Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: selinux-policy-doc | Distribution: openSUSE:Factory:zSystems |
Version: 20240321 | Vendor: openSUSE |
Release: 1.2 | Build date: Thu Mar 21 11:44:09 2024 |
Group: System/Management | Build host: reproducible |
Size: 36385137 | Source RPM: selinux-policy-20240321-1.2.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://github.com/fedora-selinux/selinux-policy.git | |
Summary: SELinux policy documentation |
SELinux policy documentation package
GPL-2.0-or-later
* Thu Mar 21 2024 jsegitz@suse.com - Update to version 20240321: * policy module for kiwi (bsc#1221109) * dontaudit execmem for modemmanager (bsc#1219363) * Wed Mar 13 2024 cathy.hu@suse.com - Update to version 20240313: * Assign alts_exec_t to files_type * Fri Mar 08 2024 cathy.hu@suse.com - Update to version 20240308: * Support /bin/alts in the policy (bsc#1217530) * Revert "Allow virtnetworkd_t to execute bin_t (bsc#1216903)" * Wed Mar 06 2024 cathy.hu@suse.com - Update to version 20240306: * Replace init domtrans rule for confined users to allow exec init * Update dbus_role_template() to allow user service status * Allow polkit status all systemd services * Allow setroubleshootd create and use inherited io_uring * Allow load_policy read and write generic ptys * Mon Mar 04 2024 cathy.hu@suse.com - Update to version 20240304: * Allow ssh-keygen to use the libica crypto module (bsc#1220373) * Mon Feb 05 2024 cathy.hu@suse.com - Update to version 20240205: * Allow gpg manage rpm cache * Allow login_userdomain name_bind to howl and xmsg udp ports * Allow rules for confined users logged in plasma * Label /dev/iommu with iommu_device_t * Remove duplicate file context entries in /run * Dontaudit getty and plymouth the checkpoint_restore capability * Allow su domains write login records * Revert "Allow su domains write login records" * Allow login_userdomain delete session dbusd tmp socket files * Allow unix dgram sendto between exim processes * Allow su domains write login records * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on * Allow chronyd-restricted read chronyd key files * Allow conntrackd_t to use bpf capability2 * Allow systemd-networkd manage its runtime socket files * Allow init_t nnp domain transition to colord_t * Allow polkit status systemd services * nova: Fix duplicate declarations * Allow httpd work with PrivateTmp * Add interfaces for watching and reading ifconfig_var_run_t * Allow collectd read raw fixed disk device * Allow collectd read udev pid files * Set correct label on /etc/pki/pki-tomcat/kra * Allow systemd domains watch system dbus pid socket files * Allow certmonger read network sysctls * Allow mdadm list stratisd data directories * Allow syslog to run unconfined scripts conditionally * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t * Allow qatlib set attributes of vfio device files * Allow systemd-sleep set attributes of efivarfs files * Allow samba-dcerpcd read public files * Allow spamd_update_t the sys_ptrace capability in user namespace * Allow bluetooth devices work with alsa * Allow alsa get attributes filesystems with extended attributes * Allow hypervkvp_t write access to NetworkManager_etc_rw_t * Add interface for write-only access to NetworkManager rw conf * Allow systemd-sleep send a message to syslog over a unix dgram socket * Allow init create and use netlink netfilter socket * Allow qatlib load kernel modules * Allow qatlib run lspci * Allow qatlib manage its private runtime socket files * Allow qatlib read/write vfio devices * Label /etc/redis.conf with redis_conf_t * Remove the lockdown-class rules from the policy * Allow init read all non-security socket files * Replace redundant dnsmasq pattern macros * Remove unneeded symlink perms in dnsmasq.if * Add additions to dnsmasq interface * Allow nvme_stas_t create and use netlink kobject uevent socket * Allow collectd connect to statsd port * Allow keepalived_t to use sys_ptrace of cap_userns * Allow dovecot_auth_t connect to postgresql using UNIX socket * Make named_zone_t and named_var_run_t a part of the mountpoint attribute * Allow sysadm execute traceroute in sysadm_t domain using sudo * Allow sysadm execute tcpdump in sysadm_t domain using sudo * Allow opafm search nfs directories * Add support for syslogd unconfined scripts * Allow gpsd use /dev/gnss devices * Allow gpg read rpm cache * Allow virtqemud additional permissions * Allow virtqemud manage its private lock files * Allow virtqemud use the io_uring api * Allow ddclient send e-mail notifications * Allow postfix_master_t map postfix data files * Allow init create and use vsock sockets * Allow thumb_t append to init unix domain stream sockets * Label /dev/vas with vas_device_t * Create interface selinux_watch_config and add it to SELinux users * Update cifs interfaces to include fs_search_auto_mountpoints() * Allow sudodomain read var auth files * Allow spamd_update_t read hardware state information * Allow virtnetworkd domain transition on tc command execution * Allow sendmail MTA connect to sendmail LDA * Allow auditd read all domains process state * Allow rsync read network sysctls * Add dhcpcd bpf capability to run bpf programs * Dontaudit systemd-hwdb dac_override capability * Allow systemd-sleep create efivarfs files * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on * Allow graphical applications work in Wayland * Allow kdump work with PrivateTmp * Allow dovecot-auth work with PrivateTmp * Allow nfsd get attributes of all filesystems * Allow unconfined_domain_type use io_uring cmd on domain * ci: Only run Rawhide revdeps tests on the rawhide branch * Label /var/run/auditd.state as auditd_var_run_t * Allow fido-device-onboard (FDO) read the crack database * Allow ip an explicit domain transition to other domains * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t * Allow winbind_rpcd_t processes access when samba_export_all_* is on * Enable NetworkManager and dhclient to use initramfs-configured DHCP connection * Allow ntp to bind and connect to ntske port. * Tue Jan 16 2024 cathy.hu@suse.com - Update to version 20240116: * Fix gitolite homedir paths (bsc#1218826) * Tue Jan 09 2024 cathy.hu@suse.com - Update to version 20240104: * Allow keepalived_t read+write kernel_t pipes (bsc#1216060) * allow rebootmgr to read the system state (bsc#1205931) * Tue Nov 28 2023 Hu <cathy.hu@suse.com> - Trigger rebuild of the policy when pcre2 gets updated to avoid regex version mismatch errors (bsc#1216747). * Fri Nov 24 2023 cathy.hu@suse.com - Update to version 20231124: * Allow virtnetworkd_t to execute bin_t (bsc#1216903) * Wed Nov 22 2023 Hu <cathy.hu@suse.com> - Add new modules that were missed in the last update to modules-mls-contrib.conf * Wed Nov 22 2023 Hu <cathy.hu@suse.com> - Add new modules that were missed in the last update to modules-targeted-contrib.conf * Mon Oct 30 2023 cathy.hu@suse.com - Update to version 20231030: * Allow system_mail_t manage exim spool files and dirs * Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t * Label /run/pcsd.socket with cluster_var_run_t * ci: Run cockpit tests in PRs * Add map_read map_write to kernel_prog_run_bpf * Allow systemd-fstab-generator read all symlinks * Allow systemd-fstab-generator the dac_override capability * Allow rpcbind read network sysctls * Support using systemd containers * Allow sysadm_t to connect to iscsid using a unix domain stream socket * Add policy for coreos installer * Add policy for nvme-stas * Confine systemd fstab,sysv,rc-local * Label /etc/aliases.lmdb with etc_aliases_t * Create policy for afterburn * Make new virt drivers permissive * Split virt policy, introduce virt_supplementary module * Allow apcupsd cgi scripts read /sys * Allow kernel_t to manage and relabel all files * Add missing optional_policy() to files_relabel_all_files() * Allow named and ndc use the io_uring api * Deprecate common_anon_inode_perms usage * Improve default file context(None) of /var/lib/authselect/backups * Allow udev_t to search all directories with a filesystem type * Implement proper anon_inode support * Allow targetd write to the syslog pid sock_file * Add ipa_pki_retrieve_key_exec() interface * Allow kdumpctl_t to list all directories with a filesystem type * Allow udev additional permissions * Allow udev load kernel module * Allow sysadm_t to mmap modules_object_t files * Add the unconfined_read_files() and unconfined_list_dirs() interfaces * Set default file context of HOME_DIR/tmp/.* to <<none>> * Allow kernel_generic_helper_t to execute mount(1) * Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t * Allow systemd-localed create Xserver config dirs * Allow sssd read symlinks in /etc/sssd * Label /dev/gnss[0-9] with gnss_device_t * Allow systemd-sleep read/write efivarfs variables * ci: Fix version number of packit generated srpms * Dontaudit rhsmcertd write memory device * Allow ssh_agent_type create a sockfile in /run/user/USERID * Set default file context of /var/lib/authselect/backups to <<none>> * Allow prosody read network sysctls * Allow cupsd_t to use bpf capability * Allow sssd domain transition on passkey_child execution conditionally * Allow login_userdomain watch lnk_files in /usr * Allow login_userdomain watch video4linux devices * Change systemd-network-generator transition to include class file * Revert "Change file transition for systemd-network-generator" * Allow nm-dispatcher winbind plugin read/write samba var files * Allow systemd-networkd write to cgroup files * Allow kdump create and use its memfd: objects * Allow fedora-third-party get generic filesystem attributes * Allow sssd use usb devices conditionally * Update policy for qatlib * Allow ssh_agent_type manage generic cache home files * Change file transition for systemd-network-generator * Additional support for gnome-initial-setup * Update gnome-initial-setup policy for geoclue * Allow openconnect vpn open vhost net device * Allow cifs.upcall to connect to SSSD also through the /var/run socket * Grant cifs.upcall more required capabilities * Allow xenstored map xenfs files * Update policy for fdo * Allow keepalived watch var_run dirs * Allow svirt to rw /dev/udmabuf * Allow qatlib to modify hardware state information. * Allow key.dns_resolve connect to avahi over a unix stream socket * Allow key.dns_resolve create and use unix datagram socket * Use quay.io as the container image source for CI * ci: Move srpm/rpm build to packit * .copr: Avoid subshell and changing directory * Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file * Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t * Make insights_client_t an unconfined domain * Allow insights-client manage user temporary files * Allow insights-client create all rpm logs with a correct label * Allow insights-client manage generic logs * Allow cloud_init create dhclient var files and init_t manage net_conf_t * Allow insights-client read and write cluster tmpfs files * Allow ipsec read nsfs files * Make tuned work with mls policy * Remove nsplugin_role from mozilla.if * allow mon_procd_t self:cap_userns sys_ptrace * Allow pdns name_bind and name_connect all ports * Set the MLS range of fsdaemon_t to s0 - mls_systemhigh * ci: Move to actions/checkout@v3 version * .copr: Replace chown call with standard workflow safe.directory setting * .copr: Enable `set -u` for robustness * .copr: Simplify root directory variable * Allow rhsmcertd dbus chat with policykit * Allow polkitd execute pkla-check-authorization with nnp transition * Allow user_u and staff_u get attributes of non-security dirs * Allow unconfined user filetrans chrome_sandbox_home_t * Allow svnserve execute postdrop with a transition * Do not make postfix_postdrop_t type an MTA executable file * Allow samba-dcerpc service manage samba tmp files * Add use_nfs_home_dirs boolean for mozilla_plugin * Fix labeling for no-stub-resolv.conf * Revert "Allow winbind-rpcd use its private tmp files" * Allow upsmon execute upsmon via a helper script * Allow openconnect vpn read/write inherited vhost net device * Allow winbind-rpcd use its private tmp files * Update samba-dcerpc policy for printing * Allow gpsd,oddjob,oddjob_mkhomedir rw user domain pty * Allow nscd watch system db dirs * Allow qatlib to read sssd public files * Allow fedora-third-party read /sys and proc * Allow systemd-gpt-generator mount a tmpfs filesystem * Allow journald write to cgroup files * Allow rpc.mountd read network sysctls * Allow blueman read the contents of the sysfs filesystem * Allow logrotate_t to map generic files in /etc * Boolean: Allow virt_qemu_ga create ssh directory * Allow systemd-network-generator send system log messages * Dontaudit the execute permission on sock_file globally * Allow fsadm_t the file mounton permission * Allow named and ndc the io_uring sqpoll permission * Allow sssd io_uring sqpoll permission * Fix location for /run/nsd * Allow qemu-ga get fixed disk devices attributes * Update bitlbee policy * Label /usr/sbin/sos with sosreport_exec_t * Update policy for the sblim-sfcb service * Add the files_getattr_non_auth_dirs() interface * Fix the CI to work with DNF5 * Make systemd_tmpfiles_t MLS trusted for lowering the level of files * Revert "Allow insights client map cache_home_t" * Allow nfsidmapd connect to systemd-machined over a unix socket * Allow snapperd connect to kernel over a unix domain stream socket * Allow virt_qemu_ga_t create .ssh dir with correct label * Allow targetd read network sysctls * Set the abrt_handle_event boolean to on * Permit kernel_t to change the user identity in object contexts * Allow insights client map cache_home_t * Label /usr/sbin/mariadbd with mysqld_exec_t * Allow httpd tcp connect to redis port conditionally * Label only /usr/sbin/ripd and ripngd with zebra_exec_t * Dontaudit aide the execmem permission * Remove permissive from fdo * Allow sa-update manage spamc home files * Allow sa-update connect to systemlog services * Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t * Allow nsd_crond_t write nsd_var_run_t & connectto nsd_t * Allow bootupd search EFI directory * Change init_audit_control default value to true * Allow nfsidmapd connect to systemd-userdbd with a unix socket * Add the qatlib module * Add the fdo module * Add the bootupd module * Set default ports for keylime policy * Create policy for qatlib * Add policy for FIDO Device Onboard * Add policy for bootupd * Add support for kafs-dns requested by keyutils * Allow insights-client execmem * Add support for chronyd-restricted * Add init_explicit_domain() interface * Allow fsadm_t to get attributes of cgroup filesystems * Add list_dir_perms to kerberos_read_keytab * Label /var/run/tmpfiles.d/static-nodes.conf with kmod_var_run_t * Allow sendmail manage its runtime files * Thu Oct 12 2023 cathy.hu@suse.com - Update to version 20231012: * Allow sssd_t watch permission to net_conf_t dirs (bsc#1216052) * Revert fix for bsc#1205770 since it causes a regression for bsc#1214887 * Wed Oct 04 2023 Johannes Segitz <jsegitz@suse.com> - Use /var/adm/update-scripts in macros.selinux-policy. The rpm state directory doesn't exist on SUSE systems (bsc#1213593) * Tue Sep 19 2023 Johannes Segitz <jsegitz@suse.com> - Modified update.sh to require first parameter "full" to also update container-selinux. For maintenance updates you usually don't want it to be updated * Fri Jul 28 2023 filippo.bonazzi@suse.com - Update to version 20230728: * Allow kdump_t to manage symlinks under kdump_var_lib_t (bsc#1213721) * allow haveged to manage tmpfs directories (bsc#1213594) * Thu Jun 22 2023 jsegitz@suse.com - Update to version 20230622: * Allow keyutils_dns_resolver_exec_t be an entrypoint * Allow collectd_t read network state symlinks * Revert "Allow collectd_t read proc_net link files" * Allow nfsd_t to list exports_t dirs * Allow cupsd dbus chat with xdm * Allow haproxy read hardware state information * Label /dev/userfaultfd with userfaultfd_t * Allow blueman send general signals to unprivileged user domains * Allow dkim-milter domain transition to sendmail * Tue Apr 25 2023 cathy.hu@suse.com - Update to version 20230425: * Remove unneeded manage_dirs_pattern for lastlog_t (bsc#1210461) * Add policy for wtmpdb (bsc#1210717) * Tue Apr 25 2023 cathy.hu@suse.com - Update to version 20230425: * Add support for lastlog2 (bsc#1210461) * allow the chrony client to use unallocated ttys (bsc#1210672) * Thu Apr 20 2023 jsegitz@suse.com - Update to version 20230420: * libzypp creates temporary files in /var/adm/mount. Label it with rpm_var_cache_t to prevent wrong labels in /var/cache/zypp * only use rsync_exec_t for the rsync server, not for the client (bsc#1209890) * properly label sshd-gen-keys-start to ensure ssh host keys have proper labels after creation * Allow dovecot-deliver write to the main process runtime fifo files * Allow dmidecode write to cloud-init tmp files * Allow chronyd send a message to cloud-init over a datagram socket * Allow cloud-init domain transition to insights-client domain * Allow mongodb read filesystem sysctls * Allow mongodb read network sysctls * Allow accounts-daemon read generic systemd unit lnk files * Allow blueman watch generic device dirs * Allow nm-dispatcher tlp plugin create tlp dirs * Allow systemd-coredump mounton /usr * Allow rabbitmq to read network sysctls * Allow certmonger dbus chat with the cron system domain * Allow geoclue read network sysctls * Allow geoclue watch the /etc directory * Allow logwatch_mail_t read network sysctls * allow systemd_resolved_t to bind to all nodes (bsc#1200182) * Allow insights-client read all sysctls * Allow passt manage qemu pid sock files * Allow sssd read accountsd fifo files * Add support for the passt_t domain * Allow virtd_t and svirt_t work with passt * Add new interfaces in the virt module * Add passt interfaces defined conditionally * Allow tshark the setsched capability * Allow poweroff create connections to system dbus * Allow wg load kernel modules, search debugfs dir * Boolean: allow qemu-ga manage ssh home directory * Label smtpd with sendmail_exec_t * Label msmtp and msmtpd with sendmail_exec_t * Allow dovecot to map files in /var/spool/dovecot * Confine gnome-initial-setup * Allow qemu-guest-agent create and use vsock socket * Allow login_pgm setcap permission * Allow chronyc read network sysctls * Enhancement of the /usr/sbin/request-key helper policy * Fix opencryptoki file names in /dev/shm * Allow system_cronjob_t transition to rpm_script_t * Revert "Allow system_cronjob_t domtrans to rpm_script_t" * Add tunable to allow squid bind snmp port * Allow staff_t getattr init pid chr & blk files and read krb5 * Allow firewalld to rw z90crypt device * Allow httpd work with tokens in /dev/shm * Allow svirt to map svirt_image_t char files * Allow sysadm_t run initrc_t script and sysadm_r role access * Allow insights-client manage fsadm pid files * Allowing snapper to create snapshots of /home/ subvolume/partition * Add boolean qemu-ga to run unconfined script * Label systemd-journald feature LogNamespace * Add none file context for polyinstantiated tmp dirs * Allow certmonger read the contents of the sysfs filesystem * Add journalctl the sys_resource capability * Allow nm-dispatcher plugins read generic files in /proc * Tue Mar 28 2023 Hu <cathy.hu@suse.com> - Add debug-build.sh script to make debugging without committing easier * Tue Mar 21 2023 jsegitz@suse.com - Update to version 20230321: * make kernel_t unconfined again * Thu Mar 16 2023 jsegitz@suse.com - Update to version 20230316: * prevent labeling of overlayfs filesystems based on the /var/lib/overlay path * allow kernel_t to relabel etc_t files * allow kernel_t to relabel sysnet config files * allow kernel_t to relabel systemd hwdb etc files * add systemd_hwdb_relabel_etc_files to allow labeling of hwdb files * change sysnet_relabelto_net_conf and sysnet_relabelfrom_net_conf to apply to files and lnk_files. lnk_files are commonly used in SUSE to allow easy management of config files * add files_relabel_etc_files_basic and files_relabel_etc_lnk_files_basic interfaces to allow labeling on etc_t, not on the broader configfiles attribute * Allow systemd-timesyncd to bind to generic UDP ports (bsc#1207962). The watch permissions reported are already fixed in a current policy. - Reinstate update.sh and remove container-selinux from the service. Having both repos in there causes issues and update.sh makes the update process easier in general. Updated README.Update * Tue Mar 07 2023 Johannes Segitz <jsegitz@suse.com> - Remove erroneous SUSE man page. Will not be created with the 3.5 toolchain * Tue Feb 14 2023 Hu <cathy.hu@suse.com> - Complete packaging rework: Move policy to git repository and only use tar_scm obs service to refresh from there: https://gitlab.suse.de/selinux/selinux-policy Please use `osc service manualrun` to update this OBS package to the newest git version. * Added README.Update describing how to update this package * Added _service file that pulls from selinux-policy and upstream container-selinux and tars them * Adapted selinux-policy.spec to build selinux-policy with container-selinux * Removed update.sh as no longer needed * Removed suse specific modules as they are now covered by git commits * packagekit.te packagekit.if packagekit.fc * rebootmgr.te rebootmgr.if rebootmgr.fc * rtorrent.te rtorrent.if rtorrent.fc * wicked.te wicked.if wicked.fc * Removed *.patch as they are now covered by git commits: * distro_suse_to_distro_redhat.patch * dontaudit_interface_kmod_tmpfs.patch * fix_accountsd.patch * fix_alsa.patch * fix_apache.patch * fix_auditd.patch * fix_authlogin.patch * fix_automount.patch * fix_bitlbee.patch * fix_chronyd.patch * fix_cloudform.patch * fix_colord.patch * fix_corecommand.patch * fix_cron.patch * fix_dbus.patch * fix_djbdns.patch * fix_dnsmasq.patch * fix_dovecot.patch * fix_entropyd.patch * fix_firewalld.patch * fix_fwupd.patch * fix_geoclue.patch * fix_hypervkvp.patch * fix_init.patch * fix_ipsec.patch * fix_iptables.patch * fix_irqbalance.patch * fix_java.patch * fix_kernel.patch * fix_kernel_sysctl.patch * fix_libraries.patch * fix_locallogin.patch * fix_logging.patch * fix_logrotate.patch * fix_mcelog.patch * fix_miscfiles.patch * fix_nagios.patch * fix_networkmanager.patch * fix_nis.patch * fix_nscd.patch * fix_ntp.patch * fix_openvpn.patch * fix_postfix.patch * fix_rpm.patch * fix_rtkit.patch * fix_screen.patch * fix_selinuxutil.patch * fix_sendmail.patch * fix_smartmon.patch * fix_snapper.patch * fix_sslh.patch * fix_sysnetwork.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_thunderbird.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_userdomain.patch * fix_usermanage.patch * fix_wine.patch * fix_xserver.patch * sedoctool.patch * systemd_domain_dyntrans_type.patch * Mon Feb 06 2023 Johannes Segitz <jsegitz@suse.com> - Update to version 20230206. Refreshed: * fix_entropyd.patch * fix_networkmanager.patch * fix_systemd_watch.patch * fix_unconfineduser.patch - Updated fix_kernel.patch to allow kernel_t access to xdm state. This is necessary as plymouth doesn't run in it's own domain in early boot * Mon Jan 16 2023 Johannes Segitz <jsegitz@suse.com> - Update to version 20230125. Refreshed: * distro_suse_to_distro_redhat.patch * fix_dnsmasq.patch * fix_init.patch * fix_ipsec.patch * fix_kernel_sysctl.patch * fix_logging.patch * fix_rpm.patch * fix_selinuxutil.patch * fix_systemd_watch.patch * fix_userdomain.patch - More flexible lib(exec) matching in fix_fwupd.patch - Removed sys_admin for systemd_gpt_generator_t in fix_systemd.patch - Dropped fix_container.patch, is now upstream - Added fix_entropyd.patch * Added new interface entropyd_semaphore_filetrans to properly transfer semaphore created during early boot. That doesn't work yet, so work around with next item * Allow reading tempfs files - Added fix_kernel.patch. Added modutils_execute_kmod_tmpfs_files interace to allow kmod_tmpfs_t files to be executed. Necessary for firewalld - Added fix_rtkit.patch to fix labeling of binary - Modified fix_ntp.patch: * Proper labeling for start-ntpd * Fixed label rules for chroot path * Temporarily allow dac_override for ntpd_t (bsc#1207577) * Add interface ntp_manage_pid_files to allow management of pid files - Updated fix_networkmanager.patch to allow managing ntp pid files * Thu Jan 12 2023 Johannes Segitz <jsegitz@suse.com> - Update fix_container.patch to allow privileged containers to use localectl (bsc#1207077) * Wed Jan 11 2023 Johannes Segitz <jsegitz@suse.com> - Add fix_container.patch to allow privileged containers to use timedatectl (bsc#1207054) * Thu Dec 15 2022 Hu <cathy.hu@suse.com> - Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan (bnc#1206445) * Wed Dec 14 2022 Hu <cathy.hu@suse.com> - Added policy for wicked scripts under /etc/sysconfig/network/scripts (bnc#1205770) * Wed Dec 14 2022 Johannes Segitz <jsegitz@suse.com> - Add fix_sendmail.patch * fix context of custom sendmail startup helper * fix context of /var/run/sendmail and add necessary rules to manage content in there * Tue Dec 13 2022 Johannes Segitz <jsegitz@suse.com> - Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and nm-priv-helper until the packaging is adjusted (bsc#1206355) - Update fix_chronyd.patch to allow sendto towards NetworkManager_dispatcher_custom_t. Added new interface networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357) - Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895) * Tue Dec 06 2022 Johannes Segitz <jsegitz@suse.com> - Updated fix_networkmanager.patch to allow NetworkManager to watch net_conf_t (bsc#1206109) * Wed Nov 30 2022 Filippo Bonazzi <filippo.bonazzi@suse.com> - Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434) * Wed Nov 30 2022 Filippo Bonazzi <filippo.bonazzi@suse.com> - Drop fix_irqbalance.patch: superseded by upstream * Thu Nov 24 2022 Hu <cathy.hu@suse.com> - fix_sysnetwork.patch: firewalld uses /etc/sysconfig/network/ for network interface definition instead of /etc/sysconfig/network-scripts/, modified sysnetwork.fc to reflect that (bsc#1205580). * Wed Oct 19 2022 Johannes Segitz <jsegitz@suse.com> - Update to version 20221019. Refreshed: * distro_suse_to_distro_redhat.patch * fix_apache.patch * fix_chronyd.patch * fix_cron.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_rpm.patch * fix_sysnetwork.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_xserver.patch - Dropped fix_cockpit.patch as this is now packaged with cockpit itself - Remove the ipa module, freeip ships their own module - Added fix_alsa.patch to allow reading of config files in home directories - Extended fix_networkmanager.patch and fix_postfix.patch to account for SUSE systems - Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc queries the running processes - Updated fix_snapper.patch to allow snapper to talk to rpm via dbus * Fri Sep 30 2022 Johannes Segitz <jsegitz@suse.com> - Updated quilt couldn't unpack tarball. This will cause ongoing issues so drop the sed statement in the %prep section and add distro_suse_to_distro_redhat.patch to add the necessary changes via a patch * Thu Sep 29 2022 Johannes Segitz <jsegitz@suse.com> - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824) * Tue Sep 27 2022 Filippo Bonazzi <filippo.bonazzi@suse.com> - Update fix_xserver.patch to add greetd support (bsc#1198559) * Mon Sep 12 2022 Johannes Segitz <jsegitz@suse.com> - Revamped rtorrent module * Fri Aug 26 2022 Thorsten Kukuk <kukuk@suse.com> - Move SUSE directory from manual page section to html docu * Wed Jul 27 2022 Hu <cathy.hu@suse.com> - fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t and NetworkManager_dispatcher_custom_t to access nscd socket (bsc#1201741) * Tue Jul 26 2022 Zdenek Kubala <zkubala@suse.com> - Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper (bnc#1201015) * Thu Jul 14 2022 Johannes Segitz <jsegitz@suse.com> - Update to version 20220714. Refreshed: * fix_init.patch * fix_systemd_watch.patch * Wed Jul 13 2022 Johannes Segitz <jsegitz@suse.com> - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911) * Mon Jul 11 2022 Johannes Segitz <jsegitz@suse.com> - postfix: Label PID files and some helpers correctly (bsc#1197242) * Fri Jun 24 2022 Johannes Segitz <jsegitz@suse.com> - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984) * Fri Jun 24 2022 Johannes Segitz <jsegitz@suse.com> - Update to version 20220624. Refreshed: * fix_init.patch * fix_kernel_sysctl.patch * fix_logging.patch * fix_networkmanager.patch * fix_unprivuser.patch Dropped fix_hadoop.patch, not necessary anymore * Updated fix_locallogin.patch to allow accesses for nss-systemd (bsc#1199630) * Fri May 20 2022 Johannes Segitz <jsegitz@suse.com> - Update to version 20220520 to pass stricter 3.4 toolchain checks * Fri May 20 2022 Johannes Segitz <jsegitz@suse.com> - Update to version 20220428. Refreshed: * fix_apache.patch * fix_hadoop.patch * fix_init.patch * fix_iptables.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unprivuser.patch * fix_usermanage.patch * fix_wine.patch * Thu May 19 2022 Johannes Segitz <jsegitz@suse.com> - Add fix_dnsmasq.patch to fix problems with virtualization on Microos (bsc#1199518) * Tue May 03 2022 Johannes Segitz <jsegitz@suse.com> - Modified fix_init.patch to allow init to setup contrained environment for accountsservice. This needs a better, more general solution (bsc#1197610) * Mon May 02 2022 Johannes Segitz <jsegitz@suse.com> - Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition. This happens in certain boot conditions (bsc#1182500) - Changed fix_unconfineduser.patch to not transition into ldconfig_t from unconfined_t (bsc#1197169) * Thu Feb 17 2022 Klaus Kämpf <kkaempf@suse.com> - use %license tag for COPYING file * Thu Feb 10 2022 Johannes Segitz <jsegitz@suse.com> - Updated fix_cron.patch. Adjust labeling for at (bsc#1195683) * Wed Feb 09 2022 Filippo Bonazzi <filippo.bonazzi@suse.com> - Fix bitlbee runtime directory (bsc#1193230) * add fix_bitlbee.patch * Mon Jan 24 2022 Johannes Segitz <jsegitz@suse.com> - Update to version 20220124. Refreshed: * fix_hadoop.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_systemd.patch * fix_systemd_watch.patch - Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987) * Fri Jan 14 2022 Johannes Segitz <jsegitz@suse.com> - Allow colord to use systemd hardenings (bsc#1194631) * Thu Nov 11 2021 Johannes Segitz <jsegitz@suse.com> - Update to version 20211111. Refreshed: * fix_dbus.patch * fix_systemd.patch * fix_authlogin.patch * fix_auditd.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_chronyd.patch * fix_unconfineduser.patch * fix_unconfined.patch * fix_firewalld.patch * fix_init.patch * fix_xserver.patch * fix_logging.patch * fix_hadoop.patch * Mon Oct 25 2021 Marcus Meissner <meissner@suse.com> - fix_wine.patch: give Wine .dll same context as .so (bsc#1191976) * Tue Sep 28 2021 Enzo Matsumiya <ematsumiya@suse.com> - Fix auditd service start with systemd hardening directives (boo#1190918) * add fix_auditd.patch * Thu Sep 02 2021 Johannes Segitz <jsegitz@suse.com> - Modified fix_systemd.patch to allow systemd gpt generator access to udev files (bsc#1189280) * Fri Aug 27 2021 Ales Kedroutek <ales.kedroutek@suse.com> - fix rebootmgr does not trigger the reboot properly (boo#1189878) * fix managing /etc/rebootmgr.conf * allow rebootmgr_t to cope with systemd and dbus messaging * Thu Aug 26 2021 Johannes Segitz <jsegitz@suse.com> - Properly label cockpit files - Allow wicked to communicate with network manager on DBUS (bsc#1188331) * Mon Aug 23 2021 Ales Kedroutek <ales.kedroutek@suse.com> - Added policy module for rebootmgr (jsc#SMO-28) * Tue Aug 17 2021 Ludwig Nussel <lnussel@suse.de> - Allow systemd-sysctl to read kernel specific sysctl.conf (fix_kernel_sysctl.patch, boo#1184804) * Tue Aug 10 2021 Ludwig Nussel <lnussel@suse.de> - Fix quoting in postInstall macro * Fri Jul 16 2021 Johannes Segitz <jsegitz@suse.com> - Update to version 20210716 - Remove interfaces for container module before building the package (bsc#1188184) - Updated * fix_init.patch * fix_systemd_watch.patch to adapt to upstream changes * Thu Jul 15 2021 Callum Farmer <gmbr3@opensuse.org> - Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing here * Tue Jul 06 2021 Alberto Planas Dominguez <aplanas@suse.com> - Add tabrmd SELinux modules from upstream (bsc#1187925) https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux - Automatic spec-cleaner to fix ordering and misaligned spaces * Mon Jun 28 2021 Johannes Segitz <jsegitz@suse.com> - Update to version 20210419 - Dropped fix_gift.patch, module was removed - Updated wicked.te to removed dropped interface - Refreshed: * fix_cockpit.patch * fix_hadoop.patch * fix_init.patch * fix_logging.patch * fix_logrotate.patch * fix_networkmanager.patch * fix_nscd.patch * fix_rpm.patch * fix_selinuxutil.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_thunderbird.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_xserver.patch * Tue May 18 2021 Ludwig Nussel <lnussel@suse.de> - allow systemd to watch /usr, /usr/lib, /etc, /etc/pki as we have path units that trigger on changes in those. Added fix_systemd_watch.patch - own /usr/share/selinux/packages/$SELINUXTYPE/ and /var/lib/selinux/$SELINUXTYPE/active/modules/* to allow packages to install files there * Wed Apr 28 2021 Ludwig Nussel <lnussel@suse.de> - allow cockpit socket to bind nodes (fix_cockpit.patch) - use %autosetup to get rid of endless patch lines * Tue Apr 27 2021 Johannes Segitz <jsegitz@suse.com> - Updated fix_networkmanager.patch to allow NetworkManager to watch its configuration directories - Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207) * Mon Apr 26 2021 Johannes Segitz <jsegitz@suse.com> - Added Recommends for selinux-autorelabel (bsc#1181837) - Prevent libreoffice fonts from changing types on every relabel (bsc#1185265). Added fix_libraries.patch * Fri Apr 23 2021 Johannes Segitz <jsegitz@suse.com> - Transition unconfined users to ldconfig type (bsc#1183121). Extended fix_unconfineduser.patch * Mon Apr 19 2021 Johannes Segitz <jsegitz@suse.com> - Update to version 20210419 - Refreshed: * fix_dbus.patch * fix_hadoop.patch * fix_init.patch * fix_unprivuser.patch * Fri Mar 12 2021 Ales Kedroutek <ales.kedroutek@suse.com> - Adjust fix_init.patch to allow systemd to do sd-listen on tcp socket [bsc#1183177] * Tue Mar 09 2021 Johannes Segitz <jsegitz@suse.com> - Update to version 20210309 - Refreshed * fix_systemd.patch * fix_selinuxutil.patch * fix_iptables.patch * fix_init.patch * fix_logging.patch * fix_nscd.patch * fix_hadoop.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * fix_cron.patch * fix_usermanage.patch * fix_unprivuser.patch * fix_rpm.patch - Ensure that /usr/etc is labeled according to /etc rules * Tue Feb 23 2021 Thorsten Kukuk <kukuk@suse.com> - Update to version 20210223 - Change name of tar file to a more common schema to allow parallel installation of several source versions - Adjust fix_init.patch * Mon Jan 11 2021 Thorsten Kukuk <kukuk@suse.com> - Update to version 20210111 - Drop fix_policykit.patch (integrated upstream) - Adjust fix_iptables.patch - update container policy
/usr/share/doc/selinux-policy /usr/share/doc/selinux-policy/Makefile.example /usr/share/doc/selinux-policy/example.fc /usr/share/doc/selinux-policy/example.if /usr/share/doc/selinux-policy/example.te /usr/share/doc/selinux-policy/html /usr/share/doc/selinux-policy/html/admin.html /usr/share/doc/selinux-policy/html/admin_bootloader.html /usr/share/doc/selinux-policy/html/admin_consoletype.html /usr/share/doc/selinux-policy/html/admin_dmesg.html /usr/share/doc/selinux-policy/html/admin_netutils.html /usr/share/doc/selinux-policy/html/admin_su.html /usr/share/doc/selinux-policy/html/admin_sudo.html /usr/share/doc/selinux-policy/html/admin_usermanage.html /usr/share/doc/selinux-policy/html/apps.html /usr/share/doc/selinux-policy/html/apps_seunshare.html /usr/share/doc/selinux-policy/html/booleans.html /usr/share/doc/selinux-policy/html/contrib.html /usr/share/doc/selinux-policy/html/contrib_abrt.html /usr/share/doc/selinux-policy/html/contrib_accountsd.html /usr/share/doc/selinux-policy/html/contrib_acct.html /usr/share/doc/selinux-policy/html/contrib_afs.html /usr/share/doc/selinux-policy/html/contrib_afterburn.html /usr/share/doc/selinux-policy/html/contrib_aiccu.html /usr/share/doc/selinux-policy/html/contrib_aide.html /usr/share/doc/selinux-policy/html/contrib_aisexec.html /usr/share/doc/selinux-policy/html/contrib_ajaxterm.html /usr/share/doc/selinux-policy/html/contrib_alsa.html /usr/share/doc/selinux-policy/html/contrib_amanda.html /usr/share/doc/selinux-policy/html/contrib_amavis.html /usr/share/doc/selinux-policy/html/contrib_amtu.html /usr/share/doc/selinux-policy/html/contrib_anaconda.html /usr/share/doc/selinux-policy/html/contrib_antivirus.html /usr/share/doc/selinux-policy/html/contrib_apache.html /usr/share/doc/selinux-policy/html/contrib_apcupsd.html /usr/share/doc/selinux-policy/html/contrib_apm.html /usr/share/doc/selinux-policy/html/contrib_apt.html /usr/share/doc/selinux-policy/html/contrib_arpwatch.html /usr/share/doc/selinux-policy/html/contrib_asterisk.html /usr/share/doc/selinux-policy/html/contrib_authconfig.html /usr/share/doc/selinux-policy/html/contrib_automount.html /usr/share/doc/selinux-policy/html/contrib_avahi.html /usr/share/doc/selinux-policy/html/contrib_awstats.html /usr/share/doc/selinux-policy/html/contrib_backup.html /usr/share/doc/selinux-policy/html/contrib_bacula.html /usr/share/doc/selinux-policy/html/contrib_bcfg2.html /usr/share/doc/selinux-policy/html/contrib_bind.html /usr/share/doc/selinux-policy/html/contrib_bird.html /usr/share/doc/selinux-policy/html/contrib_bitlbee.html /usr/share/doc/selinux-policy/html/contrib_blkmapd.html /usr/share/doc/selinux-policy/html/contrib_blueman.html /usr/share/doc/selinux-policy/html/contrib_bluetooth.html /usr/share/doc/selinux-policy/html/contrib_boinc.html /usr/share/doc/selinux-policy/html/contrib_boltd.html /usr/share/doc/selinux-policy/html/contrib_boothd.html /usr/share/doc/selinux-policy/html/contrib_bootupd.html /usr/share/doc/selinux-policy/html/contrib_brctl.html /usr/share/doc/selinux-policy/html/contrib_brltty.html /usr/share/doc/selinux-policy/html/contrib_bugzilla.html /usr/share/doc/selinux-policy/html/contrib_bumblebee.html /usr/share/doc/selinux-policy/html/contrib_cachefilesd.html /usr/share/doc/selinux-policy/html/contrib_calamaris.html /usr/share/doc/selinux-policy/html/contrib_callweaver.html /usr/share/doc/selinux-policy/html/contrib_canna.html /usr/share/doc/selinux-policy/html/contrib_ccs.html /usr/share/doc/selinux-policy/html/contrib_cdrecord.html /usr/share/doc/selinux-policy/html/contrib_certmaster.html /usr/share/doc/selinux-policy/html/contrib_certmonger.html /usr/share/doc/selinux-policy/html/contrib_certwatch.html /usr/share/doc/selinux-policy/html/contrib_cfengine.html /usr/share/doc/selinux-policy/html/contrib_cgroup.html /usr/share/doc/selinux-policy/html/contrib_chrome.html /usr/share/doc/selinux-policy/html/contrib_chronyd.html /usr/share/doc/selinux-policy/html/contrib_cifsutils.html /usr/share/doc/selinux-policy/html/contrib_cinder.html /usr/share/doc/selinux-policy/html/contrib_cipe.html /usr/share/doc/selinux-policy/html/contrib_clamav.html /usr/share/doc/selinux-policy/html/contrib_clockspeed.html /usr/share/doc/selinux-policy/html/contrib_clogd.html /usr/share/doc/selinux-policy/html/contrib_cloudform.html /usr/share/doc/selinux-policy/html/contrib_cmirrord.html /usr/share/doc/selinux-policy/html/contrib_cobbler.html /usr/share/doc/selinux-policy/html/contrib_collectd.html /usr/share/doc/selinux-policy/html/contrib_colord.html /usr/share/doc/selinux-policy/html/contrib_comsat.html /usr/share/doc/selinux-policy/html/contrib_condor.html /usr/share/doc/selinux-policy/html/contrib_conman.html /usr/share/doc/selinux-policy/html/contrib_conntrackd.html /usr/share/doc/selinux-policy/html/contrib_consolekit.html /usr/share/doc/selinux-policy/html/contrib_coreos_installer.html /usr/share/doc/selinux-policy/html/contrib_corosync.html /usr/share/doc/selinux-policy/html/contrib_couchdb.html /usr/share/doc/selinux-policy/html/contrib_courier.html /usr/share/doc/selinux-policy/html/contrib_cpucontrol.html /usr/share/doc/selinux-policy/html/contrib_cpufreqselector.html /usr/share/doc/selinux-policy/html/contrib_cpuplug.html /usr/share/doc/selinux-policy/html/contrib_cron.html /usr/share/doc/selinux-policy/html/contrib_ctdb.html /usr/share/doc/selinux-policy/html/contrib_cups.html /usr/share/doc/selinux-policy/html/contrib_cvs.html /usr/share/doc/selinux-policy/html/contrib_cyphesis.html /usr/share/doc/selinux-policy/html/contrib_cyrus.html /usr/share/doc/selinux-policy/html/contrib_daemontools.html /usr/share/doc/selinux-policy/html/contrib_dante.html /usr/share/doc/selinux-policy/html/contrib_dbadm.html /usr/share/doc/selinux-policy/html/contrib_dbskk.html /usr/share/doc/selinux-policy/html/contrib_dbus.html /usr/share/doc/selinux-policy/html/contrib_dcc.html /usr/share/doc/selinux-policy/html/contrib_ddclient.html /usr/share/doc/selinux-policy/html/contrib_ddcprobe.html /usr/share/doc/selinux-policy/html/contrib_denyhosts.html /usr/share/doc/selinux-policy/html/contrib_devicekit.html /usr/share/doc/selinux-policy/html/contrib_dhcp.html /usr/share/doc/selinux-policy/html/contrib_dictd.html /usr/share/doc/selinux-policy/html/contrib_dirmngr.html /usr/share/doc/selinux-policy/html/contrib_dirsrv-admin.html /usr/share/doc/selinux-policy/html/contrib_dirsrv.html /usr/share/doc/selinux-policy/html/contrib_distcc.html /usr/share/doc/selinux-policy/html/contrib_djbdns.html /usr/share/doc/selinux-policy/html/contrib_dkim.html /usr/share/doc/selinux-policy/html/contrib_dmidecode.html /usr/share/doc/selinux-policy/html/contrib_dnsmasq.html /usr/share/doc/selinux-policy/html/contrib_dnssec.html /usr/share/doc/selinux-policy/html/contrib_dovecot.html /usr/share/doc/selinux-policy/html/contrib_dpkg.html /usr/share/doc/selinux-policy/html/contrib_drbd.html /usr/share/doc/selinux-policy/html/contrib_dspam.html /usr/share/doc/selinux-policy/html/contrib_entropyd.html /usr/share/doc/selinux-policy/html/contrib_evolution.html /usr/share/doc/selinux-policy/html/contrib_exim.html /usr/share/doc/selinux-policy/html/contrib_fail2ban.html /usr/share/doc/selinux-policy/html/contrib_fcoe.html /usr/share/doc/selinux-policy/html/contrib_fdo.html /usr/share/doc/selinux-policy/html/contrib_fedoratp.html /usr/share/doc/selinux-policy/html/contrib_fetchmail.html /usr/share/doc/selinux-policy/html/contrib_finger.html /usr/share/doc/selinux-policy/html/contrib_firewalld.html /usr/share/doc/selinux-policy/html/contrib_firewallgui.html /usr/share/doc/selinux-policy/html/contrib_firstboot.html /usr/share/doc/selinux-policy/html/contrib_fprintd.html /usr/share/doc/selinux-policy/html/contrib_freeipmi.html /usr/share/doc/selinux-policy/html/contrib_freqset.html /usr/share/doc/selinux-policy/html/contrib_ftp.html /usr/share/doc/selinux-policy/html/contrib_fwupd.html /usr/share/doc/selinux-policy/html/contrib_games.html /usr/share/doc/selinux-policy/html/contrib_gatekeeper.html /usr/share/doc/selinux-policy/html/contrib_gdomap.html /usr/share/doc/selinux-policy/html/contrib_geoclue.html /usr/share/doc/selinux-policy/html/contrib_git.html /usr/share/doc/selinux-policy/html/contrib_gitosis.html /usr/share/doc/selinux-policy/html/contrib_glance.html /usr/share/doc/selinux-policy/html/contrib_glusterd.html /usr/share/doc/selinux-policy/html/contrib_gnome.html /usr/share/doc/selinux-policy/html/contrib_gnomeclock.html /usr/share/doc/selinux-policy/html/contrib_gpg.html /usr/share/doc/selinux-policy/html/contrib_gpm.html /usr/share/doc/selinux-policy/html/contrib_gpsd.html /usr/share/doc/selinux-policy/html/contrib_gssproxy.html /usr/share/doc/selinux-policy/html/contrib_hadoop.html /usr/share/doc/selinux-policy/html/contrib_hddtemp.html /usr/share/doc/selinux-policy/html/contrib_hostapd.html /usr/share/doc/selinux-policy/html/contrib_howl.html /usr/share/doc/selinux-policy/html/contrib_hsqldb.html /usr/share/doc/selinux-policy/html/contrib_hwloc.html /usr/share/doc/selinux-policy/html/contrib_hypervkvp.html /usr/share/doc/selinux-policy/html/contrib_i18n_input.html /usr/share/doc/selinux-policy/html/contrib_ibacm.html /usr/share/doc/selinux-policy/html/contrib_ica.html /usr/share/doc/selinux-policy/html/contrib_icecast.html /usr/share/doc/selinux-policy/html/contrib_ifplugd.html /usr/share/doc/selinux-policy/html/contrib_imaze.html /usr/share/doc/selinux-policy/html/contrib_inetd.html /usr/share/doc/selinux-policy/html/contrib_inn.html /usr/share/doc/selinux-policy/html/contrib_insights_client.html /usr/share/doc/selinux-policy/html/contrib_iodine.html /usr/share/doc/selinux-policy/html/contrib_iotop.html /usr/share/doc/selinux-policy/html/contrib_ipmievd.html /usr/share/doc/selinux-policy/html/contrib_irc.html /usr/share/doc/selinux-policy/html/contrib_ircd.html /usr/share/doc/selinux-policy/html/contrib_irqbalance.html /usr/share/doc/selinux-policy/html/contrib_iscsi.html /usr/share/doc/selinux-policy/html/contrib_isns.html /usr/share/doc/selinux-policy/html/contrib_jabber.html /usr/share/doc/selinux-policy/html/contrib_java.html /usr/share/doc/selinux-policy/html/contrib_jetty.html /usr/share/doc/selinux-policy/html/contrib_jockey.html /usr/share/doc/selinux-policy/html/contrib_journalctl.html /usr/share/doc/selinux-policy/html/contrib_kafs.html /usr/share/doc/selinux-policy/html/contrib_kdump.html /usr/share/doc/selinux-policy/html/contrib_kdumpgui.html /usr/share/doc/selinux-policy/html/contrib_keepalived.html /usr/share/doc/selinux-policy/html/contrib_kerberos.html /usr/share/doc/selinux-policy/html/contrib_kerneloops.html /usr/share/doc/selinux-policy/html/contrib_keyboardd.html /usr/share/doc/selinux-policy/html/contrib_keystone.html /usr/share/doc/selinux-policy/html/contrib_keyutils.html /usr/share/doc/selinux-policy/html/contrib_kismet.html /usr/share/doc/selinux-policy/html/contrib_kiwi.html /usr/share/doc/selinux-policy/html/contrib_kmscon.html /usr/share/doc/selinux-policy/html/contrib_kpatch.html /usr/share/doc/selinux-policy/html/contrib_ksmtuned.html /usr/share/doc/selinux-policy/html/contrib_ktalk.html /usr/share/doc/selinux-policy/html/contrib_l2tp.html /usr/share/doc/selinux-policy/html/contrib_ldap.html /usr/share/doc/selinux-policy/html/contrib_libalternatives.html /usr/share/doc/selinux-policy/html/contrib_lightsquid.html /usr/share/doc/selinux-policy/html/contrib_likewise.html /usr/share/doc/selinux-policy/html/contrib_linuxptp.html /usr/share/doc/selinux-policy/html/contrib_lircd.html /usr/share/doc/selinux-policy/html/contrib_livecd.html /usr/share/doc/selinux-policy/html/contrib_lldpad.html /usr/share/doc/selinux-policy/html/contrib_loadkeys.html /usr/share/doc/selinux-policy/html/contrib_lockdev.html /usr/share/doc/selinux-policy/html/contrib_logrotate.html /usr/share/doc/selinux-policy/html/contrib_logwatch.html /usr/share/doc/selinux-policy/html/contrib_lpd.html /usr/share/doc/selinux-policy/html/contrib_lsm.html /usr/share/doc/selinux-policy/html/contrib_lttng-tools.html /usr/share/doc/selinux-policy/html/contrib_mailman.html /usr/share/doc/selinux-policy/html/contrib_mailscanner.html /usr/share/doc/selinux-policy/html/contrib_man2html.html /usr/share/doc/selinux-policy/html/contrib_mandb.html /usr/share/doc/selinux-policy/html/contrib_mcelog.html /usr/share/doc/selinux-policy/html/contrib_mediawiki.html /usr/share/doc/selinux-policy/html/contrib_memcached.html /usr/share/doc/selinux-policy/html/contrib_milter.html /usr/share/doc/selinux-policy/html/contrib_minidlna.html /usr/share/doc/selinux-policy/html/contrib_minissdpd.html /usr/share/doc/selinux-policy/html/contrib_mip6d.html /usr/share/doc/selinux-policy/html/contrib_mirrormanager.html /usr/share/doc/selinux-policy/html/contrib_mock.html /usr/share/doc/selinux-policy/html/contrib_modemmanager.html /usr/share/doc/selinux-policy/html/contrib_mojomojo.html /usr/share/doc/selinux-policy/html/contrib_mon_statd.html /usr/share/doc/selinux-policy/html/contrib_mongodb.html /usr/share/doc/selinux-policy/html/contrib_mono.html /usr/share/doc/selinux-policy/html/contrib_monop.html /usr/share/doc/selinux-policy/html/contrib_motion.html /usr/share/doc/selinux-policy/html/contrib_mozilla.html /usr/share/doc/selinux-policy/html/contrib_mpd.html /usr/share/doc/selinux-policy/html/contrib_mplayer.html /usr/share/doc/selinux-policy/html/contrib_mptcpd.html /usr/share/doc/selinux-policy/html/contrib_mrtg.html /usr/share/doc/selinux-policy/html/contrib_mta.html /usr/share/doc/selinux-policy/html/contrib_munin.html /usr/share/doc/selinux-policy/html/contrib_mysql.html /usr/share/doc/selinux-policy/html/contrib_mythtv.html /usr/share/doc/selinux-policy/html/contrib_naemon.html /usr/share/doc/selinux-policy/html/contrib_nagios.html /usr/share/doc/selinux-policy/html/contrib_namespace.html /usr/share/doc/selinux-policy/html/contrib_ncftool.html /usr/share/doc/selinux-policy/html/contrib_nessus.html /usr/share/doc/selinux-policy/html/contrib_networkmanager.html /usr/share/doc/selinux-policy/html/contrib_ninfod.html /usr/share/doc/selinux-policy/html/contrib_nis.html /usr/share/doc/selinux-policy/html/contrib_nova.html /usr/share/doc/selinux-policy/html/contrib_nscd.html /usr/share/doc/selinux-policy/html/contrib_nsd.html /usr/share/doc/selinux-policy/html/contrib_nslcd.html /usr/share/doc/selinux-policy/html/contrib_ntop.html /usr/share/doc/selinux-policy/html/contrib_ntp.html /usr/share/doc/selinux-policy/html/contrib_numad.html /usr/share/doc/selinux-policy/html/contrib_nut.html /usr/share/doc/selinux-policy/html/contrib_nvme_stas.html /usr/share/doc/selinux-policy/html/contrib_nx.html /usr/share/doc/selinux-policy/html/contrib_oav.html /usr/share/doc/selinux-policy/html/contrib_obex.html /usr/share/doc/selinux-policy/html/contrib_oddjob.html /usr/share/doc/selinux-policy/html/contrib_oident.html /usr/share/doc/selinux-policy/html/contrib_opafm.html /usr/share/doc/selinux-policy/html/contrib_openca.html /usr/share/doc/selinux-policy/html/contrib_openct.html /usr/share/doc/selinux-policy/html/contrib_opendnssec.html /usr/share/doc/selinux-policy/html/contrib_openfortivpn.html /usr/share/doc/selinux-policy/html/contrib_openhpid.html /usr/share/doc/selinux-policy/html/contrib_openshift-origin.html /usr/share/doc/selinux-policy/html/contrib_openshift.html /usr/share/doc/selinux-policy/html/contrib_opensm.html /usr/share/doc/selinux-policy/html/contrib_openvpn.html /usr/share/doc/selinux-policy/html/contrib_openvswitch.html /usr/share/doc/selinux-policy/html/contrib_openwsman.html /usr/share/doc/selinux-policy/html/contrib_oracleasm.html /usr/share/doc/selinux-policy/html/contrib_osad.html /usr/share/doc/selinux-policy/html/contrib_pacemaker.html /usr/share/doc/selinux-policy/html/contrib_packagekit.html /usr/share/doc/selinux-policy/html/contrib_pads.html /usr/share/doc/selinux-policy/html/contrib_passenger.html /usr/share/doc/selinux-policy/html/contrib_pcmcia.html /usr/share/doc/selinux-policy/html/contrib_pcp.html /usr/share/doc/selinux-policy/html/contrib_pcscd.html /usr/share/doc/selinux-policy/html/contrib_pdns.html /usr/share/doc/selinux-policy/html/contrib_pegasus.html /usr/share/doc/selinux-policy/html/contrib_perdition.html /usr/share/doc/selinux-policy/html/contrib_pesign.html /usr/share/doc/selinux-policy/html/contrib_pingd.html /usr/share/doc/selinux-policy/html/contrib_piranha.html /usr/share/doc/selinux-policy/html/contrib_pkcs.html /usr/share/doc/selinux-policy/html/contrib_pkcs11proxyd.html /usr/share/doc/selinux-policy/html/contrib_pki.html /usr/share/doc/selinux-policy/html/contrib_plymouthd.html /usr/share/doc/selinux-policy/html/contrib_podsleuth.html /usr/share/doc/selinux-policy/html/contrib_policykit.html /usr/share/doc/selinux-policy/html/contrib_polipo.html /usr/share/doc/selinux-policy/html/contrib_portage.html /usr/share/doc/selinux-policy/html/contrib_portmap.html /usr/share/doc/selinux-policy/html/contrib_portreserve.html /usr/share/doc/selinux-policy/html/contrib_portslave.html /usr/share/doc/selinux-policy/html/contrib_postfix.html /usr/share/doc/selinux-policy/html/contrib_postfixpolicyd.html /usr/share/doc/selinux-policy/html/contrib_postgrey.html /usr/share/doc/selinux-policy/html/contrib_ppp.html /usr/share/doc/selinux-policy/html/contrib_prelink.html /usr/share/doc/selinux-policy/html/contrib_prelude.html /usr/share/doc/selinux-policy/html/contrib_privoxy.html /usr/share/doc/selinux-policy/html/contrib_procmail.html /usr/share/doc/selinux-policy/html/contrib_prosody.html /usr/share/doc/selinux-policy/html/contrib_psad.html /usr/share/doc/selinux-policy/html/contrib_ptchown.html /usr/share/doc/selinux-policy/html/contrib_publicfile.html /usr/share/doc/selinux-policy/html/contrib_pulseaudio.html /usr/share/doc/selinux-policy/html/contrib_puppet.html /usr/share/doc/selinux-policy/html/contrib_pwauth.html /usr/share/doc/selinux-policy/html/contrib_pxe.html /usr/share/doc/selinux-policy/html/contrib_pyzor.html /usr/share/doc/selinux-policy/html/contrib_qatlib.html /usr/share/doc/selinux-policy/html/contrib_qemu.html /usr/share/doc/selinux-policy/html/contrib_qmail.html /usr/share/doc/selinux-policy/html/contrib_qpid.html /usr/share/doc/selinux-policy/html/contrib_quantum.html /usr/share/doc/selinux-policy/html/contrib_quota.html /usr/share/doc/selinux-policy/html/contrib_rabbitmq.html /usr/share/doc/selinux-policy/html/contrib_radius.html /usr/share/doc/selinux-policy/html/contrib_radvd.html /usr/share/doc/selinux-policy/html/contrib_raid.html /usr/share/doc/selinux-policy/html/contrib_rasdaemon.html /usr/share/doc/selinux-policy/html/contrib_razor.html /usr/share/doc/selinux-policy/html/contrib_rdisc.html /usr/share/doc/selinux-policy/html/contrib_readahead.html /usr/share/doc/selinux-policy/html/contrib_realmd.html /usr/share/doc/selinux-policy/html/contrib_rebootmgr.html /usr/share/doc/selinux-policy/html/contrib_redis.html /usr/share/doc/selinux-policy/html/contrib_remotelogin.html /usr/share/doc/selinux-policy/html/contrib_resmgr.html /usr/share/doc/selinux-policy/html/contrib_rgmanager.html /usr/share/doc/selinux-policy/html/contrib_rhcd.html /usr/share/doc/selinux-policy/html/contrib_rhcs.html /usr/share/doc/selinux-policy/html/contrib_rhev.html /usr/share/doc/selinux-policy/html/contrib_rhgb.html /usr/share/doc/selinux-policy/html/contrib_rhnsd.html /usr/share/doc/selinux-policy/html/contrib_rhsmcertd.html /usr/share/doc/selinux-policy/html/contrib_ricci.html /usr/share/doc/selinux-policy/html/contrib_rkhunter.html /usr/share/doc/selinux-policy/html/contrib_rkt.html /usr/share/doc/selinux-policy/html/contrib_rlogin.html /usr/share/doc/selinux-policy/html/contrib_rngd.html /usr/share/doc/selinux-policy/html/contrib_rolekit.html /usr/share/doc/selinux-policy/html/contrib_roundup.html /usr/share/doc/selinux-policy/html/contrib_rpc.html /usr/share/doc/selinux-policy/html/contrib_rpcbind.html /usr/share/doc/selinux-policy/html/contrib_rpm.html /usr/share/doc/selinux-policy/html/contrib_rrdcached.html /usr/share/doc/selinux-policy/html/contrib_rshd.html /usr/share/doc/selinux-policy/html/contrib_rshim.html /usr/share/doc/selinux-policy/html/contrib_rssh.html /usr/share/doc/selinux-policy/html/contrib_rsync.html /usr/share/doc/selinux-policy/html/contrib_rtas.html /usr/share/doc/selinux-policy/html/contrib_rtkit.html /usr/share/doc/selinux-policy/html/contrib_rtorrent.html /usr/share/doc/selinux-policy/html/contrib_rwho.html /usr/share/doc/selinux-policy/html/contrib_samba.html /usr/share/doc/selinux-policy/html/contrib_sambagui.html /usr/share/doc/selinux-policy/html/contrib_samhain.html /usr/share/doc/selinux-policy/html/contrib_sandbox.html /usr/share/doc/selinux-policy/html/contrib_sandboxX.html /usr/share/doc/selinux-policy/html/contrib_sanlock.html /usr/share/doc/selinux-policy/html/contrib_sasl.html /usr/share/doc/selinux-policy/html/contrib_sbd.html /usr/share/doc/selinux-policy/html/contrib_sblim.html /usr/share/doc/selinux-policy/html/contrib_screen.html /usr/share/doc/selinux-policy/html/contrib_sectoolm.html /usr/share/doc/selinux-policy/html/contrib_sendmail.html /usr/share/doc/selinux-policy/html/contrib_sensord.html /usr/share/doc/selinux-policy/html/contrib_setroubleshoot.html /usr/share/doc/selinux-policy/html/contrib_sge.html /usr/share/doc/selinux-policy/html/contrib_shorewall.html /usr/share/doc/selinux-policy/html/contrib_shutdown.html /usr/share/doc/selinux-policy/html/contrib_slocate.html /usr/share/doc/selinux-policy/html/contrib_slpd.html /usr/share/doc/selinux-policy/html/contrib_slrnpull.html /usr/share/doc/selinux-policy/html/contrib_smartmon.html /usr/share/doc/selinux-policy/html/contrib_smokeping.html /usr/share/doc/selinux-policy/html/contrib_smoltclient.html /usr/share/doc/selinux-policy/html/contrib_smsd.html /usr/share/doc/selinux-policy/html/contrib_smstools.html /usr/share/doc/selinux-policy/html/contrib_snapper.html /usr/share/doc/selinux-policy/html/contrib_snmp.html /usr/share/doc/selinux-policy/html/contrib_snort.html /usr/share/doc/selinux-policy/html/contrib_sosreport.html /usr/share/doc/selinux-policy/html/contrib_soundserver.html /usr/share/doc/selinux-policy/html/contrib_spamassassin.html /usr/share/doc/selinux-policy/html/contrib_speech-dispatcher.html /usr/share/doc/selinux-policy/html/contrib_squid.html /usr/share/doc/selinux-policy/html/contrib_sslh.html /usr/share/doc/selinux-policy/html/contrib_sssd.html /usr/share/doc/selinux-policy/html/contrib_stalld.html /usr/share/doc/selinux-policy/html/contrib_stapserver.html /usr/share/doc/selinux-policy/html/contrib_stratisd.html /usr/share/doc/selinux-policy/html/contrib_stunnel.html /usr/share/doc/selinux-policy/html/contrib_svnserve.html /usr/share/doc/selinux-policy/html/contrib_swift.html /usr/share/doc/selinux-policy/html/contrib_sxid.html /usr/share/doc/selinux-policy/html/contrib_sysstat.html /usr/share/doc/selinux-policy/html/contrib_tangd.html /usr/share/doc/selinux-policy/html/contrib_targetd.html /usr/share/doc/selinux-policy/html/contrib_tcpd.html /usr/share/doc/selinux-policy/html/contrib_tcsd.html /usr/share/doc/selinux-policy/html/contrib_telepathy.html /usr/share/doc/selinux-policy/html/contrib_telnet.html /usr/share/doc/selinux-policy/html/contrib_tftp.html /usr/share/doc/selinux-policy/html/contrib_tgtd.html /usr/share/doc/selinux-policy/html/contrib_thin.html /usr/share/doc/selinux-policy/html/contrib_thumb.html /usr/share/doc/selinux-policy/html/contrib_thunderbird.html /usr/share/doc/selinux-policy/html/contrib_timedatex.html /usr/share/doc/selinux-policy/html/contrib_timidity.html /usr/share/doc/selinux-policy/html/contrib_tlp.html /usr/share/doc/selinux-policy/html/contrib_tmpreaper.html /usr/share/doc/selinux-policy/html/contrib_tomcat.html /usr/share/doc/selinux-policy/html/contrib_tor.html /usr/share/doc/selinux-policy/html/contrib_transproxy.html /usr/share/doc/selinux-policy/html/contrib_tripwire.html /usr/share/doc/selinux-policy/html/contrib_tuned.html /usr/share/doc/selinux-policy/html/contrib_tvtime.html /usr/share/doc/selinux-policy/html/contrib_tzdata.html /usr/share/doc/selinux-policy/html/contrib_ucspitcp.html /usr/share/doc/selinux-policy/html/contrib_ulogd.html /usr/share/doc/selinux-policy/html/contrib_uml.html /usr/share/doc/selinux-policy/html/contrib_updfstab.html /usr/share/doc/selinux-policy/html/contrib_uptime.html /usr/share/doc/selinux-policy/html/contrib_usbmodules.html /usr/share/doc/selinux-policy/html/contrib_usbmuxd.html /usr/share/doc/selinux-policy/html/contrib_userhelper.html /usr/share/doc/selinux-policy/html/contrib_usernetctl.html /usr/share/doc/selinux-policy/html/contrib_uucp.html /usr/share/doc/selinux-policy/html/contrib_uuidd.html /usr/share/doc/selinux-policy/html/contrib_uwimap.html /usr/share/doc/selinux-policy/html/contrib_varnishd.html /usr/share/doc/selinux-policy/html/contrib_vbetool.html /usr/share/doc/selinux-policy/html/contrib_vdagent.html /usr/share/doc/selinux-policy/html/contrib_vhostmd.html /usr/share/doc/selinux-policy/html/contrib_virt.html /usr/share/doc/selinux-policy/html/contrib_virt_supplementary.html /usr/share/doc/selinux-policy/html/contrib_vlock.html /usr/share/doc/selinux-policy/html/contrib_vmtools.html /usr/share/doc/selinux-policy/html/contrib_vmware.html /usr/share/doc/selinux-policy/html/contrib_vnstatd.html /usr/share/doc/selinux-policy/html/contrib_vpn.html /usr/share/doc/selinux-policy/html/contrib_w3c.html /usr/share/doc/selinux-policy/html/contrib_watchdog.html /usr/share/doc/selinux-policy/html/contrib_wdmd.html /usr/share/doc/selinux-policy/html/contrib_webadm.html /usr/share/doc/selinux-policy/html/contrib_webalizer.html /usr/share/doc/selinux-policy/html/contrib_wicked.html /usr/share/doc/selinux-policy/html/contrib_wine.html /usr/share/doc/selinux-policy/html/contrib_wireguard.html /usr/share/doc/selinux-policy/html/contrib_wireshark.html /usr/share/doc/selinux-policy/html/contrib_wm.html /usr/share/doc/selinux-policy/html/contrib_xen.html /usr/share/doc/selinux-policy/html/contrib_xfs.html /usr/share/doc/selinux-policy/html/contrib_xscreensaver.html /usr/share/doc/selinux-policy/html/contrib_zabbix.html /usr/share/doc/selinux-policy/html/contrib_zarafa.html /usr/share/doc/selinux-policy/html/contrib_zebra.html /usr/share/doc/selinux-policy/html/contrib_zoneminder.html /usr/share/doc/selinux-policy/html/contrib_zosremote.html /usr/share/doc/selinux-policy/html/global_booleans.html /usr/share/doc/selinux-policy/html/global_tunables.html /usr/share/doc/selinux-policy/html/index.html /usr/share/doc/selinux-policy/html/interfaces.html /usr/share/doc/selinux-policy/html/kernel.html /usr/share/doc/selinux-policy/html/kernel_corecommands.html /usr/share/doc/selinux-policy/html/kernel_corenetwork.html /usr/share/doc/selinux-policy/html/kernel_devices.html /usr/share/doc/selinux-policy/html/kernel_domain.html /usr/share/doc/selinux-policy/html/kernel_files.html /usr/share/doc/selinux-policy/html/kernel_filesystem.html /usr/share/doc/selinux-policy/html/kernel_kernel.html /usr/share/doc/selinux-policy/html/kernel_mcs.html /usr/share/doc/selinux-policy/html/kernel_mls.html /usr/share/doc/selinux-policy/html/kernel_selinux.html /usr/share/doc/selinux-policy/html/kernel_storage.html /usr/share/doc/selinux-policy/html/kernel_terminal.html /usr/share/doc/selinux-policy/html/kernel_ubac.html /usr/share/doc/selinux-policy/html/kernel_unlabelednet.html /usr/share/doc/selinux-policy/html/roles.html /usr/share/doc/selinux-policy/html/roles_auditadm.html /usr/share/doc/selinux-policy/html/roles_guest.html /usr/share/doc/selinux-policy/html/roles_logadm.html /usr/share/doc/selinux-policy/html/roles_secadm.html /usr/share/doc/selinux-policy/html/roles_staff.html /usr/share/doc/selinux-policy/html/roles_sysadm.html /usr/share/doc/selinux-policy/html/roles_sysadm_secadm.html /usr/share/doc/selinux-policy/html/roles_unconfineduser.html /usr/share/doc/selinux-policy/html/roles_unprivuser.html /usr/share/doc/selinux-policy/html/roles_xguest.html /usr/share/doc/selinux-policy/html/services.html /usr/share/doc/selinux-policy/html/services_container.html /usr/share/doc/selinux-policy/html/services_postgresql.html /usr/share/doc/selinux-policy/html/services_ssh.html /usr/share/doc/selinux-policy/html/services_xserver.html /usr/share/doc/selinux-policy/html/style.css /usr/share/doc/selinux-policy/html/system.html /usr/share/doc/selinux-policy/html/system_application.html /usr/share/doc/selinux-policy/html/system_authlogin.html /usr/share/doc/selinux-policy/html/system_clock.html /usr/share/doc/selinux-policy/html/system_fstools.html /usr/share/doc/selinux-policy/html/system_getty.html /usr/share/doc/selinux-policy/html/system_hostname.html /usr/share/doc/selinux-policy/html/system_init.html /usr/share/doc/selinux-policy/html/system_ipsec.html /usr/share/doc/selinux-policy/html/system_iptables.html /usr/share/doc/selinux-policy/html/system_libraries.html /usr/share/doc/selinux-policy/html/system_locallogin.html /usr/share/doc/selinux-policy/html/system_logging.html /usr/share/doc/selinux-policy/html/system_lvm.html /usr/share/doc/selinux-policy/html/system_miscfiles.html /usr/share/doc/selinux-policy/html/system_modutils.html /usr/share/doc/selinux-policy/html/system_mount.html /usr/share/doc/selinux-policy/html/system_netlabel.html /usr/share/doc/selinux-policy/html/system_selinuxutil.html /usr/share/doc/selinux-policy/html/system_setrans.html /usr/share/doc/selinux-policy/html/system_sysnetwork.html /usr/share/doc/selinux-policy/html/system_systemd.html /usr/share/doc/selinux-policy/html/system_udev.html /usr/share/doc/selinux-policy/html/system_unconfined.html /usr/share/doc/selinux-policy/html/system_userdomain.html /usr/share/doc/selinux-policy/html/templates.html /usr/share/doc/selinux-policy/html/tunables.html /usr/share/selinux/devel/policy.dtd /usr/share/selinux/devel/policy.xml
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jun 9 12:20:07 2024