Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: selinux-policy-targeted-extra | Distribution: AlmaLinux |
Version: 42.1.6 | Vendor: AlmaLinux |
Release: 1.el10 | Build date: Wed Aug 20 07:21:05 2025 |
Group: Unspecified | Build host: s390x-builder02.almalinux.org |
Size: 815722 | Source RPM: selinux-policy-42.1.6-1.el10.src.rpm |
Packager: AlmaLinux Packaging Team <packager@almalinux.org> | |
Url: https://github.com/fedora-selinux/selinux-policy | |
Summary: SELinux targeted policy - extra modules |
SELinux targeted policy package - extra modules
GPL-2.0-or-later
* Tue Aug 12 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.6-2 - Add binsbin-convert.sh script * Tue Aug 12 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.6-1 - Apply generator template to selinux-autorelabel generator Resolves: RHEL-107516 - Allow systemd-coredumpd capabilities in the user namespace Resolves: RHEL-97586 - Allow virtqemud start a vm which uses nbdkit Resolves: RHEL-69118 - Add nbdkit_signal() and nbdkit_signull() interfaces Resolves: RHEL-69118 - Allow openvswitch read virtqemud process state Resolves: RHEL-65322 - Add binsbin-convert.sh script Resolves: RHEL-69118 * Fri Aug 08 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.5-1 - Confine nfs-server generator Resolves: RHEL-106119 - Support virtqemud handle hotplug hostdev devices Resolves: RHEL-65266 - Allow virtstoraged create qemu /var/run files Resolves: RHEL-104344 - Allow virtqemud write to sysfs files Resolves: RHEL-104378 - Allow unconfined_domain_type cap2_userns capabilities Resolves: RHEL-93656 * Thu Jul 31 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.4-1 - Allow systemd-coredump the sys_chroot capability Resolves: RHEL-97586 - Add the rhcd_rw_fifo_files() interface Related: RHEL-99318 - Add insights_client_delete_lib_dirs() interface Related: RHEL-99318 * Wed Jul 23 2025 Vit Mojzis <vmojzis@redhat.com> - 42.1.3-2 - Rebuild for SELinux userspace 3.9 * Fri Jul 18 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.3-1 - Allow svirt read virtqemud fifo files Resolves: RHEL-104069 - Allow virtqemud handle virt_content_t chr files Resolves: RHEL-76104 - Allow "hostapd_cli ping" run as a systemd service Resolves: RHEL-77047 - All sblim-sfcbd the dac_read_search capability Resolves: RHEL-98287 - Allow sblim domain read systemd session files Resolves: RHEL-98287 - Allow sblim-sfcbd execute dnsdomainname Resolves: RHEL-98287 - Allow systemd-importd create and unlink init pid socket Resolves: RHEL-98490 * Wed Jul 16 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.2-1 - Remove permissive domains Resolves: RHEL-103661 - Adjust modules list Resolves: RHEL-103661 * Mon Jul 14 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.1-1 - Rebase selinux-policy to the newest one available in Fedora 42 Resolves: RHEL-54303 * Wed Jul 02 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.35-1 - Remove duplicate summary header Related: RHEL-87742 - Allow irqbalance execute shell if irqbalance_run_unconfined is on Resolves: RHEL-54019 - virt: allow QEMU use of the qgs daemon for attestation Resolves: RHEL-87742 - qgs: add contrib module for TDX "qgs" daemon Resolves: RHEL-87742 - kernel: add interfaces for using SGX enclaves Resolves: RHEL-87742 * Tue Jul 01 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.34-1 - Allow systemd-coredump the sys_admin capability Resolves: RHEL-97586 - Dontaudit systemd-coredump the sys_resource capability Resolves: RHEL-97586 - Allow systemd-coredumpd sys_admin and sys_resource capabilities Resolves: RHEL-97586 - Allow systemd-coredump read nsfs files Resolves: RHEL-97586 - Dontaudit systemd-coredump sys_admin capability Resolves: RHEL-97586 - Allow svirt-tcg read init state Resolves: RHEL-95725 - Allow virtqemud create and unlink files in /etc/libvirt/ Resolves: RHEL-95725 - Allow virtqemud send a generic signal to passt Resolves: RHEL-44994 - Allow openvswitch ioctl vduse devices Resolves: RHEL-93041 - Label /dev/vduse/control and /dev/vduse/NAME devices Resolves: RHEL-93041 - Allow virtstoraged the sys_rawio capability Resolves: RHEL-44639 - Allow virtstoraged fsetid capability Resolves: RHEL-44639 - Allow virtqemud additional permissions on scsi generic chr files Resolves: RHEL-44628 - Allow irqbalance execute shell if irqbalance_run_unconfined is on Resolves: RHEL-54019 - Fix files_dontaudit_delete_all_files() Resolves: RHEL-86789 - Allow virtnodedev create mdevctl config dirs Resolves: RHEL-98559 - Allow cryptsetup-generator manage systemd unit files Resolves: RHEL-98656 * Fri Jun 06 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.33-1 - Allow systemd_generator read files in /proc and /sys Resolves: RHEL-36740 - Update irqbalance policy for using unconfined scripts Resolves: RHEL-54019 - Allow utempter use terminal multiplexor Resolves: RHEL-56344 - Allow virtqemud execute ovs-vsctl with a domain transition Resolves: RHEL-65322 - Allow mptcpd the net_admin capability Resolves: RHEL-70730 - Allow tomcat execute cracklib-check with a domain transition Resolves: RHEL-82090 - Update the files_search_mnt() interface Resolves: RHEL-85178 - Allow key.dns_resolve set attributes on the kernel key ring Resolves: RHEL-91602 - Allow switcheroo-control dbus chat with xdm Resolves: RHEL-93535 - Revert "Allow virt_domain write to virt_image_t files" Resolves: RHEL-93773 * Thu May 29 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.32-1 - Backport policy for additional systemd generators from rawhide Resolves: RHEL-36740 - Allow login_userdomain create /run/tlog directory with user_tmp_t Resolves: RHEL-56344 - Backport bootupd policy from current Fedora rawhide Resolves: RHEL-86588 * Wed May 21 2025 Petr Lautrbach <lautrbach@redhat.com> - 40.13.31-2 - Build selinux-policy-extra packages - Obsolete selinux-policy-epel packages * Tue May 20 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.31-1 - Label /dev/diag as diagnostic_device_t Resolves: RHEL-89804 - Label SetroubleshootPrivileged.py with setroubleshootd_exec_t Resolves: RHEL-87727 - Allow syslogd watch syslog_conf_t directories Resolves: RHEL-87648 - Allow networkmanager send a general signal to iptables Resolves: RHEL-86780 - Define file equivalency for /var/etc Resolves: RHEL-86678 - Update bootupd policy when ESP is not mounted Resolves: RHEL-86588 - dontaudit execmem for modemmanager Resolves: RHEL-86176 - Allow systemd create journal pid files Resolves: RHEL-72692 - Allow virtqemud read/write/setattr input event devices Resolves: RHEL-46385 * Mon Apr 28 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.30-1 - Allow auditctl signal auditd Resolves: RHEL-87418 - Update bootupd policy for the removing-state-file test Resolves: RHEL-87372 - Allow systemd-user-runtime-dir get/set tmpfs quotas Resolves: RHEL-86789 - Allow systemd-user-runtime-dir delete gnome homedir content Resolves: RHEL-86789 - Confine /usr/lib/systemd/systemd-user-runtime-dir Resolves: RHEL-86789 - Allow system-dbusd list systemd-machined directories Resolves: RHEL-86528 - Allow NetworkManager create and use icmp_socket Resolves: RHEL-86258 - Allow tuned-ppd dbus chat with xdm Resolves: RHEL-85849 - Allow virt_domain write to virt_image_t files Resolves: RHEL-85319 - Allow rhsmcertd connect to systemd-machined Resolves: RHEL-83925 - Allow varnishd execute the prlimit64() syscall Resolves: RHEL-77779 - Allow systemd-machined the kill user-namespace capability Resolves: RHEL-77087 - Allow system_dbusd_t r/w unix stream sockets of unconfined_service_t Resolves: RHEL-62185 - Allow tlshd read network sysctls Resolves: RHEL-74424 * Tue Apr 15 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.29-1 - Revert "Dontaudit access of virt-related permissive domains" Resolves: RHEL-79833 - Remove permissive domains Resolves: RHEL-82672 * Tue Apr 08 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.28-1 - Change path of tuned and tuned-ppd to /usr/sbin Resolves: RHEL-69450 - Update the pcmsensor policy Resolves: RHEL-80452 - Allow dovecot-deliver read mail aliases Resolves: RHEL-80153 - Allow boothd connect to systemd-machined over a unix socket Resolves: RHEL-75471 - Allow chronyd-restricted sendto to chronyc Resolves: RHEL-82299 - Allow chronyc sendto to chronyd-restricted Resolves: RHEL-82299 - Allow cifs.idmap helper to set attributes on kernel keys Resolves: RHEL-83921 - Remove ktls from modules-filtered.lst Resolves: RHEL-74424 * Mon Mar 31 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.27-1 - Allow afterburn to mount and read config drives Resolves: RHEL-82120 - Update afterburn file transition policy Resolves: RHEL-82120 - Label /run/metadata with afterburn_runtime_t Resolves: RHEL-82120 - Allow afterburn list ssh home directory Resolves: RHEL-82120 - Confine tuned-ppd Resolves: RHEL-69450 - Update ktls policy Resolves: RHEL-74424 - Add the switcheroo module Resolves: RHEL-83267 - Update switcheroo policy Resolves: RHEL-83267 - Confine the switcheroo-control service Resolves: RHEL-83267 * Mon Feb 17 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.26-1 - Rename winbind_rpcd_* types to samba_dcerpcd_* Resolves: RHEL-14759 - Allow samba-dcerpcd work with ctdb cluster Resolves: RHEL-14759 - Revert "Remove socket from unconfined_domain_type allow rule" Resolves: RHEL-77327 - Dontaudit access of virt-related permissive domains Resolves: RHEL-77808 - Add selinux_requires_min macro Resolves: RHEL-54715 - Filter out EPEL related modules Resolves: RHEL-73505 * Thu Feb 06 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.25-1 - Update ktlshd policy to read /proc/keys and domain keyrings Resolves: RHEL-42672 - Allow pcmsensor read nmi_watchdog state information Resolves: RHEL-52838 - Support peer-to-peer migration of vms using ssh Resolves: RHEL-77351 - Allow virt_domain read hardware state information unconditionally Resolves: RHEL-71270 - Allow timemaster write to sysfs files Resolves: RHEL-44637 - Allow virtqemud map svirt_image_t plain files Resolves: RHEL-40080 - Allow virtqemud unmount a filesystem with extended attributes Resolves: RHEL-40080 - Allow virtqemud work with nvdimm devices Resolves: RHEL-71656 - Update virtqemud policy regarding the svirt_tcg_t domain Resolves: RHEL-71270 - Allow virtqemud use hostdev usb devices conditionally Resolves: RHEL-74230 - Support saving and restoring a VM to/from a block device Resolves: RHEL-76138 - Allow virtnwfilterd dbus chat with firewalld Resolves: RHEL-76138 - Allow virt_domain to use pulseaudio - conditional Resolves: RHEL-62763 - Allow virtstoraged write to sysfs files Resolves: RHEL-44637 - Allow irqbalance to run unconfined scripts conditionally Resolves: RHEL-54019 - Allow rhsmcertd notify virt-who Resolves: RHEL-77114 - Allow init mounton crypto sysctl files Resolves: RHEL-56250 * Mon Jan 27 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.24-1 - Allow systemd-generator connect to syslog over a unix datagram socket Resolves: RHEL-75879 - Allow ssh_t to change role to system_r Resolves: RHEL-53972 - Allow virtnodedev create /etc/mdevctl.d/scripts.d with bin_t type Resolves: RHEL-39893 - Allow virtqemud manage fixed disk device nodes Resolves: RHEL-71656 - Allow samba-bgqd connect to cupsd over an unix domain stream socket Resolves: RHEL-72861 - Allow systemd-machined read the vsock device Resolves: RHEL-74280 - Allow pcmsensor write nmi_watchdog state information Resolves: RHEL-52838 - Label /proc/sys/kernel/nmi_watchdog with sysctl_nmi_watchdog_t Resolves: RHEL-52838 * Fri Jan 24 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-2 - Rebuild other packages with with selinux-policy-40.13.23 Resolves: RHEL-36741 * Thu Jan 23 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-1 - Remove the lockdown class from the policy Resolves: RHEL-36741 - Remove socket from unconfined_domain_type allow rule Resolves: RHEL-36741 - Include key_socket in socket_class_set Resolves: RHEL-36741 * Thu Jan 16 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.22-1 - Allow staff user dbus chat with virt-dbus Resolves: RHEL-73914 - Allow virtqemud domain transition to nbdkit Resolves: RHEL-69118 - Add nbdkit interfaces defined conditionally Resolves: RHEL-69118 - Allow svirt_t read sysfs files Resolves: RHEL-71270 - Label /dev/pmem[0-9]+ with fixed_disk_device_t Resolves: RHEL-71656 - Add support for the KVM guest memfd anon inodes Resolves: RHEL-69128 - Allow sysadm user dbus chat with virt-dbus Resolves: RHEL-73914 - Allow initrc_t transition to passwd_t Resolves: RHEL-71665 - Allow unconfined_service_t transition to passwd_t Resolves: RHEL-71665 * Wed Jan 08 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.21-1 - Allow init create vsock socket for sshd Resolves: RHEL-72549 - Support ssh connections via systemd-ssh-generator Resolves: RHEL-72549 - Allow ssh generator work with systemd unit files Resolves: RHEL-72549 - Confine systemd system-ssh-generator Resolves: RHEL-72549 - Allow login_userdomain getattr nsfs files Resolves: RHEL-72549 - Allow virtqemud send a generic signal to the ssh client domain Resolves: RHEL-53972 - Add the auth_dontaudit_read_passwd_file() interface Resolves: RHEL-71490 - Dontaudit request-key read /etc/passwd Resolves: RHEL-71490 * Fri Jan 03 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.20-1 - Allow virtqemud domain transition on numad execution Resolves: RHEL-65789 - Support virt live migration using ssh Resolves: RHEL-53972 - Allow ssh_t read systemd config files Resolves: RHEL-53972 - Allow virtqemud permissions needed for live migration Resolves: RHEL-43217 - Allow virtqemud the getpgid process permission Resolves: RHEL-46357 - Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on Resolves: RHEL-71068 - Allow virtqemud relabelfrom virt_log_t files Resolves: RHEL-48236 - Allow virtqemud relabel tun_socket Resolves: RHEL-71394 - Allow gnome-remote-desktop dbus chat with policykit Resolves: RHEL-35877 - Update ktlsh policy Resolves: RHEL-42672 - Confine the ktls service Resolves: RHEL-42672 - Allow request-key to read /etc/passwd Resolves: RHEL-71490 - Allow request-key to manage all domains' keys Resolves: RHEL-71490 * Fri Dec 20 2024 Petr Lautrbach <lautrbach@redhat.com> - 40.13.19-2 - Rebuild with SELinux Userspace 3.8 * Wed Dec 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.19-1 - Allow systemd-journald getattr nsfs files Resolves: RHEL-71803 - Allow systemd-related domains getattr nsfs files Resolves: RHEL-71803 * Fri Dec 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.18-1 - Sync dist/targeted/modules.conf with Fedora 42 Resolves: RHEL-70850 - Add support for sap Resolves: RHEL-70850 - Allow sssd_selinux_manager_t the setcap process permission Resolves: RHEL-70822 - Allow virtqemud open svirt_devpts_t char files Resolves: RHEL-43446 - Fix the cups_read_pid_files() interface to use read_files_pattern Resolves: RHEL-69512 * Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1 - Update samba-bgqd policy Resolves: RHEL-69512 - Allow samba-bgqd read cups config files Resolves: RHEL-69512 - Allow virtqemud additional permissions for tmpfs_t blk devices Resolves: RHEL-61235 - Allow virtqemud rw access to svirt_image_t chr files Resolves: RHEL-61235 - Allow virtqemud rw and setattr access to fixed block devices Resolves: RHEL-61235 - Label /etc/mdevctl.d/scripts.d with bin_t Resolves: RHEL-39893 - Fix the /etc/mdevctl\.d(/.*)? regexp Resolves: RHEL-39893 - Allow virtnodedev watch mdevctl config dirs Resolves: RHEL-39893 - Make mdevctl_conf_t member of the file_type attribute Resolves: RHEL-39893 - Label /etc/mdevctl.d with mdevctl_conf_t Resolves: RHEL-39893 - Allow virtqemud relabelfrom virt_log_t files Resolves: RHEL-48236 - Allow virtqemud_t relabel virtqemud_var_run_t sock_files Resolves: RHEL-48236 - Allow virtqemud relabelfrom virtqemud_var_run_t dirs Resolves: RHEL-48236 - Allow svirt_tcg_t read virtqemud_t fifo_files Resolves: RHEL-48236 - Allow virtqemud rw and setattr access to sev devices Resolves: RHEL-69128 - Allow virtqemud directly read and write to a fixed disk Resolves: RHEL-61235 - Allow svirt_t the sys_rawio capability Resolves: RHEL-61235 - Allow svirt_t the sys_rawio capability Resolves: RHEL-61235 - Allow virtqemud connect to sanlock over a unix stream socket Resolves: RHEL-44352 - allow gdm and iiosensorproxy talk to each other via D-bus Resolves: RHEL-70850 - Allow sendmail to map mail server configuration files Related: RHEL-54014 - Allow procmail to read mail aliases Resolves: RHEL-54014 - Grant rhsmcertd chown capability & userdb access Resolves: RHEL-68481 * Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1 - Fix the file type for /run/systemd/generator Resolves: RHEL-68313 * Thu Nov 28 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.15-1 - Allow qatlib search the content of the kernel debugging filesystem Resolves: RHEL-66334 - Allow qatlib connect to systemd-machined over a unix socket Resolves: RHEL-66334 - Update policy for samba-bgqd Resolves: RHEL-64908 - Allow httpd get attributes of dirsrv unit files Resolves: RHEL-62706 - Allow virtstoraged read vm sysctls Resolves: RHEL-61742 - Allow virtstoraged execute mount programs in the mount domain Resolves: RHEL-61742 - Update policy for rpc-virtstorage Resolves: RHEL-61742 - Allow virtstoraged get attributes of configfs dirs Resolves: RHEL-61742 - Allow virt_driver_domain read virtd-lxc files in /proc Resolves: RHEL-61742 - Allow virtstoraged manage files with virt_content_t type Resolves: RHEL-61742 - Allow virtstoraged use the io_uring API Resolves: RHEL-61742 - Allow virtstoraged execute lvm programs in the lvm domain Resolves: RHEL-61742 - Allow svirt_t connect to unconfined_t over a unix domain socket Resolves: RHEL-61246 - Label /usr/lib/node_modules_22/npm/bin with bin_t Resolves: RHEL-56350 - Allow bacula execute container in the container domain Resolves: RHEL-39529 - Label /run/systemd/generator with systemd_unit_file_t Resolves: RHEL-68313 * Tue Nov 19 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.14-1 - mls/modules.conf - fix typo - Use dist/targeted/modules.conf in build workflow - Fix default and dist config files - CI: update to actions/checkout@v4 - Clean up and sync securetty_types - Bring config files from dist-git into the source repo - Sync users with Fedora targeted users * Tue Nov 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.13-1 - Revert "Allow unconfined_t execute kmod in the kmod domain" Resolves: RHEL-65190 - Add policy for /usr/libexec/samba/samba-bgqd Resolves: RHEL-64908 - Label samba certificates with samba_cert_t Resolves: RHEL-64908 - Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t Resolves: RHEL-64908 - Allow rpcd read network sysctls Resolves: RHEL-64737 - Label all semanage store files in /etc as semanage_store_t Resolves: RHEL-65864 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 40.13.12-2 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 * Thu Oct 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.12-1 - Dontaudit subscription manager setfscreate and read file contexts Resolves: RHEL-58009 - Allow the sysadm user use the secretmem API Resolves: RHEL-40953 - Allow sudodomain list files in /var Resolves: RHEL-58068 - Allow gnome-remote-desktop watch /etc directory Resolves: RHEL-35877 - Allow journalctl connect to systemd-userdbd over a unix socket Resolves: RHEL-58072 - systemd: allow sys_admin capability for systemd_notify_t Resolves: RHEL-58072 - Allow some confined users send to lldpad over a unix dgram socket Resolves: RHEL-61634 - Allow lldpad send to sysadm_t over a unix dgram socket Resolves: RHEL-61634 - Allow lldpd connect to systemd-machined over a unix socket Resolves: RHEL-61634 * Wed Oct 23 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.11-1 - Allow ping_t read network sysctls Resolves: RHEL-54299 - Label /usr/lib/node_modules/npm/bin with bin_t Resolves: RHEL-56350 - Label /run/sssd with sssd_var_run_t Resolves: RHEL-57065 - Allow virtqemud read virtd_t files Resolves: RHEL-57713 - Allow wdmd read hardware state information Resolves: RHEL-57982 - Allow wdmd list the contents of the sysfs directories Resolves: RHEL-57982 - Label /etc/sysctl.d and /run/sysctl.d with system_conf_t Resolves: RHEL-58380 - Allow dirsrv read network sysctls Resolves: RHEL-58381 - Allow lldpad create and use netlink_generic_socket Resolves: RHEL-61634 - Allow unconfined_t execute kmod in the kmod domain Resolves: RHEL-61755 - Confine the pcm service Resolves: RHEL-52838 - Allow iio-sensor-proxy the bpf capability Resolves: RHEL-62355 - Confine iio-sensor-proxy Resolves: RHEL-62355 * Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1 - Confine gnome-remote-desktop Resolves: RHEL-35877 - Allow virtqemud get attributes of a tmpfs filesystem Resolves: RHEL-40855 - Allow virtqemud get attributes of cifs files Resolves: RHEL-40855 - Allow virtqemud get attributes of filesystems with extended attributes Resolves: RHEL-39668 - Allow virtqemud get attributes of NFS filesystems Resolves: RHEL-40855 - Add support for secretmem anon inode Resolves: RHEL-40953 - Allow systemd-sleep read raw disk data Resolves: RHEL-49600 - Allow systemd-hwdb send messages to kernel unix datagram sockets Resolves: RHEL-50810 - Label /run/modprobe.d with modules_conf_t Resolves: RHEL-54591 - Allow setsebool_t relabel selinux data files Resolves: RHEL-55412 - Don't audit crontab_domain write attempts to user home Resolves: RHEL-56349 - Differentiate between staff and sysadm when executing crontab with sudo Resolves: RHEL-56349 - Add crontab_admin_domtrans interface Resolves: RHEL-56349 - Add crontab_domtrans interface Resolves: RHEL-56349 - Allow boothd connect to kernel over a unix socket Resolves: RHEL-58060 - Fix label of pseudoterminals created from sudodomain Resolves: RHEL-58068 - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets Resolves: RHEL-58072 - Allow rsyslog read systemd-logind session files Resolves: RHEL-40961 - Label /dev/mmcblk0rpmb character device with removable_device_t Resolves: RHEL-55265 - Label /dev/hfi1_[0-9]+ devices Resolves: RHEL-62836 - Label /dev/papr-sysparm and /dev/papr-vpd Resolves: RHEL-56908 - Support SGX devices Resolves: RHEL-62354 - Suppress semodule's stderr Resolves: RHEL-59192 * Mon Aug 26 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.9-1 - Allow virtqemud relabelfrom also for file and sock_file Resolves: RHEL-49763 - Allow virtqemud relabel user tmp files and socket files Resolves: RHEL-49763 - Update virtqemud policy for libguestfs usage Resolves: RHEL-49763 - Label /run/libvirt/qemu/channel with virtqemud_var_run_t Resolves: RHEL-47274 * Tue Aug 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.8-1 - Add virt_create_log() and virt_write_log() interfaces Resolves: RHEL-47274 - Update libvirt policy Resolves: RHEL-45464 Resolves: RHEL-49763 - Allow svirt_tcg_t map svirt_image_t files Resolves: RHEL-47274 - Allow svirt_tcg_t read vm sysctls Resolves: RHEL-47274 - Additional updates stalld policy for bpf usage Resolves: RHEL-50356 * Thu Aug 08 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.7-1 - Add the swtpm.if interface file for interactions with other domains Resolves: RHEL-47274 - Allow virtproxyd create and use its private tmp files Resolves: RHEL-40499 - Allow virtproxyd read network state Resolves: RHEL-40499 - Allow virtqemud domain transition on swtpm execution Resolves: RHEL-47274 Resolves: RHEL-49763 - Allow virtqemud relabel virt_var_run_t directories Resolves: RHEL-47274 Resolves: RHEL-45464 Resolves: RHEL-49763 - Allow virtqemud domain transition on passt execution Resolves: RHEL-45464 - Allow virt_driver_domain create and use log files in /var/log Resolves: RHEL-40239 - Allow virt_driver_domain connect to systemd-userdbd over a unix socket Resolves: RHEL-44932 Resolves: RHEL-44898 - Update stalld policy for bpf usage Resolves: RHEL-50356 - Allow boothd connect to systemd-userdbd over a unix socket Resolves: RHEL-45907 - Allow linuxptp configure phc2sys and chronyd over a unix domain socket Resolves: RHEL-46011 - Allow systemd-machined manage runtime sockets Resolves: RHEL-49567 - Allow ip command write to ipsec's logs Resolves: RHEL-41222 - Allow init_t nnp domain transition to firewalld_t Resolves: RHEL-52481 - Update qatlib policy for v24.02 with new features Resolves: RHEL-50377 - Allow postfix_domain map postfix_etc_t files Resolves: RHEL-46327 * Thu Jul 25 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.6-1 - Allow virtnodedevd run udev with a domain transition Resolves: RHEL-39890 - Allow virtnodedev_t create and use virtnodedev_lock_t Resolves: RHEL-39890 - Allow svirt attach_queue to a virtqemud tun_socket Resolves: RHEL-44312 - Label /run/systemd/machine with systemd_machined_var_run_t Resolves: RHEL-49567 - Allow to create and delete socket files created by rhsm.service * Tue Jul 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.5-1 - Allow to create and delete socket files created by rhsm.service Resolves: RHEL-40857 - Allow svirt read virtqemud fifo files Resolves: RHEL-40350 - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket Resolves: RHEL-37822 - Allow virtqemud read virt-dbus process state Resolves: RHEL-37822 - Allow virtqemud run ssh client with a transition Resolves: RHEL-43215 - Allow virtnetworkd exec shell when virt_hooks_unconfined is on Resolves: RHEL-41168 - Allow NetworkManager the sys_ptrace capability in user namespace Resolves: RHEL-46717 - Update keyutils policy Resolves: RHEL-38920 - Allow ip the setexec permission Resolves: RHEL-41182 * Fri Jun 28 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.4-1 - Confine libvirt-dbus Resolves: RHEL-37822 - Allow sssd create and use io_uring Resolves: RHEL-43448 - Allow virtqemud the kill capability in user namespace Resolves: RHEL-44996 - Allow login_userdomain execute systemd-tmpfiles in the caller domain Resolves: RHEL-44191 - Allow virtqemud read vm sysctls Resolves: RHEL-40938 - Allow svirt_t read vm sysctls Resolves: RHEL-40938 - Allow rshim get options of the netlink class for KOBJECT_UEVENT family Resolves: RHEL-40859 - Allow systemd-hostnamed read the vsock device Resolves: RHEL-45309 - Allow systemd (PID 1) manage systemd conf files Resolves: RHEL-45304 - Allow journald read systemd config files and directories Resolves: RHEL-45304 - Allow systemd_domain read systemd_conf_t dirs Resolves: RHEL-45304 - Label systemd configuration files with systemd_conf_t Resolves: RHEL-45304 - Allow dhcpcd the kill capability Resolves: RHEL-43417 - Add support for libvirt hooks Resolves: RHEL-41168 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 40.13.3-2 - Bump release for June 2024 mass rebuild * Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.3-1 - Allow virtqemud manage nfs files when virt_use_nfs boolean is on Resolves: RHEL-40205 - Allow virt_driver_domain read files labeled unconfined_t Resolves: RHEL-40262 - Allow virt_driver_domain dbus chat with policykit Resolves: RHEL-40346 - Escape "interface" as a file name in a virt filetrans pattern Resolves: RHEL-34769 - Allow setroubleshootd get attributes of all sysctls Resolves: RHEL-40923 - Allow qemu-ga read vm sysctls Resolves: RHEL-40829 - Allow sbd to trace processes in user namespace Resolves: RHEL-39989 - Allow request-key execute scripts Resolves: RHEL-38920 - Update policy for haproxyd Resolves: RHEL-40877 * Fri Jun 07 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.2-1 - Allow all domains read and write z90crypt device Resolves: RHEL-28539 - Allow dhcpc read /run/netns files Resolves: RHEL-39510 - Allow bootupd search efivarfs dirs Resolves: RHEL-39514 * Fri May 17 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.1-1 - Allow logwatch read logind sessions files Resolves: RHEL-30441 - Allow sulogin relabel tty1 Resolves: RHEL-30440 - Dontaudit sulogin the checkpoint_restore capability Resolves: RHEL-30440 - Allow postfix smtpd map aliases file Resolves: RHEL-35544 - Ensure dbus communication is allowed bidirectionally Resolves: RHEL-35783 - Allow various services read and write z90crypt device Resolves: RHEL-28539 - Allow dhcpcd use unix_stream_socket Resolves: RHEL-33081 - Allow xdm_t to watch and watch_reads mount_var_run_t Resolves: RHEL-36073 - Allow plymouthd log during shutdown Resolves: RHEL-30455 - Update rpm configuration for the /var/run equivalency change Resolves: RHEL-36094
/usr/share/selinux/targeted/modules-extra.lst /var/lib/selinux/targeted/active/modules/100/antivirus /var/lib/selinux/targeted/active/modules/100/antivirus/cil /var/lib/selinux/targeted/active/modules/100/antivirus/hll /var/lib/selinux/targeted/active/modules/100/antivirus/lang_ext /var/lib/selinux/targeted/active/modules/100/apcupsd /var/lib/selinux/targeted/active/modules/100/apcupsd/cil /var/lib/selinux/targeted/active/modules/100/apcupsd/hll /var/lib/selinux/targeted/active/modules/100/apcupsd/lang_ext /var/lib/selinux/targeted/active/modules/100/arpwatch /var/lib/selinux/targeted/active/modules/100/arpwatch/cil /var/lib/selinux/targeted/active/modules/100/arpwatch/hll /var/lib/selinux/targeted/active/modules/100/arpwatch/lang_ext /var/lib/selinux/targeted/active/modules/100/asterisk /var/lib/selinux/targeted/active/modules/100/asterisk/cil /var/lib/selinux/targeted/active/modules/100/asterisk/hll /var/lib/selinux/targeted/active/modules/100/asterisk/lang_ext /var/lib/selinux/targeted/active/modules/100/awstats /var/lib/selinux/targeted/active/modules/100/awstats/cil /var/lib/selinux/targeted/active/modules/100/awstats/hll /var/lib/selinux/targeted/active/modules/100/awstats/lang_ext /var/lib/selinux/targeted/active/modules/100/bitlbee /var/lib/selinux/targeted/active/modules/100/bitlbee/cil /var/lib/selinux/targeted/active/modules/100/bitlbee/hll /var/lib/selinux/targeted/active/modules/100/bitlbee/lang_ext /var/lib/selinux/targeted/active/modules/100/boinc /var/lib/selinux/targeted/active/modules/100/boinc/cil /var/lib/selinux/targeted/active/modules/100/boinc/hll /var/lib/selinux/targeted/active/modules/100/boinc/lang_ext /var/lib/selinux/targeted/active/modules/100/brctl /var/lib/selinux/targeted/active/modules/100/brctl/cil /var/lib/selinux/targeted/active/modules/100/brctl/hll /var/lib/selinux/targeted/active/modules/100/brctl/lang_ext /var/lib/selinux/targeted/active/modules/100/cobbler /var/lib/selinux/targeted/active/modules/100/cobbler/cil /var/lib/selinux/targeted/active/modules/100/cobbler/hll /var/lib/selinux/targeted/active/modules/100/cobbler/lang_ext /var/lib/selinux/targeted/active/modules/100/collectd /var/lib/selinux/targeted/active/modules/100/collectd/cil /var/lib/selinux/targeted/active/modules/100/collectd/hll /var/lib/selinux/targeted/active/modules/100/collectd/lang_ext /var/lib/selinux/targeted/active/modules/100/conman /var/lib/selinux/targeted/active/modules/100/conman/cil /var/lib/selinux/targeted/active/modules/100/conman/hll /var/lib/selinux/targeted/active/modules/100/conman/lang_ext /var/lib/selinux/targeted/active/modules/100/cpufreqselector /var/lib/selinux/targeted/active/modules/100/cpufreqselector/cil /var/lib/selinux/targeted/active/modules/100/cpufreqselector/hll /var/lib/selinux/targeted/active/modules/100/cpufreqselector/lang_ext /var/lib/selinux/targeted/active/modules/100/cvs /var/lib/selinux/targeted/active/modules/100/cvs/cil /var/lib/selinux/targeted/active/modules/100/cvs/hll /var/lib/selinux/targeted/active/modules/100/cvs/lang_ext /var/lib/selinux/targeted/active/modules/100/ddclient /var/lib/selinux/targeted/active/modules/100/ddclient/cil /var/lib/selinux/targeted/active/modules/100/ddclient/hll /var/lib/selinux/targeted/active/modules/100/ddclient/lang_ext /var/lib/selinux/targeted/active/modules/100/dnssec /var/lib/selinux/targeted/active/modules/100/dnssec/cil /var/lib/selinux/targeted/active/modules/100/dnssec/hll /var/lib/selinux/targeted/active/modules/100/dnssec/lang_ext /var/lib/selinux/targeted/active/modules/100/drbd /var/lib/selinux/targeted/active/modules/100/drbd/cil /var/lib/selinux/targeted/active/modules/100/drbd/hll /var/lib/selinux/targeted/active/modules/100/drbd/lang_ext /var/lib/selinux/targeted/active/modules/100/entropyd /var/lib/selinux/targeted/active/modules/100/entropyd/cil /var/lib/selinux/targeted/active/modules/100/entropyd/hll /var/lib/selinux/targeted/active/modules/100/entropyd/lang_ext /var/lib/selinux/targeted/active/modules/100/exim /var/lib/selinux/targeted/active/modules/100/exim/cil /var/lib/selinux/targeted/active/modules/100/exim/hll /var/lib/selinux/targeted/active/modules/100/exim/lang_ext /var/lib/selinux/targeted/active/modules/100/gdomap /var/lib/selinux/targeted/active/modules/100/gdomap/cil /var/lib/selinux/targeted/active/modules/100/gdomap/hll /var/lib/selinux/targeted/active/modules/100/gdomap/lang_ext /var/lib/selinux/targeted/active/modules/100/hddtemp /var/lib/selinux/targeted/active/modules/100/hddtemp/cil /var/lib/selinux/targeted/active/modules/100/hddtemp/hll /var/lib/selinux/targeted/active/modules/100/hddtemp/lang_ext /var/lib/selinux/targeted/active/modules/100/l2tp /var/lib/selinux/targeted/active/modules/100/l2tp/cil /var/lib/selinux/targeted/active/modules/100/l2tp/hll /var/lib/selinux/targeted/active/modules/100/l2tp/lang_ext /var/lib/selinux/targeted/active/modules/100/lircd /var/lib/selinux/targeted/active/modules/100/lircd/cil /var/lib/selinux/targeted/active/modules/100/lircd/hll /var/lib/selinux/targeted/active/modules/100/lircd/lang_ext /var/lib/selinux/targeted/active/modules/100/livecd /var/lib/selinux/targeted/active/modules/100/livecd/cil /var/lib/selinux/targeted/active/modules/100/livecd/hll /var/lib/selinux/targeted/active/modules/100/livecd/lang_ext /var/lib/selinux/targeted/active/modules/100/lttng-tools /var/lib/selinux/targeted/active/modules/100/lttng-tools/cil /var/lib/selinux/targeted/active/modules/100/lttng-tools/hll /var/lib/selinux/targeted/active/modules/100/lttng-tools/lang_ext /var/lib/selinux/targeted/active/modules/100/man2html /var/lib/selinux/targeted/active/modules/100/man2html/cil /var/lib/selinux/targeted/active/modules/100/man2html/hll /var/lib/selinux/targeted/active/modules/100/man2html/lang_ext /var/lib/selinux/targeted/active/modules/100/milter /var/lib/selinux/targeted/active/modules/100/milter/cil /var/lib/selinux/targeted/active/modules/100/milter/hll /var/lib/selinux/targeted/active/modules/100/milter/lang_ext /var/lib/selinux/targeted/active/modules/100/minidlna /var/lib/selinux/targeted/active/modules/100/minidlna/cil /var/lib/selinux/targeted/active/modules/100/minidlna/hll /var/lib/selinux/targeted/active/modules/100/minidlna/lang_ext /var/lib/selinux/targeted/active/modules/100/mock /var/lib/selinux/targeted/active/modules/100/mock/cil /var/lib/selinux/targeted/active/modules/100/mock/hll /var/lib/selinux/targeted/active/modules/100/mock/lang_ext /var/lib/selinux/targeted/active/modules/100/mplayer /var/lib/selinux/targeted/active/modules/100/mplayer/cil /var/lib/selinux/targeted/active/modules/100/mplayer/hll /var/lib/selinux/targeted/active/modules/100/mplayer/lang_ext /var/lib/selinux/targeted/active/modules/100/munin /var/lib/selinux/targeted/active/modules/100/munin/cil /var/lib/selinux/targeted/active/modules/100/munin/hll /var/lib/selinux/targeted/active/modules/100/munin/lang_ext /var/lib/selinux/targeted/active/modules/100/nagios /var/lib/selinux/targeted/active/modules/100/nagios/cil /var/lib/selinux/targeted/active/modules/100/nagios/hll /var/lib/selinux/targeted/active/modules/100/nagios/lang_ext /var/lib/selinux/targeted/active/modules/100/nsd /var/lib/selinux/targeted/active/modules/100/nsd/cil /var/lib/selinux/targeted/active/modules/100/nsd/hll /var/lib/selinux/targeted/active/modules/100/nsd/lang_ext /var/lib/selinux/targeted/active/modules/100/nslcd /var/lib/selinux/targeted/active/modules/100/nslcd/cil /var/lib/selinux/targeted/active/modules/100/nslcd/hll /var/lib/selinux/targeted/active/modules/100/nslcd/lang_ext /var/lib/selinux/targeted/active/modules/100/nut /var/lib/selinux/targeted/active/modules/100/nut/cil /var/lib/selinux/targeted/active/modules/100/nut/hll /var/lib/selinux/targeted/active/modules/100/nut/lang_ext /var/lib/selinux/targeted/active/modules/100/openfortivpn /var/lib/selinux/targeted/active/modules/100/openfortivpn/cil /var/lib/selinux/targeted/active/modules/100/openfortivpn/hll /var/lib/selinux/targeted/active/modules/100/openfortivpn/lang_ext /var/lib/selinux/targeted/active/modules/100/openvpn /var/lib/selinux/targeted/active/modules/100/openvpn/cil /var/lib/selinux/targeted/active/modules/100/openvpn/hll /var/lib/selinux/targeted/active/modules/100/openvpn/lang_ext /var/lib/selinux/targeted/active/modules/100/pdns /var/lib/selinux/targeted/active/modules/100/pdns/cil /var/lib/selinux/targeted/active/modules/100/pdns/hll /var/lib/selinux/targeted/active/modules/100/pdns/lang_ext /var/lib/selinux/targeted/active/modules/100/pingd /var/lib/selinux/targeted/active/modules/100/pingd/cil /var/lib/selinux/targeted/active/modules/100/pingd/hll /var/lib/selinux/targeted/active/modules/100/pingd/lang_ext /var/lib/selinux/targeted/active/modules/100/postgrey /var/lib/selinux/targeted/active/modules/100/postgrey/cil /var/lib/selinux/targeted/active/modules/100/postgrey/hll /var/lib/selinux/targeted/active/modules/100/postgrey/lang_ext /var/lib/selinux/targeted/active/modules/100/powerprofiles /var/lib/selinux/targeted/active/modules/100/powerprofiles/cil /var/lib/selinux/targeted/active/modules/100/powerprofiles/hll /var/lib/selinux/targeted/active/modules/100/powerprofiles/lang_ext /var/lib/selinux/targeted/active/modules/100/privoxy /var/lib/selinux/targeted/active/modules/100/privoxy/cil /var/lib/selinux/targeted/active/modules/100/privoxy/hll /var/lib/selinux/targeted/active/modules/100/privoxy/lang_ext /var/lib/selinux/targeted/active/modules/100/prosody /var/lib/selinux/targeted/active/modules/100/prosody/cil /var/lib/selinux/targeted/active/modules/100/prosody/hll /var/lib/selinux/targeted/active/modules/100/prosody/lang_ext /var/lib/selinux/targeted/active/modules/100/puppet /var/lib/selinux/targeted/active/modules/100/puppet/cil /var/lib/selinux/targeted/active/modules/100/puppet/hll /var/lib/selinux/targeted/active/modules/100/puppet/lang_ext /var/lib/selinux/targeted/active/modules/100/pwauth /var/lib/selinux/targeted/active/modules/100/pwauth/cil /var/lib/selinux/targeted/active/modules/100/pwauth/hll /var/lib/selinux/targeted/active/modules/100/pwauth/lang_ext /var/lib/selinux/targeted/active/modules/100/rkhunter /var/lib/selinux/targeted/active/modules/100/rkhunter/cil /var/lib/selinux/targeted/active/modules/100/rkhunter/hll /var/lib/selinux/targeted/active/modules/100/rkhunter/lang_ext /var/lib/selinux/targeted/active/modules/100/rlogin /var/lib/selinux/targeted/active/modules/100/rlogin/cil /var/lib/selinux/targeted/active/modules/100/rlogin/hll /var/lib/selinux/targeted/active/modules/100/rlogin/lang_ext /var/lib/selinux/targeted/active/modules/100/rshd /var/lib/selinux/targeted/active/modules/100/rshd/cil /var/lib/selinux/targeted/active/modules/100/rshd/hll /var/lib/selinux/targeted/active/modules/100/rshd/lang_ext /var/lib/selinux/targeted/active/modules/100/smokeping /var/lib/selinux/targeted/active/modules/100/smokeping/cil /var/lib/selinux/targeted/active/modules/100/smokeping/hll /var/lib/selinux/targeted/active/modules/100/smokeping/lang_ext /var/lib/selinux/targeted/active/modules/100/systemd-homed /var/lib/selinux/targeted/active/modules/100/systemd-homed/cil /var/lib/selinux/targeted/active/modules/100/systemd-homed/hll /var/lib/selinux/targeted/active/modules/100/systemd-homed/lang_ext /var/lib/selinux/targeted/active/modules/100/tcpd /var/lib/selinux/targeted/active/modules/100/tcpd/cil /var/lib/selinux/targeted/active/modules/100/tcpd/hll /var/lib/selinux/targeted/active/modules/100/tcpd/lang_ext /var/lib/selinux/targeted/active/modules/100/tcsd /var/lib/selinux/targeted/active/modules/100/tcsd/cil /var/lib/selinux/targeted/active/modules/100/tcsd/hll /var/lib/selinux/targeted/active/modules/100/tcsd/lang_ext /var/lib/selinux/targeted/active/modules/100/tlp /var/lib/selinux/targeted/active/modules/100/tlp/cil /var/lib/selinux/targeted/active/modules/100/tlp/hll /var/lib/selinux/targeted/active/modules/100/tlp/lang_ext /var/lib/selinux/targeted/active/modules/100/tor /var/lib/selinux/targeted/active/modules/100/tor/cil /var/lib/selinux/targeted/active/modules/100/tor/hll /var/lib/selinux/targeted/active/modules/100/tor/lang_ext /var/lib/selinux/targeted/active/modules/100/vnstatd /var/lib/selinux/targeted/active/modules/100/vnstatd/cil /var/lib/selinux/targeted/active/modules/100/vnstatd/hll /var/lib/selinux/targeted/active/modules/100/vnstatd/lang_ext /var/lib/selinux/targeted/active/modules/100/vpn /var/lib/selinux/targeted/active/modules/100/vpn/cil /var/lib/selinux/targeted/active/modules/100/vpn/hll /var/lib/selinux/targeted/active/modules/100/vpn/lang_ext /var/lib/selinux/targeted/active/modules/100/zabbix /var/lib/selinux/targeted/active/modules/100/zabbix/cil /var/lib/selinux/targeted/active/modules/100/zabbix/hll /var/lib/selinux/targeted/active/modules/100/zabbix/lang_ext /var/lib/selinux/targeted/active/modules/100/zebra /var/lib/selinux/targeted/active/modules/100/zebra/cil /var/lib/selinux/targeted/active/modules/100/zebra/hll /var/lib/selinux/targeted/active/modules/100/zebra/lang_ext
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 24 07:11:03 2025