Linux repositories inspector

selinux-policy-minimum - SELinux minimum base policy

SELinux Reference policy minimum base module.
20140730
OpenSUSE iconOpenSUSE Leap 42.3
3.14.5
Fedora iconFedora rawhide
3.14.4
Fedora iconFedora rawhide
3.14.3
Fedora iconFedora 30
3.14.2
Fedora iconFedora 29
3.14.1
Fedora iconFedora 28
3.13.1
CentOS iconCentOS 7.6.1810
DistributionVersionSincePackageInstalledPackager
CentOS iconCentOS 7.6.1810 atomicrpm3.13.1-63.atomic.el7.7Jan 233.93 MiB10.1 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 crrpm3.13.1-252.el7.1Sep 106.97 MiB15.5 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 crrpm3.13.1-252.el7Aug 306.97 MiB15.4 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 osrpm3.13.1-229.el7Jan 146.9 MiB15.4 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.9Feb 016.91 MiB15.3 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.6Jan 146.91 MiB15.3 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.5Jan 146.91 MiB15.3 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.15Jul 316.91 MiB15.4 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.12Jun 176.91 MiB15.3 MiBCentOS BuildSystem
Fedora iconFedora 28 releases/Everything-osrpm3.14.1-21.fc28Jan 1412.6 MiB32.5 MiBFedora Project
Fedora iconFedora 28 releases/Server-osrpm3.14.1-21.fc28Jan 1412.6 MiB32.5 MiBFedora Project
Fedora iconFedora 28 releases/Workstation-osrpm3.14.1-21.fc28Jan 1412.6 MiB32.5 MiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm3.14.2-40.fc29Jan 1412.4 MiB33.1 MiBFedora Project
Fedora iconFedora 29 releases/Server-osrpm3.14.2-40.fc29Jan 1412.4 MiB33.1 MiBFedora Project
Fedora iconFedora 29 releases/Workstation-osrpm3.14.2-40.fc29Jan 1412.4 MiB33.1 MiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm3.14.2-34.fc29Jan 1412.3 MiB33 MiBFedora Project
Fedora iconFedora 29 releases-test/Server-osrpm3.14.2-34.fc29Jan 1412.3 MiB33 MiBFedora Project
Fedora iconFedora 29 releases-test/Workstation-osrpm3.14.2-34.fc29Jan 1412.3 MiB33 MiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm3.14.3-29.fc30Jun 1712.5 MiB33.4 MiBFedora Project
Fedora iconFedora 30 releases/Server-osrpm3.14.3-29.fc30Jun 1712.5 MiB33.4 MiBFedora Project
Fedora iconFedora 30 releases/Workstation-osrpm3.14.3-29.fc30Jun 1712.5 MiB33.4 MiBFedora Project
Fedora iconFedora 30 releases-test/Server-osrpm3.14.3-23.fc30Jun 1712.5 MiB33.6 MiBFedora Project
Fedora iconFedora 30 releases-test/Workstation-osrpm3.14.3-23.fc30Jun 1712.5 MiB33.6 MiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm3.14.5-18.fc32Nov 2911.5 MiB33.9 MiBFedora Project
Fedora iconFedora rawhide development/Server-osrpm3.14.5-18.fc32Nov 2911.5 MiB33.9 MiBFedora Project
Fedora iconFedora rawhide development/Workstation-osrpm3.14.4-29.fc31Aug 0811.4 MiB33.5 MiBFedora Project
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-5.1Jan 214.42 MiB9.82 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-2.1Jan 214.42 MiB9.82 MiBhttp://bugs.opensuse.org

Latest updates

Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-17.fc32 to 3.14.5-18.fc32

Nov 29
  • Allow systemd to read all proc
  • Introduce new type pdns_var_lib_t
  • Allow zebra_t domain to read files labled as nsfs_t.
  • Allow systemd to setattr on all device_nodes
  • Allow systemd to mounton and list all proc types
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-17.fc32 to 3.14.5-18.fc32

Nov 29
  • Allow systemd to read all proc
  • Introduce new type pdns_var_lib_t
  • Allow zebra_t domain to read files labled as nsfs_t.
  • Allow systemd to setattr on all device_nodes
  • Allow systemd to mounton and list all proc types
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-16.fc32 to 3.14.5-17.fc32

Nov 28
  • Fix nonexisting types in rtas_errd_rw_lock interface
  • Allow snmpd_t domain to trace processes in user namespace
  • Allow timedatex_t domain to read relatime clock and adjtime_t files
  • Allow zebra_t domain to execute zebra binaries
  • Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t
  • Allow ksmtuned_t domain to trace processes in user namespace
  • Allow systemd to read symlinks in /var/lib
  • Update dev_mounton_all_device_nodes() interface
  • Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
  • Allow systemd_domain to map files in /usr.
  • Allow strongswan start using swanctl method BZ(1773381)
  • Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-16.fc32 to 3.14.5-17.fc32

Nov 28
  • Fix nonexisting types in rtas_errd_rw_lock interface
  • Allow snmpd_t domain to trace processes in user namespace
  • Allow timedatex_t domain to read relatime clock and adjtime_t files
  • Allow zebra_t domain to execute zebra binaries
  • Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t
  • Allow ksmtuned_t domain to trace processes in user namespace
  • Allow systemd to read symlinks in /var/lib
  • Update dev_mounton_all_device_nodes() interface
  • Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
  • Allow systemd_domain to map files in /usr.
  • Allow strongswan start using swanctl method BZ(1773381)
  • Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-15.fc32 to 3.14.5-16.fc32

Nov 26
  • Allow timedatex_t domain dbus chat with both confined and unconfined users
  • Allow timedatex_t domain dbus chat with unconfined users
  • Allow NetworkManager_t manage dhcpc_state_t BZ(1770698)
  • Make unconfined domains part of domain_named_attribute
  • Label tcp ports 24816,24817 as pulp_port_t
  • Remove duplicate entries for initrc_t in init.te
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-15.fc32 to 3.14.5-16.fc32

Nov 26
  • Allow timedatex_t domain dbus chat with both confined and unconfined users
  • Allow timedatex_t domain dbus chat with unconfined users
  • Allow NetworkManager_t manage dhcpc_state_t BZ(1770698)
  • Make unconfined domains part of domain_named_attribute
  • Label tcp ports 24816,24817 as pulp_port_t
  • Remove duplicate entries for initrc_t in init.te
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-12.fc32 to 3.14.5-15.fc32

Nov 16
  • Increase SELinux userspace version which should be required.
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-12.fc32 to 3.14.5-15.fc32

Nov 16
  • Increase SELinux userspace version which should be required.
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-11.fc32 to 3.14.5-12.fc32

Nov 05
  • Label /var/cache/nginx as httpd_cache_t
  • Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
  • Created dnsmasq_use_ipset boolean
  • Allow capability dac_override in logwatch_mail_t domain
  • Allow automount_t domain to execute ping in own SELinux domain (ping_t)
  • Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
  • Allow collectd_t domain to create netlink_generic_socket sockets
  • Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
  • Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
  • Label /etc/postfix/chroot-update as postfix_exec_t
  • Update tmpreaper_t policy due to fuser command
  • Allow kdump_t domain to create netlink_route and udp sockets
  • Allow stratisd to connect to dbus
  • Allow fail2ban_t domain to create netlink netfilter sockets.
  • Allow dovecot get filesystem quotas
  • Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
  • Allow systemd-tmpfiles processes to set rlimit information
  • Allow cephfs to use xattrs for storing contexts
  • Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-11.fc32 to 3.14.5-12.fc32

Nov 05
  • Label /var/cache/nginx as httpd_cache_t
  • Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
  • Created dnsmasq_use_ipset boolean
  • Allow capability dac_override in logwatch_mail_t domain
  • Allow automount_t domain to execute ping in own SELinux domain (ping_t)
  • Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
  • Allow collectd_t domain to create netlink_generic_socket sockets
  • Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
  • Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
  • Label /etc/postfix/chroot-update as postfix_exec_t
  • Update tmpreaper_t policy due to fuser command
  • Allow kdump_t domain to create netlink_route and udp sockets
  • Allow stratisd to connect to dbus
  • Allow fail2ban_t domain to create netlink netfilter sockets.
  • Allow dovecot get filesystem quotas
  • Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
  • Allow systemd-tmpfiles processes to set rlimit information
  • Allow cephfs to use xattrs for storing contexts
  • Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-10.fc32 to 3.14.5-11.fc32

Oct 27
  • Allow confined users to run newaliases
  • Add interface mysql_dontaudit_rw_db()
  • Label /var/lib/xfsdump/inventory as amanda_var_lib_t
  • Allow tmpreaper_t domain to read all domains state
  • Make httpd_var_lib_t label system mountdir attribute
  • Update cockpit policy
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Donaudit ifconfig_t domain to read/write mysqld_db_t files
  • Dontaudit domains read/write leaked pipes
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-10.fc32 to 3.14.5-11.fc32

Oct 27
  • Allow confined users to run newaliases
  • Add interface mysql_dontaudit_rw_db()
  • Label /var/lib/xfsdump/inventory as amanda_var_lib_t
  • Allow tmpreaper_t domain to read all domains state
  • Make httpd_var_lib_t label system mountdir attribute
  • Update cockpit policy
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Donaudit ifconfig_t domain to read/write mysqld_db_t files
  • Dontaudit domains read/write leaked pipes
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-9.fc32 to 3.14.5-10.fc32

Oct 23
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Allow Gluster mount client to mount files_type
  • Dontaudit and disallow sys_admin capability for keepalived_t domain
  • Update numad policy to allow signull, kill, nice and trace processes
  • Allow ipmievd_t to RW watchdog devices
  • Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
  • Allow user domains to manage user session services
  • Allow staff and user users to get status of user systemd session
  • Update sudo_role_template() to allow caller domain to read syslog pid files
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-9.fc32 to 3.14.5-10.fc32

Oct 23
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Allow Gluster mount client to mount files_type
  • Dontaudit and disallow sys_admin capability for keepalived_t domain
  • Update numad policy to allow signull, kill, nice and trace processes
  • Allow ipmievd_t to RW watchdog devices
  • Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
  • Allow user domains to manage user session services
  • Allow staff and user users to get status of user systemd session
  • Update sudo_role_template() to allow caller domain to read syslog pid files
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-8.fc32 to 3.14.5-9.fc32

Oct 12
  • Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-8.fc32 to 3.14.5-9.fc32

Oct 12
  • Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-6.fc32 to 3.14.5-8.fc32

Oct 10
  • Update apache and pkcs policies to make active opencryptoki rules
  • Allow ipa_ods_exporter_t domain to read krb5_keytab files BZ(1759884)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-6.fc32 to 3.14.5-8.fc32

Oct 10
  • Update apache and pkcs policies to make active opencryptoki rules
  • Allow ipa_ods_exporter_t domain to read krb5_keytab files BZ(1759884)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-5.fc32 to 3.14.5-6.fc32

Oct 05
  • Update aide_t domain to allow this tool to analyze also /dev filesystem
  • Allow bitlbee_t domain map files in /usr
  • Allow stratisd to getattr of fixed disk device nodes
  • Add net_broadcast capability to openvswitch_t domain BZ(1716044)
  • Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
  • Allow cobblerd_t domain search apache configuration dirs
  • Dontaudit NetworkManager_t domain to write to kdump temp pipies BZ(1750428)
  • Label /var/log/collectd.log as collectd_log_t
  • Allow boltd_t domain to manage sysfs files and dirs BZ(1754360)
  • Add fowner capability to the pcp_pmlogger_t domain BZ(1754767)
  • networkmanager: allow NetworkManager_t to create bluetooth_socket
  • Fix ipa_custodia_stream_connect interface
  • Add new interface udev_getattr_rules_chr_files()
  • Make dbus-broker service working on s390x arch
  • Add new interface dev_mounton_all_device_nodes()
  • Add new interface dev_create_all_files()
  • Allow systemd(init_t) to load kernel modules
  • Allow ldconfig_t domain to manage initrc_tmp_t objects
  • Add new interface init_write_initrc_tmp_pipes()
  • Add new interface init_manage_script_tmp_files()
  • Allow xdm_t setpcap capability in user namespace BZ(1756790)
  • Allow x_userdomain to mmap generic SSL certificates
  • Allow xdm_t domain to user netlink_route sockets BZ(1756791)
  • Update files_create_var_lib_dirs() interface to allow caller domain also set attributes of var_lib_t directory BZ(1754245)
  • Allow sudo userdomain to run rpm related commands
  • Add sys_admin capability for ipsec_t domain
  • Allow systemd_modules_load_t domain to read systemd pid files
  • Add new interface init_read_pid_files()
  • Allow systemd labeled as init_t domain to manage faillog_t objects
  • Add file context ipsec_var_run_t for /var/run/charon\.dck to ipsec.fc
  • Make ipa_custodia policy active
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-5.fc32 to 3.14.5-6.fc32

Oct 05
  • Update aide_t domain to allow this tool to analyze also /dev filesystem
  • Allow bitlbee_t domain map files in /usr
  • Allow stratisd to getattr of fixed disk device nodes
  • Add net_broadcast capability to openvswitch_t domain BZ(1716044)
  • Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
  • Allow cobblerd_t domain search apache configuration dirs
  • Dontaudit NetworkManager_t domain to write to kdump temp pipies BZ(1750428)
  • Label /var/log/collectd.log as collectd_log_t
  • Allow boltd_t domain to manage sysfs files and dirs BZ(1754360)
  • Add fowner capability to the pcp_pmlogger_t domain BZ(1754767)
  • networkmanager: allow NetworkManager_t to create bluetooth_socket
  • Fix ipa_custodia_stream_connect interface
  • Add new interface udev_getattr_rules_chr_files()
  • Make dbus-broker service working on s390x arch
  • Add new interface dev_mounton_all_device_nodes()
  • Add new interface dev_create_all_files()
  • Allow systemd(init_t) to load kernel modules
  • Allow ldconfig_t domain to manage initrc_tmp_t objects
  • Add new interface init_write_initrc_tmp_pipes()
  • Add new interface init_manage_script_tmp_files()
  • Allow xdm_t setpcap capability in user namespace BZ(1756790)
  • Allow x_userdomain to mmap generic SSL certificates
  • Allow xdm_t domain to user netlink_route sockets BZ(1756791)
  • Update files_create_var_lib_dirs() interface to allow caller domain also set attributes of var_lib_t directory BZ(1754245)
  • Allow sudo userdomain to run rpm related commands
  • Add sys_admin capability for ipsec_t domain
  • Allow systemd_modules_load_t domain to read systemd pid files
  • Add new interface init_read_pid_files()
  • Allow systemd labeled as init_t domain to manage faillog_t objects
  • Add file context ipsec_var_run_t for /var/run/charon\.dck to ipsec.fc
  • Make ipa_custodia policy active

Related packages

selinux - Security-Enhanced Linux runtime support
selinux-policy - SELinux policy configuration
⇧ Top