SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for selinux-policy-minimum-20140730-32.1.noarch.rpm :

* Mon Mar 26 2018 rgoldwynAATTsuse.com- add-overlayfs-as-xattr-capable.patch (bsc#1073741) Adds overlay as filesystem which supports xattr
* Tue Dec 12 2017 jsegitzAATTsuse.com- Added
* suse_modifications_glusterfs.patch
* suse_modifications_passenger.patch
* suse_modifications_stapserver.patch to modify module name to make the current tools happy
* Wed Nov 29 2017 rbrownAATTsuse.com- Repair erroneous changes introduced with %_fillupdir macro
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Wed Mar 15 2017 mwilckAATTsuse.com- POLCYVER depends both on the libsemanage/policycoreutils version and the kernel. The former is more important for us, kernel seems to have all necessary features in Leap 42.1 already.- Replaced = runtime dependencies on checkpolicy/policycoreutils with \"=\". 2.5 policy is not supposed to work with 2.3 tools, The runtime policy tools need to be same the policy was built with.
* Wed Mar 15 2017 mwilckAATTsuse.com- Changes required by policycoreutils update to 2.5
* lots of spec file content needs to be conditional on policycoreutils version.- Specific policycoreutils 2.5 related changes:
* modules moved from /etc/selinux to /var/lib/selinux (https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration)
* module path now includes includes priority. Users override default policies by setting higher priority. Thus installed policy modules can be fully verified by RPM.
* Installed modules have a different format and path. Raw bzip2 doesn\'t suffice to create them any more, but we can process them all in a single semodule -i command.- Policy version depends on kernel / distro version
* do not touch policy., rather fail if it\'s not created- Enabled building mls policy for Leap (not for SLES)- Other
* Bug: \"sandbox.disabled\" should be \"sandbox.pp.disabled\" for old policycoreutils
* Bug: (minimum) additional modules that need to be activated: postfix (required by apache), plymouthd (required by getty)
* Cleanup: /etc -> %{sysconfdir} etc.
* Thu Aug 13 2015 jsegitzAATTnovell.com- fixed missing role assignment in cron_unconfined_role
* Tue Aug 11 2015 jsegitzAATTnovell.com- Updated suse_modifications_ipsec.patch, removed dontaudits for ipsec_mgmt_t and granted matching permissions
* Wed Aug 05 2015 jsegitzAATTnovell.com- Added suse_modifications_ipsec.patch to grant additional privileges to ipsec_mgmt_t
* Tue Jul 21 2015 jsegitzAATTnovell.com- Minor changes for CC evaluation. Allow reading of /dev/random and ipc_lock for dbus and dhcp
* Wed Jun 24 2015 jsegitzAATTnovell.com- Transition from unconfined user to cron admin type- Allow systemd_timedated_t to talk to unconfined dbus for minimal policy (bsc#932826)- Allow hostnamectl to set the hostname (bsc#933764)
* Wed May 20 2015 jsegitzAATTnovell.com- Removed ability of staff_t and user_t to use svirt. Will reenable this later on with a policy upgrade Added suse_modifications_staff.patch
* Wed Feb 25 2015 jsegitzAATTnovell.com- Added dont_use_xmllint_in_make_conf.patch to remove xmllint usage in make conf. This currently breaks manual builds.- Added BuildRequires for libxml2-tools to enable xmllint checks once the issue mentioned above is solved
* Thu Jan 29 2015 jsegitzAATTnovell.com- adjusted suse_modifications_ntp to match SUSE chroot paths
* Wed Jan 28 2015 jsegitzAATTnovell.com- Added
* suse_additions_obs.patch to allow local builds by OBS
* suse_additions_sslh.patch to confine sslh- Added suse_modifications_cron.patch to adjust crontabs contexts- Modified suse_modifications_postfix.patch to match SUSE paths- Modified suse_modifications_ssh.patch to bring boolean sshd_forward_ports back- Modified
* suse_modifications_dbus.patch
* suse_modifications_unprivuser.patch
* suse_modifications_xserver.patch to allow users to be confined- Added
* suse_modifications_apache.patch
* suse_modifications_ntp.patch and modified
* suse_modifications_xserver.patch to fix labels on startup scripts used by systemd- Removed unused and incorrect interface dev_create_all_dev_nodes from systemd-tmpfiles.patch- Removed BuildRequire for selinux-policy-devel
* Fri Jan 23 2015 jsegitzAATTnovell.com- Major cleanup of the spec file
* Fri Jan 23 2015 jsegitzAATTnovell.com- removed suse_minimal_cc.patch and splitted them into
* suse_modifications_dbus.patch
* suse_modifications_policykit.patch
* suse_modifications_postfix.patch
* suse_modifications_rtkit.patch
* suse_modifications_unconfined.patch
* suse_modifications_systemd.patch
* suse_modifications_unconfineduser.patch
* suse_modifications_selinuxutil.patch
* suse_modifications_logging.patch
* suse_modifications_getty.patch
* suse_modifications_authlogin.patch
* suse_modifications_xserver.patch
* suse_modifications_ssh.patch
* suse_modifications_usermanage.patch- Added suse_modifications_virt.patch to enable svirt on s390x
* Sat Nov 08 2014 Led - fix bashism in post script
* Thu Sep 18 2014 jsegitzAATTsuse.comRedid changes done by vcizekAATTsuse.com in SLE12 package- disable build of MLS policy- removed outdated description files
* Alan_Rouse-openSUSE_with_SELinux.txt
* Alan_Rouse-Policy_Development_Process.txt
* Mon Sep 08 2014 jsegitzAATTsuse.com- removed remove_duplicate_filetrans_pattern_rules.patch
* Fri Sep 05 2014 jsegitzAATTsuse.com- Updated policy to include everything up until 20140730 (refpolicy and fedora rawhide improvements). Rebased all patches that are still necessary- Removed permissivedomains.pp. Doesn\'t work with the new policy- modified spec file so that all modifications for distro=redhat and distro=suse will be used.- added selinux-policy-rpmlintrc to suppress some warnings that aren\'t valid for this package- added suse_minimal_cc.patch to create a suse specific module to prevent errors while using the minimum policy. Will rework them in the proper places once the minimum policy is reworked to really only confine a minimal set of domains.
* Tue Sep 02 2014 vcizekAATTsuse.com- removed source files which were not used
* modules-minimum.conf, modules-mls.conf, modules-targeted.conf, permissivedomains.fc, permissivedomains.if, permissivedomains.te, seusers, seusers-mls, seusers-targeted, users_extra-mls, users_extra-targeted
* Mon Jun 02 2014 vcizekAATTsuse.com- remove duplicate filetrans_pattern rules
* fixes build with libsepol-2.3
* added remove_duplicate_filetrans_pattern_rules.patch
* Mon Dec 09 2013 vcizekAATTsuse.com- enable build of mls and targeted policies- fixes to the minimum policy:- label /var/run/rsyslog correctly
* label_var_run_rsyslog.patch- allow systemd-tmpfiles to create devices
* systemd-tmpfiles.patch- add rules for sysconfig
* correctly label /dev/.sysconfig/network
* added sysconfig_network_scripts.patch- run restorecon and fixfiles only if if selinux is enabled- fix console login
* allow-local_login_t-read-shadow.patch- allow rsyslog to write to xconsole
* xconsole.patch- useradd needs to call selinux_check_access (via pam_rootok)
* useradd-netlink_selinux_socket.patch
* Mon Aug 12 2013 roAATTsuse.de- fix build on factory: newer rpm does not allow to mark non-directories as dir anymore (like symlinks in this case)
* Thu Jul 11 2013 cooloAATTsuse.com- install COPYING
* Fri Mar 22 2013 vcizekAATTsuse.com- switch to Fedora as upstream- added patches:
* policy-rawhide-base.patch
* policy-rawhide-contrib.patch
* type_transition_file_class.patch
* type_transition_contrib.patch
* label_sysconfig.selinux-policy.patch
* Tue Dec 11 2012 vcizekAATTsuse.com- bump up policy version to 27, due to recent libsepol update- dropped currently unused policy-rawhide.patch- fix installing of file_contexts (this enables restorecond to run properly)- Recommends: audit and setools
* Mon Dec 10 2012 meissnerAATTsuse.com- mark included files in source
* Mon Oct 22 2012 vcizekAATTsuse.com- update to 2.20120725- added selinux-policy-run_sepolgen_during_build.patch- renamed patch with SUSE-specific policy to selinux-policy-SUSE.patch- dropped policygentool and OLPC stuff
* Wed May 09 2012 cooloAATTsuse.com- patch license to be in spdx.org format
* Fri May 21 2010 prusnakAATTsuse.cz- use policy created by Alan Rouse
* Sun Apr 11 2010 justinmattockAATTgmail.com- Adjust selinux-policy.spec so that the policy source tree is put in /usr/share/doc/packages/selinux-
* so users can build the policy [bnc#582404]
* Wed Apr 07 2010 thomasAATTnovell.com- fixed fileperms of /etc/selinux/config to be 644 to allow libselinux to read from it (bnc#582399) this is also the default file mode in fedora 12
* Fri Jun 26 2009 thomasAATTnovell.com- added config file for /etc/selinux/
  
ICM