Hu
9dc19e60e0
- Enable sap module
- Add equivalency in file_contexts.subs_dist
* /bin /usr/bin
* /sbin /usr/bin
* /usr/sbin /usr/bin
- Update to version 20240710:
* Change fc in rebootmgr module for /sbin -> /usr/bin
* Change fc in rpm module for /sbin -> /usr/bin
* Change fc in rsync module for /sbin -> /usr/bin
* Change fc in wicked module for /sbin -> /usr/bin
* Confine libvirt-dbus
* Allow virtqemud the kill capability in user namespace
* Allow rshim get options of the netlink class for KOBJECT_UEVENT family
* Allow dhcpcd the kill capability
* Allow systemd-networkd list /var/lib/systemd/network
* Allow sysadm_t run systemd-nsresourced bpf programs
* Update policy for systemd generators interactions
* Allow create memory.pressure files with cgroup_memory_pressure_t
* Add support for libvirt hooks
* Allow certmonger read and write tpm devices
* Allow all domains to connect to systemd-nsresourced over a unix socket
* Allow systemd-machined read the vsock device
* Update policy for systemd generators
* Allow ptp4l_t request that the kernel load a kernel module
* Allow sbd to trace processes in user namespace
* Allow request-key execute scripts
* Update policy for haproxyd
* Update policy for systemd-nsresourced
* Correct sbin-related file context entries
* Allow login_userdomain execute systemd-tmpfiles in the caller domain
* Allow virt_driver_domain read files labeled unconfined_t
* Allow virt_driver_domain dbus chat with policykit
* Allow virtqemud manage nfs files when virt_use_nfs boolean is on
* Add rules for interactions between generators
* Label memory.pressure files with cgroup_memory_pressure_t
* Revert "Allow some systemd services write to cgroup files"
* Update policy for systemd-nsresourced
* Label /usr/bin/ntfsck with fsadm_exec_t
* Allow systemd_fstab_generator_t read tmpfs files
* Update policy for systemd-nsresourced
* Alias /usr/sbin to /usr/bin and change all /usr/sbin paths to /usr/bin
* Remove a few lines duplicated between {dkim,milter}.fc
* Alias /bin → /usr/bin and remove redundant paths
* Drop duplicate line for /usr/sbin/unix_chkpwd
* Drop duplicate paths for /usr/sbin
* Update systemd-generator policy
* Remove permissive domain for bootupd_t
* Remove permissive domain for coreos_installer_t
* Remove permissive domain for afterburn_t
* Add the sap module to modules.conf
* Move unconfined_domain(sap_unconfined_t) to an optional block
* Create the sap module
* Allow systemd-coredumpd sys_admin and sys_resource capabilities
* Allow systemd-coredump read nsfs files
* Allow generators auto file transition only for plain files
* Allow systemd-hwdb write to the kernel messages device
* Escape "interface" as a file name in a virt filetrans pattern
* Allow gnome-software work for login_userdomain
* Allow systemd-machined manage runtime sockets
* Revert "Allow systemd-machined manage runtime sockets"
* Allow postfix_domain connect to postgresql over a unix socket
* Dontaudit systemd-coredump sys_admin capability
- Update container-selinux
OBS-URL: https://build.opensuse.org/request/show/1186574
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=233
2 lines
2.3 KiB
Plaintext
2 lines
2.3 KiB
Plaintext
abrt accountsd acct afs aiccu aide ajaxterm alsa amanda amtu anaconda antivirus apache apcupsd apm arpwatch asterisk authconfig automount avahi awstats bcfg2 bind rpcbind rngd bitlbee blueman bluetooth boinc brctl bugzilla cachefilesd calamaris callweaver canna ccs cdrecord certmaster certmonger certwatch cfengine cgroup chrome chronyd cipe clogd cloudform cmirrord cobbler collectd colord comsat condor consolekit couchdb courier cpucontrol cpufreqselector cron ctdb cups cvs cyphesis cyrus daemontools dbadm dbskk dbus dcc ddclient denyhosts devicekit dhcp dictd dirsrv-admin dirsrv dmidecode dnsmasq dnssec dovecot drbd dspam entropyd exim fail2ban fcoe fetchmail finger firewalld firewallgui firstboot fprintd ftp tftp games gitosis git glance glusterd gnome gpg gpg gpm gpsd guest xguest hddtemp icecast inetd inn lircd irc irqbalance iscsi isns jabber jetty jockey kdumpgui kdump kerberos keyboardd keystone kismet ksmtuned ktalk l2tp ldap likewise lircd livecd lldpad loadkeys lockdev logrotate logwatch lpd slpd mailman mailscanner man2html mcelog mediawiki memcached milter mock modemmanager mojomojo mozilla mpd mplayer mrtg mta munin mysql mythtv nagios namespace ncftool ncftool networkmanager nis nova nslcd ntop ntp numad nut nx obex oddjob openct openshift-origin openshift openvpn openvswitch prelude pads passenger pcmcia pcscd pegasus pingd piranha plymouthd podsleuth policykit polipo portmap portreserve postfix postgrey ppp prelink unprivuser prelude privoxy procmail psad ptchown publicfile pulseaudio puppet pwauth qmail qpid quantum quota rabbitmq radius radvd raid rdisc readahead realmd remotelogin rhcs rhev rhgb rhsmcertd ricci rlogin roundup rpcbind rpc rpm rshd rssh rsync rtkit rwho sambagui samba sandbox sandboxX sanlock sasl sblim screen sectoolm sendmail sensord setroubleshoot sge shorewall slocate slpd smartmon smokeping smoltclient snmp snort sosreport soundserver spamassassin squid sssd stapserver stunnel svnserve swift sysstat tcpd tcsd telepathy telnet tftp tgtd thumb tmpreaper tomcat cpufreqselector tor ksmtuned tuned tvtime ulogd uml updfstab usbmodules usbmuxd userhelper usernetctl uucp uuidd varnishd vbetool vbetool vdagent vhostmd virt vlock vmware vnstatd openvpn vpn w3c wdmd webadm webalizer wine wireshark xen xguest zabbix zarafa zebra zoneminder zosremote thin mandb pki smsd sslh obs
|