selinux-policy-sandbox-34-1.fc34 in Fedora 34
↵ Return to the main page of selinux-policy-sandbox
View build
Search for updates
Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files
Changelog
| Date | Author | Change |
|---|---|---|
| 2021-04-01 | Zdenek Pytela <zpytela at redhat dot com> - 34.1-1 | - Change the package versioning |
| 2021-04-01 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-30 | - Allow plymouthd_t exec generic program in bin directories - Allow dhcpc_t domain transition to chronyc_t - Allow login_userdomain bind xmsg port - Allow ibacm the net_raw and sys_rawio capabilities - Allow nsswitch_domain read cgroup files - Allow systemd-sleep create hardware state information files |
| 2021-03-29 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-29 | - Add watch_with_perm_dirs_pattern file pattern |
| 2021-03-26 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-28 | - Allow arpwatch_t create netlink generic socket - Allow postgrey read network state - Add watch_mount_dirs_pattern file pattern - Allow bluetooth_t dbus chat with fwupd_t - Allow xdm_t watch accountsd lib directories - Add additional interfaces for watching /boot - Allow sssd_t get attributes of tmpfs filesystems - Allow local_login_t get attributes of tmpfs filesystems |
| 2021-03-23 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-27 | - Dontaudit domain the fowner capability - Extend fs_manage_nfsd_fs() to allow managing dirs as well - Allow spice-vdagentd watch systemd-logind session dirs |
| 2021-03-19 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-26 | - Allow xdm_t watch systemd-logind session dirs - Allow xdm_t transition to system_dbusd_t - Allow confined users login into graphic session - Allow login_userdomain watch systemd login session dirs - install_t: Allow NoNewPriv transition from systemd - Remove setuid/setgid capabilities from mysqld_t - Add context for new mariadbd executable files - Allow netutils_t create netlink generic socket - Allow systemd the audit_control capability conditionally |
| 2021-03-11 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-25 | - Allow polkit-agent-helper-1 read logind sessions files - Allow polkit-agent-helper read init state - Allow login_userdomain watch generic device dirs - Allow login_userdomain listen on bluetooth sockets - Allow user_t and staff_t bind netlink_generic_socket - Allow login_userdomain write inaccessible nodes - Allow transition from xdm domain to unconfined_t domain. - Add 'make validate' step to CI - Disallow user_t run su/sudo and staff_t run su - Fix typo in rsyncd.conf in rsync.if - Add an alias for nvme_device_t - Allow systemd watch and watch_reads unallocated ttys |
| 2021-03-02 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-24 | - Allow apmd watch generic device directories - Allow kdump load a new kernel - Add confidentiality lockdown permission to kernel_read_core_if() - Allow keepalived read nsfs files - Allow local_login_t get attributes of filesystems with ext attributes - Allow keepalived read/write its private memfd: objects - Add missing declaration in rpm_named_filetrans() - Change param description in cron interfaces to userdomain_prefix |
| 2021-02-23 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-23 | - iptables.fc: Add missing legacy entries - iptables.fc: Remove some duplicate entries - iptables.fc: Remove duplicate file context entries - Allow libvirtd to create generic netlink sockets - Allow libvirtd the fsetid capability - Allow libvirtd to read /run/utmp - Dontaudit sys_ptrace capability when calling systemctl - Allow udisksd to read /dev/random - Allow udisksd to watch files under /run/mount - Allow udisksd to watch /etc - Allow crond to watch user_cron_spool_t directories - Allow accountsd watch xdm config directories - Label /etc/avahi with avahi_conf_t - Allow sssd get cgroup filesystems attributes and search cgroup dirs - Allow systemd-hostnamed read udev runtime data - Remove dev_getattr_sysfs_fs() interface calls for particular domains - Allow domain stat the /sys filesystem - Dontaudit NetworkManager write to initrc_tmp_t pipes - policykit.te: Clean up watch rule for policykit_auth_t - Revert further unnecessary watch rules - Revert "Allow getty watch its private runtime files" - Allow systemd watch generic /var directories - Allow init watch network config files and lnk_files |
| 2021-02-19 | Zdenek Pytela <zpytela at redhat dot com> - 3.14.7-22 | - Allow systemd-sleep get attributes of fixed disk device nodes - Complete initial policy for systemd-coredump - Label SDC(scini) Dell Driver - Allow upowerd to send syslog messages - Remove the disk write permissions from tlp_t - Label NVMe devices as fixed_disk_device_t - Allow rhsmcertd bind tcp sockets to a generic node - Allow systemd-importd manage machines.lock file - Allow unconfined integrity lockdown permission - Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined - Allow systemd-machined manage systemd-userdbd runtime sockets - Enable systemd-sysctl domtrans for udev - Introduce kernel_load_unsigned_module interface and use it for couple domains - Allow gpg watch user gpg secrets dirs - Build also the container module in CI - Remove duplicate code from kernel.te - Allow restorecond to watch all non-auth directories - Allow restorecond to watch its config file |
Dependencies
- bash
- selinux-policy = 34-1.fc34
- selinux-policy-targeted = 34-1.fc34
Provides
- selinux-policy-sandbox
Files
- usr/
- share/
- selinux/
- packages/
- sandbox.pp
- packages/
- selinux/
- share/
Sources on Pagure