-
Tue Feb 28 2023 Alan Steinberg <alan.steinberg@oracle.com> - 34.1.43-1.0.3.2
- Label /var/log/kdump.log with kdump_log_t [Orabug: 33810371]
- Allow svirt_t domain to mmap svirt_image_t character files [Orabug: 34908824]
- Allow system dbus daemon to watch generic /var/lib directory [Orabug: 34375044]
- Allow rpm_t sys_admin capability [Orabug: 34250651]
- Revert "Dontaudit domain the fowner capability" [Orabug: 33952489]
- Make systemd_tmpfiles_t MLS trusted for lowering the level of files [Orabug: 33841245]
- Allow nfsd_t to list exports_t dirs [Orabug: 33844301]
- Allow fsadm_t to get attributes of cgroup filesystems [Orabug: 33841268]
- Label /var/run/tmpfiles.d/static-nodes.conf with kmod_var_run_t [Orabug: 33841205]
- Allow udev to watch fixed disk devices [Orabug: 33841093]
- Allow tuned_t to read the process state of all domains [Orabug: 33520684]
- Allow initrc_t to manage pid files used by chronyd [Orabug: 33520623]
- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Make iscsiadm work with mls policy [Orabug: 32725411]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make smartd work with mls policy [Orabug: 32430379]
- Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
- Allow tuned_t to execute systemd_systemctl_exec_t files [Orabug: 32355342]
- Make logrotate work with mls policy [Orabug: 32343731]
- Make udev work with mls policy [Orabug: 31405299]
- Make tuned work with mls policy [Orabug: 31396024]
- Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
- Enable policykit and sssd policy modules with minimum policy [Orabug: 29744511]
- Allow cloud_init_t to dbus chat with systemd_logind_t [Orabug: 29399653]
- Allow udev_t to load modules [Orabug: 28260775]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Fix container selinux policy [Orabug: 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]
-
Wed Feb 15 2023 Nikola Knazekova <nknazeko@redhat.com> - 34.1.43-1.2
- Allow smbd_t process noatsecure permission for winbind_rpcd_t
Resolves: rhbz#2168961
-
Fri Jan 06 2023 Nikola Knazekova <nknazeko@redhat.com> - 34.1.43-1.1
- Add domain_unix_read_all_semaphores() interface
Resolves: rhbz#2136760
- Allow rhcd compute selinux access vector
Resolves: rhbz#2136760
- Add file context entries for insights-client and rhc
Resolves: rhbz#2136760
- Revert "Allow insights-client run lpr and allow the proper role"
Resolves: rhbz#2136760
- Allow insights-client dbus chat with various services
Resolves: rhbz#2136760
- Allow insights-client tcp connect to various ports
Resolves: rhbz#2136760
- Allow insights-client run lpr and allow the proper role
Resolves: rhbz#2136760
- Allow insights-client work with pcp and manage user config files
Resolves: rhbz#2136760
- Allow insights-client dbus chat with abrt
Resolves: rhbz#2136760
- Allow insights client communicate with cupsd, mysqld, openvswitch, redis
Resolves: rhbz#2136760
- Allow insights client read raw memory devices
Resolves: rhbz#2136760
- Allow insights-client domain transition on semanage execution
Resolves: rhbz#2136760
- Allow insights-client create gluster log dir with a transition
Resolves: rhbz#2136760
- Allow insights-client manage generic locks
Resolves: rhbz#2136760
- Allow insights-client unix_read all domain semaphores
Resolves: rhbz#2136760
- Allow insights-client manage samba var dirs
Resolves: rhbz#2136760
- Allow insights-client send null signal to rpm and system cronjob
Resolves: rhbz#2136760
- Allow insights-client connect to postgresql with a unix socket
Resolves: rhbz#2136760
- Allow insights-client domtrans on unix_chkpwd execution
Resolves: rhbz#2136760
-
Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.43-1
- Update rhcd policy for executing additional commands 5
Resolves: rhbz#2119351
- Update rhcd policy for executing additional commands 4
Resolves: rhbz#2119351
- Allow rhcd create rpm hawkey logs with correct label
Resolves: rhbz#2119351
- Update rhcd policy for executing additional commands 3
Resolves: rhbz#2119351
- Allow sssd to set samba setting
Resolves: rhbz#2121125
- Allow journalctl read rhcd fifo files
Resolves: rhbz#2119351
- Update insights-client policy for additional commands execution 5
Resolves: rhbz#2121125
- Confine insights-client systemd unit
Resolves: rhbz#2121125
- Update insights-client policy for additional commands execution 4
Resolves: rhbz#2121125
- Update insights-client policy for additional commands execution 3
Resolves: rhbz#2121125
- Allow rhcd execute all executables
Resolves: rhbz#2119351
- Update rhcd policy for executing additional commands 2
Resolves: rhbz#2119351
- Update insights-client policy for additional commands execution 2
Resolves: rhbz#2121125
-
Mon Aug 29 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.42-1
- Label /var/log/rhc-worker-playbook with rhcd_var_log_t
Resolves: rhbz#2119351
- Update insights-client policy (auditctl, gpg, journal)
Resolves: rhbz#2107363
-
Thu Aug 25 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.41-1
- Allow unconfined domains to bpf all other domains
Resolves: RHBZ#2112014
- Allow stalld get and set scheduling policy of all domains.
Resolves: rhbz#2105038
- Allow unconfined_t transition to targetclid_home_t
Resolves: RHBZ#2106360
- Allow samba-bgqd to read a printer list
Resolves: rhbz#2118977
- Allow system_dbusd ioctl kernel with a unix stream sockets
Resolves: rhbz#2085392
- Allow chronyd bind UDP sockets to ptp_event ports.
Resolves: RHBZ#2118631
- Update tor_bind_all_unreserved_ports interface
Resolves: RHBZ#2089486
- Remove permissive domain for rhcd_t
Resolves: rhbz#2119351
- Allow unconfined and sysadm users transition for /root/.gnupg
Resolves: rhbz#2121125
- Add gpg_filetrans_admin_home_content() interface
Resolves: rhbz#2121125
- Update rhcd policy for executing additional commands
Resolves: rhbz#2119351
- Update insights-client policy for additional commands execution
Resolves: rhbz#2119507
- Add rpm setattr db files macro
Resolves: rhbz#2119507
- Add userdom_view_all_users_keys() interface
Resolves: rhbz#2119507
- Allow gpg read and write generic pty type
Resolves: rhbz#2119507
- Allow chronyc read and write generic pty type
Resolves: rhbz#2119507
-
Wed Aug 10 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.40-1
- Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd
Resolves: RHBZ#2088257
- Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t
Resolves: RHBZ#1976684
- Allow samba-bgqd get a printer list
Resolves: rhbz#2112395
- Allow networkmanager to signal unconfined process
Resolves: RHBZ#2074414
- Update NetworkManager-dispatcher policy
Resolves: RHBZ#2101910
- Allow openvswitch search tracefs dirs
Resolves: rhbz#1988164
- Allow openvswitch use its private tmpfs files and dirs
Resolves: rhbz#1988164
- Allow openvswitch fsetid capability
Resolves: rhbz#1988164
-
Tue Aug 02 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.39-1
- Add support for systemd-network-generator
Resolves: RHBZ#2111069
- Allow systemd work with install_t unix stream sockets
Resolves: rhbz#2111206
- Allow sa-update to get init status and start systemd files
Resolves: RHBZ#2061844
-
Fri Jul 15 2022 Nikola Knazekova <nknazeko@redhat.com> - 34.1.38-1
- Allow some domains use sd_notify()
Resolves: rhbz#2056565
- Revert "Allow rabbitmq to use systemd notify"
Resolves: rhbz#2056565
- Update winbind_rpcd_t
Resolves: rhbz#2102084
- Update chronyd_pid_filetrans() to allow create dirs
Resolves: rhbz#2101910
- Allow keepalived read the contents of the sysfs filesystem
Resolves: rhbz#2098130
- Define LIBSEPOL version 3.4-1
Resolves: rhbz#2095688
-
Wed Jun 29 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.37-1
- Allow targetclid read /var/target files
Resolves: rhbz#2020169
- Update samba-dcerpcd policy for kerberos usage 2
Resolves: rhbz#2096521
- Allow samba-dcerpcd work with sssd
Resolves: rhbz#2096521
- Allow stalld set scheduling policy of kernel threads
Resolves: rhbz#2102224