Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: selinux-policy-devel | Distribution: Fedora Project |
Version: 40.23 | Vendor: Fedora Project |
Release: 1.fc40 | Build date: Thu Jun 20 19:00:25 2024 |
Group: Unspecified | Build host: buildvm-a64-10.iad2.fedoraproject.org |
Size: 14645650 | Source RPM: selinux-policy-40.23-1.fc40.src.rpm |
Packager: Fedora Project | |
Url: https://github.com/fedora-selinux/selinux-policy | |
Summary: SELinux policy development files |
SELinux policy development package. This package contains: - interfaces, macros, and patterns for policy development - a policy example - the macro-expander utility and some additional files.
GPL-2.0-or-later
* Thu Jun 20 2024 Zdenek Pytela <zpytela@redhat.com> - 40.23-1 - Synchronize policy for systemd-generators with rawhide - Allow certmonger read and write tpm devices - Allow virt_driver_domain dbus chat with policykit - Allow login_userdomain execute systemd-tmpfiles in the caller domain - Revert "Allow systemd-machined manage runtime sockets" - Label /usr/bin/ntfsck with fsadm_exec_t - Escape "interface" as a file name in a virt filetrans pattern - Allow gnome-software work for login_userdomain * Sat Jun 08 2024 Zdenek Pytela <zpytela@redhat.com> - 40.22-1 - Allow systemd-machined manage runtime sockets - Allow systemd-gpt-generator setfscreate - Allow bootupd search efivarfs dirs - Sync policy for confined systemd generators with rawhide - Update policy for fstab and gpt generators - Allow systemd (PID 1) manage systemd conf files - Allow pulseaudio map its runtime files - Update policy for getty-generator - Allow systemd-machined manage runtime sockets - Allow fstab-generator create unit file symlinks - Dontaudit systemd-coredump sys_admin capability - Update policy for fstab-generator - Allow virtqemud read vm sysctls - Add policy for second batch of generators - Update policy for systemd generators - ci: Adjust Cockpit test plans * Fri May 31 2024 Zdenek Pytela <zpytela@redhat.com> - 40.21-1 - Add policy for second batch of generators - Update policy for systemd generators - ci: Adjust Cockpit test plans * Mon May 20 2024 Zdenek Pytela <zpytela@redhat.com> - 40.20-1 - Allow journald read systemd config files and directories - Allow systemd_domain read systemd_conf_t dirs - Fix bad Python regexp escapes - Allow fido services connect to postgres database * Fri May 17 2024 Zdenek Pytela <zpytela@redhat.com> - 40.19-1 - Allow postfix smtpd map aliases file - Ensure dbus communication is allowed bidirectionally - Label systemd configuration files with systemd_conf_t - Label /run/systemd/machine with systemd_machined_var_run_t - Allow systemd-hostnamed read the vsock device - Allow sysadm execute dmidecode using sudo - Allow sudodomain list files in /var - Allow setroubleshootd get attributes of all sysctls - Allow various services read and write z90crypt device - Allow nfsidmap connect to systemd-homed - Allow sandbox_x_client_t dbus chat with accountsd - Allow system_cronjob_t dbus chat with avahi_t - Allow staff_t the io_uring sqpoll permission - Allow staff_t use the io_uring API - Add support for secretmem anon inode * Thu May 16 2024 Adam Williamson <awilliam@redhat.com> - 40.18-3 - Correct some errors in the RPM macro changes from -2 * Mon May 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.18-2 - Update rpm configuration for the /var/run equivalency change * Mon May 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.18-1 - Allow virtqemud read vfio devices - Allow virtqemud get attributes of a tmpfs filesystem - Allow svirt_t read vm sysctls - Allow virtqemud create and unlink files in /etc/libvirt/ - Allow virtqemud get attributes of cifs files - Allow virtqemud get attributes of filesystems with extended attributes - Allow virtqemud get attributes of NFS filesystems - Allow virt_domain read and write usb devices conditionally - Allow virtstoraged use the io_uring API - Allow virtstoraged execute lvm programs in the lvm domain - Allow virtnodevd_t map /var/lib files - Allow svirt_tcg_t map svirt_image_t files - Allow abrt-dump-journal-core connect to systemd-homed - Allow abrt-dump-journal-core connect to systemd-machined - Allow sssd create and use io_uring - Allow selinux-relabel-generator create units dir - Allow dbus-broker read/write inherited user ttys * Thu Apr 25 2024 Zdenek Pytela <zpytela@redhat.com> - 40.17-1 - Define transitions for /run/libvirt/common and /run/libvirt/qemu - Allow systemd-sleep read raw disk data - Allow numad to trace processes in user namespace - Allow abrt-dump-journal-core connect to systemd-userdbd - Allow plymouthd read efivarfs files - Update the auth_dontaudit_read_passwd_file() interface - Label /dev/mmcblk0rpmb character device with removable_device_t - fix hibernate on btrfs swapfile (F40) - Allow nut to statfs() - Allow system dbusd service status systemd services - Allow systemd-timedated get the timemaster service status * Tue Apr 09 2024 Zdenek Pytela <zpytela@redhat.com> - 40.16-1 - Allow keyutils-dns-resolver connect to the system log service - Allow qemu-ga read vm sysctls - postfix: allow qmgr to delete mails in bounce/ directory - policy: support pidfs - Confine selinux-autorelabel-generator.sh - Allow logwatch_mail_t read/write to init over a unix stream socket - Allow logwatch read logind sessions files - files_dontaudit_getattr_tmpfs_files allowed the access and didn't dontaudit it - files_dontaudit_mounton_modules_object allowed the access and didn't dontaudit it - Allow NetworkManager the sys_ptrace capability in user namespace - dontaudit execmem for modemmanager - Allow dhcpcd use unix_stream_socket - Allow dhcpc read /run/netns files * Fri Mar 15 2024 Zdenek Pytela <zpytela@redhat.com> - 40.15-1 - Update mmap_rw_file_perms to include the lock permission - Allow plymouthd log during shutdown - Add logging_watch_all_log_dirs() and logging_watch_all_log_files() - Allow journalctl_t read filesystem sysctls - Allow cgred_t to get attributes of cgroup filesystems - Allow wdmd read hardware state information - Allow wdmd list the contents of the sysfs directories - Allow linuxptp configure phc2sys and chronyd over a unix domain socket - Allow sulogin relabel tty1 - Dontaudit sulogin the checkpoint_restore capability - Modify sudo_role_template() to allow getpgid - Remove incorrect "local" usage in varrun-convert.sh * Thu Mar 07 2024 Zdenek Pytela <zpytela@redhat.com> - 40.14-2 - Update varrun-convert.sh script to check for existing duplicate entries * Mon Feb 26 2024 Zdenek Pytela <zpytela@redhat.com> - 40.14-1 - Allow userdomain get attributes of files on an nsfs filesystem - Allow opafm create NFS files and directories - Allow virtqemud create and unlink files in /etc/libvirt/ - Allow virtqemud domain transition on swtpm execution - Add the swtpm.if interface file for interactions with other domains - Allow samba to have dac_override capability - systemd: allow sys_admin capability for systemd_notify_t - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets - Allow thumb_t to watch and watch_reads mount_var_run_t - Allow krb5kdc_t map krb5kdc_principal_t files - Allow unprivileged confined user dbus chat with setroubleshoot - Allow login_userdomain map files in /var - Allow wireguard work with firewall-cmd - Differentiate between staff and sysadm when executing crontab with sudo - Add crontab_admin_domtrans interface - Allow abrt_t nnp domain transition to abrt_handle_event_t - Allow xdm_t to watch and watch_reads mount_var_run_t - Dontaudit subscription manager setfscreate and read file contexts - Don't audit crontab_domain write attempts to user home - Transition from sudodomains to crontab_t when executing crontab_exec_t - Add crontab_domtrans interface - Fix label of pseudoterminals created from sudodomain - Allow utempter_t use ptmx - Dontaudit rpmdb attempts to connect to sssd over a unix stream socket - Allow admin user read/write on fixed_disk_device_t * Mon Feb 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13-1 - Only allow confined user domains to login locally without unconfined_login - Add userdom_spec_domtrans_confined_admin_users interface - Only allow admindomain to execute shell via ssh with ssh_sysadm_login - Add userdom_spec_domtrans_admin_users interface - Move ssh dyntrans to unconfined inside unconfined_login tunable policy - Update ssh_role_template() for user ssh-agent type - Allow init to inherit system DBus file descriptors - Allow init to inherit fds from syslogd - Allow any domain to inherit fds from rpm-ostree - Update afterburn policy - Allow init_t nnp domain transition to abrtd_t * Tue Feb 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.12-1 - Rename all /var/lock file context entries to /run/lock - Rename all /var/run file context entries to /run - Invert the "/var/run = /run" equivalency * Mon Feb 05 2024 Zdenek Pytela <zpytela@redhat.com> - 40.11-1 - Replace init domtrans rule for confined users to allow exec init - Update dbus_role_template() to allow user service status - Allow polkit status all systemd services - Allow setroubleshootd create and use inherited io_uring - Allow load_policy read and write generic ptys - Allow gpg manage rpm cache - Allow login_userdomain name_bind to howl and xmsg udp ports - Allow rules for confined users logged in plasma - Label /dev/iommu with iommu_device_t - Remove duplicate file context entries in /run - Dontaudit getty and plymouth the checkpoint_restore capability - Allow su domains write login records - Revert "Allow su domains write login records" - Allow login_userdomain delete session dbusd tmp socket files - Allow unix dgram sendto between exim processes - Allow su domains write login records - Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on * Wed Jan 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.10-1 - Allow chronyd-restricted read chronyd key files - Allow conntrackd_t to use bpf capability2 - Allow systemd-networkd manage its runtime socket files - Allow init_t nnp domain transition to colord_t - Allow polkit status systemd services - nova: Fix duplicate declarations - Allow httpd work with PrivateTmp - Add interfaces for watching and reading ifconfig_var_run_t - Allow collectd read raw fixed disk device - Allow collectd read udev pid files - Set correct label on /etc/pki/pki-tomcat/kra - Allow systemd domains watch system dbus pid socket files - Allow certmonger read network sysctls - Allow mdadm list stratisd data directories - Allow syslog to run unconfined scripts conditionally - Allow syslogd_t nnp_transition to syslogd_unconfined_script_t - Allow qatlib set attributes of vfio device files * Tue Jan 09 2024 Zdenek Pytela <zpytela@redhat.com> - 40.9-1 - Allow systemd-sleep set attributes of efivarfs files - Allow samba-dcerpcd read public files - Allow spamd_update_t the sys_ptrace capability in user namespace - Allow bluetooth devices work with alsa - Allow alsa get attributes filesystems with extended attributes * Tue Jan 02 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 40.8-2 - Limit %selinux_requires to version, not release * Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1 - Allow hypervkvp_t write access to NetworkManager_etc_rw_t - Add interface for write-only access to NetworkManager rw conf - Allow systemd-sleep send a message to syslog over a unix dgram socket - Allow init create and use netlink netfilter socket - Allow qatlib load kernel modules - Allow qatlib run lspci - Allow qatlib manage its private runtime socket files - Allow qatlib read/write vfio devices - Label /etc/redis.conf with redis_conf_t - Remove the lockdown-class rules from the policy - Allow init read all non-security socket files - Replace redundant dnsmasq pattern macros - Remove unneeded symlink perms in dnsmasq.if - Add additions to dnsmasq interface - Allow nvme_stas_t create and use netlink kobject uevent socket - Allow collectd connect to statsd port - Allow keepalived_t to use sys_ptrace of cap_userns - Allow dovecot_auth_t connect to postgresql using UNIX socket * Wed Dec 13 2023 Zdenek Pytela <zpytela@redhat.com> - 40.7-1 - Make named_zone_t and named_var_run_t a part of the mountpoint attribute - Allow sysadm execute traceroute in sysadm_t domain using sudo - Allow sysadm execute tcpdump in sysadm_t domain using sudo - Allow opafm search nfs directories - Add support for syslogd unconfined scripts - Allow gpsd use /dev/gnss devices - Allow gpg read rpm cache - Allow virtqemud additional permissions - Allow virtqemud manage its private lock files - Allow virtqemud use the io_uring api - Allow ddclient send e-mail notifications - Allow postfix_master_t map postfix data files - Allow init create and use vsock sockets - Allow thumb_t append to init unix domain stream sockets - Label /dev/vas with vas_device_t - Change domain_kernel_load_modules boolean to true - Create interface selinux_watch_config and add it to SELinux users * Tue Nov 28 2023 Zdenek Pytela <zpytela@redhat.com> - 40.6-1 - Add afterburn to modules-targeted-contrib.conf - Update cifs interfaces to include fs_search_auto_mountpoints() - Allow sudodomain read var auth files - Allow spamd_update_t read hardware state information - Allow virtnetworkd domain transition on tc command execution - Allow sendmail MTA connect to sendmail LDA - Allow auditd read all domains process state - Allow rsync read network sysctls - Add dhcpcd bpf capability to run bpf programs - Dontaudit systemd-hwdb dac_override capability - Allow systemd-sleep create efivarfs files * Tue Nov 14 2023 Zdenek Pytela <zpytela@redhat.com> - 40.5-1 - Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on - Allow graphical applications work in Wayland - Allow kdump work with PrivateTmp - Allow dovecot-auth work with PrivateTmp - Allow nfsd get attributes of all filesystems - Allow unconfined_domain_type use io_uring cmd on domain - ci: Only run Rawhide revdeps tests on the rawhide branch - Label /var/run/auditd.state as auditd_var_run_t - Allow fido-device-onboard (FDO) read the crack database - Allow ip an explicit domain transition to other domains - Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t - Allow winbind_rpcd_t processes access when samba_export_all_* is on - Enable NetworkManager and dhclient to use initramfs-configured DHCP connection - Allow ntp to bind and connect to ntske port. - Allow system_mail_t manage exim spool files and dirs - Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t - Label /run/pcsd.socket with cluster_var_run_t - ci: Run cockpit tests in PRs * Thu Oct 19 2023 Zdenek Pytela <zpytela@redhat.com> - 40.4-1 - Add map_read map_write to kernel_prog_run_bpf - Allow systemd-fstab-generator read all symlinks - Allow systemd-fstab-generator the dac_override capability - Allow rpcbind read network sysctls - Support using systemd containers - Allow sysadm_t to connect to iscsid using a unix domain stream socket - Add policy for coreos installer - Add coreos_installer to modules-targeted-contrib.conf * Tue Oct 17 2023 Zdenek Pytela <zpytela@redhat.com> - 40.3-1 - Add policy for nvme-stas - Confine systemd fstab,sysv,rc-local - Label /etc/aliases.lmdb with etc_aliases_t - Create policy for afterburn - Add nvme_stas to modules-targeted-contrib.conf - Add plans/tests.fmf * Tue Oct 10 2023 Zdenek Pytela <zpytela@redhat.com> - 40.2-1 - Add the virt_supplementary module to modules-targeted-contrib.conf - Make new virt drivers permissive - Split virt policy, introduce virt_supplementary module - Allow apcupsd cgi scripts read /sys - Merge pull request #1893 from WOnder93/more-early-boot-overlay-fixes - Allow kernel_t to manage and relabel all files - Add missing optional_policy() to files_relabel_all_files() * Tue Oct 03 2023 Zdenek Pytela <zpytela@redhat.com> - 40.1-1 - Allow named and ndc use the io_uring api - Deprecate common_anon_inode_perms usage - Improve default file context(None) of /var/lib/authselect/backups - Allow udev_t to search all directories with a filesystem type - Implement proper anon_inode support - Allow targetd write to the syslog pid sock_file - Add ipa_pki_retrieve_key_exec() interface - Allow kdumpctl_t to list all directories with a filesystem type - Allow udev additional permissions - Allow udev load kernel module - Allow sysadm_t to mmap modules_object_t files - Add the unconfined_read_files() and unconfined_list_dirs() interfaces - Set default file context of HOME_DIR/tmp/.* to <<none>> - Allow kernel_generic_helper_t to execute mount(1) * Fri Sep 29 2023 Zdenek Pytela <zpytela@redhat.com> - 38.29-1 - Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t - Allow systemd-localed create Xserver config dirs - Allow sssd read symlinks in /etc/sssd - Label /dev/gnss[0-9] with gnss_device_t - Allow systemd-sleep read/write efivarfs variables - ci: Fix version number of packit generated srpms - Dontaudit rhsmcertd write memory device - Allow ssh_agent_type create a sockfile in /run/user/USERID - Set default file context of /var/lib/authselect/backups to <<none>> - Allow prosody read network sysctls - Allow cupsd_t to use bpf capability * Fri Sep 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.28-1 - Allow sssd domain transition on passkey_child execution conditionally - Allow login_userdomain watch lnk_files in /usr - Allow login_userdomain watch video4linux devices - Change systemd-network-generator transition to include class file - Revert "Change file transition for systemd-network-generator" - Allow nm-dispatcher winbind plugin read/write samba var files - Allow systemd-networkd write to cgroup files - Allow kdump create and use its memfd: objects * Thu Aug 31 2023 Zdenek Pytela <zpytela@redhat.com> - 38.27-1 - Allow fedora-third-party get generic filesystem attributes - Allow sssd use usb devices conditionally - Update policy for qatlib - Allow ssh_agent_type manage generic cache home files * Thu Aug 24 2023 Zdenek Pytela <zpytela@redhat.com> - 38.26-1 - Change file transition for systemd-network-generator - Additional support for gnome-initial-setup - Update gnome-initial-setup policy for geoclue - Allow openconnect vpn open vhost net device - Allow cifs.upcall to connect to SSSD also through the /var/run socket - Grant cifs.upcall more required capabilities - Allow xenstored map xenfs files - Update policy for fdo - Allow keepalived watch var_run dirs - Allow svirt to rw /dev/udmabuf - Allow qatlib to modify hardware state information. - Allow key.dns_resolve connect to avahi over a unix stream socket - Allow key.dns_resolve create and use unix datagram socket - Use quay.io as the container image source for CI * Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 38.25-1 - ci: Move srpm/rpm build to packit - .copr: Avoid subshell and changing directory - Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file - Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t - Make insights_client_t an unconfined domain - Allow insights-client manage user temporary files - Allow insights-client create all rpm logs with a correct label - Allow insights-client manage generic logs - Allow cloud_init create dhclient var files and init_t manage net_conf_t - Allow insights-client read and write cluster tmpfs files - Allow ipsec read nsfs files - Make tuned work with mls policy - Remove nsplugin_role from mozilla.if - allow mon_procd_t self:cap_userns sys_ptrace - Allow pdns name_bind and name_connect all ports - Set the MLS range of fsdaemon_t to s0 - mls_systemhigh - ci: Move to actions/checkout@v3 version - .copr: Replace chown call with standard workflow safe.directory setting - .copr: Enable `set -u` for robustness - .copr: Simplify root directory variable * Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 38.24-1 - Allow rhsmcertd dbus chat with policykit - Allow polkitd execute pkla-check-authorization with nnp transition - Allow user_u and staff_u get attributes of non-security dirs - Allow unconfined user filetrans chrome_sandbox_home_t - Allow svnserve execute postdrop with a transition - Do not make postfix_postdrop_t type an MTA executable file - Allow samba-dcerpc service manage samba tmp files - Add use_nfs_home_dirs boolean for mozilla_plugin - Fix labeling for no-stub-resolv.conf * Wed Aug 02 2023 Zdenek Pytela <zpytela@redhat.com> - 38.23-1 - Revert "Allow winbind-rpcd use its private tmp files" - Allow upsmon execute upsmon via a helper script - Allow openconnect vpn read/write inherited vhost net device - Allow winbind-rpcd use its private tmp files - Update samba-dcerpc policy for printing - Allow gpsd,oddjob,oddjob_mkhomedir rw user domain pty - Allow nscd watch system db dirs - Allow qatlib to read sssd public files - Allow fedora-third-party read /sys and proc - Allow systemd-gpt-generator mount a tmpfs filesystem - Allow journald write to cgroup files - Allow rpc.mountd read network sysctls - Allow blueman read the contents of the sysfs filesystem - Allow logrotate_t to map generic files in /etc - Boolean: Allow virt_qemu_ga create ssh directory * Tue Jul 25 2023 Zdenek Pytela <zpytela@redhat.com> - 38.22-1 - Allow systemd-network-generator send system log messages - Dontaudit the execute permission on sock_file globally - Allow fsadm_t the file mounton permission - Allow named and ndc the io_uring sqpoll permission - Allow sssd io_uring sqpoll permission - Fix location for /run/nsd - Allow qemu-ga get fixed disk devices attributes - Update bitlbee policy - Label /usr/sbin/sos with sosreport_exec_t - Update policy for the sblim-sfcb service - Add the files_getattr_non_auth_dirs() interface - Fix the CI to work with DNF5 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.21-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jul 13 2023 Zdenek Pytela <zpytela@redhat.com> - 38.21-1 - Make systemd_tmpfiles_t MLS trusted for lowering the level of files - Revert "Allow insights client map cache_home_t" - Allow nfsidmapd connect to systemd-machined over a unix socket - Allow snapperd connect to kernel over a unix domain stream socket - Allow virt_qemu_ga_t create .ssh dir with correct label - Allow targetd read network sysctls - Set the abrt_handle_event boolean to on - Permit kernel_t to change the user identity in object contexts - Allow insights client map cache_home_t - Label /usr/sbin/mariadbd with mysqld_exec_t - Trim changelog so that it starts at F37 time - Define equivalency for /run/systemd/generator.early * Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 38.20-1 - Allow httpd tcp connect to redis port conditionally - Label only /usr/sbin/ripd and ripngd with zebra_exec_t - Dontaudit aide the execmem permission - Remove permissive from fdo - Allow sa-update manage spamc home files - Allow sa-update connect to systemlog services - Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t - Allow nsd_crond_t write nsd_var_run_t & connectto nsd_t - Allow bootupd search EFI directory * Tue Jun 27 2023 Zdenek Pytela <zpytela@redhat.com> - 38.19-1 - Change init_audit_control default value to true - Allow nfsidmapd connect to systemd-userdbd with a unix socket - Add the qatlib module - Add the fdo module - Add the bootupd module - Set default ports for keylime policy - Create policy for qatlib - Add policy for FIDO Device Onboard - Add policy for bootupd - Add the qatlib module - Add the fdo module - Add the bootupd module * Sun Jun 25 2023 Zdenek Pytela <zpytela@redhat.com> - 38.18-1 - Add support for kafs-dns requested by keyutils - Allow insights-client execmem - Add support for chronyd-restricted - Add init_explicit_domain() interface - Allow fsadm_t to get attributes of cgroup filesystems - Add list_dir_perms to kerberos_read_keytab - Label /var/run/tmpfiles.d/static-nodes.conf with kmod_var_run_t - Allow sendmail manage its runtime files - Allow keyutils_dns_resolver_exec_t be an entrypoint - Allow collectd_t read network state symlinks - Revert "Allow collectd_t read proc_net link files" - Allow nfsd_t to list exports_t dirs - Allow cupsd dbus chat with xdm - Allow haproxy read hardware state information - Add the kafs module * Thu Jun 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.17-1 - Label /dev/userfaultfd with userfaultfd_t - Allow blueman send general signals to unprivileged user domains - Allow dkim-milter domain transition to sendmail - Label /usr/sbin/cifs.idmap with cifs_helper_exec_t - Allow cifs-helper read sssd kerberos configuration files - Allow rpm_t sys_admin capability - Allow dovecot_deliver_t create/map dovecot_spool_t dir/file - Allow collectd_t read proc_net link files - Allow insights-client getsession process permission - Allow insights-client work with pipe and socket tmp files - Allow insights-client map generic log files - Update cyrus_stream_connect() to use sockets in /run - Allow keyutils-dns-resolver read/view kernel key ring - Label /var/log/kdump.log with kdump_log_t * Fri Jun 09 2023 Zdenek Pytela <zpytela@redhat.com> - 38.16-1 - Add support for the systemd-pstore service - Allow kdumpctl_t to execmem - Update sendmail policy module for opensmtpd - Allow nagios-mail-plugin exec postfix master - Allow subscription-manager execute ip - Allow ssh client connect with a user dbus instance - Add support for ksshaskpass - Allow rhsmcertd file transition in /run also for socket files - Allow keyutils_dns_resolver_t execute keyutils_dns_resolver_exec_t - Allow plymouthd read/write X server miscellaneous devices - Allow systemd-sleep read udev pid files - Allow exim read network sysctls - Allow sendmail request load module - Allow named map its conf files - Allow squid map its cache files - Allow NetworkManager_dispatcher_dhclient_t to execute shells without a domain transition * Tue May 30 2023 Zdenek Pytela <zpytela@redhat.com> - 38.15-1 - Update policy for systemd-sleep - Remove permissive domain for rshim_t - Remove permissive domain for mptcpd_t - Allow systemd-bootchartd the sys_ptrace userns capability - Allow sysadm_t read nsfs files - Allow sysadm_t run kernel bpf programs - Update ssh_role_template for ssh-agent - Update ssh_role_template to allow read/write unallocated ttys - Add the booth module to modules.conf - Allow firewalld rw ica_tmpfs_t files * Fri May 26 2023 Zdenek Pytela <zpytela@redhat.com> - 38.14-1 - Remove permissive domain for cifs_helper_t - Update the cifs-helper policy - Replace cifsutils_helper_domtrans() with keyutils_request_domtrans_to() - Update pkcsslotd policy for sandboxing - Allow abrt_t read kernel persistent storage files - Dontaudit targetd search httpd config dirs - Allow init_t nnp domain transition to policykit_t - Allow rpcd_lsad setcap and use generic ptys - Allow samba-dcerpcd connect to systemd_machined over a unix socket - Allow wireguard to rw network sysctls - Add policy for boothd - Allow kernel to manage its own BPF objects - Label /usr/lib/systemd/system/proftpd.* & vsftpd.* with ftpd_unit_file_t * Mon May 22 2023 Zdenek Pytela <zpytela@redhat.com> - 38.13-1 - Add initial policy for cifs-helper - Label key.dns_resolver with keyutils_dns_resolver_exec_t - Allow unconfined_service_t to create .gnupg labeled as gpg_secret_t - Allow some systemd services write to cgroup files - Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files - Allow systemd resolved to bind to arbitrary nodes - Allow plymouthd_t bpf capability to run bpf programs - Allow cupsd to create samba_var_t files - Allow rhsmcert request the kernel to load a module - Allow virsh name_connect virt_port_t - Allow certmonger manage cluster library files - Allow plymouthd read init process state - Add chromium_sandbox_t setcap capability - Allow snmpd read raw disk data - Allow samba-rpcd work with passwords - Allow unconfined service inherit signal state from init - Allow cloud-init manage gpg admin home content - Allow cluster_t dbus chat with various services - Allow nfsidmapd work with systemd-userdbd and sssd - Allow unconfined_domain_type use IORING_OP_URING_CMD on all device nodes - Allow plymouthd map dri and framebuffer devices - Allow rpmdb_migrate execute rpmdb - Allow logrotate dbus chat with systemd-hostnamed - Allow icecast connect to kernel using a unix stream socket - Allow lldpad connect to systemd-userdbd over a unix socket - Allow journalctl open user domain ptys and ttys - Allow keepalived to manage its tmp files - Allow ftpd read network sysctls - Label /run/bgpd with zebra_var_run_t - Allow gssproxy read network sysctls - Add the cifsutils module * Tue Apr 25 2023 Zdenek Pytela <zpytela@redhat.com> - 38.12-1 - Allow telnetd read network sysctls - Allow munin system plugin read generic SSL certificates - Allow munin system plugin create and use netlink generic socket - Allow login_userdomain create user namespaces - Allow request-key to send syslog messages - Allow request-key to read/view any key - Add fs_delete_pstore_files() interface - Allow insights-client work with teamdctl - Allow insights-client read unconfined service semaphores - Allow insights-client get quotas of all filesystems - Add fs_read_pstore_files() interface - Allow generic kernel helper to read inherited kernel pipes * Fri Apr 14 2023 Zdenek Pytela <zpytela@redhat.com> - 38.11-1 - Allow dovecot-deliver write to the main process runtime fifo files - Allow dmidecode write to cloud-init tmp files - Allow chronyd send a message to cloud-init over a datagram socket - Allow cloud-init domain transition to insights-client domain - Allow mongodb read filesystem sysctls - Allow mongodb read network sysctls - Allow accounts-daemon read generic systemd unit lnk files - Allow blueman watch generic device dirs - Allow nm-dispatcher tlp plugin create tlp dirs - Allow systemd-coredump mounton /usr - Allow rabbitmq to read network sysctls * Tue Apr 04 2023 Zdenek Pytela <zpytela@redhat.com> - 38.10-1 - Allow certmonger dbus chat with the cron system domain - Allow geoclue read network sysctls - Allow geoclue watch the /etc directory - Allow logwatch_mail_t read network sysctls - Allow insights-client read all sysctls - Allow passt manage qemu pid sock files * Fri Mar 24 2023 Zdenek Pytela <zpytela@redhat.com> - 38.9-1 - Allow sssd read accountsd fifo files - Add support for the passt_t domain - Allow virtd_t and svirt_t work with passt - Add new interfaces in the virt module - Add passt interfaces defined conditionally - Allow tshark the setsched capability - Allow poweroff create connections to system dbus - Allow wg load kernel modules, search debugfs dir - Boolean: allow qemu-ga manage ssh home directory - Label smtpd with sendmail_exec_t - Label msmtp and msmtpd with sendmail_exec_t - Allow dovecot to map files in /var/spool/dovecot * Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1 - Confine gnome-initial-setup - Allow qemu-guest-agent create and use vsock socket - Allow login_pgm setcap permission - Allow chronyc read network sysctls - Enhancement of the /usr/sbin/request-key helper policy - Fix opencryptoki file names in /dev/shm - Allow system_cronjob_t transition to rpm_script_t - Revert "Allow system_cronjob_t domtrans to rpm_script_t" - Add tunable to allow squid bind snmp port - Allow staff_t getattr init pid chr & blk files and read krb5 - Allow firewalld to rw z90crypt device - Allow httpd work with tokens in /dev/shm - Allow svirt to map svirt_image_t char files - Allow sysadm_t run initrc_t script and sysadm_r role access - Allow insights-client manage fsadm pid files * Wed Feb 08 2023 Zdenek Pytela <zpytela@redhat.com> - 38.7-1 - Allowing snapper to create snapshots of /home/ subvolume/partition - Add boolean qemu-ga to run unconfined script - Label systemd-journald feature LogNamespace - Add none file context for polyinstantiated tmp dirs - Allow certmonger read the contents of the sysfs filesystem - Add journalctl the sys_resource capability - Allow nm-dispatcher plugins read generic files in /proc - Add initial policy for the /usr/sbin/request-key helper - Additional support for rpmdb_migrate - Add the keyutils module * Mon Jan 30 2023 Zdenek Pytela <zpytela@redhat.com> - 38.6-1 - Boolean: allow qemu-ga read ssh home directory - Allow kernel_t to read/write all sockets - Allow kernel_t to UNIX-stream connect to all domains - Allow systemd-resolved send a datagram to journald - Allow kernel_t to manage and have "execute" access to all files - Fix the files_manage_all_files() interface - Allow rshim bpf cap2 and read sssd public files - Allow insights-client work with su and lpstat - Allow insights-client tcp connect to all ports - Allow nm-cloud-setup dispatcher plugin restart nm services - Allow unconfined user filetransition for sudo log files - Allow modemmanager create hardware state information files - Allow ModemManager all permissions for netlink route socket - Allow wg to send msg to kernel, write to syslog and dbus connections - Allow hostname_t to read network sysctls. - Dontaudit ftpd the execmem permission - Allow svirt request the kernel to load a module - Allow icecast rename its log files - Allow upsd to send signal to itself - Allow wireguard to create udp sockets and read net_conf - Use ' %setup -q ' instead of '%setup' - Pass -p 1 to ' %setup -q ' * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jan 13 2023 Zdenek Pytela <zpytela@redhat.com> - 38.5-1 - Allow insights client work with gluster and pcp - Add insights additional capabilities - Add interfaces in domain, files, and unconfined modules - Label fwupdoffline and fwupd-detect-cet with fwupd_exec_t - Allow sudodomain use sudo.log as a logfile - Allow pdns server map its library files and bind to unreserved ports - Allow sysadm_t read/write ipmi devices - Allow prosody manage its runtime socket files - Allow kernel threads manage kernel keys - Allow systemd-userdbd the sys_resource capability - Allow systemd-journal list cgroup directories - Allow apcupsd dbus chat with systemd-logind - Allow nut_domain manage also files and sock_files in /var/run - Allow winbind-rpcd make a TCP connection to the ldap port - Label /usr/lib/rpm/rpmdb_migrate with rpmdb_exec_t - Allow tlp read generic SSL certificates - Allow systemd-resolved watch tmpfs directories - Revert "Allow systemd-resolved watch tmpfs directories" * Mon Dec 19 2022 Zdenek Pytela <zpytela@redhat.com> - 38.4-1 - Allow NetworkManager and wpa_supplicant the bpf capability - Allow systemd-rfkill the bpf capability - Allow winbind-rpcd manage samba_share_t files and dirs - Label /var/lib/httpd/md(/.*)? with httpd_sys_rw_content_t - Allow gpsd the sys_ptrace userns capability - Introduce gpsd_tmp_t for sockfiles managed by gpsd_t - Allow load_policy_t write to unallocated ttys - Allow ndc read hardware state information - Allow system mail service read inherited certmonger runtime files - Add lpr_roles to system_r roles - Revert "Allow insights-client run lpr and allow the proper role" - Allow stalld to read /sys/kernel/security/lockdown file - Allow keepalived to set resource limits - Add policy for mptcpd - Add policy for rshim - Allow admin users to create user namespaces - Allow journalctl relabel with var_log_t and syslogd_var_run_t files - Do not run restorecon /etc/NetworkManager/dispatcher.d in targeted - Trim changelog so that it starts at F35 time - Add mptcpd and rshim modules * Wed Dec 14 2022 Zdenek Pytela <zpytela@redhat.com> - 38.3-1 - Allow insights-client dbus chat with various services - Allow insights-client tcp connect to various ports - Allow insights-client run lpr and allow the proper role - Allow insights-client work with pcp and manage user config files - Allow redis get user names - Allow kernel threads to use fds from all domains - Allow systemd-modules-load load kernel modules - Allow login_userdomain watch systemd-passwd pid dirs - Allow insights-client dbus chat with abrt - Grant kernel_t certain permissions in the system class - Allow systemd-resolved watch tmpfs directories - Allow systemd-timedated watch init runtime dir - Make `bootc` be `install_exec_t` - Allow systemd-coredump create user_namespace - Allow syslog the setpcap capability - donaudit virtlogd and dnsmasq execmem * Tue Dec 06 2022 Zdenek Pytela <zpytela@redhat.com> - 38.2-1 - Don't make kernel_t an unconfined domain - Don't allow kernel_t to execute bin_t/usr_t binaries without a transition - Allow kernel_t to execute systemctl to do a poweroff/reboot - Grant basic permissions to the domain created by systemd_systemctl_domain() - Allow kernel_t to request module loading - Allow kernel_t to do compute_create - Allow kernel_t to manage perf events - Grant almost all capabilities to kernel_t - Allow kernel_t to fully manage all devices - Revert "In domain_transition_pattern there is no permission allowing caller domain to execu_no_trans on entrypoint, this patch fixing this issue" - Allow pulseaudio to write to session_dbusd tmp socket files - Allow systemd and unconfined_domain_type create user_namespace - Add the user_namespace security class - Reuse tmpfs_t also for the ramfs filesystem - Label udf tools with fsadm_exec_t - Allow networkmanager_dispatcher_plugin work with nscd - Watch_sb all file type directories. - Allow spamc read hardware state information files - Allow sysadm read ipmi devices - Allow insights client communicate with cupsd, mysqld, openvswitch, redis - Allow insights client read raw memory devices - Allow the spamd_update_t domain get generic filesystem attributes - Dontaudit systemd-gpt-generator the sys_admin capability - Allow ipsec_t only read tpm devices - Allow cups-pdf connect to the system log service - Allow postfix/smtpd read kerberos key table - Allow syslogd read network sysctls - Allow cdcc mmap dcc-client-map files - Add watch and watch_sb dosfs interface * Mon Nov 21 2022 Zdenek Pytela <zpytela@redhat.com> - 38.1-1 - Revert "Allow sysadm_t read raw memory devices" - Allow systemd-socket-proxyd get attributes of cgroup filesystems - Allow rpc.gssd read network sysctls - Allow winbind-rpcd get attributes of device and pty filesystems - Allow insights-client domain transition on semanage execution - Allow insights-client create gluster log dir with a transition - Allow insights-client manage generic locks - Allow insights-client unix_read all domain semaphores - Add domain_unix_read_all_semaphores() interface - Allow winbind-rpcd use the terminal multiplexor - Allow mrtg send mails - Allow systemd-hostnamed dbus chat with init scripts - Allow sssd dbus chat with system cronjobs - Add interface to watch all filesystems - Add watch_sb interfaces - Add watch interfaces - Allow dhcpd bpf capability to run bpf programs - Allow netutils and traceroute bpf capability to run bpf programs - Allow pkcs_slotd_t bpf capability to run bpf programs - Allow xdm bpf capability to run bpf programs - Allow pcscd bpf capability to run bpf programs - Allow lldpad bpf capability to run bpf programs - Allow keepalived bpf capability to run bpf programs - Allow ipsec bpf capability to run bpf programs - Allow fprintd bpf capability to run bpf programs - Allow systemd-socket-proxyd get filesystems attributes - Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files
/usr/bin/macro-expander /usr/share/selinux/devel /usr/share/selinux/devel/Makefile /usr/share/selinux/devel/example.fc /usr/share/selinux/devel/example.if /usr/share/selinux/devel/example.te /usr/share/selinux/devel/html /usr/share/selinux/devel/html/index.html /usr/share/selinux/devel/html/style.css /usr/share/selinux/devel/include /usr/share/selinux/devel/include/Makefile /usr/share/selinux/devel/include/admin /usr/share/selinux/devel/include/admin.xml /usr/share/selinux/devel/include/admin/bootloader.if /usr/share/selinux/devel/include/admin/consoletype.if /usr/share/selinux/devel/include/admin/dmesg.if /usr/share/selinux/devel/include/admin/netutils.if /usr/share/selinux/devel/include/admin/su.if /usr/share/selinux/devel/include/admin/sudo.if /usr/share/selinux/devel/include/admin/usermanage.if /usr/share/selinux/devel/include/apps /usr/share/selinux/devel/include/apps.xml /usr/share/selinux/devel/include/apps/seunshare.if /usr/share/selinux/devel/include/build.conf /usr/share/selinux/devel/include/contrib /usr/share/selinux/devel/include/contrib.xml /usr/share/selinux/devel/include/contrib/abrt.if /usr/share/selinux/devel/include/contrib/accountsd.if /usr/share/selinux/devel/include/contrib/acct.if /usr/share/selinux/devel/include/contrib/afs.if /usr/share/selinux/devel/include/contrib/afterburn.if /usr/share/selinux/devel/include/contrib/aiccu.if /usr/share/selinux/devel/include/contrib/aide.if /usr/share/selinux/devel/include/contrib/aisexec.if /usr/share/selinux/devel/include/contrib/ajaxterm.if /usr/share/selinux/devel/include/contrib/alsa.if /usr/share/selinux/devel/include/contrib/amanda.if /usr/share/selinux/devel/include/contrib/amavis.if /usr/share/selinux/devel/include/contrib/amtu.if /usr/share/selinux/devel/include/contrib/anaconda.if /usr/share/selinux/devel/include/contrib/antivirus.if /usr/share/selinux/devel/include/contrib/apache.if /usr/share/selinux/devel/include/contrib/apcupsd.if /usr/share/selinux/devel/include/contrib/apm.if /usr/share/selinux/devel/include/contrib/apt.if /usr/share/selinux/devel/include/contrib/arpwatch.if /usr/share/selinux/devel/include/contrib/asterisk.if /usr/share/selinux/devel/include/contrib/authconfig.if /usr/share/selinux/devel/include/contrib/automount.if /usr/share/selinux/devel/include/contrib/avahi.if /usr/share/selinux/devel/include/contrib/awstats.if /usr/share/selinux/devel/include/contrib/backup.if /usr/share/selinux/devel/include/contrib/bacula.if /usr/share/selinux/devel/include/contrib/bcfg2.if /usr/share/selinux/devel/include/contrib/bind.if /usr/share/selinux/devel/include/contrib/bird.if /usr/share/selinux/devel/include/contrib/bitlbee.if /usr/share/selinux/devel/include/contrib/blkmapd.if /usr/share/selinux/devel/include/contrib/blueman.if /usr/share/selinux/devel/include/contrib/bluetooth.if /usr/share/selinux/devel/include/contrib/boinc.if /usr/share/selinux/devel/include/contrib/boltd.if /usr/share/selinux/devel/include/contrib/boothd.if /usr/share/selinux/devel/include/contrib/bootupd.if /usr/share/selinux/devel/include/contrib/brctl.if /usr/share/selinux/devel/include/contrib/brltty.if /usr/share/selinux/devel/include/contrib/bugzilla.if /usr/share/selinux/devel/include/contrib/bumblebee.if /usr/share/selinux/devel/include/contrib/cachefilesd.if /usr/share/selinux/devel/include/contrib/calamaris.if /usr/share/selinux/devel/include/contrib/callweaver.if /usr/share/selinux/devel/include/contrib/canna.if /usr/share/selinux/devel/include/contrib/ccs.if /usr/share/selinux/devel/include/contrib/cdrecord.if /usr/share/selinux/devel/include/contrib/certmaster.if /usr/share/selinux/devel/include/contrib/certmonger.if /usr/share/selinux/devel/include/contrib/certwatch.if /usr/share/selinux/devel/include/contrib/cfengine.if /usr/share/selinux/devel/include/contrib/cgroup.if /usr/share/selinux/devel/include/contrib/chrome.if /usr/share/selinux/devel/include/contrib/chronyd.if /usr/share/selinux/devel/include/contrib/cifsutils.if /usr/share/selinux/devel/include/contrib/cinder.if /usr/share/selinux/devel/include/contrib/cipe.if /usr/share/selinux/devel/include/contrib/clamav.if /usr/share/selinux/devel/include/contrib/clockspeed.if /usr/share/selinux/devel/include/contrib/clogd.if /usr/share/selinux/devel/include/contrib/cloudform.if /usr/share/selinux/devel/include/contrib/cmirrord.if /usr/share/selinux/devel/include/contrib/cobbler.if /usr/share/selinux/devel/include/contrib/cockpit.if /usr/share/selinux/devel/include/contrib/collectd.if /usr/share/selinux/devel/include/contrib/colord.if /usr/share/selinux/devel/include/contrib/comsat.if /usr/share/selinux/devel/include/contrib/condor.if /usr/share/selinux/devel/include/contrib/conman.if /usr/share/selinux/devel/include/contrib/conntrackd.if /usr/share/selinux/devel/include/contrib/consolekit.if /usr/share/selinux/devel/include/contrib/coreos_installer.if /usr/share/selinux/devel/include/contrib/corosync.if /usr/share/selinux/devel/include/contrib/couchdb.if /usr/share/selinux/devel/include/contrib/courier.if /usr/share/selinux/devel/include/contrib/cpucontrol.if /usr/share/selinux/devel/include/contrib/cpufreqselector.if /usr/share/selinux/devel/include/contrib/cpuplug.if /usr/share/selinux/devel/include/contrib/cron.if /usr/share/selinux/devel/include/contrib/ctdb.if /usr/share/selinux/devel/include/contrib/cups.if /usr/share/selinux/devel/include/contrib/cvs.if /usr/share/selinux/devel/include/contrib/cyphesis.if /usr/share/selinux/devel/include/contrib/cyrus.if /usr/share/selinux/devel/include/contrib/daemontools.if /usr/share/selinux/devel/include/contrib/dante.if /usr/share/selinux/devel/include/contrib/dbadm.if /usr/share/selinux/devel/include/contrib/dbskk.if /usr/share/selinux/devel/include/contrib/dbus.if /usr/share/selinux/devel/include/contrib/dcc.if /usr/share/selinux/devel/include/contrib/ddclient.if /usr/share/selinux/devel/include/contrib/ddcprobe.if /usr/share/selinux/devel/include/contrib/denyhosts.if /usr/share/selinux/devel/include/contrib/devicekit.if /usr/share/selinux/devel/include/contrib/dhcp.if /usr/share/selinux/devel/include/contrib/dictd.if /usr/share/selinux/devel/include/contrib/dirmngr.if /usr/share/selinux/devel/include/contrib/dirsrv-admin.if /usr/share/selinux/devel/include/contrib/dirsrv.if /usr/share/selinux/devel/include/contrib/distcc.if /usr/share/selinux/devel/include/contrib/djbdns.if /usr/share/selinux/devel/include/contrib/dkim.if /usr/share/selinux/devel/include/contrib/dmidecode.if /usr/share/selinux/devel/include/contrib/dnsmasq.if /usr/share/selinux/devel/include/contrib/dnssec.if /usr/share/selinux/devel/include/contrib/dovecot.if /usr/share/selinux/devel/include/contrib/dpkg.if /usr/share/selinux/devel/include/contrib/drbd.if /usr/share/selinux/devel/include/contrib/dspam.if /usr/share/selinux/devel/include/contrib/entropyd.if /usr/share/selinux/devel/include/contrib/evolution.if /usr/share/selinux/devel/include/contrib/exim.if /usr/share/selinux/devel/include/contrib/fail2ban.if /usr/share/selinux/devel/include/contrib/fcoe.if /usr/share/selinux/devel/include/contrib/fdo.if /usr/share/selinux/devel/include/contrib/fedoratp.if /usr/share/selinux/devel/include/contrib/fetchmail.if /usr/share/selinux/devel/include/contrib/finger.if /usr/share/selinux/devel/include/contrib/firewalld.if /usr/share/selinux/devel/include/contrib/firewallgui.if /usr/share/selinux/devel/include/contrib/firstboot.if /usr/share/selinux/devel/include/contrib/fprintd.if /usr/share/selinux/devel/include/contrib/freeipmi.if /usr/share/selinux/devel/include/contrib/freqset.if /usr/share/selinux/devel/include/contrib/ftp.if /usr/share/selinux/devel/include/contrib/fwupd.if /usr/share/selinux/devel/include/contrib/games.if /usr/share/selinux/devel/include/contrib/gatekeeper.if /usr/share/selinux/devel/include/contrib/gdomap.if /usr/share/selinux/devel/include/contrib/geoclue.if /usr/share/selinux/devel/include/contrib/git.if /usr/share/selinux/devel/include/contrib/gitosis.if /usr/share/selinux/devel/include/contrib/glance.if /usr/share/selinux/devel/include/contrib/glusterd.if /usr/share/selinux/devel/include/contrib/gnome.if /usr/share/selinux/devel/include/contrib/gnomeclock.if /usr/share/selinux/devel/include/contrib/gpg.if /usr/share/selinux/devel/include/contrib/gpm.if /usr/share/selinux/devel/include/contrib/gpsd.if /usr/share/selinux/devel/include/contrib/gssproxy.if /usr/share/selinux/devel/include/contrib/hadoop.if /usr/share/selinux/devel/include/contrib/hddtemp.if /usr/share/selinux/devel/include/contrib/hostapd.if /usr/share/selinux/devel/include/contrib/howl.if /usr/share/selinux/devel/include/contrib/hsqldb.if /usr/share/selinux/devel/include/contrib/hwloc.if /usr/share/selinux/devel/include/contrib/hypervkvp.if /usr/share/selinux/devel/include/contrib/i18n_input.if /usr/share/selinux/devel/include/contrib/ibacm.if /usr/share/selinux/devel/include/contrib/ica.if /usr/share/selinux/devel/include/contrib/icecast.if /usr/share/selinux/devel/include/contrib/ifplugd.if /usr/share/selinux/devel/include/contrib/imaze.if /usr/share/selinux/devel/include/contrib/inetd.if /usr/share/selinux/devel/include/contrib/inn.if /usr/share/selinux/devel/include/contrib/insights_client.if /usr/share/selinux/devel/include/contrib/iodine.if /usr/share/selinux/devel/include/contrib/iotop.if /usr/share/selinux/devel/include/contrib/ipa.if /usr/share/selinux/devel/include/contrib/ipmievd.if /usr/share/selinux/devel/include/contrib/irc.if /usr/share/selinux/devel/include/contrib/ircd.if /usr/share/selinux/devel/include/contrib/irqbalance.if /usr/share/selinux/devel/include/contrib/iscsi.if /usr/share/selinux/devel/include/contrib/isns.if /usr/share/selinux/devel/include/contrib/jabber.if /usr/share/selinux/devel/include/contrib/java.if /usr/share/selinux/devel/include/contrib/jetty.if /usr/share/selinux/devel/include/contrib/jockey.if /usr/share/selinux/devel/include/contrib/journalctl.if /usr/share/selinux/devel/include/contrib/kafs.if /usr/share/selinux/devel/include/contrib/kdump.if /usr/share/selinux/devel/include/contrib/kdumpgui.if /usr/share/selinux/devel/include/contrib/keepalived.if /usr/share/selinux/devel/include/contrib/kerberos.if /usr/share/selinux/devel/include/contrib/kerneloops.if /usr/share/selinux/devel/include/contrib/keyboardd.if /usr/share/selinux/devel/include/contrib/keystone.if /usr/share/selinux/devel/include/contrib/keyutils.if /usr/share/selinux/devel/include/contrib/kismet.if /usr/share/selinux/devel/include/contrib/kmscon.if /usr/share/selinux/devel/include/contrib/kpatch.if /usr/share/selinux/devel/include/contrib/ksmtuned.if /usr/share/selinux/devel/include/contrib/ktalk.if /usr/share/selinux/devel/include/contrib/l2tp.if /usr/share/selinux/devel/include/contrib/ldap.if /usr/share/selinux/devel/include/contrib/lightsquid.if /usr/share/selinux/devel/include/contrib/likewise.if /usr/share/selinux/devel/include/contrib/linuxptp.if /usr/share/selinux/devel/include/contrib/lircd.if /usr/share/selinux/devel/include/contrib/livecd.if /usr/share/selinux/devel/include/contrib/lldpad.if /usr/share/selinux/devel/include/contrib/loadkeys.if /usr/share/selinux/devel/include/contrib/lockdev.if /usr/share/selinux/devel/include/contrib/logrotate.if /usr/share/selinux/devel/include/contrib/logwatch.if /usr/share/selinux/devel/include/contrib/lpd.if /usr/share/selinux/devel/include/contrib/lsm.if /usr/share/selinux/devel/include/contrib/lttng-tools.if /usr/share/selinux/devel/include/contrib/mailman.if /usr/share/selinux/devel/include/contrib/mailscanner.if /usr/share/selinux/devel/include/contrib/man2html.if /usr/share/selinux/devel/include/contrib/mandb.if /usr/share/selinux/devel/include/contrib/mcelog.if /usr/share/selinux/devel/include/contrib/mediawiki.if /usr/share/selinux/devel/include/contrib/memcached.if /usr/share/selinux/devel/include/contrib/milter.if /usr/share/selinux/devel/include/contrib/minidlna.if /usr/share/selinux/devel/include/contrib/minissdpd.if /usr/share/selinux/devel/include/contrib/mip6d.if /usr/share/selinux/devel/include/contrib/mirrormanager.if /usr/share/selinux/devel/include/contrib/mock.if /usr/share/selinux/devel/include/contrib/modemmanager.if /usr/share/selinux/devel/include/contrib/mojomojo.if /usr/share/selinux/devel/include/contrib/mon_statd.if /usr/share/selinux/devel/include/contrib/mongodb.if /usr/share/selinux/devel/include/contrib/mono.if /usr/share/selinux/devel/include/contrib/monop.if /usr/share/selinux/devel/include/contrib/motion.if /usr/share/selinux/devel/include/contrib/mozilla.if /usr/share/selinux/devel/include/contrib/mpd.if /usr/share/selinux/devel/include/contrib/mplayer.if /usr/share/selinux/devel/include/contrib/mptcpd.if /usr/share/selinux/devel/include/contrib/mrtg.if /usr/share/selinux/devel/include/contrib/mta.if /usr/share/selinux/devel/include/contrib/munin.if /usr/share/selinux/devel/include/contrib/mysql.if /usr/share/selinux/devel/include/contrib/mythtv.if /usr/share/selinux/devel/include/contrib/naemon.if /usr/share/selinux/devel/include/contrib/nagios.if /usr/share/selinux/devel/include/contrib/namespace.if /usr/share/selinux/devel/include/contrib/ncftool.if /usr/share/selinux/devel/include/contrib/nessus.if /usr/share/selinux/devel/include/contrib/networkmanager.if /usr/share/selinux/devel/include/contrib/ninfod.if /usr/share/selinux/devel/include/contrib/nis.if /usr/share/selinux/devel/include/contrib/nova.if /usr/share/selinux/devel/include/contrib/nscd.if /usr/share/selinux/devel/include/contrib/nsd.if /usr/share/selinux/devel/include/contrib/nslcd.if /usr/share/selinux/devel/include/contrib/ntop.if /usr/share/selinux/devel/include/contrib/ntp.if /usr/share/selinux/devel/include/contrib/numad.if /usr/share/selinux/devel/include/contrib/nut.if /usr/share/selinux/devel/include/contrib/nvme_stas.if /usr/share/selinux/devel/include/contrib/nx.if /usr/share/selinux/devel/include/contrib/oav.if /usr/share/selinux/devel/include/contrib/obex.if /usr/share/selinux/devel/include/contrib/oddjob.if /usr/share/selinux/devel/include/contrib/oident.if /usr/share/selinux/devel/include/contrib/opafm.if /usr/share/selinux/devel/include/contrib/openca.if /usr/share/selinux/devel/include/contrib/openct.if /usr/share/selinux/devel/include/contrib/opendnssec.if /usr/share/selinux/devel/include/contrib/openfortivpn.if /usr/share/selinux/devel/include/contrib/openhpid.if /usr/share/selinux/devel/include/contrib/openshift-origin.if /usr/share/selinux/devel/include/contrib/openshift.if /usr/share/selinux/devel/include/contrib/opensm.if /usr/share/selinux/devel/include/contrib/openvpn.if /usr/share/selinux/devel/include/contrib/openvswitch.if /usr/share/selinux/devel/include/contrib/openwsman.if /usr/share/selinux/devel/include/contrib/oracleasm.if /usr/share/selinux/devel/include/contrib/osad.if /usr/share/selinux/devel/include/contrib/pacemaker.if /usr/share/selinux/devel/include/contrib/pads.if /usr/share/selinux/devel/include/contrib/passenger.if /usr/share/selinux/devel/include/contrib/passt.if /usr/share/selinux/devel/include/contrib/pcmcia.if /usr/share/selinux/devel/include/contrib/pcp.if /usr/share/selinux/devel/include/contrib/pcscd.if /usr/share/selinux/devel/include/contrib/pdns.if /usr/share/selinux/devel/include/contrib/pegasus.if /usr/share/selinux/devel/include/contrib/perdition.if /usr/share/selinux/devel/include/contrib/pesign.if /usr/share/selinux/devel/include/contrib/pingd.if /usr/share/selinux/devel/include/contrib/piranha.if /usr/share/selinux/devel/include/contrib/pkcs.if /usr/share/selinux/devel/include/contrib/pkcs11proxyd.if /usr/share/selinux/devel/include/contrib/pki.if /usr/share/selinux/devel/include/contrib/plymouthd.if /usr/share/selinux/devel/include/contrib/podsleuth.if /usr/share/selinux/devel/include/contrib/policykit.if /usr/share/selinux/devel/include/contrib/polipo.if /usr/share/selinux/devel/include/contrib/portage.if /usr/share/selinux/devel/include/contrib/portmap.if /usr/share/selinux/devel/include/contrib/portreserve.if /usr/share/selinux/devel/include/contrib/portslave.if /usr/share/selinux/devel/include/contrib/postfix.if /usr/share/selinux/devel/include/contrib/postfixpolicyd.if /usr/share/selinux/devel/include/contrib/postgrey.if /usr/share/selinux/devel/include/contrib/ppp.if /usr/share/selinux/devel/include/contrib/prelink.if /usr/share/selinux/devel/include/contrib/prelude.if /usr/share/selinux/devel/include/contrib/privoxy.if /usr/share/selinux/devel/include/contrib/procmail.if /usr/share/selinux/devel/include/contrib/prosody.if /usr/share/selinux/devel/include/contrib/psad.if /usr/share/selinux/devel/include/contrib/ptchown.if /usr/share/selinux/devel/include/contrib/publicfile.if /usr/share/selinux/devel/include/contrib/pulseaudio.if /usr/share/selinux/devel/include/contrib/puppet.if /usr/share/selinux/devel/include/contrib/pwauth.if /usr/share/selinux/devel/include/contrib/pxe.if /usr/share/selinux/devel/include/contrib/pyzor.if /usr/share/selinux/devel/include/contrib/qatlib.if /usr/share/selinux/devel/include/contrib/qemu.if /usr/share/selinux/devel/include/contrib/qmail.if /usr/share/selinux/devel/include/contrib/qpid.if /usr/share/selinux/devel/include/contrib/quantum.if /usr/share/selinux/devel/include/contrib/quota.if /usr/share/selinux/devel/include/contrib/rabbitmq.if /usr/share/selinux/devel/include/contrib/radius.if /usr/share/selinux/devel/include/contrib/radvd.if /usr/share/selinux/devel/include/contrib/raid.if /usr/share/selinux/devel/include/contrib/rasdaemon.if /usr/share/selinux/devel/include/contrib/razor.if /usr/share/selinux/devel/include/contrib/rdisc.if /usr/share/selinux/devel/include/contrib/readahead.if /usr/share/selinux/devel/include/contrib/realmd.if /usr/share/selinux/devel/include/contrib/redis.if /usr/share/selinux/devel/include/contrib/remotelogin.if /usr/share/selinux/devel/include/contrib/resmgr.if /usr/share/selinux/devel/include/contrib/rgmanager.if /usr/share/selinux/devel/include/contrib/rhcd.if /usr/share/selinux/devel/include/contrib/rhcs.if /usr/share/selinux/devel/include/contrib/rhev.if /usr/share/selinux/devel/include/contrib/rhgb.if /usr/share/selinux/devel/include/contrib/rhnsd.if /usr/share/selinux/devel/include/contrib/rhsmcertd.if /usr/share/selinux/devel/include/contrib/ricci.if /usr/share/selinux/devel/include/contrib/rkhunter.if /usr/share/selinux/devel/include/contrib/rkt.if /usr/share/selinux/devel/include/contrib/rlogin.if /usr/share/selinux/devel/include/contrib/rngd.if /usr/share/selinux/devel/include/contrib/rolekit.if /usr/share/selinux/devel/include/contrib/roundup.if /usr/share/selinux/devel/include/contrib/rpc.if /usr/share/selinux/devel/include/contrib/rpcbind.if /usr/share/selinux/devel/include/contrib/rpm.if /usr/share/selinux/devel/include/contrib/rrdcached.if /usr/share/selinux/devel/include/contrib/rshd.if /usr/share/selinux/devel/include/contrib/rshim.if /usr/share/selinux/devel/include/contrib/rssh.if /usr/share/selinux/devel/include/contrib/rsync.if /usr/share/selinux/devel/include/contrib/rtas.if /usr/share/selinux/devel/include/contrib/rtkit.if /usr/share/selinux/devel/include/contrib/rwho.if /usr/share/selinux/devel/include/contrib/samba.if /usr/share/selinux/devel/include/contrib/sambagui.if /usr/share/selinux/devel/include/contrib/samhain.if /usr/share/selinux/devel/include/contrib/sandbox.if /usr/share/selinux/devel/include/contrib/sandboxX.if /usr/share/selinux/devel/include/contrib/sanlock.if /usr/share/selinux/devel/include/contrib/sasl.if /usr/share/selinux/devel/include/contrib/sbd.if /usr/share/selinux/devel/include/contrib/sblim.if /usr/share/selinux/devel/include/contrib/screen.if /usr/share/selinux/devel/include/contrib/sectoolm.if /usr/share/selinux/devel/include/contrib/sendmail.if /usr/share/selinux/devel/include/contrib/sensord.if /usr/share/selinux/devel/include/contrib/setroubleshoot.if /usr/share/selinux/devel/include/contrib/sge.if /usr/share/selinux/devel/include/contrib/shorewall.if /usr/share/selinux/devel/include/contrib/shutdown.if /usr/share/selinux/devel/include/contrib/slocate.if /usr/share/selinux/devel/include/contrib/slpd.if /usr/share/selinux/devel/include/contrib/slrnpull.if /usr/share/selinux/devel/include/contrib/smartmon.if /usr/share/selinux/devel/include/contrib/smokeping.if /usr/share/selinux/devel/include/contrib/smoltclient.if /usr/share/selinux/devel/include/contrib/smsd.if /usr/share/selinux/devel/include/contrib/smstools.if /usr/share/selinux/devel/include/contrib/snapper.if /usr/share/selinux/devel/include/contrib/snmp.if /usr/share/selinux/devel/include/contrib/snort.if /usr/share/selinux/devel/include/contrib/sosreport.if /usr/share/selinux/devel/include/contrib/soundserver.if /usr/share/selinux/devel/include/contrib/spamassassin.if /usr/share/selinux/devel/include/contrib/speech-dispatcher.if /usr/share/selinux/devel/include/contrib/squid.if /usr/share/selinux/devel/include/contrib/sslh.if /usr/share/selinux/devel/include/contrib/sssd.if /usr/share/selinux/devel/include/contrib/stalld.if /usr/share/selinux/devel/include/contrib/stapserver.if /usr/share/selinux/devel/include/contrib/stratisd.if /usr/share/selinux/devel/include/contrib/stunnel.if /usr/share/selinux/devel/include/contrib/svnserve.if /usr/share/selinux/devel/include/contrib/swift.if /usr/share/selinux/devel/include/contrib/swtpm.if /usr/share/selinux/devel/include/contrib/sxid.if /usr/share/selinux/devel/include/contrib/sysstat.if /usr/share/selinux/devel/include/contrib/tangd.if /usr/share/selinux/devel/include/contrib/targetd.if /usr/share/selinux/devel/include/contrib/tcpd.if /usr/share/selinux/devel/include/contrib/tcsd.if /usr/share/selinux/devel/include/contrib/telepathy.if /usr/share/selinux/devel/include/contrib/telnet.if /usr/share/selinux/devel/include/contrib/tftp.if /usr/share/selinux/devel/include/contrib/tgtd.if /usr/share/selinux/devel/include/contrib/thin.if /usr/share/selinux/devel/include/contrib/thumb.if /usr/share/selinux/devel/include/contrib/thunderbird.if /usr/share/selinux/devel/include/contrib/timedatex.if /usr/share/selinux/devel/include/contrib/timidity.if /usr/share/selinux/devel/include/contrib/tlp.if /usr/share/selinux/devel/include/contrib/tmpreaper.if /usr/share/selinux/devel/include/contrib/tomcat.if /usr/share/selinux/devel/include/contrib/tor.if /usr/share/selinux/devel/include/contrib/transproxy.if /usr/share/selinux/devel/include/contrib/tripwire.if /usr/share/selinux/devel/include/contrib/tuned.if /usr/share/selinux/devel/include/contrib/tvtime.if /usr/share/selinux/devel/include/contrib/tzdata.if /usr/share/selinux/devel/include/contrib/ucspitcp.if /usr/share/selinux/devel/include/contrib/ulogd.if /usr/share/selinux/devel/include/contrib/uml.if /usr/share/selinux/devel/include/contrib/updfstab.if /usr/share/selinux/devel/include/contrib/uptime.if /usr/share/selinux/devel/include/contrib/usbmodules.if /usr/share/selinux/devel/include/contrib/usbmuxd.if /usr/share/selinux/devel/include/contrib/userhelper.if /usr/share/selinux/devel/include/contrib/usernetctl.if /usr/share/selinux/devel/include/contrib/uucp.if /usr/share/selinux/devel/include/contrib/uuidd.if /usr/share/selinux/devel/include/contrib/uwimap.if /usr/share/selinux/devel/include/contrib/varnishd.if /usr/share/selinux/devel/include/contrib/vbetool.if /usr/share/selinux/devel/include/contrib/vdagent.if /usr/share/selinux/devel/include/contrib/vhostmd.if /usr/share/selinux/devel/include/contrib/virt.if /usr/share/selinux/devel/include/contrib/virt_supplementary.if /usr/share/selinux/devel/include/contrib/vlock.if /usr/share/selinux/devel/include/contrib/vmtools.if /usr/share/selinux/devel/include/contrib/vmware.if /usr/share/selinux/devel/include/contrib/vnstatd.if /usr/share/selinux/devel/include/contrib/vpn.if /usr/share/selinux/devel/include/contrib/w3c.if /usr/share/selinux/devel/include/contrib/watchdog.if /usr/share/selinux/devel/include/contrib/wdmd.if /usr/share/selinux/devel/include/contrib/webadm.if /usr/share/selinux/devel/include/contrib/webalizer.if /usr/share/selinux/devel/include/contrib/wine.if /usr/share/selinux/devel/include/contrib/wireguard.if /usr/share/selinux/devel/include/contrib/wireshark.if /usr/share/selinux/devel/include/contrib/wm.if /usr/share/selinux/devel/include/contrib/xen.if /usr/share/selinux/devel/include/contrib/xfs.if /usr/share/selinux/devel/include/contrib/xscreensaver.if /usr/share/selinux/devel/include/contrib/zabbix.if /usr/share/selinux/devel/include/contrib/zarafa.if /usr/share/selinux/devel/include/contrib/zebra.if /usr/share/selinux/devel/include/contrib/zoneminder.if /usr/share/selinux/devel/include/contrib/zosremote.if /usr/share/selinux/devel/include/global_booleans.xml /usr/share/selinux/devel/include/global_tunables.xml /usr/share/selinux/devel/include/kernel /usr/share/selinux/devel/include/kernel.xml /usr/share/selinux/devel/include/kernel/corecommands.if /usr/share/selinux/devel/include/kernel/corenetwork.if /usr/share/selinux/devel/include/kernel/devices.if /usr/share/selinux/devel/include/kernel/domain.if /usr/share/selinux/devel/include/kernel/files.if /usr/share/selinux/devel/include/kernel/filesystem.if /usr/share/selinux/devel/include/kernel/kernel.if /usr/share/selinux/devel/include/kernel/mcs.if /usr/share/selinux/devel/include/kernel/mls.if /usr/share/selinux/devel/include/kernel/selinux.if /usr/share/selinux/devel/include/kernel/storage.if /usr/share/selinux/devel/include/kernel/terminal.if /usr/share/selinux/devel/include/kernel/ubac.if /usr/share/selinux/devel/include/kernel/unlabelednet.if /usr/share/selinux/devel/include/roles /usr/share/selinux/devel/include/roles.xml /usr/share/selinux/devel/include/roles/auditadm.if /usr/share/selinux/devel/include/roles/guest.if /usr/share/selinux/devel/include/roles/logadm.if /usr/share/selinux/devel/include/roles/secadm.if /usr/share/selinux/devel/include/roles/staff.if /usr/share/selinux/devel/include/roles/sysadm.if /usr/share/selinux/devel/include/roles/sysadm_secadm.if /usr/share/selinux/devel/include/roles/unconfineduser.if /usr/share/selinux/devel/include/roles/unprivuser.if /usr/share/selinux/devel/include/roles/xguest.if /usr/share/selinux/devel/include/services /usr/share/selinux/devel/include/services.xml /usr/share/selinux/devel/include/services/postgresql.if /usr/share/selinux/devel/include/services/ssh.if /usr/share/selinux/devel/include/services/xserver.if /usr/share/selinux/devel/include/support /usr/share/selinux/devel/include/support/all_perms.spt /usr/share/selinux/devel/include/support/divert.m4 /usr/share/selinux/devel/include/support/file_patterns.spt /usr/share/selinux/devel/include/support/ipc_patterns.spt /usr/share/selinux/devel/include/support/loadable_module.spt /usr/share/selinux/devel/include/support/misc_macros.spt /usr/share/selinux/devel/include/support/misc_patterns.spt /usr/share/selinux/devel/include/support/mls_mcs_macros.spt /usr/share/selinux/devel/include/support/obj_perm_sets.spt /usr/share/selinux/devel/include/support/policy.dtd /usr/share/selinux/devel/include/support/segenxml.py /usr/share/selinux/devel/include/support/undivert.m4 /usr/share/selinux/devel/include/system /usr/share/selinux/devel/include/system.xml /usr/share/selinux/devel/include/system/application.if /usr/share/selinux/devel/include/system/authlogin.if /usr/share/selinux/devel/include/system/clock.if /usr/share/selinux/devel/include/system/fstools.if /usr/share/selinux/devel/include/system/getty.if /usr/share/selinux/devel/include/system/hostname.if /usr/share/selinux/devel/include/system/init.if /usr/share/selinux/devel/include/system/ipsec.if /usr/share/selinux/devel/include/system/iptables.if /usr/share/selinux/devel/include/system/libraries.if /usr/share/selinux/devel/include/system/locallogin.if /usr/share/selinux/devel/include/system/logging.if /usr/share/selinux/devel/include/system/lvm.if /usr/share/selinux/devel/include/system/miscfiles.if /usr/share/selinux/devel/include/system/modutils.if /usr/share/selinux/devel/include/system/mount.if /usr/share/selinux/devel/include/system/netlabel.if /usr/share/selinux/devel/include/system/selinuxutil.if /usr/share/selinux/devel/include/system/setrans.if /usr/share/selinux/devel/include/system/sysnetwork.if /usr/share/selinux/devel/include/system/systemd.if /usr/share/selinux/devel/include/system/udev.if /usr/share/selinux/devel/include/system/unconfined.if /usr/share/selinux/devel/include/system/userdomain.if /usr/share/selinux/devel/policy.dtd /usr/share/selinux/devel/policy.xml /var/lib/sepolgen/interface_info
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Jul 19 00:06:35 2024