Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

selinux-policy-sandbox-41.20-1.fc41 RPM for noarch

From Fedora 41 testing updates for x86_64 / Packages / s

Name: selinux-policy-sandbox Distribution: Fedora Project
Version: 41.20 Vendor: Fedora Project
Release: 1.fc41 Build date: Fri Oct 4 14:05:45 2024
Group: Unspecified Build host: buildvm-ppc64le-29.iad2.fedoraproject.org
Size: 87393 Source RPM: selinux-policy-41.20-1.fc41.src.rpm
Packager: Fedora Project
Url: https://github.com/fedora-selinux/selinux-policy
Summary: SELinux sandbox policy
SELinux sandbox policy for use with the sandbox utility.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Fri Oct 04 2024 Zdenek Pytela <[email protected]> - 41.20-1
  - Remove the openct module sources
  - Remove the timidity module sources
  - Enable the slrn module
  - Remove i18n_input module sources
  - Enable the distcc module
  - Remove the ddcprobe module sources
  - Remove the timedatex module sources
  - Remove the djbdns module sources
  - Confine iio-sensor-proxy
  - Allow staff user nlmsg_write
  - Update policy for xdm with confined users
  - Allow virtnodedev watch mdevctl config dirs
  - Allow ssh watch home config dirs
  - Allow ssh map home configs files
  - Allow ssh read network sysctls
  - Allow chronyc sendto to chronyd-restricted
  - Allow cups sys_ptrace capability in the user namespace
* Wed Sep 25 2024 Zdenek Pytela <[email protected]> - 41.19-1
  - Add policy for systemd-homed
  - Remove fc entry for /usr/bin/pump
  - Label /usr/bin/noping and /usr/bin/oping with ping_exec_t
  - Allow accountsd read gnome-initial-setup tmp files
  - Allow xdm write to gnome-initial-setup fifo files
  - Allow rngd read and write generic usb devices
  - Allow qatlib search the content of the kernel debugging filesystem
  - Allow qatlib connect to systemd-machined over a unix socket
* Wed Sep 18 2024 Petr Lautrbach <[email protected]> - 41.18-1
  - Drop ru man pages
  - mls/modules.conf - fix typo
  - Allow unprivileged user watch /run/systemd
  - Allow boothd connect to kernel over a unix socket
* Mon Sep 16 2024 Zdenek Pytela <[email protected]> - 41.17-2
  - Relabel /etc/mdevctl.d
* Thu Sep 12 2024 Petr Lautrbach <[email protected]> - 41.17-1
  - Clean up and sync securetty_types
  - Bring config files from dist-git into the source repo
  - Confine gnome-remote-desktop
  - Allow virtstoraged execute mount programs in the mount domain
  - Make mdevctl_conf_t member of the file_type attribute
* Tue Sep 10 2024 Zdenek Pytela <[email protected]> - 41.16-2
  - Rebuild
* Tue Sep 10 2024 Zdenek Pytela <[email protected]> - 41.16-1
  - Label /etc/mdevctl.d with mdevctl_conf_t
  - Sync users with Fedora targeted users
  - Update policy for rpc-virtstorage
  - Allow virtstoraged get attributes of configfs dirs
  - Fix SELinux policy for sandbox X server to fix 'sandbox -X' command
  - Update bootupd policy when ESP is not mounted
  - Allow thumb_t map dri devices
  - Allow samba use the io_uring API
  - Allow the sysadm user use the secretmem API
  - Allow nut-upsmon read systemd-logind session files
  - Allow sysadm_t to create PF_KEY sockets
  - Update bootupd policy for the removing-state-file test
  - Allow coreos-installer-generator manage mdadm_conf_t files
* Thu Aug 29 2024 Zdenek Pytela <[email protected]> - 41.15-1
  - Allow setsebool_t relabel selinux data files
  - Allow virtqemud relabelfrom virtqemud_var_run_t dirs
  - Use better escape method for "interface"
  - Allow init and systemd-logind to inherit fds from sshd
  - Allow systemd-ssh-generator read sysctl files
  - Sync modules.conf with Fedora targeted modules
  - Allow virtqemud relabel user tmp files and socket files
  - Add missing sys_chroot capability to groupadd policy
  - Label /run/libvirt/qemu/channel with virtqemud_var_run_t
  - Allow virtqemud relabelfrom also for file and sock_file
  - Add virt_create_log() and virt_write_log() interfaces
  - Call binaries without full path
* Mon Aug 12 2024 Zdenek Pytela <[email protected]> - 41.14-1
  - Update libvirt policy
  - Add port 80/udp and 443/udp to http_port_t definition
  - Additional updates stalld policy for bpf usage
  - Label systemd-pcrextend and systemd-pcrlock properly
  - Allow coreos_installer_t work with partitions
  - Revert "Allow coreos-installer-generator work with partitions"
  - Add policy for systemd-pcrextend
  - Update policy for systemd-getty-generator
  - Allow ip command write to ipsec's logs
  - Allow virt_driver_domain read virtd-lxc files in /proc
  - Revert "Allow svirt read virtqemud fifo files"
  - Update virtqemud policy for libguestfs usage
  - Allow virtproxyd create and use its private tmp files
  - Allow virtproxyd read network state
  - Allow virt_driver_domain create and use log files in /var/log
  - Allow samba-dcerpcd work with ctdb cluster
* Tue Aug 06 2024 Zdenek Pytela <[email protected]> - 41.13-1
  - Allow NetworkManager_dispatcher_t send SIGKILL to plugins
  - Allow setroubleshootd execute sendmail with a domain transition
  - Allow key.dns_resolve set attributes on the kernel key ring
  - Update qatlib policy for v24.02 with new features
  - Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t
  - Allow tlp status power services
  - Allow virtqemud domain transition on passt execution
  - Allow virt_driver_domain connect to systemd-userdbd over a unix socket
  - Allow boothd connect to systemd-userdbd over a unix socket
  - Update policy for awstats scripts
  - Allow bitlbee execute generic programs in system bin directories
  - Allow login_userdomain read aliases file
  - Allow login_userdomain read ipsec config files
  - Allow login_userdomain read all pid files
  - Allow rsyslog read systemd-logind session files
  - Allow libvirt-dbus stream connect to virtlxcd
* Wed Jul 31 2024 Zdenek Pytela <[email protected]> - 41.12-1
  - Update bootupd policy
  - Allow rhsmcertd read/write access to /dev/papr-sysparm
  - Label /dev/papr-sysparm and /dev/papr-vpd
  - Allow abrt-dump-journal-core connect to winbindd
  - Allow systemd-hostnamed shut down nscd
  - Allow systemd-pstore send a message to syslogd over a unix domain
  - Allow postfix_domain map postfix_etc_t files
  - Allow microcode create /sys/devices/system/cpu/microcode/reload
  - Allow rhsmcertd read, write, and map ica tmpfs files
  - Support SGX devices
  - Allow initrc_t transition to passwd_t
  - Update fstab and cryptsetup generators policy
  - Allow xdm_t read and write the dma device
  - Update stalld policy for bpf usage
  - Allow systemd_gpt_generator to getattr on DOS directories
* Thu Jul 25 2024 Zdenek Pytela <[email protected]> - 41.11-1
  - Make cgroup_memory_pressure_t a part of the file_type attribute
  - Allow ssh_t to change role to system_r
  - Update policy for coreos generators
  - Allow init_t nnp domain transition to firewalld_t
  - Label /run/modprobe.d with modules_conf_t
  - Allow virtnodedevd run udev with a domain transition
  - Allow virtnodedev_t create and use virtnodedev_lock_t
  - Allow virtstoraged manage files with virt_content_t type
  - Allow virtqemud unmount a filesystem with extended attributes
  - Allow svirt_t connect to unconfined_t over a unix domain socket
* Mon Jul 22 2024 Zdenek Pytela <[email protected]> - 41.10-1
  - Update afterburn file transition policy
  - Allow systemd_generator read attributes of all filesystems
  - Allow fstab-generator read and write cryptsetup-generator unit file
  - Allow cryptsetup-generator read and write fstab-generator unit file
  - Allow systemd_generator map files in /etc
  - Allow systemd_generator read init's process state
  - Allow coreos-installer-generator read sssd public files
  - Allow coreos-installer-generator work with partitions
  - Label /etc/mdadm.conf.d with mdadm_conf_t
  - Confine coreos generators
  - Label /run/metadata with afterburn_runtime_t
  - Allow afterburn list ssh home directory
  - Label samba certificates with samba_cert_t
  - Label /run/coreos-installer-reboot with coreos_installer_var_run_t
  - Allow virtqemud read virt-dbus process state
  - Allow staff user dbus chat with virt-dbus
  - Allow staff use watch /run/systemd
  - Allow systemd_generator to write kmsg
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> - 41.9-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 16 2024 Zdenek Pytela <[email protected]> - 41.9-1
  - Allow virtqemud connect to sanlock over a unix stream socket
  - Allow virtqemud relabel virt_var_run_t directories
  - Allow svirt_tcg_t read vm sysctls
  - Allow virtnodedevd connect to systemd-userdbd over a unix socket
  - Allow svirt read virtqemud fifo files
  - Allow svirt attach_queue to a virtqemud tun_socket
  - Allow virtqemud run ssh client with a transition
  - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket
  - Update keyutils policy
  - Allow sshd_keygen_t connect to userdbd over a unix stream socket
  - Allow postfix-smtpd read mysql config files
  - Allow locate stream connect to systemd-userdbd
  - Allow the staff user use wireshark
  - Allow updatedb connect to userdbd over a unix stream socket
  - Allow gpg_t set attributes of public-keys.d
  - Allow gpg_t get attributes of login_userdomain stream
  - Allow systemd_getty_generator_t read /proc/1/environ
  - Allow systemd_getty_generator_t to read and write to tty_device_t
* Thu Jul 11 2024 Petr Lautrbach <[email protected]> 41.8-4
  - Move %postInstall to %posttrans
  - Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)`
  - Drop obsolete modules from config
  - Install dnf protected files only when policy is built
* Thu Jul 11 2024 Zbigniew JÄ™drzejewski-Szmek <[email protected]> - 41.8-3
  - Relabel files under /usr/bin to fix stale context after sbin merge
* Mon Jun 24 2024 Petr Lautrbach <[email protected]> 41.8-2
  - Merge -base and -contrib

Files

/usr/share/selinux/packages/sandbox.pp


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Dec 12 02:51:10 2024