Changelog for
selinux-policy-sandbox-41.16-2.fc41.noarch.rpm :
* Tue Sep 10 2024 Zdenek Pytela
- 41.16-2- Rebuild
* Tue Sep 10 2024 Zdenek Pytela - 41.16-1- Label /etc/mdevctl.d with mdevctl_conf_t- Sync users with Fedora targeted users- Update policy for rpc-virtstorage- Allow virtstoraged get attributes of configfs dirs- Fix SELinux policy for sandbox X server to fix \'sandbox -X\' command- Update bootupd policy when ESP is not mounted- Allow thumb_t map dri devices- Allow samba use the io_uring API- Allow the sysadm user use the secretmem API- Allow nut-upsmon read systemd-logind session files- Allow sysadm_t to create PF_KEY sockets- Update bootupd policy for the removing-state-file test- Allow coreos-installer-generator manage mdadm_conf_t files
* Thu Aug 29 2024 Zdenek Pytela - 41.15-1- Allow setsebool_t relabel selinux data files- Allow virtqemud relabelfrom virtqemud_var_run_t dirs- Use better escape method for \"interface\"- Allow init and systemd-logind to inherit fds from sshd- Allow systemd-ssh-generator read sysctl files- Sync modules.conf with Fedora targeted modules- Allow virtqemud relabel user tmp files and socket files- Add missing sys_chroot capability to groupadd policy- Label /run/libvirt/qemu/channel with virtqemud_var_run_t- Allow virtqemud relabelfrom also for file and sock_file- Add virt_create_log() and virt_write_log() interfaces- Call binaries without full path
* Mon Aug 12 2024 Zdenek Pytela - 41.14-1- Update libvirt policy- Add port 80/udp and 443/udp to http_port_t definition- Additional updates stalld policy for bpf usage- Label systemd-pcrextend and systemd-pcrlock properly- Allow coreos_installer_t work with partitions- Revert \"Allow coreos-installer-generator work with partitions\"- Add policy for systemd-pcrextend- Update policy for systemd-getty-generator- Allow ip command write to ipsec\'s logs- Allow virt_driver_domain read virtd-lxc files in /proc- Revert \"Allow svirt read virtqemud fifo files\"- Update virtqemud policy for libguestfs usage- Allow virtproxyd create and use its private tmp files- Allow virtproxyd read network state- Allow virt_driver_domain create and use log files in /var/log- Allow samba-dcerpcd work with ctdb cluster
* Tue Aug 06 2024 Zdenek Pytela - 41.13-1- Allow NetworkManager_dispatcher_t send SIGKILL to plugins- Allow setroubleshootd execute sendmail with a domain transition- Allow key.dns_resolve set attributes on the kernel key ring- Update qatlib policy for v24.02 with new features- Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t- Allow tlp status power services- Allow virtqemud domain transition on passt execution- Allow virt_driver_domain connect to systemd-userdbd over a unix socket- Allow boothd connect to systemd-userdbd over a unix socket- Update policy for awstats scripts- Allow bitlbee execute generic programs in system bin directories- Allow login_userdomain read aliases file- Allow login_userdomain read ipsec config files- Allow login_userdomain read all pid files- Allow rsyslog read systemd-logind session files- Allow libvirt-dbus stream connect to virtlxcd
* Wed Jul 31 2024 Zdenek Pytela - 41.12-1- Update bootupd policy- Allow rhsmcertd read/write access to /dev/papr-sysparm- Label /dev/papr-sysparm and /dev/papr-vpd- Allow abrt-dump-journal-core connect to winbindd- Allow systemd-hostnamed shut down nscd- Allow systemd-pstore send a message to syslogd over a unix domain- Allow postfix_domain map postfix_etc_t files- Allow microcode create /sys/devices/system/cpu/microcode/reload- Allow rhsmcertd read, write, and map ica tmpfs files- Support SGX devices- Allow initrc_t transition to passwd_t- Update fstab and cryptsetup generators policy- Allow xdm_t read and write the dma device- Update stalld policy for bpf usage- Allow systemd_gpt_generator to getattr on DOS directories
* Thu Jul 25 2024 Zdenek Pytela - 41.11-1- Make cgroup_memory_pressure_t a part of the file_type attribute- Allow ssh_t to change role to system_r- Update policy for coreos generators- Allow init_t nnp domain transition to firewalld_t- Label /run/modprobe.d with modules_conf_t- Allow virtnodedevd run udev with a domain transition- Allow virtnodedev_t create and use virtnodedev_lock_t- Allow virtstoraged manage files with virt_content_t type- Allow virtqemud unmount a filesystem with extended attributes- Allow svirt_t connect to unconfined_t over a unix domain socket
* Mon Jul 22 2024 Zdenek Pytela - 41.10-1- Update afterburn file transition policy- Allow systemd_generator read attributes of all filesystems- Allow fstab-generator read and write cryptsetup-generator unit file- Allow cryptsetup-generator read and write fstab-generator unit file- Allow systemd_generator map files in /etc- Allow systemd_generator read init\'s process state- Allow coreos-installer-generator read sssd public files- Allow coreos-installer-generator work with partitions- Label /etc/mdadm.conf.d with mdadm_conf_t- Confine coreos generators- Label /run/metadata with afterburn_runtime_t- Allow afterburn list ssh home directory- Label samba certificates with samba_cert_t- Label /run/coreos-installer-reboot with coreos_installer_var_run_t- Allow virtqemud read virt-dbus process state- Allow staff user dbus chat with virt-dbus- Allow staff use watch /run/systemd- Allow systemd_generator to write kmsg
* Sat Jul 20 2024 Fedora Release Engineering - 41.9-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 16 2024 Zdenek Pytela - 41.9-1- Allow virtqemud connect to sanlock over a unix stream socket- Allow virtqemud relabel virt_var_run_t directories- Allow svirt_tcg_t read vm sysctls- Allow virtnodedevd connect to systemd-userdbd over a unix socket- Allow svirt read virtqemud fifo files- Allow svirt attach_queue to a virtqemud tun_socket- Allow virtqemud run ssh client with a transition- Allow virt_dbus_t connect to virtqemud_t over a unix stream socket- Update keyutils policy- Allow sshd_keygen_t connect to userdbd over a unix stream socket- Allow postfix-smtpd read mysql config files- Allow locate stream connect to systemd-userdbd- Allow the staff user use wireshark- Allow updatedb connect to userdbd over a unix stream socket- Allow gpg_t set attributes of public-keys.d- Allow gpg_t get attributes of login_userdomain stream- Allow systemd_getty_generator_t read /proc/1/environ- Allow systemd_getty_generator_t to read and write to tty_device_t
* Thu Jul 11 2024 Petr Lautrbach 41.8-4- Move %postInstall to %posttrans- Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)`- Drop obsolete modules from config- Install dnf protected files only when policy is built
* Thu Jul 11 2024 Zbigniew Jędrzejewski-Szmek - 41.8-3- Relabel files under /usr/bin to fix stale context after sbin merge
* Mon Jun 24 2024 Petr Lautrbach 41.8-2- Merge -base and -contrib