Skip to content

CentOS 7 - Updates for x86_64: system environment/base: selinux-policy

selinux-policy - SELinux policy configuration

Website: http://oss.tresys.com/repos/refpolicy/
License: GPLv2+
Vendor: CentOS
Description:
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

Packages

selinux-policy-3.13.1-268.el7_9.2.noarch [497 KiB] Changelog by Zdenek Pytela (2020-10-29):
- Allow certmonger add new entries in a generic certificates directory
Resolves: rhbz#1879496
- Allow slapd add new entries in ldap certificates directory
Resolves: rhbz#1879496
- Add miscfiles_add_entry_generic_cert_dirs() interface
Resolves: rhbz#1879496
selinux-policy-3.13.1-268.el7.noarch [497 KiB] Changelog by Zdenek Pytela (2020-05-12):
- Allow rhsmd read process state of all domains and kernel threads
Resolves: rhbz#1837461
- Allow ipa-adtrust-install restart sssd and dirsrv services
Resolves: rhbz#1820298
- Allow nagios_plugin_domain execute programs in bin directories
Resolves: rhbz#1824625
- selinux policy: add the right context for org.freeipa.server.trust-enable-agent
Related: rhbz#1820298
selinux-policy-3.13.1-266.el7_8.1.noarch [496 KiB] Changelog by Zdenek Pytela (2020-05-15):
- Allow nagios_plugin_domain execute programs in bin directories
Resolves: rhbz#1832219
selinux-policy-3.13.1-266.el7.noarch [496 KiB] Changelog by Lukas Vrabec (2019-11-06):
- Dontaudit tmpreaper_t getting attributes from sysctl_type files
Resolves: rhbz#1765063
selinux-policy-3.13.1-252.el7_7.6.noarch [492 KiB] Changelog by Lukas Vrabec (2019-11-06):
- Dontaudit tmpreaper_t getting attributes from sysctl_type files
Resolves: rhbz#1766095
selinux-policy-3.13.1-252.el7.1.noarch [491 KiB] Changelog by Lukas Vrabec (2019-07-10):
- Allow sbd_t domain to use nsswitch
Resolves: rhbz#1728593
selinux-policy-3.13.1-252.el7.noarch [491 KiB] Changelog by Lukas Vrabec (2019-06-27):
- Allow ganesha_t domain to connect to tcp portmap_port_t
Resolves: rhbz#1715088
selinux-policy-3.13.1-229.el7_6.15.noarch [484 KiB] Changelog by Lukas Vrabec (2019-07-10):
- Allow sbd_t domain to use nsswitch
Resolves: rhbz#1728592
selinux-policy-3.13.1-229.el7_6.12.noarch [483 KiB] Changelog by Lukas Vrabec (2019-04-09):
- Allow modemmanager_t domain to write to raw_ip file labeled as sysfs_t
Resolves: rhbz#1697868
selinux-policy-3.13.1-229.el7_6.9.noarch [483 KiB] Changelog by Lukas Vrabec (2019-01-17):
- Allow gssd_t domain to manage kernel keyrings of every domain.
Resolves: rhbz#1665815
- Add new interface domain_manage_all_domains_keyrings()
Resolves: rhbz#1665815
selinux-policy-3.13.1-229.el7_6.6.noarch [482 KiB] Changelog by Lukas Vrabec (2018-11-02):
- Allow nova_t domain to use pam
Resolves: rhbz:#1645270
- sysstat: grant sysstat_t the search_dir_perms set
Resolves: rhbz#1645271
selinux-policy-3.13.1-229.el7_6.5.noarch [482 KiB] Changelog by Lukas Vrabec (2018-10-12):
- Remove disabling ganesha module in pre install phase of installation new selinux-policy package where ganesha is again standalone module
Resolves: rhbz#1638257
selinux-policy-3.13.1-229.el7.noarch [481 KiB] Changelog by Lukas Vrabec (2018-09-26):
- Allow neutron domain to read/write /var/run/utmp
Resolves: rhbz#1630318
selinux-policy-3.13.1-192.el7_5.6.noarch [453 KiB] Changelog by Lukas Vrabec (2018-07-31):
- Allow virtlogd_t domain to chat via dbus with systemd_logind
Resolves: rhbz#1593740
selinux-policy-3.13.1-192.el7_5.4.noarch [452 KiB] Changelog by Lukas Vrabec (2018-06-07):
- Allow certmonger to sends emails
Resolves: rhbz#1588363
selinux-policy-3.13.1-192.el7_5.3.noarch [452 KiB] Changelog by Lukas Vrabec (2018-03-28):
- Allow snapperd_t domain to unmount fs_t filesystems
Resolves: rhbz#1561424
selinux-policy-3.13.1-192.el7.noarch [452 KiB] Changelog by Lukas Vrabec (2018-02-27):
- Label /usr/libexec/dbus-1/dbus-daemon-launch-helper  as dbusd_exec_t to have systemd dbus services running in the correct domain instead of unconfined_service_t if unconfined.pp module is enabled.
Resolves: rhbz#1546721
selinux-policy-3.13.1-166.el7_4.9.noarch [436 KiB] Changelog by Lukas Vrabec (2018-02-21):
- Update openvswitch policy from Fedora
Resolves: rhbz#1538936
selinux-policy-3.13.1-166.el7_4.7.noarch [436 KiB] Changelog by Lukas Vrabec (2017-11-16):
- Allow cluster_t domain creating bundles directory with label var_log_t instead of cluster_var_log_t
Resolves: rhbz:#1513075
selinux-policy-3.13.1-166.el7_4.5.noarch [436 KiB] Changelog by Lukas Vrabec (2017-08-30):
- Allow certmonger using systemctl on pki_tomcat unit files
Resolves: rhbz#1486552
selinux-policy-3.13.1-166.el7_4.4.noarch [436 KiB] Changelog by Lukas Vrabec (2017-08-26):
- Allow tomcat_t domain couple capabilities to make working tomcat-jsvc
Resolves: rhbz#1485308
selinux-policy-3.13.1-166.el7.noarch [435 KiB] Changelog by Lukas Vrabec (2017-07-10):
- Add new boolean gluster_use_execmem
Resolves: rhbz#1469027
- Allow cluster_t and glusterd_t domains to dbus chat with ganesha service
Resolves: rhbz#1468581
selinux-policy-3.13.1-102.el7_3.16.noarch [413 KiB] Changelog by Lukas Vrabec (2017-03-09):
- Allow openvswitch read script state.
- Allow openvswitch exec hostname and readinitrc_t files
Resolves: rhbz#1430751
selinux-policy-3.13.1-102.el7_3.15.noarch [413 KiB] Changelog by Lukas Vrabec (2017-02-07):
- Allow sssd_t domain setpgid
Resolves:rhbz#1419836
selinux-policy-3.13.1-102.el7_3.13.noarch [413 KiB] Changelog by Lukas Vrabec (2017-01-09):
- Allow systemd container to read/write usermodehelperstate
Resolves: rhbz#1408126
- Allow glusterd_t to bind on glusterd_port_t udp ports.
Resolves: rhbz#1408128
selinux-policy-3.13.1-102.el7_3.7.noarch [412 KiB] Changelog by Lukas Vrabec (2016-11-14):
- Update systemd on RHEL-7.2 box to version from RHEL-7.3 and then as a separate yum command update the selinux policy systemd will start generating USER_AVC denials and will start returning "Access Denied" errors to DBus clients.
Resolves: rhbz#1394715
selinux-policy-3.13.1-102.el7_3.4.noarch [411 KiB] Changelog by Miroslav Grepl (2016-10-19):
- Allow GlusterFS with RDMA transport to be started correctly. It requires ipc_lock capability together with rw permission on rdma_cm device.
Resolves:#1386620
- Allow glusterd to get attributes on /sys/kernel/config directory.
Resolves:#1386621
selinux-policy-3.13.1-102.el7.noarch [410 KiB] Changelog by Dan Walsh (2016-09-27):
- Add virt_sandbox_use_nfs -> virt_use_nfs boolean substitution.
Resolves: rhbz#1355783
selinux-policy-3.13.1-60.el7_2.9.noarch [376 KiB] Changelog by Lukas Vrabec (2016-09-01):
- Dontaudit ldconfig read gluster lib files.
Resolves: rhbz#1372182
- Add interface glusterd_dontaudit_read_lib_dirs()
Resolves: rhbz#1372182
- Dontaudit Occasionally observing AVC's while running geo-rep automation
Resolves: rhbz#1372182
- Allow glusterd to manage socket files labeled as glusterd_brick_t.
Resolves: rhbz#1372191
selinux-policy-3.13.1-60.el7_2.7.noarch [376 KiB] Changelog by Lukas Vrabec (2016-06-10):
- Allow glusterd domain read krb5_keytab_t files.
Resolves: rhbz#1344630
selinux-policy-3.13.1-60.el7_2.3.noarch [375 KiB] Changelog by Lukas Vrabec (2016-01-27):
- Allow openvswitch domain capability sys_rawio
Resolves: rhbz#1299405
selinux-policy-3.13.1-60.el7.noarch [374 KiB] Changelog by Miroslav Grepl (2015-10-14):
Allow hypervvssd to list all mountpoints to have VSS live backup working correctly.
Resolves:#1247880
selinux-policy-3.13.1-23.el7_1.21.noarch [359 KiB] Changelog by Lukas Vrabec (2015-10-13):
- Added labels for files provided by rh-nginx18 collection
Resolves: #1270839
selinux-policy-3.13.1-23.el7_1.18.noarch [359 KiB] Changelog by Miroslav Grepl (2015-09-03):
- Allow qpidd access to /proc/<pid>/net/psched
Resolves: #1254318
selinux-policy-3.13.1-23.el7_1.17.noarch [358 KiB] Changelog by Miroslav Grepl (2015-08-28):
- Dontaudit chrome to read passwd file.
Resolves:#1257816
selinux-policy-3.13.1-23.el7_1.13.noarch [358 KiB] Changelog by Miroslav Grepl (2015-07-28):
- glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes.
-  Allow glusterd to communicate with cluster domains over stream socket.
Resolves:#1238963
selinux-policy-3.13.1-23.el7_1.8.noarch [356 KiB] Changelog by Miroslav Grepl (2015-06-15):
- Back port passenger fixes from RHEL-7.2
- Back port httpd fixes related to gluster+nagios.
- Back port glusterd changs from RHEL-7.2 related to Gluster.
- Back port ctdbd changs from RHEL-7.2 related to Gluster.
- Back port nagios changs from RHEL-7.2 related to Gluster.
- Back port samba changs from RHEL-7.2 related to Gluster.
Resolves:#1230292
Resolves:#1230299
Resolves:#1231649
Resolves:#1231930
Resolves:#1231942
selinux-policy-3.13.1-23.el7_1.7.noarch [356 KiB] Changelog by Miroslav Grepl (2015-04-29):
- Label /usr/libexec/postgresql-ctl as postgresql_exec_t
- Update virt_read_pid_files() interface to allow read also symlinks with virt_var_run_t type.
- Add labeling for /usr/libexec/mysqld_safe-scl-helper.
- Add support for /usr/libexec/mongodb-scl-helper RHSCL helper script.
Resolves:#1209942 
- Allow mysqld_t to use pam.It is needed by MariDB if auth_apm.so auth plugin is used
Resolves:#1214236
- Added label mysqld_etc_t for /etc/my.cnf.d/ dir.
Resolves:#1214235
- Add support for mongod/mongos systemd unit files.
Resolves:#1214194
selinux-policy-3.13.1-23.el7.noarch [354 KiB] Changelog by Miroslav Grepl (2015-01-30):
- Update seutil_manage_config() interface.
Resolves:#1185962
- Allow pki-tomcat relabel pki_tomcat_etc_rw_t.
- Turn on docker_transition_unconfined by default

Listing created by repoview