[ All 3 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ]
×

Package selinux-policy-sandbox-40.13.26-1.el10.inferit.noarch download

Name selinux-policy-sandbox
Epoch 0
Version 40.13.26
Release 1.el10.inferit
Architecture noarch
Website/URL https://github.com/fedora-selinux/selinux-policy
License GPL-2.0-or-later
Build Time 2025-04-09 15:01:24
Build Host builder-arm64-1.inferitos.ru
Summary SELinux sandbox policy
Repositories BaseOS
Description SELinux sandbox policy for use with the sandbox utility.
Errata
Size 44 KiB
Source Project selinux-policy-40.13.26-1.el10.inferit
SHA-256 checksum 9aad9343d7d1056e05e026c223b86da164613811d1ed6df372718a0b4ef43e83
× Full screenshot
Changelog link
* Wed Apr 09 2025 Arkady L. Shane <tigro@msvsphere-os.ru> - 40.13.26-1.inferit
- Added policy fprintd_t for focal fingerprint

* Mon Feb 17 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.26-1
- Rename winbind_rpcd_* types to samba_dcerpcd_*
Resolves: RHEL-14759
- Allow samba-dcerpcd work with ctdb cluster
Resolves: RHEL-14759
- Revert "Remove socket from unconfined_domain_type allow rule"
Resolves: RHEL-77327
- Dontaudit access of virt-related permissive domains
Resolves: RHEL-77808
- Add selinux_requires_min macro
Resolves: RHEL-54715
- Filter out EPEL related modules
Resolves: RHEL-73505

* Thu Feb 06 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.25-1
- Update ktlshd policy to read /proc/keys and domain keyrings
Resolves: RHEL-42672
- Allow pcmsensor read nmi_watchdog state information
Resolves: RHEL-52838
- Support peer-to-peer migration of vms using ssh
Resolves: RHEL-77351
- Allow virt_domain read hardware state information unconditionally
Resolves: RHEL-71270
- Allow timemaster write to sysfs files
Resolves: RHEL-44637
- Allow virtqemud map svirt_image_t plain files
Resolves: RHEL-40080
- Allow virtqemud unmount a filesystem with extended attributes
Resolves: RHEL-40080
- Allow virtqemud work with nvdimm devices
Resolves: RHEL-71656
- Update virtqemud policy regarding the svirt_tcg_t domain
Resolves: RHEL-71270
- Allow virtqemud use hostdev usb devices conditionally
Resolves: RHEL-74230
- Support saving and restoring a VM to/from a block device
Resolves: RHEL-76138
- Allow virtnwfilterd dbus chat with firewalld
Resolves: RHEL-76138
- Allow virt_domain to use pulseaudio - conditional
Resolves: RHEL-62763
- Allow virtstoraged write to sysfs files
Resolves: RHEL-44637
- Allow irqbalance to run unconfined scripts conditionally
Resolves: RHEL-54019
- Allow rhsmcertd notify virt-who
Resolves: RHEL-77114
- Allow init mounton crypto sysctl files
Resolves: RHEL-56250

* Mon Jan 27 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.24-1
- Allow systemd-generator connect to syslog over a unix datagram socket
Resolves: RHEL-75879
- Allow ssh_t to change role to system_r
Resolves: RHEL-53972
- Allow virtnodedev create /etc/mdevctl.d/scripts.d with bin_t type
Resolves: RHEL-39893
- Allow virtqemud manage fixed disk device nodes
Resolves: RHEL-71656
- Allow samba-bgqd connect to cupsd over an unix domain stream socket
Resolves: RHEL-72861
- Allow systemd-machined read the vsock device
Resolves: RHEL-74280
- Allow pcmsensor write nmi_watchdog state information
Resolves: RHEL-52838
- Label /proc/sys/kernel/nmi_watchdog with sysctl_nmi_watchdog_t
Resolves: RHEL-52838

* Fri Jan 24 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-2
- Rebuild other packages with with selinux-policy-40.13.23
Resolves: RHEL-36741

* Thu Jan 23 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-1
- Remove the lockdown class from the policy
Resolves: RHEL-36741
- Remove socket from unconfined_domain_type allow rule
Resolves: RHEL-36741
- Include key_socket in socket_class_set
Resolves: RHEL-36741

* Thu Jan 16 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.22-1
- Allow staff user dbus chat with virt-dbus
Resolves: RHEL-73914
- Allow virtqemud domain transition to nbdkit
Resolves: RHEL-69118
- Add nbdkit interfaces defined conditionally
Resolves: RHEL-69118
- Allow svirt_t read sysfs files
Resolves: RHEL-71270
- Label /dev/pmem[0-9]+ with fixed_disk_device_t
Resolves: RHEL-71656
- Add support for the KVM guest memfd anon inodes
Resolves: RHEL-69128
- Allow sysadm user dbus chat with virt-dbus
Resolves: RHEL-73914
- Allow initrc_t transition to passwd_t
Resolves: RHEL-71665
- Allow unconfined_service_t transition to passwd_t
Resolves: RHEL-71665

* Wed Jan 08 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.21-1
- Allow init create vsock socket for sshd
Resolves: RHEL-72549
- Support ssh connections via systemd-ssh-generator
Resolves: RHEL-72549
- Allow ssh generator work with systemd unit files
Resolves: RHEL-72549
- Confine systemd system-ssh-generator
Resolves: RHEL-72549
- Allow login_userdomain getattr nsfs files
Resolves: RHEL-72549
- Allow virtqemud send a generic signal to the ssh client domain
Resolves: RHEL-53972
- Add the auth_dontaudit_read_passwd_file() interface
Resolves: RHEL-71490
- Dontaudit request-key read /etc/passwd
Resolves: RHEL-71490

* Fri Jan 03 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.20-1
- Allow virtqemud domain transition on numad execution
Resolves: RHEL-65789
- Support virt live migration using ssh
Resolves: RHEL-53972
- Allow ssh_t read systemd config files
Resolves: RHEL-53972
- Allow virtqemud permissions needed for live migration
Resolves: RHEL-43217
- Allow virtqemud the getpgid process permission
Resolves: RHEL-46357
- Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on
Resolves: RHEL-71068
- Allow virtqemud relabelfrom virt_log_t files
Resolves: RHEL-48236
- Allow virtqemud relabel tun_socket
Resolves: RHEL-71394
- Allow gnome-remote-desktop dbus chat with policykit
Resolves: RHEL-35877
- Update ktlsh policy
Resolves: RHEL-42672
- Confine the ktls service
Resolves: RHEL-42672
- Allow request-key to read /etc/passwd
Resolves: RHEL-71490
- Allow request-key to manage all domains' keys
Resolves: RHEL-71490

* Fri Dec 20 2024 Petr Lautrbach <lautrbach@redhat.com> - 40.13.19-2
- Rebuild with SELinux Userspace 3.8