[ol8_baseos_latest] selinux-policy-3.14.3-80.0.1.el8.noarch

Name:	selinux-policy
Version:	3.14.3
Release:	80.0.1.el8
Architecture:	noarch
Group:	Unspecified
Size:	24923
License:	GPLv2+
RPM:	selinux-policy-3.14.3-80.0.1.el8.noarch.rpm
Source RPM:	selinux-policy-3.14.3-80.0.1.el8.src.rpm
Build Date:	Wed Nov 10 2021
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/fedora-selinux/selinux-policy
Summary:	SELinux policy configuration
Description:	SELinux Base package for SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117

Changelog (Show File list) (Show related packages)

Wed Nov 10 2021 EL Errata <el-errata_ww@oracle.com> - 3.14.3-80.0.1

- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Add file context for /var/run/fsck [Orabug: 32789338]
- Make iscsiadm work with mls policy [Orabug: 32725411]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make smartd work with mls policy [Orabug: 32430379]
- Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
- Allow tuned_t to execute systemd_systemctl_exec_t files [Orabug: 32355342]
- Make logrotate work with mls policy [Orabug: 32343731]
- Add interface kernel_relabelfrom_usermodehelper() [Orabug: 31396031]
- Allow systemd_tmpfiles_t domain to relabel from usermodehelper_t files [Orabug: 31396031]
- Make udev work with mls policy [Orabug: 31405299]
- Make tuned work with mls policy [Orabug: 31396024]
- Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671] (Naoki Tanaka)
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
- Enable policykit and sssd policy modules with minimum policy [Orabug: 29744511] (Naoki Tanaka)
- Allow cloud_init_t to dbus chat with systemd_logind_t [Orabug: 29399653]
- Allow udev_t to load modules [Orabug: 28260775]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Obsolete docker-engine-selinux [Orabug: 26439663]
- Fix container selinux policy [Orabug: 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

Thu Sep 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-80

- Allow rhsmcertd_t dbus chat with anaconda install_t
Resolves: rhbz#2002666

Fri Aug 27 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-79

- Introduce xdm_manage_bootloader booelan
Resolves: rhbz#1994096
- Rename samba_exec() to samba_exec_net()
Resolves: rhbz#1855215
- Allow sssd to set samba setting
Resolves: rhbz#1855215
- Allow dirsrv read slapd tmpfs files
Resolves: rhbz#1843238
- Allow rhsmcertd to create cache file in /var/cache/cloud-what
Resolves: rhbz#1994718

Wed Aug 25 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-78

- Label /usr/bin/Xwayland with xserver_exec_t
Resolves: rhbz#1984584
- Label /usr/libexec/gdm-runtime-config with xdm_exec_t
Resolves: rhbz#1984584
- Allow D-bus communication between avahi and sosreport
Resolves: rhbz#1916397
- Allow lldpad send to kdumpctl over a unix dgram socket
Resolves: rhbz#1979121
- Revert "Allow lldpad send to kdump over a unix dgram socket"
Resolves: rhbz#1979121
- Allow chronyc respond to a user chronyd instance
Resolves: rhbz#1993104
- Allow ptp4l respond to pmc
Resolves: rhbz#1993104
- Allow lldpad send to unconfined_t over a unix dgram socket
Resolves: rhbz#1993270

Thu Aug 12 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-77

- Revert "update libs_filetrans_named_content() to have support for /usr/lib/debug directory"
Resolves: rhbz#1887739
- Allow sysadm to read/write scsi files and manage shadow
Resolves: rhbz#1956302
- Allow rhsmcertd execute gpg
Resolves: rhbz#1887572
- Allow lldpad send to kdump over a unix dgram socket
Resolves: rhbz#1979121
- Remove glusterd SELinux module from distribution policy
Resolves: rhbz#1816718

Tue Aug 10 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-76

- Allow login_userdomain read and map /var/lib/systemd files
Resolves: rhbz#1965251
- Allow sysadm acces to kernel module resources
Resolves: rhbz#1965251
- Allow sysadm to read/write scsi files and manage shadow
Resolves: rhbz#1965251
- Allow sysadm access to files_unconfined and bind rpc ports
Resolves: rhbz#1965251
- Allow sysadm read and view kernel keyrings
Resolves: rhbz#1965251
- Allow bootloader to read tuned etc files
Resolves: rhbz#1965251
- Update the policy for systemd-journal-upload
Resolves: rhbz#1913414
- Allow journal mmap and read var lib files
Resolves: rhbz#1965251
- Allow tuned to read rhsmcertd config files
Resolves: rhbz#1965251
- Allow bootloader to read tuned etc files
Resolves: rhbz#1965251
- Confine rhsm service and rhsm-facts service as rhsmcertd_t
Resolves: rhbz#1846081
- Allow virtlogd_t read process state of user domains
Resolves: rhbz#1797899
- Allow cockpit_ws_t get attributes of fs_t filesystems
Resolves: rhbz#1979182

Thu Jul 29 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-75

- Add the unconfined_dgram_send() interface
Resolves: rhbz#1978562
- Change dev_getattr_infiniband_dev() to use getattr_chr_files_pattern()
Resolves: rhbz#1936522
- Add checkpoint_restore cap2 capability
Resolves: rhbz#1973325
- Allow fcoemon talk with unconfined user over unix domain datagram socket
Resolves: rhbz#1978562
- Allow hostapd bind UDP sockets to the dhcpd port
Resolves: rhbz#1977676
- Allow NetworkManager read and write z90crypt device
Resolves: rhbz#1938203
- Allow abrt_domain read and write z90crypt device
Resolves: rhbz#1938203
- Label /usr/lib/pcs/pcs_snmp_agent with cluster_exec_t
Resolves: rhbz#1937111
- Allow mdadm read iscsi pid files
Resolves: rhbz#1924716

Fri Jul 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-74

- Allow dyntransition from sshd_t to unconfined_t
Resolves: rhbz#1947841

Wed Jul 14 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-73

- Removed adding to attribute unpriv_userdomain from userdom_unpriv_type template
Resolves: rhbz#1947841
- Allow transition from xdm domain to unconfined_t domain.
Resolves: rhbz#1947841
- Allow nftables read NetworkManager unnamed pipes
Resolves: rhbz#1967857
- Create a policy for systemd-journal-upload
Resolves: rhbz#1913414
- Add dev_getattr_infiniband_dev() interface.
Resolves: rhbz#1972522
- Allow tcpdump and nmap get attributes of infiniband_device_t
Resolves: rhbz#1972522
- Allow fcoemon create sysfs files
Resolves: rhbz#1978562
- Allow nftables read NetworkManager unnamed pipes
Resolves: rhbz#1967857
- Allow radius map its library files
Resolves: rhbz#1854650
- Allow arpwatch get attributes of infiniband_device_t devices
Resolves: rhbz#1936522

Tue Jun 29 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-72

- Allow systemd-sleep get attributes of fixed disk device nodes
Resolves: rhbz#1931460
- Allow systemd-sleep create hardware state information files
Resolves: rhbz#1968610
- virtiofs supports Xattrs and SELinux
Resolves: rhbz#1899703
- Label 4460/tcp port as ntske_port_t
Resolves: rhbz#1961207
- Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
Resolves: rhbz#1961207
- Allow chronyd_t to accept and make NTS-KE connections
Resolves: rhbz#1961207
- Dontaudit NetworkManager write to initrc_tmp_t pipes
Resolves: rhbz#1963162
- Allow logrotate rotate container log files
Resolves: rhbz#1892170
- Allow rhsmd read process state of all domains and kernel threads
Resolves: rhbz#1878020