Linux repositories inspector

selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy

This is the reference policy for SE Linux built with MLS support. It allows giving data labels such as "Top Secret" and preventing such data from leaking to processes or files with lower classification.
It was developed for Common Criteria LSPP certification for RHEL. It will probably never be well supported in Debian and is only recommended for students who want to learn about the security features used by the military.
20140730
OpenSUSE iconOpenSUSE Leap 42.3
3.14.6
Fedora iconFedora rawhide
3.14.4
Fedora iconFedora 31
Fedora iconFedora rawhide
3.14.3
Fedora iconFedora 30
3.14.2
Fedora iconFedora 29
3.14.1
Fedora iconFedora 28
3.13.1
CentOS iconCentOS 7.7.1908
2.20190201
Debian iconDebian 10.0
Ubuntu iconUbuntu 19.04
Ubuntu iconUbuntu 19.10
Ubuntu iconUbuntu 20.04
2.20180114
Ubuntu iconUbuntu 18.04 LTS
Ubuntu iconUbuntu 18.10
2.20161023.1
Debian iconDebian 9.0
Ubuntu iconUbuntu 17.10
2.20140421
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
CentOS iconCentOS 7.7.1908 atomicrpm3.13.1-63.atomic.el7.7Jan 072.96 MiB7.61 MiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 osrpm3.13.1-252.el7Jan 075.08 MiB11.5 MiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 updatesrpm3.13.1-252.el7_7.6Jan 075.09 MiB11.5 MiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 updatesrpm3.13.1-252.el7.1Jan 075.08 MiB11.5 MiBCentOS BuildSystem
Debian iconDebian 10.0 buster/maindeb2:2.20190201-22019-03-033.24 MiB4.63 MiB
Debian iconDebian 9.0 stretch/maindeb2:2.20161023.1-92017-11-102.93 MiB4.29 MiB
Fedora iconFedora 28 releases/Everything-osrpm3.14.1-21.fc282019-01-146.99 MiB15.6 MiBFedora Project
Fedora iconFedora 28 releases/Server-osrpm3.14.1-21.fc282019-01-146.99 MiB15.6 MiBFedora Project
Fedora iconFedora 28 releases/Workstation-osrpm3.14.1-21.fc282019-01-146.99 MiB15.6 MiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm3.14.2-40.fc292019-01-146.65 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases/Server-osrpm3.14.2-40.fc292019-01-146.65 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases/Workstation-osrpm3.14.2-40.fc292019-01-146.65 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm3.14.2-34.fc292019-01-146.64 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases-test/Server-osrpm3.14.2-34.fc292019-01-146.64 MiB15.8 MiBFedora Project
Fedora iconFedora 29 releases-test/Workstation-osrpm3.14.2-34.fc292019-01-146.64 MiB15.8 MiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm3.14.3-29.fc302019-06-176.68 MiB15.9 MiBFedora Project
Fedora iconFedora 30 releases/Server-osrpm3.14.3-29.fc302019-06-176.68 MiB15.9 MiBFedora Project
Fedora iconFedora 30 releases/Workstation-osrpm3.14.3-29.fc302019-06-176.68 MiB15.9 MiBFedora Project
Fedora iconFedora 30 releases-test/Server-osrpm3.14.3-23.fc302019-06-176.68 MiB15.8 MiBFedora Project
Fedora iconFedora 30 releases-test/Workstation-osrpm3.14.3-23.fc302019-06-176.68 MiB15.8 MiBFedora Project
Fedora iconFedora 31 releases/Everything-osrpm3.14.4-37.fc31Jan 074.47 MiB15.9 MiBFedora Project
Fedora iconFedora 31 releases/Server-osrpm3.14.4-37.fc31Jan 074.47 MiB15.9 MiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm3.14.6-9.fc33Mar 194.25 MiB10.8 MiBFedora Project
Fedora iconFedora rawhide development/Server-osrpm3.14.6-9.fc33Mar 194.25 MiB10.8 MiBFedora Project
Fedora iconFedora rawhide development/Workstation-osrpm3.14.4-29.fc31Aug 084.45 MiB15.9 MiBFedora Project
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-5.12019-01-213.54 MiB8.1 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm20140730-2.12019-01-213.53 MiB8.1 MiBhttp://bugs.opensuse.org
Ubuntu iconUbuntu 17.10 artful/universedeb2:2.20161023.1-92017-11-102.88 MiB4.28 MiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb2:2.20180114-12018-03-073.12 MiB4.51 MiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb2:2.20180114-42019-01-143.14 MiB4.54 MiB
Ubuntu iconUbuntu 19.04 disco/universedeb2:2.20190201-32019-03-033.2 MiB4.63 MiB
Ubuntu iconUbuntu 19.10 eoan/universedeb2:2.20190201-42019-06-173.2 MiB4.63 MiB
Ubuntu iconUbuntu 20.04 focal/universedeb2:2.20190201-7Jan 153.2 MiB4.63 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb2:2.20140421-92017-11-102.71 MiB3.93 MiB

Latest updates

Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.6-8.fc33 to 3.14.6-9.fc33

Mar 19
  • Allow zabbix_t manage and filetrans temporary socket files
  • Makefile: fix tmp/%.mod.fc target
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-8.fc33 to 3.14.6-9.fc33

Mar 19
  • Allow zabbix_t manage and filetrans temporary socket files
  • Makefile: fix tmp/%.mod.fc target
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-7.fc33 to 3.14.6-8.fc33

Mar 14
  • Allow NetworkManager read its unit files and manage services
  • Add init_daemon_domain() for geoclue_t
  • Allow to use nnp_transition in pulseaudio_role
  • Allow pdns_t domain to map files in /usr.
  • Label all NetworkManager fortisslvpn plugins as openfortivpn_exec_t
  • Allow login_pgm create and bind on netlink_selinux_socket
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.6-7.fc33 to 3.14.6-8.fc33

Mar 14
  • Allow NetworkManager read its unit files and manage services
  • Add init_daemon_domain() for geoclue_t
  • Allow to use nnp_transition in pulseaudio_role
  • Allow pdns_t domain to map files in /usr.
  • Label all NetworkManager fortisslvpn plugins as openfortivpn_exec_t
  • Allow login_pgm create and bind on netlink_selinux_socket
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.6-6.fc33 to 3.14.6-7.fc33

Mar 12
  • Allow sssd read systemd-resolved runtime directory
  • Allow sssd read NetworkManager's runtime directory
  • Mark nm-cloud-setup systemd units as NetworkManager_unit_file_t
  • Allow system_mail_t to signull pcscd_t
  • Create interface pcscd_signull
  • Allow auditd poweroff or switch to single mode
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-6.fc33 to 3.14.6-7.fc33

Mar 12
  • Allow sssd read systemd-resolved runtime directory
  • Allow sssd read NetworkManager's runtime directory
  • Mark nm-cloud-setup systemd units as NetworkManager_unit_file_t
  • Allow system_mail_t to signull pcscd_t
  • Create interface pcscd_signull
  • Allow auditd poweroff or switch to single mode
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-5.fc33 to 3.14.6-6.fc33

Mar 03
  • Allow postfix stream connect to cyrus through runtime socket
  • Dontaudit daemons to set and get scheduling policy/parameters
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.6-5.fc33 to 3.14.6-6.fc33

Mar 03
  • Allow postfix stream connect to cyrus through runtime socket
  • Dontaudit daemons to set and get scheduling policy/parameters
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-4.fc33 to 3.14.6-5.fc33

Feb 23
  • Allow certmonger_t domain to read pkcs_slotd lock files
  • Allow httpd_t domain to mmap own var_lib_t files BZ(1804853)
  • Allow ipda_custodia_t to create udp_socket and added permission nlmsg_read for netlink_route_sockets
  • Make file context more variable for /usr/bin/fusermount and /bin/fusermount
  • Allow local_login_t domain to getattr cgroup filesystem
  • Allow systemd_logind_t domain to manage user_tmp_t char and block devices
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.6-4.fc33 to 3.14.6-5.fc33

Feb 23
  • Allow certmonger_t domain to read pkcs_slotd lock files
  • Allow httpd_t domain to mmap own var_lib_t files BZ(1804853)
  • Allow ipda_custodia_t to create udp_socket and added permission nlmsg_read for netlink_route_sockets
  • Make file context more variable for /usr/bin/fusermount and /bin/fusermount
  • Allow local_login_t domain to getattr cgroup filesystem
  • Allow systemd_logind_t domain to manage user_tmp_t char and block devices
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-3.fc33 to 3.14.6-4.fc33

Feb 19
  • Update virt_read_qemu_pid_files inteface
  • Allow systemd_logind_t domain to getattr cgroup filesystem
  • Allow systemd_logind_t domain to manage user_tmp_t char and block devices
  • Allow nsswitch_domain attribute to stream connect to systemd process
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.6-3.fc33 to 3.14.6-4.fc33

Feb 19
  • Update virt_read_qemu_pid_files inteface
  • Allow systemd_logind_t domain to getattr cgroup filesystem
  • Allow systemd_logind_t domain to manage user_tmp_t char and block devices
  • Allow nsswitch_domain attribute to stream connect to systemd process
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.5-24.fc32 to 3.14.6-3.fc33

Feb 19
  • Allow systemd labeled as init_t to manage systemd_userdbd_runtime_t symlinks
  • Allow systemd_userdbd_t domain to read efivarfs files
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-24.fc32 to 3.14.6-3.fc33

Feb 19
  • Allow systemd labeled as init_t to manage systemd_userdbd_runtime_t symlinks
  • Allow systemd_userdbd_t domain to read efivarfs files
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.5-23.fc32 to 3.14.5-24.fc32

Feb 08
  • Allow ptp4l_t create and use packet_socket sockets
  • Allow ipa_custodia_t create and use netlink_route_socket sockets.
  • Allow networkmanager_t transition to setfiles_t
  • Create init_create_dirs boolean to allow init create directories
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-23.fc32 to 3.14.5-24.fc32

Feb 08
  • Allow ptp4l_t create and use packet_socket sockets
  • Allow ipa_custodia_t create and use netlink_route_socket sockets.
  • Allow networkmanager_t transition to setfiles_t
  • Create init_create_dirs boolean to allow init create directories
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-21.fc32 to 3.14.5-23.fc32

Feb 04
  • Allow thumb_t connect to system_dbusd_t BZ(1795044)
  • Allow saslauthd_t filetrans variable files for /tmp directory
  • Added apache create log dirs macro
  • Tiny documentation fix
  • Allow openfortivpn_t to manage net_conf_t files.
  • Introduce boolean openfortivpn_can_network_connect.
  • Dontaudit domain chronyd_t to list in user home dirs.
  • Allow init_t to create apache log dirs.
  • Add file transition for /dev/nvidia-uvm BZ(1770588)
  • Allow syslog_t to read efivarfs_t files
  • Add ioctl to term_dontaudit_use_ptmx macro
  • Update xserver_rw_session macro
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.5-21.fc32 to 3.14.5-23.fc32

Feb 04
  • Allow thumb_t connect to system_dbusd_t BZ(1795044)
  • Allow saslauthd_t filetrans variable files for /tmp directory
  • Added apache create log dirs macro
  • Tiny documentation fix
  • Allow openfortivpn_t to manage net_conf_t files.
  • Introduce boolean openfortivpn_can_network_connect.
  • Dontaudit domain chronyd_t to list in user home dirs.
  • Allow init_t to create apache log dirs.
  • Add file transition for /dev/nvidia-uvm BZ(1770588)
  • Allow syslog_t to read efivarfs_t files
  • Add ioctl to term_dontaudit_use_ptmx macro
  • Update xserver_rw_session macro
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-20.fc32 to 3.14.5-21.fc32

Jan 31
  • Dontaudit timedatex_t read file_contexts_t and validate security contexts
  • Make stratisd_t domain unconfined for now.
  • stratisd_t policy updates.
  • Label /var/spool/plymouth/boot.log as plymouthd_var_log_t
  • Label /stratis as stratisd_data_t
  • Allow opafm_t to create and use netlink rdma sockets.
  • Allow stratisd_t domain to read/write fixed disk devices and removable devices.
  • Added macro for stratisd to chat over dbus
  • Add dac_override capability to stratisd_t domain
  • Allow init_t set the nice level of all domains BZ(1778088)
  • Allow userdomain to chat with stratisd over dbus.
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.14.5-20.fc32 to 3.14.5-21.fc32

Jan 31
  • Dontaudit timedatex_t read file_contexts_t and validate security contexts
  • Make stratisd_t domain unconfined for now.
  • stratisd_t policy updates.
  • Label /var/spool/plymouth/boot.log as plymouthd_var_log_t
  • Label /stratis as stratisd_data_t
  • Allow opafm_t to create and use netlink rdma sockets.
  • Allow stratisd_t domain to read/write fixed disk devices and removable devices.
  • Added macro for stratisd to chat over dbus
  • Add dac_override capability to stratisd_t domain
  • Allow init_t set the nice level of all domains BZ(1778088)
  • Allow userdomain to chat with stratisd over dbus.

Related packages

selinux - Security-Enhanced Linux runtime support
selinux-policy - SELinux policy configuration
⇧ Top