SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for selinux-policy-mls-20140730-105.1.noarch.rpm :
Mon Mar 26 14:00:00 2018 rgoldwynAATTsuse.com
- Add overlayfs as xattr capable (bsc#1073741)

* add-overlayfs-as-xattr-capable.patch

Tue Dec 12 13:00:00 2017 jsegitzAATTsuse.com
- Added

* suse_modifications_glusterfs.patch

* suse_modifications_passenger.patch

* suse_modifications_stapserver.patch
to modify module name to make the current tools happy

Wed Nov 29 13:00:00 2017 rbrownAATTsuse.com
- Repair erroneous changes introduced with %_fillupdir macro

Thu Nov 23 13:00:00 2017 rbrownAATTsuse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)

Wed Mar 15 13:00:00 2017 mwilckAATTsuse.com
- POLCYVER depends both on the libsemanage/policycoreutils version
and the kernel. The former is more important for us, kernel seems
to have all necessary features in Leap 42.1 already.
- Replaced = runtime dependencies on checkpolicy/policycoreutils
with \"=\". 2.5 policy is not supposed to work with 2.3 tools,
The runtime policy tools need to be same the policy was built with.

Wed Mar 15 13:00:00 2017 mwilckAATTsuse.com
- Changes required by policycoreutils update to 2.5

* lots of spec file content needs to be conditional on
policycoreutils version.
- Specific policycoreutils 2.5 related changes:

* modules moved from /etc/selinux to /var/lib/selinux
(https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration)

* module path now includes includes priority. Users override default
policies by setting higher priority. Thus installed policy modules can be
fully verified by RPM.

* Installed modules have a different format and path.
Raw bzip2 doesn\'t suffice to create them any more, but we can process them
all in a single semodule -i command.
- Policy version depends on kernel / distro version

* do not touch policy., rather fail if it\'s not created
- Enabled building mls policy for Leap (not for SLES)
- Other

* Bug: \"sandbox.disabled\" should be \"sandbox.pp.disabled\" for old policycoreutils

* Bug: (minimum) additional modules that need to be activated: postfix
(required by apache), plymouthd (required by getty)

* Cleanup: /etc -> %{sysconfdir} etc.

Thu Aug 13 14:00:00 2015 jsegitzAATTnovell.com
- fixed missing role assignment in cron_unconfined_role

Tue Aug 11 14:00:00 2015 jsegitzAATTnovell.com
- Updated suse_modifications_ipsec.patch, removed dontaudits for
ipsec_mgmt_t and granted matching permissions

Wed Aug 5 14:00:00 2015 jsegitzAATTnovell.com
- Added suse_modifications_ipsec.patch to grant additional privileges
to ipsec_mgmt_t

Tue Jul 21 14:00:00 2015 jsegitzAATTnovell.com
- Minor changes for CC evaluation. Allow reading of /dev/random
and ipc_lock for dbus and dhcp

Wed Jun 24 14:00:00 2015 jsegitzAATTnovell.com
- Transition from unconfined user to cron admin type
- Allow systemd_timedated_t to talk to unconfined dbus for minimal
policy (bsc#932826)
- Allow hostnamectl to set the hostname (bsc#933764)

Wed May 20 14:00:00 2015 jsegitzAATTnovell.com
- Removed ability of staff_t and user_t to use svirt. Will reenable
this later on with a policy upgrade
Added suse_modifications_staff.patch

Wed Feb 25 13:00:00 2015 jsegitzAATTnovell.com
- Added dont_use_xmllint_in_make_conf.patch to remove xmllint usage
in make conf. This currently breaks manual builds.
- Added BuildRequires for libxml2-tools to enable xmllint checks
once the issue mentioned above is solved

Thu Jan 29 13:00:00 2015 jsegitzAATTnovell.com
- adjusted suse_modifications_ntp to match SUSE chroot paths

Wed Jan 28 13:00:00 2015 jsegitzAATTnovell.com
- Added

* suse_additions_obs.patch to allow local builds by OBS

* suse_additions_sslh.patch to confine sslh
- Added suse_modifications_cron.patch to adjust crontabs contexts
- Modified suse_modifications_postfix.patch to match SUSE paths
- Modified suse_modifications_ssh.patch to bring boolean
sshd_forward_ports back
- Modified

* suse_modifications_dbus.patch

* suse_modifications_unprivuser.patch

* suse_modifications_xserver.patch
to allow users to be confined
- Added

* suse_modifications_apache.patch

* suse_modifications_ntp.patch
and modified

* suse_modifications_xserver.patch
to fix labels on startup scripts used by systemd
- Removed unused and incorrect interface dev_create_all_dev_nodes
from systemd-tmpfiles.patch
- Removed BuildRequire for selinux-policy-devel

Fri Jan 23 13:00:00 2015 jsegitzAATTnovell.com
- Major cleanup of the spec file

Fri Jan 23 13:00:00 2015 jsegitzAATTnovell.com
- removed suse_minimal_cc.patch and splitted them into

* suse_modifications_dbus.patch

* suse_modifications_policykit.patch

* suse_modifications_postfix.patch

* suse_modifications_rtkit.patch

* suse_modifications_unconfined.patch

* suse_modifications_systemd.patch

* suse_modifications_unconfineduser.patch

* suse_modifications_selinuxutil.patch

* suse_modifications_logging.patch

* suse_modifications_getty.patch

* suse_modifications_authlogin.patch

* suse_modifications_xserver.patch

* suse_modifications_ssh.patch

* suse_modifications_usermanage.patch
- Added suse_modifications_virt.patch to enable svirt on s390x

Sat Nov 8 13:00:00 2014 Led
- fix bashism in post script

Thu Sep 18 14:00:00 2014 jsegitzAATTsuse.com
Redid changes done by vcizekAATTsuse.com in SLE12 package
- disable build of MLS policy
- removed outdated description files

* Alan_Rouse-openSUSE_with_SELinux.txt

* Alan_Rouse-Policy_Development_Process.txt

Mon Sep 8 14:00:00 2014 jsegitzAATTsuse.com
- removed remove_duplicate_filetrans_pattern_rules.patch

Fri Sep 5 14:00:00 2014 jsegitzAATTsuse.com
- Updated policy to include everything up until 20140730 (refpolicy and
fedora rawhide improvements). Rebased all patches that are still
necessary
- Removed permissivedomains.pp. Doesn\'t work with the new policy
- modified spec file so that all modifications for distro=redhat and
distro=suse will be used.
- added selinux-policy-rpmlintrc to suppress some warnings that aren\'t
valid for this package
- added suse_minimal_cc.patch to create a suse specific module to prevent
errors while using the minimum policy. Will rework them in the proper
places once the minimum policy is reworked to really only confine a
minimal set of domains.

Tue Sep 2 14:00:00 2014 vcizekAATTsuse.com
- removed source files which were not used

* modules-minimum.conf, modules-mls.conf, modules-targeted.conf,
permissivedomains.fc, permissivedomains.if, permissivedomains.te,
seusers, seusers-mls, seusers-targeted, users_extra-mls,
users_extra-targeted

Mon Jun 2 14:00:00 2014 vcizekAATTsuse.com
- remove duplicate filetrans_pattern rules

* fixes build with libsepol-2.3

* added remove_duplicate_filetrans_pattern_rules.patch

Mon Dec 9 13:00:00 2013 vcizekAATTsuse.com
- enable build of mls and targeted policies
- fixes to the minimum policy:
- label /var/run/rsyslog correctly

* label_var_run_rsyslog.patch
- allow systemd-tmpfiles to create devices

* systemd-tmpfiles.patch
- add rules for sysconfig

* correctly label /dev/.sysconfig/network

* added sysconfig_network_scripts.patch
- run restorecon and fixfiles only if if selinux is enabled
- fix console login

* allow-local_login_t-read-shadow.patch
- allow rsyslog to write to xconsole

* xconsole.patch
- useradd needs to call selinux_check_access (via pam_rootok)

* useradd-netlink_selinux_socket.patch

Mon Aug 12 14:00:00 2013 roAATTsuse.de
- fix build on factory: newer rpm does not allow to mark
non-directories as dir anymore (like symlinks in this case)

Thu Jul 11 14:00:00 2013 cooloAATTsuse.com
- install COPYING

Fri Mar 22 13:00:00 2013 vcizekAATTsuse.com
- switch to Fedora as upstream
- added patches:

* policy-rawhide-base.patch

* policy-rawhide-contrib.patch

* type_transition_file_class.patch

* type_transition_contrib.patch

* label_sysconfig.selinux-policy.patch

Tue Dec 11 13:00:00 2012 vcizekAATTsuse.com
- bump up policy version to 27, due to recent libsepol update
- dropped currently unused policy-rawhide.patch
- fix installing of file_contexts (this enables restorecond to run properly)
- Recommends: audit and setools

Mon Dec 10 13:00:00 2012 meissnerAATTsuse.com
- mark included files in source

Mon Oct 22 14:00:00 2012 vcizekAATTsuse.com
- update to 2.20120725
- added selinux-policy-run_sepolgen_during_build.patch
- renamed patch with SUSE-specific policy to selinux-policy-SUSE.patch
- dropped policygentool and OLPC stuff

Wed May 9 14:00:00 2012 cooloAATTsuse.com
- patch license to be in spdx.org format

Fri May 21 14:00:00 2010 prusnakAATTsuse.cz
- use policy created by Alan Rouse

Sun Apr 11 14:00:00 2010 justinmattockAATTgmail.com
- Adjust selinux-policy.spec so that the policy
source tree is put in /usr/share/doc/packages/selinux-
*
so users can build the policy [bnc#582404]

Wed Apr 7 14:00:00 2010 thomasAATTnovell.com
- fixed fileperms of /etc/selinux/config to be 644 to allow
libselinux to read from it (bnc#582399)
this is also the default file mode in fedora 12

Fri Jun 26 14:00:00 2009 thomasAATTnovell.com
- added config file for /etc/selinux/


  
ICM