selinux-policy
No description set
- Developed at security:SELinux
- Sources inherited from project openSUSE:Factory
-
4
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:PowerPC/selinux-policy && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
Makefile.devel | 0000000368 368 Bytes | |
README.Update | 0000000728 728 Bytes | |
_service | 0000000609 609 Bytes | |
_servicedata | 0000000687 687 Bytes | |
booleans-minimum.conf | 0000004932 4.82 KB | |
booleans-mls.conf | 0000004934 4.82 KB | |
booleans-targeted.conf | 0000004932 4.82 KB | |
booleans.subs_dist | 0000002367 2.31 KB | |
container.fc | 0000012520 12.2 KB | |
container.if | 0000026378 25.8 KB | |
container.te | 0000059996 58.6 KB | |
customizable_types | 0000000241 241 Bytes | |
debug-build.sh | 0000001705 1.67 KB | |
file_contexts.subs_dist | 0000000440 440 Bytes | |
macros.selinux-policy | 0000007250 7.08 KB | |
modules-minimum-base.conf | 0000005697 5.56 KB | |
modules-minimum-contrib.conf | 0000035077 34.3 KB | |
modules-minimum-disable.lst | 0000002347 2.29 KB | |
modules-mls-base.conf | 0000005252 5.13 KB | |
modules-mls-contrib.conf | 0000021278 20.8 KB | |
modules-targeted-base.conf | 0000005769 5.63 KB | |
modules-targeted-contrib.conf | 0000036853 36 KB | |
securetty_types-minimum | 0000000074 74 Bytes | |
securetty_types-mls | 0000000119 119 Bytes | |
securetty_types-targeted | 0000000074 74 Bytes | |
selinux-policy-20240205.tar.xz | 0000794716 776 KB | |
selinux-policy-rpmlintrc | 0000000392 392 Bytes | |
selinux-policy.changes | 0000066684 65.1 KB | |
selinux-policy.conf | 0000000096 96 Bytes | |
selinux-policy.spec | 0000025121 24.5 KB | |
setrans-minimum.conf | 0000000607 607 Bytes | |
setrans-mls.conf | 0000001372 1.34 KB | |
setrans-targeted.conf | 0000000607 607 Bytes | |
update.sh | 0000000648 648 Bytes | |
users-minimum | 0000001564 1.53 KB | |
users-mls | 0000001559 1.52 KB | |
users-targeted | 0000001648 1.61 KB |
Revision 57 (latest revision is 59)
Ana Guerrero (anag+factory)
accepted
request 1145097
from
Cathy Hu (cahu)
(revision 57)
- Update to version 20240205: * Allow gpg manage rpm cache * Allow login_userdomain name_bind to howl and xmsg udp ports * Allow rules for confined users logged in plasma * Label /dev/iommu with iommu_device_t * Remove duplicate file context entries in /run * Dontaudit getty and plymouth the checkpoint_restore capability * Allow su domains write login records * Revert "Allow su domains write login records" * Allow login_userdomain delete session dbusd tmp socket files * Allow unix dgram sendto between exim processes * Allow su domains write login records * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on * Allow chronyd-restricted read chronyd key files * Allow conntrackd_t to use bpf capability2 * Allow systemd-networkd manage its runtime socket files * Allow init_t nnp domain transition to colord_t * Allow polkit status systemd services * nova: Fix duplicate declarations * Allow httpd work with PrivateTmp * Add interfaces for watching and reading ifconfig_var_run_t * Allow collectd read raw fixed disk device * Allow collectd read udev pid files * Set correct label on /etc/pki/pki-tomcat/kra * Allow systemd domains watch system dbus pid socket files * Allow certmonger read network sysctls * Allow mdadm list stratisd data directories * Allow syslog to run unconfined scripts conditionally * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t * Allow qatlib set attributes of vfio device files * Allow systemd-sleep set attributes of efivarfs files * Allow samba-dcerpcd read public files * Allow spamd_update_t the sys_ptrace capability in user namespace * Allow bluetooth devices work with alsa * Allow alsa get attributes filesystems with extended attributes * Allow hypervkvp_t write access to NetworkManager_etc_rw_t * Add interface for write-only access to NetworkManager rw conf * Allow systemd-sleep send a message to syslog over a unix dgram socket * Allow init create and use netlink netfilter socket * Allow qatlib load kernel modules * Allow qatlib run lspci * Allow qatlib manage its private runtime socket files * Allow qatlib read/write vfio devices * Label /etc/redis.conf with redis_conf_t * Remove the lockdown-class rules from the policy * Allow init read all non-security socket files * Replace redundant dnsmasq pattern macros * Remove unneeded symlink perms in dnsmasq.if * Add additions to dnsmasq interface * Allow nvme_stas_t create and use netlink kobject uevent socket * Allow collectd connect to statsd port * Allow keepalived_t to use sys_ptrace of cap_userns * Allow dovecot_auth_t connect to postgresql using UNIX socket * Make named_zone_t and named_var_run_t a part of the mountpoint attribute * Allow sysadm execute traceroute in sysadm_t domain using sudo * Allow sysadm execute tcpdump in sysadm_t domain using sudo * Allow opafm search nfs directories * Add support for syslogd unconfined scripts * Allow gpsd use /dev/gnss devices * Allow gpg read rpm cache * Allow virtqemud additional permissions * Allow virtqemud manage its private lock files * Allow virtqemud use the io_uring api * Allow ddclient send e-mail notifications * Allow postfix_master_t map postfix data files * Allow init create and use vsock sockets * Allow thumb_t append to init unix domain stream sockets * Label /dev/vas with vas_device_t * Create interface selinux_watch_config and add it to SELinux users * Update cifs interfaces to include fs_search_auto_mountpoints() * Allow sudodomain read var auth files * Allow spamd_update_t read hardware state information * Allow virtnetworkd domain transition on tc command execution * Allow sendmail MTA connect to sendmail LDA * Allow auditd read all domains process state * Allow rsync read network sysctls * Add dhcpcd bpf capability to run bpf programs * Dontaudit systemd-hwdb dac_override capability * Allow systemd-sleep create efivarfs files * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on * Allow graphical applications work in Wayland * Allow kdump work with PrivateTmp * Allow dovecot-auth work with PrivateTmp * Allow nfsd get attributes of all filesystems * Allow unconfined_domain_type use io_uring cmd on domain * ci: Only run Rawhide revdeps tests on the rawhide branch * Label /var/run/auditd.state as auditd_var_run_t * Allow fido-device-onboard (FDO) read the crack database * Allow ip an explicit domain transition to other domains * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t * Allow winbind_rpcd_t processes access when samba_export_all_* is on * Enable NetworkManager and dhclient to use initramfs-configured DHCP connection * Allow ntp to bind and connect to ntske port.
Comments 0