[ol8_baseos_latest] selinux-policy-3.14.3-54.0.9.el8_3.3.noarch

Name:	selinux-policy
Version:	3.14.3
Release:	54.0.9.el8_3.3
Architecture:	noarch
Group:	Unspecified
Size:	24927
License:	GPLv2+
RPM:	selinux-policy-3.14.3-54.0.9.el8_3.3.noarch.rpm
Source RPM:	selinux-policy-3.14.3-54.0.9.el8_3.3.src.rpm
Build Date:	Tue Apr 06 2021
Build Host:	host-100-100-224-8.blddevtest1iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	https://github.com/fedora-selinux/selinux-policy
Summary:	SELinux policy configuration
Description:	SELinux Base package for SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117

Changelog (Show File list) (Show related packages)

Tue Apr 06 2021 EL Errata <el-errata_ww@oracle.com> - 3.14.3-54.0.9.3

- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make smartd work with mls policy [Orabug: 32430379]
- Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
- Allow tuned_t to execute systemd_systemctl_exec_t files [Orabug: 32355342]
- Make logrotate work with mls policy [Orabug: 32343731]
- Add interface kernel_relabelfrom_usermodehelper() [Orabug: 31396031]
- Allow systemd_tmpfiles_t domain to relabel from usermodehelper_t files [Orabug: 31396031]
- Update interface modutils_read_module_deps to allow caller domain also mmap modules_dep_t files BZ(1758634) [Orabug: 31405299]
- Make udev work with mls policy [Orabug: 31405299]
- Make tuned work with mls policy [Orabug: 31396024]
- Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671] (Naoki Tanaka)
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
- Enable policykit and sssd policy modules with minimum policy [Orabug: 29744511] (Naoki Tanaka)
- Allow cloud_init_t to dbus chat with systemd_logind_t [Orabug: 29399653]
- Allow udev_t to load modules [Orabug: 28260775]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Obsolete docker-engine-selinux [Orabug: 26439663]
- Fix container selinux policy [Orabug: 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

Mon Mar 15 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-54.3

- Allow systemd the audit_control capability conditionally
Resolves: rhbz#1938216

Mon Dec 07 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-54.2
```
- Update systemd-sleep policy
Resolves: rhbz#1890884
```

Tue Oct 27 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-54.1

- Add fstools_rw_swap_files() interface
Resolves: rhbz#1890884
- Confine systemd-sleep service
Resolves: rhbz#1890884

Thu Sep 17 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-54
```
- Allow plymouth sys_chroot capability
Resolves: rhbz#1869814
```

Sun Aug 23 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-53

- Allow certmonger fowner capability
Resolves: rhbz#1870596
- Define named file transition for saslauthd on /tmp/krb5_0.rcache2
Resolves: rhbz#1870300
- Label /usr/libexec/qemu-pr-helper with virtd_exec_t
Resolves: rhbz#1867115

Thu Aug 13 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-52

- Add ipa_helper_noatsecure() interface unconditionally
Resolves: rhbz#1853432
- Conditionally allow nagios_plugin_domain dbus chat with init
Resolves: rhbz#1750821
- Revert "Update allow rules set for nrpe_t domain"
Resolves: rhbz#1750821
- Add ipa_helper_noatsecure() interface to ipa.if
Resolves: rhbz#1853432
- Allow tomcat map user temporary files
Resolves: rhbz#1857675
- Allow tomcat manage user temporary files
Resolves: rhbz#1857675
- Add file context for /sys/kernel/tracing
Resolves: rhbz#1847331
- Define named file transition for sshd on /tmp/krb5_0.rcache2
Resolves: rhbz#1848953

Mon Aug 03 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-51

- Allow kadmind manage kerberos host rcache
Resolves: rhbz#1863043
- Allow virtlockd only getattr and lock block devices
Resolves: rhbz#1832756
- Allow qemu-ga read all non security file types conditionally
Resolves: rhbz#1747960
- Allow virtlockd manage VMs posix file locks
Resolves: rhbz#1832756
- Add dev_lock_all_blk_files() interface
Resolves: rhbz#1832756
- Allow systemd-logind dbus chat with fwupd
Resolves: rhbz#1851932
- Update xserver_rw_session macro
Resolves: rhbz#1851448

Wed Jul 29 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-50

- Revert "Allow qemu-kvm read and write /dev/mapper/control"
This reverts commit f948eaf3d010215fc912e42013e4f88870279093.
- Allow smbd get attributes of device files labeled samba_share_t
Resolves: rhbz#1851816
- Allow tomcat read user temporary files
Resolves: rhbz#1857675
- Revert "Dontaudit and disallow sys_admin capability for keepalived_t domain"
Resolves: rhbz#1815281
- Label /tmp/krb5_0.rcache2 with krb5_host_rcache_t
Resolves: rhbz#1848953
- Allow auditd manage kerberos host rcache files
Resolves: rhbz#1855770

Thu Jul 09 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-49

- Additional support for keepalived running in a namespace
Resolves: rhbz#1815281
- Allow keepalived manage its private type runtime directories
Resolves: rhbz#1815281
- Run ipa_helper_noatsecure(oddjob_t) only if the interface exists
Resolves: rhbz#1853432
- Allow oddjob_t process noatsecure permission for ipa_helper_t
Resolves: rhbz#1853432
- Allow domain dbus chat with systemd-resolved
Resolves: rhbz#1852378
- Define file context for /var/run/netns directory only
Related: rhbz#1815281