Linux repositories inspector

selinux-policy - SELinux policy configuration

SELinux Reference Policy. A complete SELinux policy that can be used as the system policy for a variety of systems and used as the basis for creating other policies.
20140730
OpenSUSE iconOpenSUSE Leap 42.3
3.14.5
Fedora iconFedora rawhide
3.14.4
Fedora iconFedora rawhide
3.14.3
Fedora iconFedora 30
3.14.2
Fedora iconFedora 29
3.14.1
Fedora iconFedora 28
3.13.1
CentOS iconCentOS 7.6.1810
DistributionVersionSincePackageInstalledPackager
CentOS iconCentOS 7.6.1810 atomicrpm3.13.1-63.atomic.el7.7Jan 23376 kiB185 BCentOS BuildSystem
CentOS iconCentOS 7.6.1810 crrpm3.13.1-252.el7.1Sep 10492 kiB6.75 kiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 crrpm3.13.1-252.el7Aug 30491 kiB6.75 kiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 osrpm3.13.1-229.el7Jan 14482 kiB6.33 kiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.9Feb 01483 kiB6.33 kiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.6Jan 14483 kiB6.33 kiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.5Jan 14483 kiB6.33 kiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.15Jul 31484 kiB6.33 kiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.12Jun 17484 kiB6.33 kiBCentOS BuildSystem
Fedora iconFedora 28 releases/Everything-osrpm3.14.1-21.fc28Jan 14543 kiB23.9 kiBFedora Project
Fedora iconFedora 28 releases/Server-osrpm3.14.1-21.fc28Jan 14543 kiB23.9 kiBFedora Project
Fedora iconFedora 28 releases/Workstation-osrpm3.14.1-21.fc28Jan 14543 kiB23.9 kiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm3.14.2-40.fc29Jan 14117 kiB24.3 kiBFedora Project
Fedora iconFedora 29 releases/Server-osrpm3.14.2-40.fc29Jan 14117 kiB24.3 kiBFedora Project
Fedora iconFedora 29 releases/Workstation-osrpm3.14.2-40.fc29Jan 14117 kiB24.3 kiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm3.14.2-34.fc29Jan 14116 kiB23.9 kiBFedora Project
Fedora iconFedora 29 releases-test/Server-osrpm3.14.2-34.fc29Jan 14116 kiB23.9 kiBFedora Project
Fedora iconFedora 29 releases-test/Workstation-osrpm3.14.2-34.fc29Jan 14116 kiB23.9 kiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm3.14.3-29.fc30Jun 17123 kiB24.3 kiBFedora Project
Fedora iconFedora 30 releases/Server-osrpm3.14.3-29.fc30Jun 17123 kiB24.3 kiBFedora Project
Fedora iconFedora 30 releases/Workstation-osrpm3.14.3-29.fc30Jun 17123 kiB24.3 kiBFedora Project
Fedora iconFedora 30 releases-test/Server-osrpm3.14.3-23.fc30Jun 17119 kiB24.3 kiBFedora Project
Fedora iconFedora 30 releases-test/Workstation-osrpm3.14.3-23.fc30Jun 17119 kiB24.3 kiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm3.14.5-18.fc32Nov 29126 kiB24.6 kiBFedora Project
Fedora iconFedora rawhide development/Server-osrpm3.14.5-18.fc32Nov 29126 kiB24.6 kiBFedora Project
Fedora iconFedora rawhide development/Workstation-osrpm3.14.4-29.fc31Aug 08128 kiB24.3 kiBFedora Project
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-5.1Jan 2118.7 kiB18.2 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-2.1Jan 2118.5 kiB18.2 kiBhttp://bugs.opensuse.org

Latest updates

Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-17.fc32 to 3.14.5-18.fc32

Nov 29
  • Allow systemd to read all proc
  • Introduce new type pdns_var_lib_t
  • Allow zebra_t domain to read files labled as nsfs_t.
  • Allow systemd to setattr on all device_nodes
  • Allow systemd to mounton and list all proc types
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-17.fc32 to 3.14.5-18.fc32

Nov 29
  • Allow systemd to read all proc
  • Introduce new type pdns_var_lib_t
  • Allow zebra_t domain to read files labled as nsfs_t.
  • Allow systemd to setattr on all device_nodes
  • Allow systemd to mounton and list all proc types
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-16.fc32 to 3.14.5-17.fc32

Nov 28
  • Fix nonexisting types in rtas_errd_rw_lock interface
  • Allow snmpd_t domain to trace processes in user namespace
  • Allow timedatex_t domain to read relatime clock and adjtime_t files
  • Allow zebra_t domain to execute zebra binaries
  • Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t
  • Allow ksmtuned_t domain to trace processes in user namespace
  • Allow systemd to read symlinks in /var/lib
  • Update dev_mounton_all_device_nodes() interface
  • Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
  • Allow systemd_domain to map files in /usr.
  • Allow strongswan start using swanctl method BZ(1773381)
  • Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-16.fc32 to 3.14.5-17.fc32

Nov 28
  • Fix nonexisting types in rtas_errd_rw_lock interface
  • Allow snmpd_t domain to trace processes in user namespace
  • Allow timedatex_t domain to read relatime clock and adjtime_t files
  • Allow zebra_t domain to execute zebra binaries
  • Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t
  • Allow ksmtuned_t domain to trace processes in user namespace
  • Allow systemd to read symlinks in /var/lib
  • Update dev_mounton_all_device_nodes() interface
  • Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
  • Allow systemd_domain to map files in /usr.
  • Allow strongswan start using swanctl method BZ(1773381)
  • Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-15.fc32 to 3.14.5-16.fc32

Nov 26
  • Allow timedatex_t domain dbus chat with both confined and unconfined users
  • Allow timedatex_t domain dbus chat with unconfined users
  • Allow NetworkManager_t manage dhcpc_state_t BZ(1770698)
  • Make unconfined domains part of domain_named_attribute
  • Label tcp ports 24816,24817 as pulp_port_t
  • Remove duplicate entries for initrc_t in init.te
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-15.fc32 to 3.14.5-16.fc32

Nov 26
  • Allow timedatex_t domain dbus chat with both confined and unconfined users
  • Allow timedatex_t domain dbus chat with unconfined users
  • Allow NetworkManager_t manage dhcpc_state_t BZ(1770698)
  • Make unconfined domains part of domain_named_attribute
  • Label tcp ports 24816,24817 as pulp_port_t
  • Remove duplicate entries for initrc_t in init.te
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-12.fc32 to 3.14.5-15.fc32

Nov 16
  • Increase SELinux userspace version which should be required.
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-12.fc32 to 3.14.5-15.fc32

Nov 16
  • Increase SELinux userspace version which should be required.
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-11.fc32 to 3.14.5-12.fc32

Nov 05
  • Label /var/cache/nginx as httpd_cache_t
  • Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
  • Created dnsmasq_use_ipset boolean
  • Allow capability dac_override in logwatch_mail_t domain
  • Allow automount_t domain to execute ping in own SELinux domain (ping_t)
  • Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
  • Allow collectd_t domain to create netlink_generic_socket sockets
  • Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
  • Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
  • Label /etc/postfix/chroot-update as postfix_exec_t
  • Update tmpreaper_t policy due to fuser command
  • Allow kdump_t domain to create netlink_route and udp sockets
  • Allow stratisd to connect to dbus
  • Allow fail2ban_t domain to create netlink netfilter sockets.
  • Allow dovecot get filesystem quotas
  • Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
  • Allow systemd-tmpfiles processes to set rlimit information
  • Allow cephfs to use xattrs for storing contexts
  • Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-11.fc32 to 3.14.5-12.fc32

Nov 05
  • Label /var/cache/nginx as httpd_cache_t
  • Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
  • Created dnsmasq_use_ipset boolean
  • Allow capability dac_override in logwatch_mail_t domain
  • Allow automount_t domain to execute ping in own SELinux domain (ping_t)
  • Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
  • Allow collectd_t domain to create netlink_generic_socket sockets
  • Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
  • Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
  • Label /etc/postfix/chroot-update as postfix_exec_t
  • Update tmpreaper_t policy due to fuser command
  • Allow kdump_t domain to create netlink_route and udp sockets
  • Allow stratisd to connect to dbus
  • Allow fail2ban_t domain to create netlink netfilter sockets.
  • Allow dovecot get filesystem quotas
  • Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
  • Allow systemd-tmpfiles processes to set rlimit information
  • Allow cephfs to use xattrs for storing contexts
  • Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-10.fc32 to 3.14.5-11.fc32

Oct 27
  • Allow confined users to run newaliases
  • Add interface mysql_dontaudit_rw_db()
  • Label /var/lib/xfsdump/inventory as amanda_var_lib_t
  • Allow tmpreaper_t domain to read all domains state
  • Make httpd_var_lib_t label system mountdir attribute
  • Update cockpit policy
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Donaudit ifconfig_t domain to read/write mysqld_db_t files
  • Dontaudit domains read/write leaked pipes
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-10.fc32 to 3.14.5-11.fc32

Oct 27
  • Allow confined users to run newaliases
  • Add interface mysql_dontaudit_rw_db()
  • Label /var/lib/xfsdump/inventory as amanda_var_lib_t
  • Allow tmpreaper_t domain to read all domains state
  • Make httpd_var_lib_t label system mountdir attribute
  • Update cockpit policy
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Donaudit ifconfig_t domain to read/write mysqld_db_t files
  • Dontaudit domains read/write leaked pipes
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-9.fc32 to 3.14.5-10.fc32

Oct 23
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Allow Gluster mount client to mount files_type
  • Dontaudit and disallow sys_admin capability for keepalived_t domain
  • Update numad policy to allow signull, kill, nice and trace processes
  • Allow ipmievd_t to RW watchdog devices
  • Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
  • Allow user domains to manage user session services
  • Allow staff and user users to get status of user systemd session
  • Update sudo_role_template() to allow caller domain to read syslog pid files
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-9.fc32 to 3.14.5-10.fc32

Oct 23
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Allow Gluster mount client to mount files_type
  • Dontaudit and disallow sys_admin capability for keepalived_t domain
  • Update numad policy to allow signull, kill, nice and trace processes
  • Allow ipmievd_t to RW watchdog devices
  • Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
  • Allow user domains to manage user session services
  • Allow staff and user users to get status of user systemd session
  • Update sudo_role_template() to allow caller domain to read syslog pid files
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-8.fc32 to 3.14.5-9.fc32

Oct 12
  • Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-8.fc32 to 3.14.5-9.fc32

Oct 12
  • Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-6.fc32 to 3.14.5-8.fc32

Oct 10
  • Update apache and pkcs policies to make active opencryptoki rules
  • Allow ipa_ods_exporter_t domain to read krb5_keytab files BZ(1759884)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-6.fc32 to 3.14.5-8.fc32

Oct 10
  • Update apache and pkcs policies to make active opencryptoki rules
  • Allow ipa_ods_exporter_t domain to read krb5_keytab files BZ(1759884)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-5.fc32 to 3.14.5-6.fc32

Oct 05
  • Update aide_t domain to allow this tool to analyze also /dev filesystem
  • Allow bitlbee_t domain map files in /usr
  • Allow stratisd to getattr of fixed disk device nodes
  • Add net_broadcast capability to openvswitch_t domain BZ(1716044)
  • Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
  • Allow cobblerd_t domain search apache configuration dirs
  • Dontaudit NetworkManager_t domain to write to kdump temp pipies BZ(1750428)
  • Label /var/log/collectd.log as collectd_log_t
  • Allow boltd_t domain to manage sysfs files and dirs BZ(1754360)
  • Add fowner capability to the pcp_pmlogger_t domain BZ(1754767)
  • networkmanager: allow NetworkManager_t to create bluetooth_socket
  • Fix ipa_custodia_stream_connect interface
  • Add new interface udev_getattr_rules_chr_files()
  • Make dbus-broker service working on s390x arch
  • Add new interface dev_mounton_all_device_nodes()
  • Add new interface dev_create_all_files()
  • Allow systemd(init_t) to load kernel modules
  • Allow ldconfig_t domain to manage initrc_tmp_t objects
  • Add new interface init_write_initrc_tmp_pipes()
  • Add new interface init_manage_script_tmp_files()
  • Allow xdm_t setpcap capability in user namespace BZ(1756790)
  • Allow x_userdomain to mmap generic SSL certificates
  • Allow xdm_t domain to user netlink_route sockets BZ(1756791)
  • Update files_create_var_lib_dirs() interface to allow caller domain also set attributes of var_lib_t directory BZ(1754245)
  • Allow sudo userdomain to run rpm related commands
  • Add sys_admin capability for ipsec_t domain
  • Allow systemd_modules_load_t domain to read systemd pid files
  • Add new interface init_read_pid_files()
  • Allow systemd labeled as init_t domain to manage faillog_t objects
  • Add file context ipsec_var_run_t for /var/run/charon\.dck to ipsec.fc
  • Make ipa_custodia policy active
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-5.fc32 to 3.14.5-6.fc32

Oct 05
  • Update aide_t domain to allow this tool to analyze also /dev filesystem
  • Allow bitlbee_t domain map files in /usr
  • Allow stratisd to getattr of fixed disk device nodes
  • Add net_broadcast capability to openvswitch_t domain BZ(1716044)
  • Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
  • Allow cobblerd_t domain search apache configuration dirs
  • Dontaudit NetworkManager_t domain to write to kdump temp pipies BZ(1750428)
  • Label /var/log/collectd.log as collectd_log_t
  • Allow boltd_t domain to manage sysfs files and dirs BZ(1754360)
  • Add fowner capability to the pcp_pmlogger_t domain BZ(1754767)
  • networkmanager: allow NetworkManager_t to create bluetooth_socket
  • Fix ipa_custodia_stream_connect interface
  • Add new interface udev_getattr_rules_chr_files()
  • Make dbus-broker service working on s390x arch
  • Add new interface dev_mounton_all_device_nodes()
  • Add new interface dev_create_all_files()
  • Allow systemd(init_t) to load kernel modules
  • Allow ldconfig_t domain to manage initrc_tmp_t objects
  • Add new interface init_write_initrc_tmp_pipes()
  • Add new interface init_manage_script_tmp_files()
  • Allow xdm_t setpcap capability in user namespace BZ(1756790)
  • Allow x_userdomain to mmap generic SSL certificates
  • Allow xdm_t domain to user netlink_route sockets BZ(1756791)
  • Update files_create_var_lib_dirs() interface to allow caller domain also set attributes of var_lib_t directory BZ(1754245)
  • Allow sudo userdomain to run rpm related commands
  • Add sys_admin capability for ipsec_t domain
  • Allow systemd_modules_load_t domain to read systemd pid files
  • Add new interface init_read_pid_files()
  • Allow systemd labeled as init_t domain to manage faillog_t objects
  • Add file context ipsec_var_run_t for /var/run/charon\.dck to ipsec.fc
  • Make ipa_custodia policy active

Related packages

selinux - Security-Enhanced Linux runtime support
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building modules
selinux-policy-devel - SELinux policy devel
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-dummy - Empty Security-Enhanced Linux policy (dummy package)
selinux-policy-minimum - SELinux minimum base policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-sandbox - SELinux policy sandbox
selinux-policy-src - Source of the SELinux reference policy for customization
selinux-policy-targeted - SELinux targeted base policy
selinux-policy-ubuntu - Security-Enhanced Linux Reference Policy
selinux-policy-ubuntu-dev - Security-Enhanced Linux Reference Policy Development Headers
selinux-policy-ubuntu-doc - Security-Enhanced Linux Reference Policy Documentation
⇧ Top