SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for selinux-policy-targeted-20221019-16.4.noarch.rpm :

* Thu Dec 15 2022 Hu - Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan (bnc#1206445)
* Wed Dec 14 2022 Hu - Added policy for wicked scripts under /etc/sysconfig/network/scripts (bnc#1205770)
* Wed Dec 14 2022 Johannes Segitz - Add fix_sendmail.patch
* fix context of custom sendmail startup helper
* fix context of /var/run/sendmail and add necessary rules to manage content in there
* Tue Dec 13 2022 Johannes Segitz - Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and nm-priv-helper until the packaging is adjusted (bsc#1206355)- Update fix_chronyd.patch to allow sendto towards NetworkManager_dispatcher_custom_t. Added new interface networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357)- Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895)
* Tue Dec 06 2022 Johannes Segitz - Updated fix_networkmanager.patch to allow NetworkManager to watch net_conf_t (bsc#1206109)
* Wed Nov 30 2022 Filippo Bonazzi - Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434)
* Wed Nov 30 2022 Filippo Bonazzi - Drop fix_irqbalance.patch: superseded by upstream
* Thu Nov 24 2022 Hu - fix_sysnetwork.patch: firewalld uses /etc/sysconfig/network/ for network interface definition instead of /etc/sysconfig/network-scripts/, modified sysnetwork.fc to reflect that (bsc#1205580).
* Wed Oct 19 2022 Johannes Segitz - Update to version 20221019. Refreshed:
* distro_suse_to_distro_redhat.patch
* fix_apache.patch
* fix_chronyd.patch
* fix_cron.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_rpm.patch
* fix_sysnetwork.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_xserver.patch- Dropped fix_cockpit.patch as this is now packaged with cockpit itself- Remove the ipa module, freeip ships their own module- Added fix_alsa.patch to allow reading of config files in home directories- Extended fix_networkmanager.patch and fix_postfix.patch to account for SUSE systems- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc queries the running processes- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus
* Fri Sep 30 2022 Johannes Segitz - Updated quilt couldn\'t unpack tarball. This will cause ongoing issues so drop the sed statement in the %prep section and add distro_suse_to_distro_redhat.patch to add the necessary changes via a patch
* Thu Sep 29 2022 Johannes Segitz - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824)
* Tue Sep 27 2022 Filippo Bonazzi - Update fix_xserver.patch to add greetd support (bsc#1198559)
* Mon Sep 12 2022 Johannes Segitz - Revamped rtorrent module
* Fri Aug 26 2022 Thorsten Kukuk - Move SUSE directory from manual page section to html docu
* Wed Jul 27 2022 Hu - fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t and NetworkManager_dispatcher_custom_t to access nscd socket (bsc#1201741)
* Tue Jul 26 2022 Zdenek Kubala - Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper (bnc#1201015)
* Thu Jul 14 2022 Johannes Segitz - Update to version 20220714. Refreshed:
* fix_init.patch
* fix_systemd_watch.patch
* Wed Jul 13 2022 Johannes Segitz - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911)
* Mon Jul 11 2022 Johannes Segitz - postfix: Label PID files and some helpers correctly (bsc#1197242)
* Fri Jun 24 2022 Johannes Segitz - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984)
* Fri Jun 24 2022 Johannes Segitz - Update to version 20220624. Refreshed:
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_logging.patch
* fix_networkmanager.patch
* fix_unprivuser.patch Dropped fix_hadoop.patch, not necessary anymore
* Updated fix_locallogin.patch to allow accesses for nss-systemd (bsc#1199630)
* Fri May 20 2022 Johannes Segitz - Update to version 20220520 to pass stricter 3.4 toolchain checks
* Fri May 20 2022 Johannes Segitz - Update to version 20220428. Refreshed:
* fix_apache.patch
* fix_hadoop.patch
* fix_init.patch
* fix_iptables.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_unprivuser.patch
* fix_usermanage.patch
* fix_wine.patch
* Thu May 19 2022 Johannes Segitz - Add fix_dnsmasq.patch to fix problems with virtualization on Microos (bsc#1199518)
* Tue May 03 2022 Johannes Segitz - Modified fix_init.patch to allow init to setup contrained environment for accountsservice. This needs a better, more general solution (bsc#1197610)
* Mon May 02 2022 Johannes Segitz - Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition. This happens in certain boot conditions (bsc#1182500)- Changed fix_unconfineduser.patch to not transition into ldconfig_t from unconfined_t (bsc#1197169)
* Thu Feb 17 2022 Klaus Kämpf - use %license tag for COPYING file
* Thu Feb 10 2022 Johannes Segitz - Updated fix_cron.patch. Adjust labeling for at (bsc#1195683)
* Wed Feb 09 2022 Filippo Bonazzi - Fix bitlbee runtime directory (bsc#1193230)
* add fix_bitlbee.patch
* Mon Jan 24 2022 Johannes Segitz - Update to version 20220124. Refreshed:
* fix_hadoop.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_systemd.patch
* fix_systemd_watch.patch- Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987)
* Fri Jan 14 2022 Johannes Segitz - Allow colord to use systemd hardenings (bsc#1194631)
* Thu Nov 11 2021 Johannes Segitz - Update to version 20211111. Refreshed:
* fix_dbus.patch
* fix_systemd.patch
* fix_authlogin.patch
* fix_auditd.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_chronyd.patch
* fix_unconfineduser.patch
* fix_unconfined.patch
* fix_firewalld.patch
* fix_init.patch
* fix_xserver.patch
* fix_logging.patch
* fix_hadoop.patch
* Mon Oct 25 2021 Marcus Meissner - fix_wine.patch: give Wine .dll same context as .so (bsc#1191976)
* Tue Sep 28 2021 Enzo Matsumiya - Fix auditd service start with systemd hardening directives (boo#1190918)
* add fix_auditd.patch
* Thu Sep 02 2021 Johannes Segitz - Modified fix_systemd.patch to allow systemd gpt generator access to udev files (bsc#1189280)
* Fri Aug 27 2021 Ales Kedroutek - fix rebootmgr does not trigger the reboot properly (boo#1189878)
* fix managing /etc/rebootmgr.conf
* allow rebootmgr_t to cope with systemd and dbus messaging
* Thu Aug 26 2021 Johannes Segitz - Properly label cockpit files- Allow wicked to communicate with network manager on DBUS (bsc#1188331)
* Mon Aug 23 2021 Ales Kedroutek - Added policy module for rebootmgr (jsc#SMO-28)
* Tue Aug 17 2021 Ludwig Nussel - Allow systemd-sysctl to read kernel specific sysctl.conf (fix_kernel_sysctl.patch, boo#1184804)
* Tue Aug 10 2021 Ludwig Nussel - Fix quoting in postInstall macro
* Fri Jul 16 2021 Johannes Segitz - Update to version 20210716- Remove interfaces for container module before building the package (bsc#1188184)- Updated
* fix_init.patch
* fix_systemd_watch.patch to adapt to upstream changes
* Thu Jul 15 2021 Callum Farmer - Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing here
* Tue Jul 06 2021 Alberto Planas Dominguez - Add tabrmd SELinux modules from upstream (bsc#1187925) https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux- Automatic spec-cleaner to fix ordering and misaligned spaces
* Mon Jun 28 2021 Johannes Segitz - Update to version 20210419- Dropped fix_gift.patch, module was removed- Updated wicked.te to removed dropped interface- Refreshed:
* fix_cockpit.patch
* fix_hadoop.patch
* fix_init.patch
* fix_logging.patch
* fix_logrotate.patch
* fix_networkmanager.patch
* fix_nscd.patch
* fix_rpm.patch
* fix_selinuxutil.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_thunderbird.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_xserver.patch
* Tue May 18 2021 Ludwig Nussel - allow systemd to watch /usr, /usr/lib, /etc, /etc/pki as we have path units that trigger on changes in those. Added fix_systemd_watch.patch- own /usr/share/selinux/packages/$SELINUXTYPE/ and /var/lib/selinux/$SELINUXTYPE/active/modules/
* to allow packages to install files there
* Wed Apr 28 2021 Ludwig Nussel - allow cockpit socket to bind nodes (fix_cockpit.patch)- use %autosetup to get rid of endless patch lines
* Tue Apr 27 2021 Johannes Segitz - Updated fix_networkmanager.patch to allow NetworkManager to watch its configuration directories- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)
* Mon Apr 26 2021 Johannes Segitz - Added Recommends for selinux-autorelabel (bsc#1181837)- Prevent libreoffice fonts from changing types on every relabel (bsc#1185265). Added fix_libraries.patch
* Fri Apr 23 2021 Johannes Segitz - Transition unconfined users to ldconfig type (bsc#1183121). Extended fix_unconfineduser.patch
* Mon Apr 19 2021 Johannes Segitz - Update to version 20210419- Refreshed:
* fix_dbus.patch
* fix_hadoop.patch
* fix_init.patch
* fix_unprivuser.patch
* Fri Mar 12 2021 Ales Kedroutek - Adjust fix_init.patch to allow systemd to do sd-listen on tcp socket [bsc#1183177]
* Tue Mar 09 2021 Johannes Segitz - Update to version 20210309- Refreshed
* fix_systemd.patch
* fix_selinuxutil.patch
* fix_iptables.patch
* fix_init.patch
* fix_logging.patch
* fix_nscd.patch
* fix_hadoop.patch
* fix_unconfineduser.patch
* fix_chronyd.patch
* fix_networkmanager.patch
* fix_cron.patch
* fix_usermanage.patch
* fix_unprivuser.patch
* fix_rpm.patch- Ensure that /usr/etc is labeled according to /etc rules
* Tue Feb 23 2021 Thorsten Kukuk - Update to version 20210223- Change name of tar file to a more common schema to allow parallel installation of several source versions- Adjust fix_init.patch
* Mon Jan 11 2021 Thorsten Kukuk - Update to version 20210111 - Drop fix_policykit.patch (integrated upstream) - Adjust fix_iptables.patch - update container policy
* Tue Nov 10 2020 Johannes Segitz - Updated fix_corecommand.patch to set correct types for the OBS build tools
* Thu Oct 29 2020 Thorsten Kukuk - wicked.fc: add libexec directories- Update to version 20201029 - update container policy
* Fri Oct 16 2020 Thorsten Kukuk - Update to version 20201016- Use python3 to build (fc_sort.c was replaced by fc_sort.py which uses python3)- Drop SELINUX=disabled, \"selinux=0\" kernel commandline option has to be used instead. New default is \"permissive\" [bsc#1176923].
* Thu Sep 10 2020 Johannes Segitz - Update to version 20200910. Refreshed
* fix_authlogin.patch
* fix_nagios.patch
* fix_systemd.patch
* fix_usermanage.patch- Delete suse_specific.patch, moved content into fix_selinuxutil.patch- Cleanup of booleans-
* presets
* Enabled user_rw_noexattrfile unconfined_chrome_sandbox_transition unconfined_mozilla_plugin_transition for the minimal policy
* Disabled xserver_object_manager for the MLS policy
* Disabled openvpn_enable_homedirs privoxy_connect_any selinuxuser_direct_dri_enabled selinuxuser_ping (aka user_ping) squid_connect_any telepathy_tcp_connect_generic_network_ports for the targeted policy Change your local config if you need them- Build HTML version of manpages for the -devel package
* Thu Sep 03 2020 Johannes Segitz - Drop BuildRequires for python, python-xml. It\'s not needed anymore
* Tue Sep 01 2020 Johannes Segitz - Drop fix_dbus.patch_orig, was included by accident- Drop segenxml_interpreter.patch, not used anymore
* Tue Aug 11 2020 Thorsten Kukuk - macros.selinux-policy: move rpm-state directory to /run and make sure it exists
* Wed Aug 05 2020 Thorsten Kukuk - Cleanup spec file and follow more closely Fedora- Label /sys/kernel/uevent_helper with tmpfiles.d/selinux-policy.conf- Move config to /etc/selinux/config and create during %post install to be compatible with upstream and documentation.- Add RPM macros for SELinux (macros.selinux-policy)- Install booleans.subs_dist- Remove unused macros- Sync make/install macros with Fedora spec file- Introduce sandbox sub-package
* Wed Jul 29 2020 Thorsten Kukuk - Add policycoreutils-devel as BuildRequires
* Fri Jul 17 2020 Johannes Segitz - Update to version 20200717. Refreshed
* fix_fwupd.patch
* fix_hadoop.patch
* fix_init.patch
* fix_irqbalance.patch
* fix_logrotate.patch
* fix_nagios.patch
* fix_networkmanager.patch
* fix_postfix.patch
* fix_sysnetwork.patch
* fix_systemd.patch
* fix_thunderbird.patch
* fix_unconfined.patch
* fix_unprivuser.patch
* selinux-policy.spec- Added update.sh to make updating easier
* Tue Jul 14 2020 Johannes Segitz - Updated fix_unconfineduser.patch to allow unconfined_dbusd_t access to accountsd dbus- New patch:
* fix_nis.patch- Updated patches:
* fix_postfix.patch: Transition is done in distribution specific script
* Tue Jun 02 2020 Johannes Segitz - Added module for wicked- New patches:
* fix_authlogin.patch
* fix_screen.patch
* fix_unprivuser.patch
* fix_rpm.patch
* fix_apache.patch
* Thu Mar 26 2020 Johannes Segitz - Added module for rtorrent- Enable snapper module in minimum policy to reduce issues on BTRFS Updated fix_snapper.patch to prevent relabling of snapshot
* Mon Mar 09 2020 Johannes Segitz - New patches:
* fix_accountsd.patch
* fix_automount.patch
* fix_colord.patch
* fix_mcelog.patch
* fix_sslh.patch
* fix_nagios.patch
* fix_openvpn.patch
* fix_cron.patch
* fix_usermanage.patch
* fix_smartmon.patch
* fix_geoclue.patch
* suse_specific.patch Default systems should now work without selinuxuser_execmod- Removed xdm_entrypoint_pam.patch, necessary change is in fix_unconfineduser.patch- Enable SUSE specific settings again
* Wed Feb 19 2020 Johannes Segitz - Update to version 20200219 Refreshed fix_hadoop.patch Updated
* fix_dbus.patch
* fix_hadoop.patch
* fix_nscd.patch
* fix_xserver.patch Renamed postfix_paths.patch to fix_postfix.patch Added
* fix_init.patch
* fix_locallogin.patch
* fix_policykit.patch
* fix_iptables.patch
* fix_irqbalance.patch
* fix_ntp.patch
* fix_fwupd.patch
* fix_firewalld.patch
* fix_logrotate.patch
* fix_selinuxutil.patch
* fix_corecommand.patch
* fix_snapper.patch
* fix_systemd.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_chronyd.patch
* fix_networkmanager.patch
* xdm_entrypoint_pam.patch- Removed modules minimum_temp_fixes and targeted_temp_fixes from the corresponding policies- Reduced default module list of minimum policy by removing apache inetd nis postfix mta modules- Adding/removing necessary pam config automatically- Minimum and targeted policy: Enable domain_can_mmap_files by default- Targeted policy: Disable selinuxuser_execmem, selinuxuser_execmod and selinuxuser_execstack to have safe defaults
  
ICM