Automatic update for selinux-policy-41.8-4.eln141.
* Fri Jul 12 2024 Zdenek Pytela <zpytela@redhat.com> - 41.8-11
- Move %postInstall to %posttrans
* Fri Jul 12 2024 Colin Walters <walters@verbum.org> - 41.8-9
- Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)`
* Fri Jul 12 2024 Ondrej Mosnacek <omosnace@redhat.com> - 41.8-8
- Drop obsolete modules from config
* Thu Jul 11 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 41.8-6
- Also relabel files under /usr/sbin
* Thu Jul 11 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 41.8-5
- Manually bump Release
* Thu Jul 11 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 41.8-4
- Relabel files under /usr/bin to fix stale context after sbin merge
* Wed Jul 10 2024 Zdenek Pytela <zpytela@redhat.com> - 41.8-2
- Drop the publicfile module
* Wed Jul 10 2024 Zdenek Pytela <zpytela@redhat.com> - 41.8-1
- Drop publicfile module
- Remove permissive domain for systemd_nsresourced_t
- Change fs_dontaudit_write_cgroup_files() to apply to cgroup_t
- Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t
- Allow to create and delete socket files created by rhsm.service
- Allow virtnetworkd exec shell when virt_hooks_unconfined is on
- Allow unconfined_service_t transition to passwd_t
- Support /var is empty
- Allow abrt-dump-journal read all non_security socket files
- Allow timemaster write to sysfs files
- Dontaudit domain write cgroup files
- Label /usr/lib/node_modules/npm/bin with bin_t
- Allow ip the setexec permission
- Allow systemd-networkd write files in /var/lib/systemd/network
- Fix typo in systemd_nsresourced_prog_run_bpf()
* Fri Jun 28 2024 Zdenek Pytela <zpytela@redhat.com> - 41.7-1
- Confine libvirt-dbus
- Allow virtqemud the kill capability in user namespace
- Allow rshim get options of the netlink class for KOBJECT_UEVENT family
- Allow dhcpcd the kill capability
- Allow systemd-networkd list /var/lib/systemd/network
- Allow sysadm_t run systemd-nsresourced bpf programs
- Update policy for systemd generators interactions
- Allow create memory.pressure files with cgroup_memory_pressure_t
- Add support for libvirt hooks
* Wed Jun 19 2024 Zdenek Pytela <zpytela@redhat.com> - 41.6-1
- Allow certmonger read and write tpm devices
- Allow all domains to connect to systemd-nsresourced over a unix socket
- Allow systemd-machined read the vsock device
- Update policy for systemd generators
- Allow ptp4l_t request that the kernel load a kernel module
- Allow sbd to trace processes in user namespace
- Allow request-key execute scripts
- Update policy for haproxyd
* Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 41.5-1
- Update policy for systemd-nsresourced
- Correct sbin-related file context entries
* Mon Jun 17 2024 Zdenek Pytela <zpytela@redhat.com> - 41.4-1
- Allow login_userdomain execute systemd-tmpfiles in the caller domain
- Allow virt_driver_domain read files labeled unconfined_t
- Allow virt_driver_domain dbus chat with policykit
- Allow virtqemud manage nfs files when virt_use_nfs boolean is on
- Add rules for interactions between generators
- Label memory.pressure files with cgroup_memory_pressure_t
- Revert "Allow some systemd services write to cgroup files"
- Update policy for systemd-nsresourced
- Label /usr/bin/ntfsck with fsadm_exec_t
- Allow systemd_fstab_generator_t read tmpfs files
- Update policy for systemd-nsresourced
- Alias /usr/sbin to /usr/bin and change all /usr/sbin paths to /usr/bin
- Remove a few lines duplicated between {dkim,milter}.fc
- Alias /bin → /usr/bin and remove redundant paths
- Drop duplicate line for /usr/sbin/unix_chkpwd
- Drop duplicate paths for /usr/sbin
Please log in to add feedback.
This update was automatically created
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been submitted for stable by bodhi