[ol8_baseos_latest] selinux-policy-3.14.3-80.0.4.el8_5.2.noarch

Name:	selinux-policy
Version:	3.14.3
Release:	80.0.4.el8_5.2
Architecture:	noarch
Group:	Unspecified
Size:	24927
License:	GPLv2+
RPM:	selinux-policy-3.14.3-80.0.4.el8_5.2.noarch.rpm
Source RPM:	selinux-policy-3.14.3-80.0.4.el8_5.2.src.rpm
Build Date:	Thu Jan 06 2022
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/fedora-selinux/selinux-policy
Summary:	SELinux policy configuration
Description:	SELinux Base package for SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117

Changelog (Show File list) (Show related packages)

Mon Jan 03 2022 Naoki Tanaka <naoki.tanaka@oracle.com> - 3.14.3-80.0.4.2

- Allow tuned_t to read the process state of all domains [Orabug: 33520684]

Mon Jan 03 2022 Naoki Tanaka <naoki.tanaka@oracle.com> - 3.14.3-80.0.3.2
```
- Allow initrc_t to manage pid files used by chronyd [Orabug: 33520623]
```

Thu Dec 16 2021 EL Errata <el-errata_ww@oracle.com> - 3.14.3-80.0.2.2

- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Add file context for /var/run/fsck [Orabug: 32789338]
- Make iscsiadm work with mls policy [Orabug: 32725411]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make smartd work with mls policy [Orabug: 32430379]
- Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
- Allow tuned_t to execute systemd_systemctl_exec_t files [Orabug: 32355342]
- Make logrotate work with mls policy [Orabug: 32343731]
- Add interface kernel_relabelfrom_usermodehelper() [Orabug: 31396031]
- Allow systemd_tmpfiles_t domain to relabel from usermodehelper_t files [Orabug: 31396031]
- Make udev work with mls policy [Orabug: 31405299]
- Make tuned work with mls policy [Orabug: 31396024]
- Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671] (Naoki Tanaka)
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
- Enable policykit and sssd policy modules with minimum policy [Orabug: 29744511] (Naoki Tanaka)
- Allow cloud_init_t to dbus chat with systemd_logind_t [Orabug: 29399653]
- Allow udev_t to load modules [Orabug: 28260775]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Obsolete docker-engine-selinux [Orabug: 26439663]
- Fix container selinux policy [Orabug: 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

Fri Dec 10 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-80.2

- Allow unconfined_t to node_bind icmp_sockets in node_t domain
Resolves: rhbz#2027691

Wed Nov 10 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-80.1

- Allow unconfined domains to bpf all other domains
Resolves: rhbz#2015846

Thu Sep 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-80

- Allow rhsmcertd_t dbus chat with anaconda install_t
Resolves: rhbz#2002666

Fri Aug 27 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-79

- Introduce xdm_manage_bootloader booelan
Resolves: rhbz#1994096
- Rename samba_exec() to samba_exec_net()
Resolves: rhbz#1855215
- Allow sssd to set samba setting
Resolves: rhbz#1855215
- Allow dirsrv read slapd tmpfs files
Resolves: rhbz#1843238
- Allow rhsmcertd to create cache file in /var/cache/cloud-what
Resolves: rhbz#1994718

Wed Aug 25 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-78

- Label /usr/bin/Xwayland with xserver_exec_t
Resolves: rhbz#1984584
- Label /usr/libexec/gdm-runtime-config with xdm_exec_t
Resolves: rhbz#1984584
- Allow D-bus communication between avahi and sosreport
Resolves: rhbz#1916397
- Allow lldpad send to kdumpctl over a unix dgram socket
Resolves: rhbz#1979121
- Revert "Allow lldpad send to kdump over a unix dgram socket"
Resolves: rhbz#1979121
- Allow chronyc respond to a user chronyd instance
Resolves: rhbz#1993104
- Allow ptp4l respond to pmc
Resolves: rhbz#1993104
- Allow lldpad send to unconfined_t over a unix dgram socket
Resolves: rhbz#1993270

Thu Aug 12 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-77

- Revert "update libs_filetrans_named_content() to have support for /usr/lib/debug directory"
Resolves: rhbz#1887739
- Allow sysadm to read/write scsi files and manage shadow
Resolves: rhbz#1956302
- Allow rhsmcertd execute gpg
Resolves: rhbz#1887572
- Allow lldpad send to kdump over a unix dgram socket
Resolves: rhbz#1979121
- Remove glusterd SELinux module from distribution policy
Resolves: rhbz#1816718

Tue Aug 10 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-76

- Allow login_userdomain read and map /var/lib/systemd files
Resolves: rhbz#1965251
- Allow sysadm acces to kernel module resources
Resolves: rhbz#1965251
- Allow sysadm to read/write scsi files and manage shadow
Resolves: rhbz#1965251
- Allow sysadm access to files_unconfined and bind rpc ports
Resolves: rhbz#1965251
- Allow sysadm read and view kernel keyrings
Resolves: rhbz#1965251
- Allow bootloader to read tuned etc files
Resolves: rhbz#1965251
- Update the policy for systemd-journal-upload
Resolves: rhbz#1913414
- Allow journal mmap and read var lib files
Resolves: rhbz#1965251
- Allow tuned to read rhsmcertd config files
Resolves: rhbz#1965251
- Allow bootloader to read tuned etc files
Resolves: rhbz#1965251
- Confine rhsm service and rhsm-facts service as rhsmcertd_t
Resolves: rhbz#1846081
- Allow virtlogd_t read process state of user domains
Resolves: rhbz#1797899
- Allow cockpit_ws_t get attributes of fs_t filesystems
Resolves: rhbz#1979182