SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for selinux-policy-minimum-20220714-2.56.noarch.rpm :

* Thu Sep 29 2022 Johannes Segitz - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824)
* Tue Sep 27 2022 Filippo Bonazzi - Update fix_xserver.patch to add greetd support (bsc#1198559)
* Mon Sep 12 2022 Johannes Segitz - Revamped rtorrent module
* Fri Aug 26 2022 Thorsten Kukuk - Move SUSE directory from manual page section to html docu
* Wed Jul 27 2022 Hu - fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t and NetworkManager_dispatcher_custom_t to access nscd socket (bsc#1201741)
* Tue Jul 26 2022 Zdenek Kubala - Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper (bnc#1201015)
* Thu Jul 14 2022 Johannes Segitz - Update to version 20220714. Refreshed:
* fix_init.patch
* fix_systemd_watch.patch
* Wed Jul 13 2022 Johannes Segitz - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911)
* Mon Jul 11 2022 Johannes Segitz - postfix: Label PID files and some helpers correctly (bsc#1197242)
* Fri Jun 24 2022 Johannes Segitz - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984)
* Fri Jun 24 2022 Johannes Segitz - Update to version 20220624. Refreshed:
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_logging.patch
* fix_networkmanager.patch
* fix_unprivuser.patch Dropped fix_hadoop.patch, not necessary anymore
* Updated fix_locallogin.patch to allow accesses for nss-systemd (bsc#1199630)
* Fri May 20 2022 Johannes Segitz - Update to version 20220520 to pass stricter 3.4 toolchain checks
* Fri May 20 2022 Johannes Segitz - Update to version 20220428. Refreshed:
* fix_apache.patch
* fix_hadoop.patch
* fix_init.patch
* fix_iptables.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_unprivuser.patch
* fix_usermanage.patch
* fix_wine.patch
* Thu May 19 2022 Johannes Segitz - Add fix_dnsmasq.patch to fix problems with virtualization on Microos (bsc#1199518)
* Tue May 03 2022 Johannes Segitz - Modified fix_init.patch to allow init to setup contrained environment for accountsservice. This needs a better, more general solution (bsc#1197610)
* Mon May 02 2022 Johannes Segitz - Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition. This happens in certain boot conditions (bsc#1182500)- Changed fix_unconfineduser.patch to not transition into ldconfig_t from unconfined_t (bsc#1197169)
* Thu Feb 17 2022 Klaus Kämpf - use %license tag for COPYING file
* Thu Feb 10 2022 Johannes Segitz - Updated fix_cron.patch. Adjust labeling for at (bsc#1195683)
* Wed Feb 09 2022 Filippo Bonazzi - Fix bitlbee runtime directory (bsc#1193230)
* add fix_bitlbee.patch
* Mon Jan 24 2022 Johannes Segitz - Update to version 20220124. Refreshed:
* fix_hadoop.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_systemd.patch
* fix_systemd_watch.patch- Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987)
* Fri Jan 14 2022 Johannes Segitz - Allow colord to use systemd hardenings (bsc#1194631)
* Thu Nov 11 2021 Johannes Segitz - Update to version 20211111. Refreshed:
* fix_dbus.patch
* fix_systemd.patch
* fix_authlogin.patch
* fix_auditd.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_chronyd.patch
* fix_unconfineduser.patch
* fix_unconfined.patch
* fix_firewalld.patch
* fix_init.patch
* fix_xserver.patch
* fix_logging.patch
* fix_hadoop.patch
* Mon Oct 25 2021 Marcus Meissner - fix_wine.patch: give Wine .dll same context as .so (bsc#1191976)
* Tue Sep 28 2021 Enzo Matsumiya - Fix auditd service start with systemd hardening directives (boo#1190918)
* add fix_auditd.patch
* Thu Sep 02 2021 Johannes Segitz - Modified fix_systemd.patch to allow systemd gpt generator access to udev files (bsc#1189280)
* Fri Aug 27 2021 Ales Kedroutek - fix rebootmgr does not trigger the reboot properly (boo#1189878)
* fix managing /etc/rebootmgr.conf
* allow rebootmgr_t to cope with systemd and dbus messaging
* Thu Aug 26 2021 Johannes Segitz - Properly label cockpit files- Allow wicked to communicate with network manager on DBUS (bsc#1188331)
* Mon Aug 23 2021 Ales Kedroutek - Added policy module for rebootmgr (jsc#SMO-28)
* Tue Aug 17 2021 Ludwig Nussel - Allow systemd-sysctl to read kernel specific sysctl.conf (fix_kernel_sysctl.patch, boo#1184804)
* Tue Aug 10 2021 Ludwig Nussel - Fix quoting in postInstall macro
* Fri Jul 16 2021 Johannes Segitz - Update to version 20210716- Remove interfaces for container module before building the package (bsc#1188184)- Updated
* fix_init.patch
* fix_systemd_watch.patch to adapt to upstream changes
* Thu Jul 15 2021 Callum Farmer - Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing here
* Tue Jul 06 2021 Alberto Planas Dominguez - Add tabrmd SELinux modules from upstream (bsc#1187925) https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux- Automatic spec-cleaner to fix ordering and misaligned spaces
* Mon Jun 28 2021 Johannes Segitz - Update to version 20210419- Dropped fix_gift.patch, module was removed- Updated wicked.te to removed dropped interface- Refreshed:
* fix_cockpit.patch
* fix_hadoop.patch
* fix_init.patch
* fix_logging.patch
* fix_logrotate.patch
* fix_networkmanager.patch
* fix_nscd.patch
* fix_rpm.patch
* fix_selinuxutil.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_thunderbird.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_xserver.patch
* Tue May 18 2021 Ludwig Nussel - allow systemd to watch /usr, /usr/lib, /etc, /etc/pki as we have path units that trigger on changes in those. Added fix_systemd_watch.patch- own /usr/share/selinux/packages/$SELINUXTYPE/ and /var/lib/selinux/$SELINUXTYPE/active/modules/
* to allow packages to install files there
* Wed Apr 28 2021 Ludwig Nussel - allow cockpit socket to bind nodes (fix_cockpit.patch)- use %autosetup to get rid of endless patch lines
* Tue Apr 27 2021 Johannes Segitz - Updated fix_networkmanager.patch to allow NetworkManager to watch its configuration directories- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)
* Mon Apr 26 2021 Johannes Segitz - Added Recommends for selinux-autorelabel (bsc#1181837)- Prevent libreoffice fonts from changing types on every relabel (bsc#1185265). Added fix_libraries.patch
* Fri Apr 23 2021 Johannes Segitz - Transition unconfined users to ldconfig type (bsc#1183121). Extended fix_unconfineduser.patch
* Mon Apr 19 2021 Johannes Segitz - Update to version 20210419- Refreshed:
* fix_dbus.patch
* fix_hadoop.patch
* fix_init.patch
* fix_unprivuser.patch
* Fri Mar 12 2021 Ales Kedroutek - Adjust fix_init.patch to allow systemd to do sd-listen on tcp socket [bsc#1183177]
* Tue Mar 09 2021 Johannes Segitz - Update to version 20210309- Refreshed
* fix_systemd.patch
* fix_selinuxutil.patch
* fix_iptables.patch
* fix_init.patch
* fix_logging.patch
* fix_nscd.patch
* fix_hadoop.patch
* fix_unconfineduser.patch
* fix_chronyd.patch
* fix_networkmanager.patch
* fix_cron.patch
* fix_usermanage.patch
* fix_unprivuser.patch
* fix_rpm.patch- Ensure that /usr/etc is labeled according to /etc rules
* Tue Feb 23 2021 Thorsten Kukuk - Update to version 20210223- Change name of tar file to a more common schema to allow parallel installation of several source versions- Adjust fix_init.patch
* Mon Jan 11 2021 Thorsten Kukuk - Update to version 20210111 - Drop fix_policykit.patch (integrated upstream) - Adjust fix_iptables.patch - update container policy
* Tue Nov 10 2020 Johannes Segitz - Updated fix_corecommand.patch to set correct types for the OBS build tools
* Thu Oct 29 2020 Thorsten Kukuk - wicked.fc: add libexec directories- Update to version 20201029 - update container policy
* Fri Oct 16 2020 Thorsten Kukuk - Update to version 20201016- Use python3 to build (fc_sort.c was replaced by fc_sort.py which uses python3)- Drop SELINUX=disabled, \"selinux=0\" kernel commandline option has to be used instead. New default is \"permissive\" [bsc#1176923].
* Thu Sep 10 2020 Johannes Segitz - Update to version 20200910. Refreshed
* fix_authlogin.patch
* fix_nagios.patch
* fix_systemd.patch
* fix_usermanage.patch- Delete suse_specific.patch, moved content into fix_selinuxutil.patch- Cleanup of booleans-
* presets
* Enabled user_rw_noexattrfile unconfined_chrome_sandbox_transition unconfined_mozilla_plugin_transition for the minimal policy
* Disabled xserver_object_manager for the MLS policy
* Disabled openvpn_enable_homedirs privoxy_connect_any selinuxuser_direct_dri_enabled selinuxuser_ping (aka user_ping) squid_connect_any telepathy_tcp_connect_generic_network_ports for the targeted policy Change your local config if you need them- Build HTML version of manpages for the -devel package
* Thu Sep 03 2020 Johannes Segitz - Drop BuildRequires for python, python-xml. It\'s not needed anymore
* Tue Sep 01 2020 Johannes Segitz - Drop fix_dbus.patch_orig, was included by accident- Drop segenxml_interpreter.patch, not used anymore
* Tue Aug 11 2020 Thorsten Kukuk - macros.selinux-policy: move rpm-state directory to /run and make sure it exists
* Wed Aug 05 2020 Thorsten Kukuk - Cleanup spec file and follow more closely Fedora- Label /sys/kernel/uevent_helper with tmpfiles.d/selinux-policy.conf- Move config to /etc/selinux/config and create during %post install to be compatible with upstream and documentation.- Add RPM macros for SELinux (macros.selinux-policy)- Install booleans.subs_dist- Remove unused macros- Sync make/install macros with Fedora spec file- Introduce sandbox sub-package
* Wed Jul 29 2020 Thorsten Kukuk - Add policycoreutils-devel as BuildRequires
* Fri Jul 17 2020 Johannes Segitz - Update to version 20200717. Refreshed
* fix_fwupd.patch
* fix_hadoop.patch
* fix_init.patch
* fix_irqbalance.patch
* fix_logrotate.patch
* fix_nagios.patch
* fix_networkmanager.patch
* fix_postfix.patch
* fix_sysnetwork.patch
* fix_systemd.patch
* fix_thunderbird.patch
* fix_unconfined.patch
* fix_unprivuser.patch
* selinux-policy.spec- Added update.sh to make updating easier
* Tue Jul 14 2020 Johannes Segitz - Updated fix_unconfineduser.patch to allow unconfined_dbusd_t access to accountsd dbus- New patch:
* fix_nis.patch- Updated patches:
* fix_postfix.patch: Transition is done in distribution specific script
* Tue Jun 02 2020 Johannes Segitz - Added module for wicked- New patches:
* fix_authlogin.patch
* fix_screen.patch
* fix_unprivuser.patch
* fix_rpm.patch
* fix_apache.patch
* Thu Mar 26 2020 Johannes Segitz - Added module for rtorrent- Enable snapper module in minimum policy to reduce issues on BTRFS Updated fix_snapper.patch to prevent relabling of snapshot
* Mon Mar 09 2020 Johannes Segitz - New patches:
* fix_accountsd.patch
* fix_automount.patch
* fix_colord.patch
* fix_mcelog.patch
* fix_sslh.patch
* fix_nagios.patch
* fix_openvpn.patch
* fix_cron.patch
* fix_usermanage.patch
* fix_smartmon.patch
* fix_geoclue.patch
* suse_specific.patch Default systems should now work without selinuxuser_execmod- Removed xdm_entrypoint_pam.patch, necessary change is in fix_unconfineduser.patch- Enable SUSE specific settings again
* Wed Feb 19 2020 Johannes Segitz - Update to version 20200219 Refreshed fix_hadoop.patch Updated
* fix_dbus.patch
* fix_hadoop.patch
* fix_nscd.patch
* fix_xserver.patch Renamed postfix_paths.patch to fix_postfix.patch Added
* fix_init.patch
* fix_locallogin.patch
* fix_policykit.patch
* fix_iptables.patch
* fix_irqbalance.patch
* fix_ntp.patch
* fix_fwupd.patch
* fix_firewalld.patch
* fix_logrotate.patch
* fix_selinuxutil.patch
* fix_corecommand.patch
* fix_snapper.patch
* fix_systemd.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_chronyd.patch
* fix_networkmanager.patch
* xdm_entrypoint_pam.patch- Removed modules minimum_temp_fixes and targeted_temp_fixes from the corresponding policies- Reduced default module list of minimum policy by removing apache inetd nis postfix mta modules- Adding/removing necessary pam config automatically- Minimum and targeted policy: Enable domain_can_mmap_files by default- Targeted policy: Disable selinuxuser_execmem, selinuxuser_execmod and selinuxuser_execstack to have safe defaults
* Fri Aug 09 2019 Johannes Segitz - Moved back to fedora policy (20190802)- Removed spec file conditionals for old SELinux userland- Removed config.tgz- Removed patches:
* label_sysconfig.selinux.patch
* label_var_run_rsyslog.patch
* suse_additions_obs.patch
* suse_additions_sslh.patch
* suse_modifications_apache.patch
* suse_modifications_cron.patch
* suse_modifications_getty.patch
* suse_modifications_logging.patch
* suse_modifications_ntp.patch
* suse_modifications_usermanage.patch
* suse_modifications_virt.patch
* suse_modifications_xserver.patch
* sysconfig_network_scripts.patch
* segenxml_interpreter.patch- Added patches:
* fix_djbdns.patch
* fix_dbus.patch
* fix_gift.patch
* fix_java.patch
* fix_hadoop.patch
* fix_thunderbird.patch
* postfix_paths.patch
* fix_nscd.patch
* fix_sysnetwork.patch
* fix_logging.patch
* fix_xserver.patch
* fix_miscfiles.patch to fix problems with the coresponding modules- Added sedoctool.patch to prevent build failures- This also adds three modules:
* packagekit.(te|if|fc) Basic (currently permissive) module for packagekit
* minimum_temp_fixes.(te|if|fc) and
* targeted_temp_fixes.(te|if|fc) both are currently necessary to get the systems to boot in enforcing mode. Most of them obviosly stem from mislabeled files, so this needs to be worked through and then removed eventually Also selinuxuser_execstack, selinuxuser_execmod and domain_can_mmap_files need to be enabled. Especially the first two are bad and should be removed ASAP
* Thu Jul 11 2019 - Update to refpolicy 20190609. New modules for stubby and several systemd updates, including initial support for systemd --user sessions. Refreshed
* label_var_run_rsyslog.patch
* suse_modifications_cron.patch
* suse_modifications_logging.patch
* suse_modifications_ntp.patch
* suse_modifications_usermanage.patch
* suse_modifications_xserver.patch
* sysconfig_network_scripts.patch
* Mon Feb 04 2019 jsegitzAATTsuse.com- Update to refpolicy 20190201. New modules for chromium, hostapd, and sigrok and minor fixes for existing modules. Refreshed suse_modifications_usermanage.patch
  
ICM