selinux-policy

rpm/selinux-policy

SHA256

Fork 0

forked from pool/selinux-policy

3752e2304c Accepting request 1200261 from security:SELinux factory Ana Guerrero 2024-09-12 14:54:06 +00:00
64c9b9378c - Update to version 20240912: * Allow systemd_ibft_rule_generator_t to create udev_rules_t dirs (bsc#1230011) * Allow systemd_udev_trigger_generator_t list and read sysctls (bsc#1230315) * Initial policy for udev-trigger-generator (bsc#1230315) devel Hu 2024-09-12 07:35:07 +00:00
33c24240a2 Accepting request 1199629 from security:SELinux Ana Guerrero 2024-09-10 19:12:21 +00:00
b9406bac0c Accepting request 1199900 from home:cahu:branches:security:SELinux Hu 2024-09-10 15:01:13 +00:00
2112d5575b - Update to version 20240905: * Allow coreos-installer-generator manage mdadm_conf_t files * Allow setsebool_t relabel selinux data files * Allow virtqemud relabelfrom virtqemud_var_run_t dirs * Use better escape method for "interface" * Allow init and systemd-logind to inherit fds from sshd * Allow systemd-ssh-generator read sysctl files * Sync modules.conf with Fedora targeted modules * Allow virtqemud relabel user tmp files and socket files * Add missing sys_chroot capability to groupadd policy * Label /run/libvirt/qemu/channel with virtqemud_var_run_t * Allow virtqemud relabelfrom also for file and sock_file * Add virt_create_log() and virt_write_log() interfaces - Sync modules-targeted-contrib.conf with Fedora targeted modules.conf Hu 2024-09-09 08:08:07 +00:00
b2a6a4d472 Accepting request 1198764 from security:SELinux Ana Guerrero 2024-09-05 13:46:23 +00:00
3d27365c20 - Fix macros.selinux-policy (bsc#1229132) - %selinux_modules_install and %selinux_modules_uninstall will now only execute load_policy if $TRANSACTIONAL_UPDATE is not set (aka only if they are not in a transactional system) - $TRANSACTIONAL_UPDATE is set here: bd524d3ddf/lib/Transaction.cpp (L428) Hu 2024-09-04 13:57:36 +00:00
c15b34e13f - Disable build of the MLS policy. We currently don't know if it works and don't want to encourage users to apply it Hu 2024-09-03 11:46:59 +00:00
7f06e6d1b3 Accepting request 1198426 from security:SELinux Dominique Leuenberger 2024-09-03 11:37:49 +00:00
9c1224b86d - Update to version 20240903: * allow sshd_t and sshd_net_t access to ssh vsockets (bsc#1228831) Hu 2024-09-03 08:04:07 +00:00
7e521cf496 Accepting request 1198253 from home:cahu:branches:security:SELinux Hu 2024-09-02 08:36:23 +00:00
81e37981ae Accepting request 1197845 from security:SELinux Dominique Leuenberger 2024-09-01 17:20:56 +00:00
34097e449f - Update to version 20240830: * Allow virtstoraged to manage images (bsc#1228742) * Allow virtstoraged_t domtrans to udev (bsc#1228742) Hu 2024-08-30 11:52:05 +00:00
5d9d3aec92 Accepting request 1196426 from security:SELinux Dominique Leuenberger 2024-08-29 13:42:54 +00:00
9ea4bcbe6d - Update to version 20240828: * Allow systemd-ssh-generator to load net-pf-40 (bsc#1229766) Hu 2024-08-28 09:10:00 +00:00
1295c6efea Accepting request 1196084 from security:SELinux Ana Guerrero 2024-08-27 17:38:31 +00:00
6514d3f42b - Enable named_write_master_zones boolean by default (bsc#1229479) Hu 2024-08-26 14:29:53 +00:00
ef2794ca22 Accepting request 1195681 from security:SELinux Ana Guerrero 2024-08-25 10:09:35 +00:00
40eb8e68ec - Update to version 20240823: * Allow rasdaemon write access to sysfs (bsc#1229587) Hu 2024-08-23 08:42:36 +00:00
4bc48cd130 Accepting request 1194650 from security:SELinux Ana Guerrero 2024-08-20 14:12:40 +00:00
06983f62a3 - Update to version 20240816: * Initial policy for syslog-ng (bsc#1229153) Hu 2024-08-16 12:31:26 +00:00
3743169a39 Accepting request 1193871 from security:SELinux Dominique Leuenberger 2024-08-15 07:57:36 +00:00
3425be62a3 - Update to version 20240814: * Dontaudit dac_override of fstab generator (bsc#1229127) Hu 2024-08-14 12:12:40 +00:00
4d1c914703 - Drop varrun-convert.sh script as it causes issues with container-selinux update (bsc#1228951) Hu 2024-08-14 12:09:35 +00:00
83d1f9398e - Update to version 20240812: * Update libvirt policy * Add port 80/udp and 443/udp to http_port_t definition * Additional updates stalld policy for bpf usage * Label systemd-pcrextend and systemd-pcrlock properly * Allow coreos_installer_t work with partitions * Revert "Allow coreos-installer-generator work with partitions" * Add policy for systemd-pcrextend * Update policy for systemd-getty-generator * Allow ip command write to ipsec's logs * Allow virt_driver_domain read virtd-lxc files in /proc * Revert "Allow svirt read virtqemud fifo files" * Update virtqemud policy for libguestfs usage * Allow virtproxyd create and use its private tmp files * Allow virtproxyd read network state * Allow virt_driver_domain create and use log files in /var/log * Allow samba-dcerpcd work with ctdb cluster * Allow NetworkManager_dispatcher_t send SIGKILL to plugins * Allow setroubleshootd execute sendmail with a domain transition * Allow key.dns_resolve set attributes on the kernel key ring * Update qatlib policy for v24.02 with new features * Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t * Allow tlp status power services * Allow virtqemud domain transition on passt execution * Allow virt_driver_domain connect to systemd-userdbd over a unix socket * Allow boothd connect to systemd-userdbd over a unix socket * Update policy for awstats scripts * Allow bitlbee execute generic programs in system bin directories * Allow login_userdomain read aliases file * Allow login_userdomain read ipsec config files * Allow login_userdomain read all pid files * Allow rsyslog read systemd-logind session files * Allow libvirt-dbus stream connect to virtlxcd Hu 2024-08-12 15:39:19 +00:00
7ad5616cbb Accepting request 1192931 from security:SELinux Dominique Leuenberger 2024-08-10 17:06:12 +00:00
2254b47412 - Update to version 20240809: * Label /run/udev/rules.d as udev_rules_t * Provide type for sysstat lock files (bsc#1228247) * Allow snapper to delete unlabeled_t files (bsc#1228889) Hu 2024-08-09 12:56:11 +00:00
fade960df6 - Update to version 20240808: * Use new kanidm interfaces * Initial module for kanidm * Update bootupd policy * Allow rhsmcertd read/write access to /dev/papr-sysparm * Label /dev/papr-sysparm and /dev/papr-vpd * Allow abrt-dump-journal-core connect to winbindd * Allow systemd-hostnamed shut down nscd * Allow systemd-pstore send a message to syslogd over a unix domain * Allow postfix_domain map postfix_etc_t files * Allow microcode create /sys/devices/system/cpu/microcode/reload * Allow rhsmcertd read, write, and map ica tmpfs files * Support SGX devices * Allow initrc_t transition to passwd_t * Update fstab and cryptsetup generators policy * Allow xdm_t read and write the dma device * Update stalld policy for bpf usage * Allow systemd_gpt_generator to getattr on DOS directories * Make cgroup_memory_pressure_t a part of the file_type attribute * Allow ssh_t to change role to system_r * Update policy for coreos generators * Allow init_t nnp domain transition to firewalld_t * Label /run/modprobe.d with modules_conf_t * Allow virtnodedevd run udev with a domain transition * Allow virtnodedev_t create and use virtnodedev_lock_t * Allow virtstoraged manage files with virt_content_t type * Allow virtqemud unmount a filesystem with extended attributes * Allow svirt_t connect to unconfined_t over a unix domain socket * Update afterburn file transition policy * Allow systemd_generator read attributes of all filesystems * Allow fstab-generator read and write cryptsetup-generator unit file * Allow cryptsetup-generator read and write fstab-generator unit file * Allow systemd_generator map files in /etc * Allow systemd_generator read init's process state * Allow coreos-installer-generator read sssd public files * Allow coreos-installer-generator work with partitions * Label /etc/mdadm.conf.d with mdadm_conf_t * Confine coreos generators * Label /run/metadata with afterburn_runtime_t * Allow afterburn list ssh home directory * Label samba certificates with samba_cert_t * Label /run/coreos-installer-reboot with coreos_installer_var_run_t * Allow virtqemud read virt-dbus process state * Allow staff user dbus chat with virt-dbus * Allow staff use watch /run/systemd * Allow systemd_generator to write kmsg * Allow virtqemud connect to sanlock over a unix stream socket * Allow virtqemud relabel virt_var_run_t directories * Allow svirt_tcg_t read vm sysctls * Allow virtnodedevd connect to systemd-userdbd over a unix socket * Allow svirt read virtqemud fifo files * Allow svirt attach_queue to a virtqemud tun_socket * Allow virtqemud run ssh client with a transition * Allow virt_dbus_t connect to virtqemud_t over a unix stream socket * Update keyutils policy * Allow sshd_keygen_t connect to userdbd over a unix stream socket * Allow postfix-smtpd read mysql config files * Allow locate stream connect to systemd-userdbd * Allow the staff user use wireshark * Allow updatedb connect to userdbd over a unix stream socket * Allow gpg_t set attributes of public-keys.d * Allow gpg_t get attributes of login_userdomain stream * Allow systemd_getty_generator_t read /proc/1/environ * Allow systemd_getty_generator_t to read and write to tty_device_t * Drop publicfile module * Remove permissive domain for systemd_nsresourced_t * Change fs_dontaudit_write_cgroup_files() to apply to cgroup_t * Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t * Allow to create and delete socket files created by rhsm.service * Allow virtnetworkd exec shell when virt_hooks_unconfined is on * Allow unconfined_service_t transition to passwd_t * Support /var is empty * Allow abrt-dump-journal read all non_security socket files * Allow timemaster write to sysfs files * Dontaudit domain write cgroup files * Label /usr/lib/node_modules/npm/bin with bin_t * Allow ip the setexec permission * Allow systemd-networkd write files in /var/lib/systemd/network * Fix typo in systemd_nsresourced_prog_run_bpf() Hu 2024-08-08 12:42:54 +00:00
013d5e9091 Accepting request 1191606 from security:SELinux Dominique Leuenberger 2024-08-07 04:09:59 +00:00
1436280589 Accepting request 1191198 from home:cahu:branches:security:SELinux Hu 2024-08-02 14:03:51 +00:00
abf987f230 Accepting request 1190665 from security:SELinux Dominique Leuenberger 2024-08-01 20:03:52 +00:00
221bf4c937 Accepting request 1190779 from home:cahu:branches:security:SELinux Hu 2024-07-31 16:19:05 +00:00
b0b931a7b7 Accepting request 1190664 from home:cahu:branches:security:SELinux Hu 2024-07-31 12:58:43 +00:00
ed825bf91e Accepting request 1189796 from security:SELinux Dominique Leuenberger 2024-07-30 09:53:15 +00:00
27400b7c6d Accepting request 1190295 from home:cahu:branches:security:SELinux Hu 2024-07-29 15:55:16 +00:00
a861cc4c16 - Update to version 20240726: * Allow snapper grub plugin to manage unlabeled_t and read link files Hu 2024-07-26 13:40:33 +00:00
0893fdafb7 - Update to version 20240725: * Initial policy for grub2 snapper plugin (bsc#1228205) Hu 2024-07-25 07:52:13 +00:00
46b2f71015 Accepting request 1187944 from home:cahu:branches:security:SELinux Hu 2024-07-16 14:40:18 +00:00
c4e9acf5f1 Accepting request 1187876 from home:cahu:branches:security:SELinux Hu 2024-07-16 11:55:49 +00:00
a77f640b09 Accepting request 1187549 from security:SELinux Ana Guerrero 2024-07-15 17:46:30 +00:00
b5589129a3 Accepting request 1187548 from home:cahu:branches:security:SELinux Hu 2024-07-15 12:01:23 +00:00
253642ffe5 Accepting request 1186820 from security:SELinux Ana Guerrero 2024-07-14 06:48:58 +00:00
9dc19e60e0 Accepting request 1186574 from home:cahu:security:SELinux:policyupdate072024 Hu 2024-07-10 11:10:28 +00:00
e591737fbd Accepting request 1184840 from security:SELinux Ana Guerrero 2024-07-03 18:29:10 +00:00
0af4af012c Accepting request 1184839 from home:cahu:branches:security:SELinux Hu 2024-07-02 11:23:15 +00:00
290de72460 Accepting request 1184825 from home:cahu:branches:security:SELinux Hu 2024-07-02 10:36:37 +00:00
2777860370 Accepting request 1181332 from security:SELinux Ana Guerrero 2024-06-18 20:51:01 +00:00
860070d5d6 Accepting request 1181331 from home:cahu:branches:security:SELinux Hu 2024-06-17 14:37:28 +00:00
1caa35060d Accepting request 1180332 from security:SELinux Ana Guerrero 2024-06-14 16:57:11 +00:00
ee6d23dd06 - Update to version 20240613: * Allow systemd_fstab_generator_t read tmpfs files (bsc#1223599) Hu 2024-06-13 08:13:40 +00:00
773eae054e Accepting request 1180132 from home:cahu:branches:security:SELinux Hu 2024-06-12 08:45:42 +00:00
229039d5a3 Accepting request 1178674 from security:SELinux Ana Guerrero 2024-06-06 10:30:52 +00:00
9e5280b8c1 Accepting request 1177623 from home:cahu:security:SELinux:fixleapbuild Hu 2024-06-03 13:58:44 +00:00
9f031f9f4b - Remove "Reference" from the package description. It's not the reference policy, but the Fedora branch of the policy Johannes Segitz 2024-06-03 13:43:00 +00:00
73def1f385 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=221 Johannes Segitz 2024-05-13 13:45:21 +00:00
70cb8675a3 Accepting request 1172709 from home:jsegitz:branches:security:SELinux_varrun Johannes Segitz 2024-05-08 11:46:50 +00:00
a50eda674e Accepting request 1172201 from home:jsegitz:branches:security:SELinux_6 Johannes Segitz 2024-05-06 14:44:10 +00:00
55bd7d562d Accepting request 1167823 from home:cahu:security:SELinux:policytest Hu 2024-04-15 14:47:23 +00:00
2eaa3b6b79 Accepting request 1166915 from home:cahu:security:SELinux:policytest Johannes Segitz 2024-04-12 07:02:14 +00:00
b602490be5 Accepting request 1160077 from security:SELinux Ana Guerrero 2024-03-22 14:18:04 +00:00
7842134f14 Accepting request 1160076 from home:jsegitz:branches:security:SELinux_4 Johannes Segitz 2024-03-21 11:06:40 +00:00
e202670cf7 Accepting request 1157662 from security:SELinux Ana Guerrero 2024-03-14 16:42:42 +00:00
46446abef7 Accepting request 1157597 from home:cahu:branches:security:SELinux Hu 2024-03-13 11:09:43 +00:00
12c8b54f47 Accepting request 1156292 from home:cahu:branches:security:SELinux Hu 2024-03-08 09:17:10 +00:00
00cf593a94 Accepting request 1155628 from home:cahu:branches:security:SELinux Hu 2024-03-07 09:31:38 +00:00
a8b7954413 Accepting request 1154878 from home:cahu:branches:security:SELinux Hu 2024-03-06 10:50:11 +00:00
01446f5c9f Accepting request 1145097 from security:SELinux Ana Guerrero 2024-02-09 22:51:35 +00:00
4b3ec21f85 Accepting request 1144343 from home:cahu:branches:security:SELinux Hu 2024-02-06 08:12:43 +00:00
fcf37560b3 Accepting request 1139103 from security:SELinux Ana Guerrero 2024-01-16 20:36:51 +00:00
ceb3fcfaa1 Accepting request 1139091 from home:cahu:branches:security:SELinux Hu 2024-01-16 09:21:41 +00:00
241ac5cad9 Accepting request 1138076 from security:SELinux Ana Guerrero 2024-01-12 22:44:13 +00:00
4479aef3ce Accepting request 1137686 from home:cahu:branches:security:SELinux Johannes Segitz 2024-01-11 08:53:15 +00:00
579406ef8f Accepting request 1132428 from security:SELinux Ana Guerrero 2023-12-11 20:49:43 +00:00
23185a5570 Accepting request 1129970 from home:cahu:branches:security:SELinux Johannes Segitz 2023-12-11 08:07:24 +00:00
099adb46e0 Accepting request 1128521 from security:SELinux Ana Guerrero 2023-11-26 18:36:32 +00:00
bd548fda37 Accepting request 1128519 from home:cahu:branches:security:SELinux Hu 2023-11-24 09:58:31 +00:00
08ee9472e5 Accepting request 1128144 from security:SELinux Ana Guerrero 2023-11-23 20:38:57 +00:00
0a269ab03e Accepting request 1128143 from home:cahu:branches:security:SELinux Hu 2023-11-22 13:59:55 +00:00
70af96a242 Accepting request 1121154 from security:SELinux Dominique Leuenberger 2023-11-01 21:09:22 +00:00
043e5338e1 Accepting request 1121138 from home:cahu:branches:security:SELinux Hu 2023-10-30 11:05:50 +00:00
66edf948ab Accepting request 1117140 from security:SELinux Ana Guerrero 2023-10-13 21:13:48 +00:00
af77709c80 Accepting request 1117134 from home:cahu:branches:security:SELinux Hu 2023-10-12 08:42:29 +00:00
62c76c5b39 Accepting request 1115652 from security:SELinux Ana Guerrero 2023-10-05 18:03:04 +00:00
ecba8b0d6b Accepting request 1115645 from home:jsegitz:branches:security:SELinux_3 Hu 2023-10-04 15:03:23 +00:00
fe4723a538 Accepting request 1112155 from home:jsegitz:branches:security:SELinux_2 Johannes Segitz 2023-09-20 14:15:21 +00:00
d54cf0dbee Accepting request 1101215 from security:SELinux Dominique Leuenberger 2023-07-29 18:09:48 +00:00
a975c36105 Accepting request 1101214 from home:fbonazzi:branches:security:SELinux Filippo Bonazzi 2023-07-28 15:00:26 +00:00
ad88690b85 Accepting request 1094793 from security:SELinux Dominique Leuenberger 2023-06-24 18:13:34 +00:00
3c8840090d Accepting request 1094792 from home:jsegitz:branches:security:SELinux Johannes Segitz 2023-06-23 08:08:16 +00:00
8f295d331c Accepting request 1082789 from security:SELinux Dominique Leuenberger 2023-04-26 15:24:28 +00:00
ebe0d17ed3 Accepting request 1082788 from home:cahu:branches:security:SELinux Johannes Segitz 2023-04-25 15:21:22 +00:00
f366bc7fbe Accepting request 1082736 from home:cahu:branches:security:SELinux Johannes Segitz 2023-04-25 11:41:50 +00:00
ae7e61e582 Accepting request 1080824 from security:SELinux Dominique Leuenberger 2023-04-21 12:15:52 +00:00
d97aac754e OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=182 Johannes Segitz 2023-04-20 11:18:16 +00:00
572a533f73 Accepting request 1080814 from home:jsegitz:branches:security:SELinux Johannes Segitz 2023-04-20 11:04:43 +00:00
2c0b161ac5 Accepting request 1075010 from home:cahu:branches:security:SELinux Johannes Segitz 2023-03-28 12:44:26 +00:00
b73764daca Accepting request 1073587 from security:SELinux Dominique Leuenberger 2023-03-22 21:29:18 +00:00
4bd800106f Accepting request 1073586 from home:jsegitz:branches:security:SELinux Johannes Segitz 2023-03-21 15:56:46 +00:00
0f3ba0a5f9 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=177 Johannes Segitz 2023-03-17 11:20:02 +00:00
a019d5e5d8 process easier in general. Updated README.Update Johannes Segitz 2023-03-17 11:19:42 +00:00

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory