forked from pool/selinux-policy
572a533f73
- Update to version 20230420:
* libzypp creates temporary files in /var/adm/mount. Label it with
rpm_var_cache_t to prevent wrong labels in /var/cache/zypp
* only use rsync_exec_t for the rsync server, not for the client
(bsc#1209890)
* properly label sshd-gen-keys-start to ensure ssh host keys have proper
labels after creation
* Allow dovecot-deliver write to the main process runtime fifo files
* Allow dmidecode write to cloud-init tmp files
* Allow chronyd send a message to cloud-init over a datagram socket
* Allow cloud-init domain transition to insights-client domain
* Allow mongodb read filesystem sysctls
* Allow mongodb read network sysctls
* Allow accounts-daemon read generic systemd unit lnk files
* Allow blueman watch generic device dirs
* Allow nm-dispatcher tlp plugin create tlp dirs
* Allow systemd-coredump mounton /usr
* Allow rabbitmq to read network sysctls
* Allow certmonger dbus chat with the cron system domain
* Allow geoclue read network sysctls
* Allow geoclue watch the /etc directory
* Allow logwatch_mail_t read network sysctls
* allow systemd_resolved_t to bind to all nodes (bsc#1200182)
* Allow insights-client read all sysctls
* Allow passt manage qemu pid sock files
* Allow sssd read accountsd fifo files
* Add support for the passt_t domain
* Allow virtd_t and svirt_t work with passt
* Add new interfaces in the virt module
* Add passt interfaces defined conditionally
OBS-URL: https://build.opensuse.org/request/show/1080814
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=181
|
||
|---|---|---|
| _service | ||
| _servicedata | ||
| .gitattributes | ||
| .gitignore | ||
| booleans-minimum.conf | ||
| booleans-mls.conf | ||
| booleans-targeted.conf | ||
| booleans.subs_dist | ||
| container.fc | ||
| container.if | ||
| container.te | ||
| customizable_types | ||
| debug-build.sh | ||
| file_contexts.subs_dist | ||
| macros.selinux-policy | ||
| Makefile.devel | ||
| modules-minimum-base.conf | ||
| modules-minimum-contrib.conf | ||
| modules-minimum-disable.lst | ||
| modules-mls-base.conf | ||
| modules-mls-contrib.conf | ||
| modules-targeted-base.conf | ||
| modules-targeted-contrib.conf | ||
| README.Update | ||
| securetty_types-minimum | ||
| securetty_types-mls | ||
| securetty_types-targeted | ||
| selinux-policy-20230420.tar.xz | ||
| selinux-policy-rpmlintrc | ||
| selinux-policy.changes | ||
| selinux-policy.conf | ||
| selinux-policy.spec | ||
| setrans-minimum.conf | ||
| setrans-mls.conf | ||
| setrans-targeted.conf | ||
| update.sh | ||
| users-minimum | ||
| users-mls | ||
| users-targeted | ||
# How to update this project This project is updated using obs services. The obs services pull from git repositories, which are specified in the `_service` file. Please contribute all changes to the upstream git repositories listed there. To update this project to the upstream versions, please make sure you installed these obs services locally: ``` sudo zypper in obs-service-tar_scm obs-service-recompress obs-service-set_version obs-service-download_files ``` Then, generate new tarballs, changelog and version number for this repository by running this command: ``` sh update.sh ``` Afterwards, please check your local project state and remove old tarballs if necessary. Then proceed as usual with check-in and build.