Changelog for
selinux-policy-minimum-20140730-107.1.noarch.rpm :
Mon Mar 26 14:00:00 2018 rgoldwynAATTsuse.com
- Add overlayfs as xattr capable (bsc#1073741)
* add-overlayfs-as-xattr-capable.patch
Tue Dec 12 13:00:00 2017 jsegitzAATTsuse.com
- Added
* suse_modifications_glusterfs.patch
* suse_modifications_passenger.patch
* suse_modifications_stapserver.patch
to modify module name to make the current tools happy
Wed Nov 29 13:00:00 2017 rbrownAATTsuse.com
- Repair erroneous changes introduced with %_fillupdir macro
Thu Nov 23 13:00:00 2017 rbrownAATTsuse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
Wed Mar 15 13:00:00 2017 mwilckAATTsuse.com
- POLCYVER depends both on the libsemanage/policycoreutils version
and the kernel. The former is more important for us, kernel seems
to have all necessary features in Leap 42.1 already.
- Replaced = runtime dependencies on checkpolicy/policycoreutils
with \"=\". 2.5 policy is not supposed to work with 2.3 tools,
The runtime policy tools need to be same the policy was built with.
Wed Mar 15 13:00:00 2017 mwilckAATTsuse.com
- Changes required by policycoreutils update to 2.5
* lots of spec file content needs to be conditional on
policycoreutils version.
- Specific policycoreutils 2.5 related changes:
* modules moved from /etc/selinux to /var/lib/selinux
(https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration)
* module path now includes includes priority. Users override default
policies by setting higher priority. Thus installed policy modules can be
fully verified by RPM.
* Installed modules have a different format and path.
Raw bzip2 doesn\'t suffice to create them any more, but we can process them
all in a single semodule -i command.
- Policy version depends on kernel / distro version
* do not touch policy.
, rather fail if it\'s not created
- Enabled building mls policy for Leap (not for SLES)
- Other
* Bug: \"sandbox.disabled\" should be \"sandbox.pp.disabled\" for old policycoreutils
* Bug: (minimum) additional modules that need to be activated: postfix
(required by apache), plymouthd (required by getty)
* Cleanup: /etc -> %{sysconfdir} etc.
Thu Aug 13 14:00:00 2015 jsegitzAATTnovell.com
- fixed missing role assignment in cron_unconfined_role
Tue Aug 11 14:00:00 2015 jsegitzAATTnovell.com
- Updated suse_modifications_ipsec.patch, removed dontaudits for
ipsec_mgmt_t and granted matching permissions
Wed Aug 5 14:00:00 2015 jsegitzAATTnovell.com
- Added suse_modifications_ipsec.patch to grant additional privileges
to ipsec_mgmt_t
Tue Jul 21 14:00:00 2015 jsegitzAATTnovell.com
- Minor changes for CC evaluation. Allow reading of /dev/random
and ipc_lock for dbus and dhcp
Wed Jun 24 14:00:00 2015 jsegitzAATTnovell.com
- Transition from unconfined user to cron admin type
- Allow systemd_timedated_t to talk to unconfined dbus for minimal
policy (bsc#932826)
- Allow hostnamectl to set the hostname (bsc#933764)
Wed May 20 14:00:00 2015 jsegitzAATTnovell.com
- Removed ability of staff_t and user_t to use svirt. Will reenable
this later on with a policy upgrade
Added suse_modifications_staff.patch
Wed Feb 25 13:00:00 2015 jsegitzAATTnovell.com
- Added dont_use_xmllint_in_make_conf.patch to remove xmllint usage
in make conf. This currently breaks manual builds.
- Added BuildRequires for libxml2-tools to enable xmllint checks
once the issue mentioned above is solved
Thu Jan 29 13:00:00 2015 jsegitzAATTnovell.com
- adjusted suse_modifications_ntp to match SUSE chroot paths
Wed Jan 28 13:00:00 2015 jsegitzAATTnovell.com
- Added
* suse_additions_obs.patch to allow local builds by OBS
* suse_additions_sslh.patch to confine sslh
- Added suse_modifications_cron.patch to adjust crontabs contexts
- Modified suse_modifications_postfix.patch to match SUSE paths
- Modified suse_modifications_ssh.patch to bring boolean
sshd_forward_ports back
- Modified
* suse_modifications_dbus.patch
* suse_modifications_unprivuser.patch
* suse_modifications_xserver.patch
to allow users to be confined
- Added
* suse_modifications_apache.patch
* suse_modifications_ntp.patch
and modified
* suse_modifications_xserver.patch
to fix labels on startup scripts used by systemd
- Removed unused and incorrect interface dev_create_all_dev_nodes
from systemd-tmpfiles.patch
- Removed BuildRequire for selinux-policy-devel
Fri Jan 23 13:00:00 2015 jsegitzAATTnovell.com
- Major cleanup of the spec file
Fri Jan 23 13:00:00 2015 jsegitzAATTnovell.com
- removed suse_minimal_cc.patch and splitted them into
* suse_modifications_dbus.patch
* suse_modifications_policykit.patch
* suse_modifications_postfix.patch
* suse_modifications_rtkit.patch
* suse_modifications_unconfined.patch
* suse_modifications_systemd.patch
* suse_modifications_unconfineduser.patch
* suse_modifications_selinuxutil.patch
* suse_modifications_logging.patch
* suse_modifications_getty.patch
* suse_modifications_authlogin.patch
* suse_modifications_xserver.patch
* suse_modifications_ssh.patch
* suse_modifications_usermanage.patch
- Added suse_modifications_virt.patch to enable svirt on s390x
Sat Nov 8 13:00:00 2014 Led
- fix bashism in post script
Thu Sep 18 14:00:00 2014 jsegitzAATTsuse.com
Redid changes done by vcizekAATTsuse.com in SLE12 package
- disable build of MLS policy
- removed outdated description files
* Alan_Rouse-openSUSE_with_SELinux.txt
* Alan_Rouse-Policy_Development_Process.txt
Mon Sep 8 14:00:00 2014 jsegitzAATTsuse.com
- removed remove_duplicate_filetrans_pattern_rules.patch
Fri Sep 5 14:00:00 2014 jsegitzAATTsuse.com
- Updated policy to include everything up until 20140730 (refpolicy and
fedora rawhide improvements). Rebased all patches that are still
necessary
- Removed permissivedomains.pp. Doesn\'t work with the new policy
- modified spec file so that all modifications for distro=redhat and
distro=suse will be used.
- added selinux-policy-rpmlintrc to suppress some warnings that aren\'t
valid for this package
- added suse_minimal_cc.patch to create a suse specific module to prevent
errors while using the minimum policy. Will rework them in the proper
places once the minimum policy is reworked to really only confine a
minimal set of domains.
Tue Sep 2 14:00:00 2014 vcizekAATTsuse.com
- removed source files which were not used
* modules-minimum.conf, modules-mls.conf, modules-targeted.conf,
permissivedomains.fc, permissivedomains.if, permissivedomains.te,
seusers, seusers-mls, seusers-targeted, users_extra-mls,
users_extra-targeted
Mon Jun 2 14:00:00 2014 vcizekAATTsuse.com
- remove duplicate filetrans_pattern rules
* fixes build with libsepol-2.3
* added remove_duplicate_filetrans_pattern_rules.patch
Mon Dec 9 13:00:00 2013 vcizekAATTsuse.com
- enable build of mls and targeted policies
- fixes to the minimum policy:
- label /var/run/rsyslog correctly
* label_var_run_rsyslog.patch
- allow systemd-tmpfiles to create devices
* systemd-tmpfiles.patch
- add rules for sysconfig
* correctly label /dev/.sysconfig/network
* added sysconfig_network_scripts.patch
- run restorecon and fixfiles only if if selinux is enabled
- fix console login
* allow-local_login_t-read-shadow.patch
- allow rsyslog to write to xconsole
* xconsole.patch
- useradd needs to call selinux_check_access (via pam_rootok)
* useradd-netlink_selinux_socket.patch
Mon Aug 12 14:00:00 2013 roAATTsuse.de
- fix build on factory: newer rpm does not allow to mark
non-directories as dir anymore (like symlinks in this case)
Thu Jul 11 14:00:00 2013 cooloAATTsuse.com
- install COPYING
Fri Mar 22 13:00:00 2013 vcizekAATTsuse.com
- switch to Fedora as upstream
- added patches:
* policy-rawhide-base.patch
* policy-rawhide-contrib.patch
* type_transition_file_class.patch
* type_transition_contrib.patch
* label_sysconfig.selinux-policy.patch
Tue Dec 11 13:00:00 2012 vcizekAATTsuse.com
- bump up policy version to 27, due to recent libsepol update
- dropped currently unused policy-rawhide.patch
- fix installing of file_contexts (this enables restorecond to run properly)
- Recommends: audit and setools
Mon Dec 10 13:00:00 2012 meissnerAATTsuse.com
- mark included files in source
Mon Oct 22 14:00:00 2012 vcizekAATTsuse.com
- update to 2.20120725
- added selinux-policy-run_sepolgen_during_build.patch
- renamed patch with SUSE-specific policy to selinux-policy-SUSE.patch
- dropped policygentool and OLPC stuff
Wed May 9 14:00:00 2012 cooloAATTsuse.com
- patch license to be in spdx.org format
Fri May 21 14:00:00 2010 prusnakAATTsuse.cz
- use policy created by Alan Rouse
Sun Apr 11 14:00:00 2010 justinmattockAATTgmail.com
- Adjust selinux-policy.spec so that the policy
source tree is put in /usr/share/doc/packages/selinux-
*
so users can build the policy [bnc#582404]
Wed Apr 7 14:00:00 2010 thomasAATTnovell.com
- fixed fileperms of /etc/selinux/config to be 644 to allow
libselinux to read from it (bnc#582399)
this is also the default file mode in fedora 12
Fri Jun 26 14:00:00 2009 thomasAATTnovell.com
- added config file for /etc/selinux/