Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: selinux-policy-sandbox | Distribution: Fedora Project |
Version: 41.20 | Vendor: Fedora Project |
Release: 1.fc41 | Build date: Fri Oct 4 14:05:45 2024 |
Group: Unspecified | Build host: buildvm-ppc64le-29.iad2.fedoraproject.org |
Size: 87393 | Source RPM: selinux-policy-41.20-1.fc41.src.rpm |
Packager: Fedora Project | |
Url: https://github.com/fedora-selinux/selinux-policy | |
Summary: SELinux sandbox policy |
SELinux sandbox policy for use with the sandbox utility.
GPL-2.0-or-later
* Fri Oct 04 2024 Zdenek Pytela <[email protected]> - 41.20-1 - Remove the openct module sources - Remove the timidity module sources - Enable the slrn module - Remove i18n_input module sources - Enable the distcc module - Remove the ddcprobe module sources - Remove the timedatex module sources - Remove the djbdns module sources - Confine iio-sensor-proxy - Allow staff user nlmsg_write - Update policy for xdm with confined users - Allow virtnodedev watch mdevctl config dirs - Allow ssh watch home config dirs - Allow ssh map home configs files - Allow ssh read network sysctls - Allow chronyc sendto to chronyd-restricted - Allow cups sys_ptrace capability in the user namespace * Wed Sep 25 2024 Zdenek Pytela <[email protected]> - 41.19-1 - Add policy for systemd-homed - Remove fc entry for /usr/bin/pump - Label /usr/bin/noping and /usr/bin/oping with ping_exec_t - Allow accountsd read gnome-initial-setup tmp files - Allow xdm write to gnome-initial-setup fifo files - Allow rngd read and write generic usb devices - Allow qatlib search the content of the kernel debugging filesystem - Allow qatlib connect to systemd-machined over a unix socket * Wed Sep 18 2024 Petr Lautrbach <[email protected]> - 41.18-1 - Drop ru man pages - mls/modules.conf - fix typo - Allow unprivileged user watch /run/systemd - Allow boothd connect to kernel over a unix socket * Mon Sep 16 2024 Zdenek Pytela <[email protected]> - 41.17-2 - Relabel /etc/mdevctl.d * Thu Sep 12 2024 Petr Lautrbach <[email protected]> - 41.17-1 - Clean up and sync securetty_types - Bring config files from dist-git into the source repo - Confine gnome-remote-desktop - Allow virtstoraged execute mount programs in the mount domain - Make mdevctl_conf_t member of the file_type attribute * Tue Sep 10 2024 Zdenek Pytela <[email protected]> - 41.16-2 - Rebuild * Tue Sep 10 2024 Zdenek Pytela <[email protected]> - 41.16-1 - Label /etc/mdevctl.d with mdevctl_conf_t - Sync users with Fedora targeted users - Update policy for rpc-virtstorage - Allow virtstoraged get attributes of configfs dirs - Fix SELinux policy for sandbox X server to fix 'sandbox -X' command - Update bootupd policy when ESP is not mounted - Allow thumb_t map dri devices - Allow samba use the io_uring API - Allow the sysadm user use the secretmem API - Allow nut-upsmon read systemd-logind session files - Allow sysadm_t to create PF_KEY sockets - Update bootupd policy for the removing-state-file test - Allow coreos-installer-generator manage mdadm_conf_t files * Thu Aug 29 2024 Zdenek Pytela <[email protected]> - 41.15-1 - Allow setsebool_t relabel selinux data files - Allow virtqemud relabelfrom virtqemud_var_run_t dirs - Use better escape method for "interface" - Allow init and systemd-logind to inherit fds from sshd - Allow systemd-ssh-generator read sysctl files - Sync modules.conf with Fedora targeted modules - Allow virtqemud relabel user tmp files and socket files - Add missing sys_chroot capability to groupadd policy - Label /run/libvirt/qemu/channel with virtqemud_var_run_t - Allow virtqemud relabelfrom also for file and sock_file - Add virt_create_log() and virt_write_log() interfaces - Call binaries without full path * Mon Aug 12 2024 Zdenek Pytela <[email protected]> - 41.14-1 - Update libvirt policy - Add port 80/udp and 443/udp to http_port_t definition - Additional updates stalld policy for bpf usage - Label systemd-pcrextend and systemd-pcrlock properly - Allow coreos_installer_t work with partitions - Revert "Allow coreos-installer-generator work with partitions" - Add policy for systemd-pcrextend - Update policy for systemd-getty-generator - Allow ip command write to ipsec's logs - Allow virt_driver_domain read virtd-lxc files in /proc - Revert "Allow svirt read virtqemud fifo files" - Update virtqemud policy for libguestfs usage - Allow virtproxyd create and use its private tmp files - Allow virtproxyd read network state - Allow virt_driver_domain create and use log files in /var/log - Allow samba-dcerpcd work with ctdb cluster * Tue Aug 06 2024 Zdenek Pytela <[email protected]> - 41.13-1 - Allow NetworkManager_dispatcher_t send SIGKILL to plugins - Allow setroubleshootd execute sendmail with a domain transition - Allow key.dns_resolve set attributes on the kernel key ring - Update qatlib policy for v24.02 with new features - Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t - Allow tlp status power services - Allow virtqemud domain transition on passt execution - Allow virt_driver_domain connect to systemd-userdbd over a unix socket - Allow boothd connect to systemd-userdbd over a unix socket - Update policy for awstats scripts - Allow bitlbee execute generic programs in system bin directories - Allow login_userdomain read aliases file - Allow login_userdomain read ipsec config files - Allow login_userdomain read all pid files - Allow rsyslog read systemd-logind session files - Allow libvirt-dbus stream connect to virtlxcd * Wed Jul 31 2024 Zdenek Pytela <[email protected]> - 41.12-1 - Update bootupd policy - Allow rhsmcertd read/write access to /dev/papr-sysparm - Label /dev/papr-sysparm and /dev/papr-vpd - Allow abrt-dump-journal-core connect to winbindd - Allow systemd-hostnamed shut down nscd - Allow systemd-pstore send a message to syslogd over a unix domain - Allow postfix_domain map postfix_etc_t files - Allow microcode create /sys/devices/system/cpu/microcode/reload - Allow rhsmcertd read, write, and map ica tmpfs files - Support SGX devices - Allow initrc_t transition to passwd_t - Update fstab and cryptsetup generators policy - Allow xdm_t read and write the dma device - Update stalld policy for bpf usage - Allow systemd_gpt_generator to getattr on DOS directories * Thu Jul 25 2024 Zdenek Pytela <[email protected]> - 41.11-1 - Make cgroup_memory_pressure_t a part of the file_type attribute - Allow ssh_t to change role to system_r - Update policy for coreos generators - Allow init_t nnp domain transition to firewalld_t - Label /run/modprobe.d with modules_conf_t - Allow virtnodedevd run udev with a domain transition - Allow virtnodedev_t create and use virtnodedev_lock_t - Allow virtstoraged manage files with virt_content_t type - Allow virtqemud unmount a filesystem with extended attributes - Allow svirt_t connect to unconfined_t over a unix domain socket * Mon Jul 22 2024 Zdenek Pytela <[email protected]> - 41.10-1 - Update afterburn file transition policy - Allow systemd_generator read attributes of all filesystems - Allow fstab-generator read and write cryptsetup-generator unit file - Allow cryptsetup-generator read and write fstab-generator unit file - Allow systemd_generator map files in /etc - Allow systemd_generator read init's process state - Allow coreos-installer-generator read sssd public files - Allow coreos-installer-generator work with partitions - Label /etc/mdadm.conf.d with mdadm_conf_t - Confine coreos generators - Label /run/metadata with afterburn_runtime_t - Allow afterburn list ssh home directory - Label samba certificates with samba_cert_t - Label /run/coreos-installer-reboot with coreos_installer_var_run_t - Allow virtqemud read virt-dbus process state - Allow staff user dbus chat with virt-dbus - Allow staff use watch /run/systemd - Allow systemd_generator to write kmsg * Sat Jul 20 2024 Fedora Release Engineering <[email protected]> - 41.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jul 16 2024 Zdenek Pytela <[email protected]> - 41.9-1 - Allow virtqemud connect to sanlock over a unix stream socket - Allow virtqemud relabel virt_var_run_t directories - Allow svirt_tcg_t read vm sysctls - Allow virtnodedevd connect to systemd-userdbd over a unix socket - Allow svirt read virtqemud fifo files - Allow svirt attach_queue to a virtqemud tun_socket - Allow virtqemud run ssh client with a transition - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket - Update keyutils policy - Allow sshd_keygen_t connect to userdbd over a unix stream socket - Allow postfix-smtpd read mysql config files - Allow locate stream connect to systemd-userdbd - Allow the staff user use wireshark - Allow updatedb connect to userdbd over a unix stream socket - Allow gpg_t set attributes of public-keys.d - Allow gpg_t get attributes of login_userdomain stream - Allow systemd_getty_generator_t read /proc/1/environ - Allow systemd_getty_generator_t to read and write to tty_device_t * Thu Jul 11 2024 Petr Lautrbach <[email protected]> 41.8-4 - Move %postInstall to %posttrans - Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)` - Drop obsolete modules from config - Install dnf protected files only when policy is built * Thu Jul 11 2024 Zbigniew Jędrzejewski-Szmek <[email protected]> - 41.8-3 - Relabel files under /usr/bin to fix stale context after sbin merge * Mon Jun 24 2024 Petr Lautrbach <[email protected]> 41.8-2 - Merge -base and -contrib
/usr/share/selinux/packages/sandbox.pp
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Dec 12 02:51:10 2024