[ol9_baseos_latest] selinux-policy-doc-38.1.65-1.0.1.el9.noarch

SELinux policy documentation package.
This package contains manual pages and documentation of the policy modules.

Changelog (Show File list) (Show related packages)

• Wed Sep 24 2025 Kevin Lyons <kevin.x.lyons@oracle.com> - 38.1.65-1.0.1

  - Fixed avc for agetty checkpoint restore denied [Orabug: 36893425]
  - Change reference in /etc/selinux/config to point to Oracle doc [Orabug: 36899915]
  - Allow user_mail_domain to manage exim_log_t and exim_spool_t link files [Orabug: 36617121]
  - Allow exim read network sysctls [Orabug: 36606051]
  - Allow exim_t to read exim_log_t and manage exim_spool_t link files [Orabug: 36430005]
  - Allow cgred_t to get attributes of cgroup filesystems [Orabug: 36176655]
  - Allow kdumpctl_t to execmem [Orabug: 35381156]
  - Allow NetworkManager_dispatcher_dhclient_t to execute shells without a domain transition [Orabug: 35091334]
  - Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files [Orabug: 35122619]
  - Label /var/log/kdump.log with kdump_log_t [Orabug: 33810371]
  - Allow rpm_t sys_admin capability [Orabug: 34250651]
  - Make systemd_tmpfiles_t MLS trusted for lowering the level of files [Orabug: 33841245]
  - Allow nfsd_t to list exports_t dirs [Orabug: 33844301]
  - Allow fsadm_t to get attributes of cgroup filesystems [Orabug: 33841268]
  - Make import-state work with mls policy [Orabug: 32636699]
  - Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
  - Add comment for map on lvm_metadata_t. [Orabug: 31405325]
  - Make iscsiadm work with mls policy [Orabug: 32725411]
  - Make cloud-init work with mls policy [Orabug: 32430460]
  - Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
  - Make smartd work with mls policy [Orabug: 32430379]
  - Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
  - Make udev work with mls policy [Orabug: 31405299]
  - Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
  - Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
  - Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
  - Allow udev_t to load modules [Orabug: 28260775]
  - Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
  - Fix container selinux policy [Orabug: 26427364]
  - Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]

• Thu Aug 21 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.65-1

  - Revert "Add policy for insights-core"
  Resolves: RHEL-110650
  - Revert "Add insights_core interfaces"
  Resolves: RHEL-110650

• Tue Aug 12 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.64-1

  - Add insights_core and insights_client interfaces
  Related: RHEL-59145
  - Label /usr/libexec/postfix/tlsproxy with postfix_smtp_exec_t
  Resolves: RHEL-77101
  - Remove "minimum" as a SELINUXTYPE from /etc/selinux/config
  Resolves: RHEL-101140

• Wed Jul 30 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.63-1

  - Allow samba-dcerpcd send sigkills to passwd
  Resolves: RHEL-100032
  - Allow power-profiles-daemon watch sysfs directories
  Resolves: RHEL-100718
  - Allow power-profiles-daemon write sysfs files
  Resolves: RHEL-100718
  - Allow hostapd write to socket files in /tmp
  Resolves: RHEL-59683
  - Allow irqbalance search sssd lib directories
  Resolves: RHEL-1556
  - Add insights_client_delete_lib_dirs() interface
  Related: RHEL-59145

• Fri Jul 18 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.62-1

  - Allow "hostapd_cli ping" run as a systemd service
  Resolves: RHEL-59683
  - Allow systemd-timedated start/stop timemaster services
  Resolves: RHEL-95690
  - Allow lldpd connect to systemd-machined over a unix socket
  Resolves: RHEL-96167
  - Allow power-profiles-daemon get attributes of filesystems with extended attributes
  Resolves: RHEL-100718
  - Allow tuned-ppd watch_reads sysfs directories
  Resolves: RHEL-101687
  - Allow tuned-ppd watch sysfs directories
  Resolves: RHEL-101687

• Mon Jul 14 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.61-1

  - Fix incorrect /run and /usr/bin file context entries
  Resolves: SELINUX-4392
  - Dontaudit irqbalance read sssd public files
  Resolves: RHEL-1556
  - Update sssd_dontaudit_read_public_files()
  Resolves: RHEL-1556
  - Allow insights-client file transition for files in /var/tmp
  Resolves: SELINUX-4392
  - Add the virt_exec_virsh() interface
  Resolves: SELINUX-4392
  - Add the ssh_exec_sshd() interface
  Resolves: SELINUX-4392
  - Add rhsmcertd interfaces
  Resolves: SELINUX-4392
  - Add the bind_exec_named_checkconf() interface
  Resolves: SELINUX-4392
  - Add the auth_write_motd_var_run_files() interface
  Resolves: SELINUX-4392
  - Add the gpg_domtrans_agent() interface
  Resolves: SELINUX-4392
  - Add the gpg_read_user_secrets() interface
  Resolves: SELINUX-4392
  - Add policy for insights-core
  Resolves: SELINUX-4392

• Thu Jul 03 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.60-1

  - Allow irqbalance execute shell if irqbalance_run_unconfined is on
  Resolves: RHEL-1556
  - Update irqbalance policy for using unconfined scripts
  Resolves: RHEL-1556

• Tue Jul 01 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.59-1

  - virt: allow QEMU use of the qgs daemon for attestation
  Resolves: RHEL-87744
  - qgs: add contrib module for TDX "qgs" daemon
  Resolves: RHEL-87744
  - kernel: add interfaces for using SGX enclaves
  Resolves: RHEL-87744
  - Allow coreos-installer search sssd library directory
  Resolves: RHEL-95689
  - Label /dev/diag as diagnostic_device_t
  Resolves: RHEL-95342
  - Allow irqbalance execute shell if irqbalance_run_unconfined is on
  Resolves: RHEL-1556

• Mon Jun 09 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.58-1

  - Allow mptcpd the net_admin capability
  Resolves: RHEL-81729
  - Allow networkmanager send a general signal to iptables
  Resolves: RHEL-93741
  - Make bootupd use bootupd_tmp_t as its private type for files in /tmp
  Resolves: RHEL-94508
  - Update bootupd policy
  Resolves: RHEL-94508
  - Allow switcheroo-control dbus chat with xdm
  Resolves: RHEL-93335
  - Update the files_search_mnt() interface
  Resolves: RHEL-94184

• Thu May 29 2025 Zdenek Pytela <zpytela@redhat.com> - 38.1.57-1

  - Update policy for haproxyd
  Resolves: RHEL-88045
  - Allow NetworkManager manage NetworkManager_etc_rw_t symlinks
  Resolves: RHEL-86178
  - Allow lldpad connect to systemd-userdbd over a unix socket
  Resolves: RHEL-84046
  - Allow gconfd connect to system dbus
  Resolves: RHEL-77984
  - Allow login_pgm read filesystem sysctls
  Resolves: RHEL-77745
  - Allow login_userdomain create /run/tlog directory with user_tmp_t
  Resolves: RHEL-47241