[ol9_baseos_latest] selinux-policy-doc-38.1.45-3.0.1.el9_5.noarch

Name:	selinux-policy-doc
Version:	38.1.45
Release:	3.0.1.el9_5
Architecture:	noarch
Group:	Unspecified
Size:	33386261
License:	GPLv2+
RPM:	selinux-policy-doc-38.1.45-3.0.1.el9_5.noarch.rpm
Source RPM:	selinux-policy-38.1.45-3.0.1.el9_5.src.rpm
Build Date:	Wed Nov 13 2024
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/fedora-selinux/selinux-policy
Summary:	SELinux policy documentation
Description:	SELinux policy documentation package. This package contains manual pages and documentation of the policy modules.

Changelog (Show File list) (Show related packages)

Tue Nov 12 2024 Pooja Senthil Kumar <pooja.senthil.kumar@oracle.com> - 38.1.45-3.0.1

- Fixed avc for agetty checkpoint restore denied [Orabug: 36893425]
- Change reference in /etc/selinux/config to point to Oracle doc [Orabug: 36899915]
- Allow user_mail_domain to manage exim_log_t and exim_spool_t link files [Orabug: 36617121]
- Allow exim read network sysctls [Orabug: 36606051]
- Allow exim_t to read exim_log_t and manage exim_spool_t link files [Orabug: 36430005]
- Allow cgred_t to get attributes of cgroup filesystems [Orabug: 36176655]
- Allow kdumpctl_t to execmem [Orabug: 35381156]
- Allow NetworkManager_dispatcher_dhclient_t to execute shells without a domain transition [Orabug: 35091334]
- Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files [Orabug: 35122619]
- Label /var/log/kdump.log with kdump_log_t [Orabug: 33810371]
- Allow rpm_t sys_admin capability [Orabug: 34250651]
- Make systemd_tmpfiles_t MLS trusted for lowering the level of files [Orabug: 33841245]
- Allow nfsd_t to list exports_t dirs [Orabug: 33844301]
- Allow fsadm_t to get attributes of cgroup filesystems [Orabug: 33841268]
- Allow tuned_t to read the process state of all domains [Orabug: 33520684]
- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Make iscsiadm work with mls policy [Orabug: 32725411]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make smartd work with mls policy [Orabug: 32430379]
- Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
- Allow tuned_t to execute systemd_systemctl_exec_t files [Orabug: 32355342]
- Make udev work with mls policy [Orabug: 31405299]
- Make tuned work with mls policy [Orabug: 31396024]
- Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
- Allow udev_t to load modules [Orabug: 28260775]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Fix container selinux policy [Orabug: 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]

Mon Sep 16 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-3
```
- Rebuild
Resolves: RHEL-55414
```
Wed Sep 04 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-2
```
- Rebuild
Resolves: RHEL-55414
```

Thu Aug 29 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-1

- Allow setsebool_t relabel selinux data files
Resolves: RHEL-55414

Mon Aug 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.44-1

- Allow coreos-installer-generator work with partitions
Resolves: RHEL-38614
- Label /etc/mdadm.conf.d with mdadm_conf_t
Resolves: RHEL-38614
- Change file context specification to /var/run/metadata
Resolves: RHEL-49735
- Allow initrc_t transition to passwd_t
Resolves: RHEL-17404
- systemd: allow systemd_notify_t to send data to kernel_t datagram sockets
Resolves: RHEL-25514
- systemd: allow sys_admin capability for systemd_notify_t
Resolves: RHEL-25514
- Change systemd-network-generator transition to include class file
Resolves: RHEL-47033
- Allow sshd_keygen_t connect to userdbd over a unix stream socket
Resolves: RHEL-47033

Wed Jul 31 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.43-1

- Allow rhsmcertd read/write access to /dev/papr-sysparm
Resolves: RHEL-49599
- Label /dev/papr-sysparm and /dev/papr-vpd
Resolves: RHEL-49599
- Allow rhsmcertd read, write, and map ica tmpfs files
Resolves: RHEL-50926
- Update afterburn file transition policy
Resolves: RHEL-49735
- Label /run/metadata with afterburn_runtime_t
Resolves: RHEL-49735
- Allow afterburn list ssh home directory
Resolves: RHEL-49735
- Support SGX devices
Resolves: RHEL-50922
- Allow systemd-pstore send a message to syslogd over a unix domain
Resolves: RHEL-45528
- Allow postfix_domain map postfix_etc_t files
Resolves: RHEL-46332
- Allow microcode create /sys/devices/system/cpu/microcode/reload
Resolves: RHEL-26821
- Allow svirt_tcg_t map svirt_image_t files
Resolves: RHEL-27141
- Allow systemd-hostnamed shut down nscd
Resolves: RHEL-45033
- Allow postfix_domain connect to postgresql over a unix socket
Resolves: RHEL-6776

Thu Jul 18 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.42-1

- Label samba certificates with samba_cert_t
Resolves: RHEL-25724
- Allow systemd-coredumpd the sys_chroot capability
Resolves: RHEL-45245
- Allow svirt_tcg_t read vm sysctls
Resolves: RHEL-27141
- Label /usr/sbin/samba-gpupdate with samba_gpupdate_exec_t
Resolves: RHEL-25724
- Label /var/run/coreos-installer-reboot with coreos_installer_var_run_t
Resolves: RHEL-38614
- Allow coreos-installer add systemd unit file links
Resolves: RHEL-38614

Sun Jul 07 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.41-1

- Differentiate between staff and sysadm when executing crontab with sudo
Resolves: RHEL-31888
- Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t
Resolves: RHEL-25724
- Allow unconfined_service_t transition to passwd_t
Resolves: RHEL-17404
- Allow sbd to trace processes in user namespace
Resolves: RHEL-44680
- Allow systemd-coredumpd sys_admin and sys_resource capabilities
Resolves: RHEL-45245
- Label /usr/lib/node_modules/npm/bin with bin_t
Resolves: RHEL-36587
- Support /var is empty
Resolves: RHEL-29331
- Allow timemaster write to sysfs files
Resolves: RHEL-28777
- Don't audit crontab_domain write attempts to user home
Resolves: RHEL-31888
- Transition from sudodomains to crontab_t when executing crontab_exec_t
Resolves: RHEL-31888
- Fix label of pseudoterminals created from sudodomain
Resolves: RHEL-31888

Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.40-1

- Allow systemd-coredump read nsfs files
Resolves: RHEL-39937
- Allow login_userdomain execute systemd-tmpfiles in the caller domain
Resolves: RHEL-40374
- Allow ptp4l_t request that the kernel load a kernel module
Resolves: RHEL-38905
- Allow collectd to trace processes in user namespace
Resolves: RHEL-36293

Thu Jun 06 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.39-1

- Add interfaces for watching and reading ifconfig_var_run_t
Resolves: RHEL-39408
- Allow dhcpcd use unix_stream_socket
Resolves: RHEL-39408
- Allow dhcpc read /run/netns files
Resolves: RHEL-39408
- Allow all domains read and write z90crypt device
Resolves: RHEL-38833
- Allow bootupd search efivarfs dirs
Resolves: RHEL-36289
- Move unconfined_domain(sap_unconfined_t) to an optional block
Resolves: RHEL-37663