. Refreshed:
* distro_suse_to_distro_redhat.patch
* fix_dnsmasq.patch
* fix_init.patch
* fix_ipsec.patch
* fix_kernel_sysctl.patch
* fix_logging.patch
* fix_rpm.patch
* fix_selinuxutil.patch
* fix_systemd_watch.patch
* fix_userdomain.patch
- More flexible lib(exec) matching in fix_fwupd.patch
- Removed sys_admin for systemd_gpt_generator_t in fix_systemd.patch
- Dropped fix_container.patch, is now upstream
- Added fix_entropyd.patch
* Added new interface entropyd_semaphore_filetrans to properly transfer
semaphore created during early boot. That doesn't work yet, so work
around with next item
* Allow reading tempfs files
- Added fix_kernel.patch. Added modutils_execute_kmod_tmpfs_files interace
to allow kmod_tmpfs_t files to be executed. Necessary for firewalld
- Added fix_rtkit.patch to fix labeling of binary
- Modified fix_ntp.patch:
* Proper labeling for start-ntpd
* Fixed label rules for chroot path
* Temporarily allow dac_override for ntpd_t (bsc#1207577)
* Add interface ntp_manage_pid_files to allow management of pid
files
- Updated fix_networkmanager.patch to allow managing ntp pid files
OBS-URL: https://build.opensuse.org/request/show/1061575
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=171
- Update to version 20221019. Refreshed:
* distro_suse_to_distro_redhat.patch
* fix_apache.patch
* fix_chronyd.patch
* fix_cron.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_rpm.patch
* fix_sysnetwork.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus
OBS-URL: https://build.opensuse.org/request/show/1035580
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=155
- Update to version 20221019. Refreshed:
* distro_suse_to_distro_redhat.patch
* fix_apache.patch
* fix_chronyd.patch
* fix_cron.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_rpm.patch
* fix_sysnetwork.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus
OBS-URL: https://build.opensuse.org/request/show/1030151
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=153
- Update to version 20200910. Refreshed
* fix_authlogin.patch
* fix_nagios.patch
* fix_systemd.patch
* fix_usermanage.patch
- Delete suse_specific.patch, moved content into fix_selinuxutil.patch
- Cleanup of booleans-* presets
* Enabled
user_rw_noexattrfile
unconfined_chrome_sandbox_transition
unconfined_mozilla_plugin_transition
for the minimal policy
* Disabled
xserver_object_manager
for the MLS policy
* Disabled
openvpn_enable_homedirs
privoxy_connect_any
selinuxuser_direct_dri_enabled
selinuxuser_ping (aka user_ping)
squid_connect_any
telepathy_tcp_connect_generic_network_ports
for the targeted policy
Change your local config if you need them
- Build HTML version of manpages for the -devel package
OBS-URL: https://build.opensuse.org/request/show/833509
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=83
