Overview Repositories Revisions Requests Users Attributes Meta

selinux-policy

Edit Package selinux-policy
No description set
  • Developed at security:SELinux
  • Sources inherited from project openSUSE:Factory
  • 4 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Factory:PowerPC/selinux-policy && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
Makefile.devel 0000000368 368 Bytes
README.Update 0000000728 728 Bytes
_service 0000000609 609 Bytes
_servicedata 0000000687 687 Bytes
booleans-minimum.conf 0000004932 4.82 KB
booleans-mls.conf 0000004934 4.82 KB
booleans-targeted.conf 0000004932 4.82 KB
booleans.subs_dist 0000002367 2.31 KB
container.fc 0000012520 12.2 KB
container.if 0000026378 25.8 KB
container.te 0000059996 58.6 KB
customizable_types 0000000241 241 Bytes
debug-build.sh 0000001705 1.67 KB
file_contexts.subs_dist 0000000440 440 Bytes
macros.selinux-policy 0000007250 7.08 KB
modules-minimum-base.conf 0000005697 5.56 KB
modules-minimum-contrib.conf 0000035077 34.3 KB
modules-minimum-disable.lst 0000002347 2.29 KB
modules-mls-base.conf 0000005252 5.13 KB
modules-mls-contrib.conf 0000021278 20.8 KB
modules-targeted-base.conf 0000005769 5.63 KB
modules-targeted-contrib.conf 0000036853 36 KB
securetty_types-minimum 0000000074 74 Bytes
securetty_types-mls 0000000119 119 Bytes
securetty_types-targeted 0000000074 74 Bytes
selinux-policy-20240205.tar.xz 0000794716 776 KB
selinux-policy-rpmlintrc 0000000392 392 Bytes
selinux-policy.changes 0000066684 65.1 KB
selinux-policy.conf 0000000096 96 Bytes
selinux-policy.spec 0000025121 24.5 KB
setrans-minimum.conf 0000000607 607 Bytes
setrans-mls.conf 0000001372 1.34 KB
setrans-targeted.conf 0000000607 607 Bytes
update.sh 0000000648 648 Bytes
users-minimum 0000001564 1.53 KB
users-mls 0000001559 1.52 KB
users-targeted 0000001648 1.61 KB
Revision 57 (latest revision is 59)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1145097 from Cathy Hu's avatar Cathy Hu (cahu) (revision 57) 
- Update to version 20240205:
  * Allow gpg manage rpm cache
  * Allow login_userdomain name_bind to howl and xmsg udp ports
  * Allow rules for confined users logged in plasma
  * Label /dev/iommu with iommu_device_t
  * Remove duplicate file context entries in /run
  * Dontaudit getty and plymouth the checkpoint_restore capability
  * Allow su domains write login records
  * Revert "Allow su domains write login records"
  * Allow login_userdomain delete session dbusd tmp socket files
  * Allow unix dgram sendto between exim processes
  * Allow su domains write login records
  * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on
  * Allow chronyd-restricted read chronyd key files
  * Allow conntrackd_t to use bpf capability2
  * Allow systemd-networkd manage its runtime socket files
  * Allow init_t nnp domain transition to colord_t
  * Allow polkit status systemd services
  * nova: Fix duplicate declarations
  * Allow httpd work with PrivateTmp
  * Add interfaces for watching and reading ifconfig_var_run_t
  * Allow collectd read raw fixed disk device
  * Allow collectd read udev pid files
  * Set correct label on /etc/pki/pki-tomcat/kra
  * Allow systemd domains watch system dbus pid socket files
  * Allow certmonger read network sysctls
  * Allow mdadm list stratisd data directories
  * Allow syslog to run unconfined scripts conditionally
  * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t
  * Allow qatlib set attributes of vfio device files
  * Allow systemd-sleep set attributes of efivarfs files
  * Allow samba-dcerpcd read public files
  * Allow spamd_update_t the sys_ptrace capability in user namespace
  * Allow bluetooth devices work with alsa
  * Allow alsa get attributes filesystems with extended attributes
  * Allow hypervkvp_t write access to NetworkManager_etc_rw_t
  * Add interface for write-only access to NetworkManager rw conf
  * Allow systemd-sleep send a message to syslog over a unix dgram socket
  * Allow init create and use netlink netfilter socket
  * Allow qatlib load kernel modules
  * Allow qatlib run lspci
  * Allow qatlib manage its private runtime socket files
  * Allow qatlib read/write vfio devices
  * Label /etc/redis.conf with redis_conf_t
  * Remove the lockdown-class rules from the policy
  * Allow init read all non-security socket files
  * Replace redundant dnsmasq pattern macros
  * Remove unneeded symlink perms in dnsmasq.if
  * Add additions to dnsmasq interface
  * Allow nvme_stas_t create and use netlink kobject uevent socket
  * Allow collectd connect to statsd port
  * Allow keepalived_t to use sys_ptrace of cap_userns
  * Allow dovecot_auth_t connect to postgresql using UNIX socket
  * Make named_zone_t and named_var_run_t a part of the mountpoint attribute
  * Allow sysadm execute traceroute in sysadm_t domain using sudo
  * Allow sysadm execute tcpdump in sysadm_t domain using sudo
  * Allow opafm search nfs directories
  * Add support for syslogd unconfined scripts
  * Allow gpsd use /dev/gnss devices
  * Allow gpg read rpm cache
  * Allow virtqemud additional permissions
  * Allow virtqemud manage its private lock files
  * Allow virtqemud use the io_uring api
  * Allow ddclient send e-mail notifications
  * Allow postfix_master_t map postfix data files
  * Allow init create and use vsock sockets
  * Allow thumb_t append to init unix domain stream sockets
  * Label /dev/vas with vas_device_t
  * Create interface selinux_watch_config and add it to SELinux users
  * Update cifs interfaces to include fs_search_auto_mountpoints()
  * Allow sudodomain read var auth files
  * Allow spamd_update_t read hardware state information
  * Allow virtnetworkd domain transition on tc command execution
  * Allow sendmail MTA connect to sendmail LDA
  * Allow auditd read all domains process state
  * Allow rsync read network sysctls
  * Add dhcpcd bpf capability to run bpf programs
  * Dontaudit systemd-hwdb dac_override capability
  * Allow systemd-sleep create efivarfs files
  * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on
  * Allow graphical applications work in Wayland
  * Allow kdump work with PrivateTmp
  * Allow dovecot-auth work with PrivateTmp
  * Allow nfsd get attributes of all filesystems
  * Allow unconfined_domain_type use io_uring cmd on domain
  * ci: Only run Rawhide revdeps tests on the rawhide branch
  * Label /var/run/auditd.state as auditd_var_run_t
  * Allow fido-device-onboard (FDO) read the crack database
  * Allow ip an explicit domain transition to other domains
  * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t
  * Allow  winbind_rpcd_t processes access when samba_export_all_* is on
  * Enable NetworkManager and dhclient to use initramfs-configured DHCP connection
  * Allow ntp to bind and connect to ntske port.
Comments 0
openSUSE Build Service is sponsored by
Places