[ol10_appstream] selinux-policy-devel-40.13.26-1.0.2.el10.noarch

SELinux policy development package.
This package contains:
- interfaces, macros, and patterns for policy development
- a policy example
- the macro-expander utility
and some additional files.

Changelog (Show File list) (Show related packages)

• Tue Jun 03 2025 Ilya Okomin <ilya.okomin@oracle.com> - 40.13.26-1.0.2

  - Allow mptcpd the net_admin capability [Orabug: 37966641]

• Tue Mar 11 2025 Pooja Senthil Kumar <pooja.senthil.kumar@oracle.com>- 40.13.26-1.0.1

  - Allow systemd_fstab_generator_t to read udev pid files [Orabug: 37139639]
  - Allow systemd_fstab_generator_t to read sysfs filesystem [Orabug: 37139639]
  - Allow systemd_fstab_generator_t to get attributs of fixed_disk_device_t and
    removable_device_t [Orabug: 37139639]
  - Change reference in /etc/selinux/config to point to Oracle doc [Orabug: 36899915]
  - Allow user_mail_domain to manage exim_log_t and exim_spool_t link files [Orabug: 36617121]
  - Allow exim_t to read exim_log_t and manage exim_spool_t link files [Orabug: 36430005]
  - Allow cgred_t to get attributes of cgroup filesystems [Orabug: 36176655]
  - Make import-state work with mls policy [Orabug: 32636699]
  - Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
  - Add comment for map on lvm_metadata_t. [Orabug: 31405325]
  - Make cloud-init work with mls policy [Orabug: 32430460]
  - Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
  - Make lsmd and rngd work with mls policy [Orabug: 31405378]
  - Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
  - Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
  - Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]

• Mon Feb 17 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.26-1

  - Rename winbind_rpcd_* types to samba_dcerpcd_*
  Resolves: RHEL-14759
  - Allow samba-dcerpcd work with ctdb cluster
  Resolves: RHEL-14759
  - Revert "Remove socket from unconfined_domain_type allow rule"
  Resolves: RHEL-77327
  - Dontaudit access of virt-related permissive domains
  Resolves: RHEL-77808
  - Add selinux_requires_min macro
  Resolves: RHEL-54715
  - Filter out EPEL related modules
  Resolves: RHEL-73505

• Thu Feb 06 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.25-1

  - Update ktlshd policy to read /proc/keys and domain keyrings
  Resolves: RHEL-42672
  - Allow pcmsensor read nmi_watchdog state information
  Resolves: RHEL-52838
  - Support peer-to-peer migration of vms using ssh
  Resolves: RHEL-77351
  - Allow virt_domain read hardware state information unconditionally
  Resolves: RHEL-71270
  - Allow timemaster write to sysfs files
  Resolves: RHEL-44637
  - Allow virtqemud map svirt_image_t plain files
  Resolves: RHEL-40080
  - Allow virtqemud unmount a filesystem with extended attributes
  Resolves: RHEL-40080
  - Allow virtqemud work with nvdimm devices
  Resolves: RHEL-71656
  - Update virtqemud policy regarding the svirt_tcg_t domain
  Resolves: RHEL-71270
  - Allow virtqemud use hostdev usb devices conditionally
  Resolves: RHEL-74230
  - Support saving and restoring a VM to/from a block device
  Resolves: RHEL-76138
  - Allow virtnwfilterd dbus chat with firewalld
  Resolves: RHEL-76138
  - Allow virt_domain to use pulseaudio - conditional
  Resolves: RHEL-62763
  - Allow virtstoraged write to sysfs files
  Resolves: RHEL-44637
  - Allow irqbalance to run unconfined scripts conditionally
  Resolves: RHEL-54019
  - Allow rhsmcertd notify virt-who
  Resolves: RHEL-77114
  - Allow init mounton crypto sysctl files
  Resolves: RHEL-56250

• Mon Jan 27 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.24-1

  - Allow systemd-generator connect to syslog over a unix datagram socket
  Resolves: RHEL-75879
  - Allow ssh_t to change role to system_r
  Resolves: RHEL-53972
  - Allow virtnodedev create /etc/mdevctl.d/scripts.d with bin_t type
  Resolves: RHEL-39893
  - Allow virtqemud manage fixed disk device nodes
  Resolves: RHEL-71656
  - Allow samba-bgqd connect to cupsd over an unix domain stream socket
  Resolves: RHEL-72861
  - Allow systemd-machined read the vsock device
  Resolves: RHEL-74280
  - Allow pcmsensor write nmi_watchdog state information
  Resolves: RHEL-52838
  - Label /proc/sys/kernel/nmi_watchdog with sysctl_nmi_watchdog_t
  Resolves: RHEL-52838

• Fri Jan 24 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-2

  - Rebuild other packages with with selinux-policy-40.13.23
  Resolves: RHEL-36741

• Thu Jan 23 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-1

  - Remove the lockdown class from the policy
  Resolves: RHEL-36741
  - Remove socket from unconfined_domain_type allow rule
  Resolves: RHEL-36741
  - Include key_socket in socket_class_set
  Resolves: RHEL-36741

• Thu Jan 16 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.22-1

  - Allow staff user dbus chat with virt-dbus
  Resolves: RHEL-73914
  - Allow virtqemud domain transition to nbdkit
  Resolves: RHEL-69118
  - Add nbdkit interfaces defined conditionally
  Resolves: RHEL-69118
  - Allow svirt_t read sysfs files
  Resolves: RHEL-71270
  - Label /dev/pmem[0-9]+ with fixed_disk_device_t
  Resolves: RHEL-71656
  - Add support for the KVM guest memfd anon inodes
  Resolves: RHEL-69128
  - Allow sysadm user dbus chat with virt-dbus
  Resolves: RHEL-73914
  - Allow initrc_t transition to passwd_t
  Resolves: RHEL-71665
  - Allow unconfined_service_t transition to passwd_t
  Resolves: RHEL-71665

• Wed Jan 08 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.21-1

  - Allow init create vsock socket for sshd
  Resolves: RHEL-72549
  - Support ssh connections via systemd-ssh-generator
  Resolves: RHEL-72549
  - Allow ssh generator work with systemd unit files
  Resolves: RHEL-72549
  - Confine systemd system-ssh-generator
  Resolves: RHEL-72549
  - Allow login_userdomain getattr nsfs files
  Resolves: RHEL-72549
  - Allow virtqemud send a generic signal to the ssh client domain
  Resolves: RHEL-53972
  - Add the auth_dontaudit_read_passwd_file() interface
  Resolves: RHEL-71490
  - Dontaudit request-key read /etc/passwd
  Resolves: RHEL-71490

• Fri Jan 03 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.20-1

  - Allow virtqemud domain transition on numad execution
  Resolves: RHEL-65789
  - Support virt live migration using ssh
  Resolves: RHEL-53972
  - Allow ssh_t read systemd config files
  Resolves: RHEL-53972
  - Allow virtqemud permissions needed for live migration
  Resolves: RHEL-43217
  - Allow virtqemud the getpgid process permission
  Resolves: RHEL-46357
  - Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on
  Resolves: RHEL-71068
  - Allow virtqemud relabelfrom virt_log_t files
  Resolves: RHEL-48236
  - Allow virtqemud relabel tun_socket
  Resolves: RHEL-71394
  - Allow gnome-remote-desktop dbus chat with policykit
  Resolves: RHEL-35877
  - Update ktlsh policy
  Resolves: RHEL-42672
  - Confine the ktls service
  Resolves: RHEL-42672
  - Allow request-key to read /etc/passwd
  Resolves: RHEL-71490
  - Allow request-key to manage all domains' keys
  Resolves: RHEL-71490