Linux repositories inspector

selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy

This is the reference policy for SE Linux built with MLS support. It allows giving data labels such as "Top Secret" and preventing such data from leaking to processes or files with lower classification.
It was developed for Common Criteria LSPP certification for RHEL. It will probably never be well supported in Debian and is only recommended for students who want to learn about the security features used by the military.
20140730
OpenSUSE iconOpenSUSE Leap 42.3
3.14.5
Fedora iconFedora rawhide
3.14.4
Fedora iconFedora rawhide
3.14.3
Fedora iconFedora 30
3.14.2
Fedora iconFedora 29
3.14.1
Fedora iconFedora 28
3.13.1
CentOS iconCentOS 7.6.1810
2.20190201
Debian iconDebian 10.0
Ubuntu iconUbuntu 19.04
Ubuntu iconUbuntu 19.10
2.20180114
Ubuntu iconUbuntu 18.04 LTS
Ubuntu iconUbuntu 18.10
2.20161023.1
Debian iconDebian 9.0
Ubuntu iconUbuntu 17.10
2.20140421
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
CentOS iconCentOS 7.6.1810 atomicrpm3.13.1-63.atomic.el7.7Jan 232.96 MiB7.61 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 crrpm3.13.1-252.el7.1Sep 105.08 MiB11.5 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 crrpm3.13.1-252.el7Aug 305.08 MiB11.5 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 osrpm3.13.1-229.el7Jan 145.06 MiB11.5 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.9Feb 015.06 MiB11.4 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.6Jan 145.06 MiB11.4 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.5Jan 145.06 MiB11.4 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.15Jul 315.06 MiB11.4 MiBCentOS BuildSystem
CentOS iconCentOS 7.6.1810 updatesrpm3.13.1-229.el7_6.12Jun 175.06 MiB11.4 MiBCentOS BuildSystem
Debian iconDebian 10.0 buster/maindeb2:2.20190201-2Mar 033.24 MiB4.63 MiB
Debian iconDebian 9.0 stretch/maindeb2:2.20161023.1-92017-11-102.93 MiB4.29 MiB
Fedora iconFedora 28 releases/Everything-osrpm3.14.1-21.fc28Jan 146.99 MiB15.6 MiBFedora Project
Fedora iconFedora 28 releases/Server-osrpm3.14.1-21.fc28Jan 146.99 MiB15.6 MiBFedora Project
Fedora iconFedora 28 releases/Workstation-osrpm3.14.1-21.fc28Jan 146.99 MiB15.6 MiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm3.14.2-40.fc29Jan 146.65 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases/Server-osrpm3.14.2-40.fc29Jan 146.65 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases/Workstation-osrpm3.14.2-40.fc29Jan 146.65 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm3.14.2-34.fc29Jan 146.64 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases-test/Server-osrpm3.14.2-34.fc29Jan 146.64 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases-test/Workstation-osrpm3.14.2-34.fc29Jan 146.64 MiB15.8 MiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm3.14.3-29.fc30Jun 176.68 MiB15.9 MiBFedora Project
Fedora iconFedora 30 releases/Server-osrpm3.14.3-29.fc30Jun 176.68 MiB15.9 MiBFedora Project
Fedora iconFedora 30 releases/Workstation-osrpm3.14.3-29.fc30Jun 176.68 MiB15.9 MiBFedora Project
Fedora iconFedora 30 releases-test/Server-osrpm3.14.3-23.fc30Jun 176.68 MiB15.8 MiBFedora Project
Fedora iconFedora 30 releases-test/Workstation-osrpm3.14.3-23.fc30Jun 176.68 MiB15.8 MiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm3.14.5-18.fc32Nov 294.46 MiB16 MiBFedora Project
Fedora iconFedora rawhide development/Server-osrpm3.14.5-18.fc32Nov 294.46 MiB16 MiBFedora Project
Fedora iconFedora rawhide development/Workstation-osrpm3.14.4-29.fc31Aug 084.45 MiB15.9 MiBFedora Project
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-5.1Jan 213.54 MiB8.1 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-2.1Jan 213.53 MiB8.1 MiBhttp://bugs.opensuse.org
Ubuntu iconUbuntu 17.10 artful/universedeb2:2.20161023.1-92017-11-102.88 MiB4.28 MiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb2:2.20180114-12018-03-073.12 MiB4.51 MiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb2:2.20180114-4Jan 143.14 MiB4.54 MiB
Ubuntu iconUbuntu 19.04 disco/universedeb2:2.20190201-3Mar 033.2 MiB4.63 MiB
Ubuntu iconUbuntu 19.10 eoan/universedeb2:2.20190201-4Jun 173.2 MiB4.63 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb2:2.20140421-92017-11-102.71 MiB3.93 MiB

Latest updates

Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-17.fc32 to 3.14.5-18.fc32

Nov 29
  • Allow systemd to read all proc
  • Introduce new type pdns_var_lib_t
  • Allow zebra_t domain to read files labled as nsfs_t.
  • Allow systemd to setattr on all device_nodes
  • Allow systemd to mounton and list all proc types
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-17.fc32 to 3.14.5-18.fc32

Nov 29
  • Allow systemd to read all proc
  • Introduce new type pdns_var_lib_t
  • Allow zebra_t domain to read files labled as nsfs_t.
  • Allow systemd to setattr on all device_nodes
  • Allow systemd to mounton and list all proc types
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-16.fc32 to 3.14.5-17.fc32

Nov 28
  • Fix nonexisting types in rtas_errd_rw_lock interface
  • Allow snmpd_t domain to trace processes in user namespace
  • Allow timedatex_t domain to read relatime clock and adjtime_t files
  • Allow zebra_t domain to execute zebra binaries
  • Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t
  • Allow ksmtuned_t domain to trace processes in user namespace
  • Allow systemd to read symlinks in /var/lib
  • Update dev_mounton_all_device_nodes() interface
  • Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
  • Allow systemd_domain to map files in /usr.
  • Allow strongswan start using swanctl method BZ(1773381)
  • Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-16.fc32 to 3.14.5-17.fc32

Nov 28
  • Fix nonexisting types in rtas_errd_rw_lock interface
  • Allow snmpd_t domain to trace processes in user namespace
  • Allow timedatex_t domain to read relatime clock and adjtime_t files
  • Allow zebra_t domain to execute zebra binaries
  • Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t
  • Allow ksmtuned_t domain to trace processes in user namespace
  • Allow systemd to read symlinks in /var/lib
  • Update dev_mounton_all_device_nodes() interface
  • Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
  • Allow systemd_domain to map files in /usr.
  • Allow strongswan start using swanctl method BZ(1773381)
  • Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-15.fc32 to 3.14.5-16.fc32

Nov 26
  • Allow timedatex_t domain dbus chat with both confined and unconfined users
  • Allow timedatex_t domain dbus chat with unconfined users
  • Allow NetworkManager_t manage dhcpc_state_t BZ(1770698)
  • Make unconfined domains part of domain_named_attribute
  • Label tcp ports 24816,24817 as pulp_port_t
  • Remove duplicate entries for initrc_t in init.te
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-15.fc32 to 3.14.5-16.fc32

Nov 26
  • Allow timedatex_t domain dbus chat with both confined and unconfined users
  • Allow timedatex_t domain dbus chat with unconfined users
  • Allow NetworkManager_t manage dhcpc_state_t BZ(1770698)
  • Make unconfined domains part of domain_named_attribute
  • Label tcp ports 24816,24817 as pulp_port_t
  • Remove duplicate entries for initrc_t in init.te
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-12.fc32 to 3.14.5-15.fc32

Nov 16
  • Increase SELinux userspace version which should be required.
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-12.fc32 to 3.14.5-15.fc32

Nov 16
  • Increase SELinux userspace version which should be required.
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-11.fc32 to 3.14.5-12.fc32

Nov 05
  • Label /var/cache/nginx as httpd_cache_t
  • Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
  • Created dnsmasq_use_ipset boolean
  • Allow capability dac_override in logwatch_mail_t domain
  • Allow automount_t domain to execute ping in own SELinux domain (ping_t)
  • Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
  • Allow collectd_t domain to create netlink_generic_socket sockets
  • Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
  • Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
  • Label /etc/postfix/chroot-update as postfix_exec_t
  • Update tmpreaper_t policy due to fuser command
  • Allow kdump_t domain to create netlink_route and udp sockets
  • Allow stratisd to connect to dbus
  • Allow fail2ban_t domain to create netlink netfilter sockets.
  • Allow dovecot get filesystem quotas
  • Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
  • Allow systemd-tmpfiles processes to set rlimit information
  • Allow cephfs to use xattrs for storing contexts
  • Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-11.fc32 to 3.14.5-12.fc32

Nov 05
  • Label /var/cache/nginx as httpd_cache_t
  • Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
  • Created dnsmasq_use_ipset boolean
  • Allow capability dac_override in logwatch_mail_t domain
  • Allow automount_t domain to execute ping in own SELinux domain (ping_t)
  • Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
  • Allow collectd_t domain to create netlink_generic_socket sockets
  • Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
  • Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
  • Label /etc/postfix/chroot-update as postfix_exec_t
  • Update tmpreaper_t policy due to fuser command
  • Allow kdump_t domain to create netlink_route and udp sockets
  • Allow stratisd to connect to dbus
  • Allow fail2ban_t domain to create netlink netfilter sockets.
  • Allow dovecot get filesystem quotas
  • Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
  • Allow systemd-tmpfiles processes to set rlimit information
  • Allow cephfs to use xattrs for storing contexts
  • Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-10.fc32 to 3.14.5-11.fc32

Oct 27
  • Allow confined users to run newaliases
  • Add interface mysql_dontaudit_rw_db()
  • Label /var/lib/xfsdump/inventory as amanda_var_lib_t
  • Allow tmpreaper_t domain to read all domains state
  • Make httpd_var_lib_t label system mountdir attribute
  • Update cockpit policy
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Donaudit ifconfig_t domain to read/write mysqld_db_t files
  • Dontaudit domains read/write leaked pipes
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-10.fc32 to 3.14.5-11.fc32

Oct 27
  • Allow confined users to run newaliases
  • Add interface mysql_dontaudit_rw_db()
  • Label /var/lib/xfsdump/inventory as amanda_var_lib_t
  • Allow tmpreaper_t domain to read all domains state
  • Make httpd_var_lib_t label system mountdir attribute
  • Update cockpit policy
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Donaudit ifconfig_t domain to read/write mysqld_db_t files
  • Dontaudit domains read/write leaked pipes
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-9.fc32 to 3.14.5-10.fc32

Oct 23
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Allow Gluster mount client to mount files_type
  • Dontaudit and disallow sys_admin capability for keepalived_t domain
  • Update numad policy to allow signull, kill, nice and trace processes
  • Allow ipmievd_t to RW watchdog devices
  • Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
  • Allow user domains to manage user session services
  • Allow staff and user users to get status of user systemd session
  • Update sudo_role_template() to allow caller domain to read syslog pid files
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-9.fc32 to 3.14.5-10.fc32

Oct 23
  • Update timedatex policy to add macros, more detail below
  • Allow nagios_script_t domain list files labled sysfs_t.
  • Allow jetty_t domain search and read cgroup_t files.
  • Allow Gluster mount client to mount files_type
  • Dontaudit and disallow sys_admin capability for keepalived_t domain
  • Update numad policy to allow signull, kill, nice and trace processes
  • Allow ipmievd_t to RW watchdog devices
  • Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
  • Allow user domains to manage user session services
  • Allow staff and user users to get status of user systemd session
  • Update sudo_role_template() to allow caller domain to read syslog pid files
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-8.fc32 to 3.14.5-9.fc32

Oct 12
  • Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-8.fc32 to 3.14.5-9.fc32

Oct 12
  • Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)
Fedora rawhide icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-6.fc32 to 3.14.5-8.fc32

Oct 10
  • Update apache and pkcs policies to make active opencryptoki rules
  • Allow ipa_ods_exporter_t domain to read krb5_keytab files BZ(1759884)
Fedora rawhide icon

Fedora rawhide development/Server-os: Updated from 3.14.5-6.fc32 to 3.14.5-8.fc32

Oct 10
  • Update apache and pkcs policies to make active opencryptoki rules
  • Allow ipa_ods_exporter_t domain to read krb5_keytab files BZ(1759884)
Ubuntu 19.10 icon

Ubuntu 19.10 eoan/universe: Version 2:2.20190201-4 reintroduced

Oct 10
Ubuntu 19.10 icon

Ubuntu 19.10 eoan/universe: Version 2:2.20190201-4 removed

Oct 10

Related packages

selinux - Security-Enhanced Linux runtime support
selinux-policy - SELinux policy configuration
⇧ Top