-
Tue Jun 03 2025 Ilya Okomin <ilya.okomin@oracle.com> - 40.13.26-1.0.2
- Allow mptcpd the net_admin capability [Orabug: 37966641]
-
Tue Mar 11 2025 Pooja Senthil Kumar <pooja.senthil.kumar@oracle.com>- 40.13.26-1.0.1
- Allow systemd_fstab_generator_t to read udev pid files [Orabug: 37139639]
- Allow systemd_fstab_generator_t to read sysfs filesystem [Orabug: 37139639]
- Allow systemd_fstab_generator_t to get attributs of fixed_disk_device_t and
removable_device_t [Orabug: 37139639]
- Change reference in /etc/selinux/config to point to Oracle doc [Orabug: 36899915]
- Allow user_mail_domain to manage exim_log_t and exim_spool_t link files [Orabug: 36617121]
- Allow exim_t to read exim_log_t and manage exim_spool_t link files [Orabug: 36430005]
- Allow cgred_t to get attributes of cgroup filesystems [Orabug: 36176655]
- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make lsmd and rngd work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]
-
Mon Feb 17 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.26-1
- Rename winbind_rpcd_* types to samba_dcerpcd_*
Resolves: RHEL-14759
- Allow samba-dcerpcd work with ctdb cluster
Resolves: RHEL-14759
- Revert "Remove socket from unconfined_domain_type allow rule"
Resolves: RHEL-77327
- Dontaudit access of virt-related permissive domains
Resolves: RHEL-77808
- Add selinux_requires_min macro
Resolves: RHEL-54715
- Filter out EPEL related modules
Resolves: RHEL-73505
-
Thu Feb 06 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.25-1
- Update ktlshd policy to read /proc/keys and domain keyrings
Resolves: RHEL-42672
- Allow pcmsensor read nmi_watchdog state information
Resolves: RHEL-52838
- Support peer-to-peer migration of vms using ssh
Resolves: RHEL-77351
- Allow virt_domain read hardware state information unconditionally
Resolves: RHEL-71270
- Allow timemaster write to sysfs files
Resolves: RHEL-44637
- Allow virtqemud map svirt_image_t plain files
Resolves: RHEL-40080
- Allow virtqemud unmount a filesystem with extended attributes
Resolves: RHEL-40080
- Allow virtqemud work with nvdimm devices
Resolves: RHEL-71656
- Update virtqemud policy regarding the svirt_tcg_t domain
Resolves: RHEL-71270
- Allow virtqemud use hostdev usb devices conditionally
Resolves: RHEL-74230
- Support saving and restoring a VM to/from a block device
Resolves: RHEL-76138
- Allow virtnwfilterd dbus chat with firewalld
Resolves: RHEL-76138
- Allow virt_domain to use pulseaudio - conditional
Resolves: RHEL-62763
- Allow virtstoraged write to sysfs files
Resolves: RHEL-44637
- Allow irqbalance to run unconfined scripts conditionally
Resolves: RHEL-54019
- Allow rhsmcertd notify virt-who
Resolves: RHEL-77114
- Allow init mounton crypto sysctl files
Resolves: RHEL-56250
-
Mon Jan 27 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.24-1
- Allow systemd-generator connect to syslog over a unix datagram socket
Resolves: RHEL-75879
- Allow ssh_t to change role to system_r
Resolves: RHEL-53972
- Allow virtnodedev create /etc/mdevctl.d/scripts.d with bin_t type
Resolves: RHEL-39893
- Allow virtqemud manage fixed disk device nodes
Resolves: RHEL-71656
- Allow samba-bgqd connect to cupsd over an unix domain stream socket
Resolves: RHEL-72861
- Allow systemd-machined read the vsock device
Resolves: RHEL-74280
- Allow pcmsensor write nmi_watchdog state information
Resolves: RHEL-52838
- Label /proc/sys/kernel/nmi_watchdog with sysctl_nmi_watchdog_t
Resolves: RHEL-52838
-
Fri Jan 24 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-2
- Rebuild other packages with with selinux-policy-40.13.23
Resolves: RHEL-36741
-
Thu Jan 23 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-1
- Remove the lockdown class from the policy
Resolves: RHEL-36741
- Remove socket from unconfined_domain_type allow rule
Resolves: RHEL-36741
- Include key_socket in socket_class_set
Resolves: RHEL-36741
-
Thu Jan 16 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.22-1
- Allow staff user dbus chat with virt-dbus
Resolves: RHEL-73914
- Allow virtqemud domain transition to nbdkit
Resolves: RHEL-69118
- Add nbdkit interfaces defined conditionally
Resolves: RHEL-69118
- Allow svirt_t read sysfs files
Resolves: RHEL-71270
- Label /dev/pmem[0-9]+ with fixed_disk_device_t
Resolves: RHEL-71656
- Add support for the KVM guest memfd anon inodes
Resolves: RHEL-69128
- Allow sysadm user dbus chat with virt-dbus
Resolves: RHEL-73914
- Allow initrc_t transition to passwd_t
Resolves: RHEL-71665
- Allow unconfined_service_t transition to passwd_t
Resolves: RHEL-71665
-
Wed Jan 08 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.21-1
- Allow init create vsock socket for sshd
Resolves: RHEL-72549
- Support ssh connections via systemd-ssh-generator
Resolves: RHEL-72549
- Allow ssh generator work with systemd unit files
Resolves: RHEL-72549
- Confine systemd system-ssh-generator
Resolves: RHEL-72549
- Allow login_userdomain getattr nsfs files
Resolves: RHEL-72549
- Allow virtqemud send a generic signal to the ssh client domain
Resolves: RHEL-53972
- Add the auth_dontaudit_read_passwd_file() interface
Resolves: RHEL-71490
- Dontaudit request-key read /etc/passwd
Resolves: RHEL-71490
-
Fri Jan 03 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.20-1
- Allow virtqemud domain transition on numad execution
Resolves: RHEL-65789
- Support virt live migration using ssh
Resolves: RHEL-53972
- Allow ssh_t read systemd config files
Resolves: RHEL-53972
- Allow virtqemud permissions needed for live migration
Resolves: RHEL-43217
- Allow virtqemud the getpgid process permission
Resolves: RHEL-46357
- Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on
Resolves: RHEL-71068
- Allow virtqemud relabelfrom virt_log_t files
Resolves: RHEL-48236
- Allow virtqemud relabel tun_socket
Resolves: RHEL-71394
- Allow gnome-remote-desktop dbus chat with policykit
Resolves: RHEL-35877
- Update ktlsh policy
Resolves: RHEL-42672
- Confine the ktls service
Resolves: RHEL-42672
- Allow request-key to read /etc/passwd
Resolves: RHEL-71490
- Allow request-key to manage all domains' keys
Resolves: RHEL-71490