Linux repositories inspector

selinux-policy-sandbox - SELinux policy sandbox

SELinux sandbox policy used for the policycoreutils-sandbox package
3.14.6
Fedora iconFedora rawhide
3.14.4
Fedora iconFedora 31
3.14.3
Fedora iconFedora 30
3.14.2
Fedora iconFedora 29
3.14.1
Fedora iconFedora 28
3.13.1
CentOS iconCentOS 7.7.1908
DistributionVersionSincePackageInstalledPackager
CentOS iconCentOS 7.7.1908 atomicrpm3.13.1-63.atomic.el7.7Jan 07380 kiB7.53 kiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 osrpm3.13.1-252.el7Jan 07495 kiB82.4 kiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 updatesrpm3.13.1-252.el7_7.6Jan 07496 kiB82.4 kiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 updatesrpm3.13.1-252.el7.1Jan 07496 kiB82.4 kiBCentOS BuildSystem
Fedora iconFedora 28 releases/Everything-osrpm3.14.1-21.fc282019-01-14541 kiB83.8 kiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm3.14.2-40.fc292019-01-14115 kiB84 kiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm3.14.2-34.fc292019-01-14114 kiB84 kiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm3.14.3-29.fc302019-06-17121 kiB84.4 kiBFedora Project
Fedora iconFedora 31 releases/Everything-osrpm3.14.4-37.fc31Jan 07129 kiB84.4 kiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm3.14.6-9.fc33Mar 19115 kiB84.4 kiBFedora Project

Latest updates

Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-8.fc33 to 3.14.6-9.fc33

Mar 19
  • Allow zabbix_t manage and filetrans temporary socket files
  • Makefile: fix tmp/%.mod.fc target
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-7.fc33 to 3.14.6-8.fc33

Mar 14
  • Allow NetworkManager read its unit files and manage services
  • Add init_daemon_domain() for geoclue_t
  • Allow to use nnp_transition in pulseaudio_role
  • Allow pdns_t domain to map files in /usr.
  • Label all NetworkManager fortisslvpn plugins as openfortivpn_exec_t
  • Allow login_pgm create and bind on netlink_selinux_socket
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-6.fc33 to 3.14.6-7.fc33

Mar 12
  • Allow sssd read systemd-resolved runtime directory
  • Allow sssd read NetworkManager's runtime directory
  • Mark nm-cloud-setup systemd units as NetworkManager_unit_file_t
  • Allow system_mail_t to signull pcscd_t
  • Create interface pcscd_signull
  • Allow auditd poweroff or switch to single mode
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-5.fc33 to 3.14.6-6.fc33

Mar 03
  • Allow postfix stream connect to cyrus through runtime socket
  • Dontaudit daemons to set and get scheduling policy/parameters
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-4.fc33 to 3.14.6-5.fc33

Feb 23
  • Allow certmonger_t domain to read pkcs_slotd lock files
  • Allow httpd_t domain to mmap own var_lib_t files BZ(1804853)
  • Allow ipda_custodia_t to create udp_socket and added permission nlmsg_read for netlink_route_sockets
  • Make file context more variable for /usr/bin/fusermount and /bin/fusermount
  • Allow local_login_t domain to getattr cgroup filesystem
  • Allow systemd_logind_t domain to manage user_tmp_t char and block devices
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.6-3.fc33 to 3.14.6-4.fc33

Feb 19
  • Update virt_read_qemu_pid_files inteface
  • Allow systemd_logind_t domain to getattr cgroup filesystem
  • Allow systemd_logind_t domain to manage user_tmp_t char and block devices
  • Allow nsswitch_domain attribute to stream connect to systemd process
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-24.fc32 to 3.14.6-3.fc33

Feb 19
  • Allow systemd labeled as init_t to manage systemd_userdbd_runtime_t symlinks
  • Allow systemd_userdbd_t domain to read efivarfs files
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-23.fc32 to 3.14.5-24.fc32

Feb 08
  • Allow ptp4l_t create and use packet_socket sockets
  • Allow ipa_custodia_t create and use netlink_route_socket sockets.
  • Allow networkmanager_t transition to setfiles_t
  • Create init_create_dirs boolean to allow init create directories
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-21.fc32 to 3.14.5-23.fc32

Feb 04
  • Allow thumb_t connect to system_dbusd_t BZ(1795044)
  • Allow saslauthd_t filetrans variable files for /tmp directory
  • Added apache create log dirs macro
  • Tiny documentation fix
  • Allow openfortivpn_t to manage net_conf_t files.
  • Introduce boolean openfortivpn_can_network_connect.
  • Dontaudit domain chronyd_t to list in user home dirs.
  • Allow init_t to create apache log dirs.
  • Add file transition for /dev/nvidia-uvm BZ(1770588)
  • Allow syslog_t to read efivarfs_t files
  • Add ioctl to term_dontaudit_use_ptmx macro
  • Update xserver_rw_session macro
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-20.fc32 to 3.14.5-21.fc32

Jan 31
  • Dontaudit timedatex_t read file_contexts_t and validate security contexts
  • Make stratisd_t domain unconfined for now.
  • stratisd_t policy updates.
  • Label /var/spool/plymouth/boot.log as plymouthd_var_log_t
  • Label /stratis as stratisd_data_t
  • Allow opafm_t to create and use netlink rdma sockets.
  • Allow stratisd_t domain to read/write fixed disk devices and removable devices.
  • Added macro for stratisd to chat over dbus
  • Add dac_override capability to stratisd_t domain
  • Allow init_t set the nice level of all domains BZ(1778088)
  • Allow userdomain to chat with stratisd over dbus.
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-19.fc32 to 3.14.5-20.fc32

Jan 16
  • Fix typo in anaconda SELinux module
  • Allow rtkit_t domain to control scheduling for your install_t processes
  • Boolean: rngd_t to use executable memory
  • Allow rngd_t domain to use nsswitch BZ(1787661)
  • Allow exim to execute bin_t without domain trans
  • Allow create udp sockets for abrt_upload_watch_t domains
  • Drop label zebra_t for frr binaries
  • Allow NetworkManager_t domain to get status of samba services
  • Update milter policy to allow use sendmail
  • Modify file context for .local directory to match exactly BZ(1637401)
  • Allow init_t domain to create own socket files in /tmp
  • Allow ipsec_mgmt_t domain to mmap ipsec_conf_file_t files
  • Create files_create_non_security_dirs() interface
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-18.fc32 to 3.14.5-19.fc32

Jan 09
  • Allow init_t nnp domain transition to kmod_t
  • Allow userdomain dbus chat with systemd_resolved_t
  • Allow init_t read and setattr on /var/lib/fprintd
  • Allow sysadm_t dbus chat with colord_t
  • Allow confined users run fwupdmgr
  • Allow confined users run machinectl
  • Allow systemd labeled as init_t domain to create dirs labeled as var_t
  • Allow systemd labeled as init_t do read/write tpm_device_t chr files BZ(1778079)
  • Add new file context rabbitmq_conf_t.
  • Allow journalctl read init state BZ(1731753)
  • Add fprintd_read_var_lib_dir and fprintd_setattr_var_lib_dir interfaces
  • Allow pulseaudio create .config and dgram sendto to unpriv_userdomain
  • Change type in transition for /var/cache/{dnf,yum} directory
  • Allow cockpit_ws_t read efivarfs_t BZ(1777085)
  • Allow abrt_dump_oops_t domain to create udp sockets BZ(1778030)
  • Allow named_t domain to mmap named_zone_t files BZ(1647493)
  • Make boinc_var_lib_t label system mountdir attribute
  • Allow stratis_t domain to request load modules
  • Update fail2ban policy
  • Allow spamd_update_t access antivirus_unit_file_t BZ(1774092)
  • Allow uuidd_t Domain trasition from sytemd into confined domain with NoNewPrivileges Systemd Security feature.
  • Allow rdisc_t Domain trasition from sytemd into confined domain with NoNewPrivileges Systemd Security feature.
Fedora icon

Fedora 31 releases/Everything-os: Version 3.14.4-37.fc31 introduced

Jan 07
  • Remove duplicate file context for /usr//bin/nova-api-metadata
  • Introduce new bolean httpd_use_opencryptoki
  • Allow setroubleshoot_fixit_t to read random_device_t
  • Label /etc/named direcotory as named_conf_t BZ(1759495)
  • Allow dkim to execute sendmail
  • Update virt_read_content interface to allow caller domain mmap virt_content_t block devices and files
  • Update aide_t domain to allow this tool to analyze also /dev filesystem
  • Update interface modutils_read_module_deps to allow caller domain also mmap modules_dep_t files BZ(1758634)
  • Allow avahi_t to send msg to xdm_t
  • Update dev_manage_sysfs() to support managing also lnk files BZ(1759019)
  • Allow systemd_logind_t domain to read blk_files in domain removable_device_t
  • Add new interface udev_getattr_rules_chr_files()
CentOS icon

CentOS 7.7.1908 atomic: Version 3.13.1-63.atomic.el7.7 introduced

Jan 07
CentOS icon

CentOS 7.7.1908 updates: Updated from 3.13.1-252.el7.1 to 3.13.1-252.el7_7.6

Jan 07
  • Allow ganesha_t domain to connect to tcp portmap_port_t
Resolves: rhbz#1715088
CentOS icon

CentOS 7.7.1908 updates: Version 3.13.1-252.el7.1 introduced

Jan 07
  • Allow ganesha_t domain to connect to tcp portmap_port_t
Resolves: rhbz#1715088
CentOS icon

CentOS 7.7.1908 os: Version 3.13.1-252.el7 introduced

Jan 07
  • Allow ganesha_t domain to connect to tcp portmap_port_t
Resolves: rhbz#1715088
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-17.fc32 to 3.14.5-18.fc32

Nov 29
  • Allow systemd to read all proc
  • Introduce new type pdns_var_lib_t
  • Allow zebra_t domain to read files labled as nsfs_t.
  • Allow systemd to setattr on all device_nodes
  • Allow systemd to mounton and list all proc types
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-16.fc32 to 3.14.5-17.fc32

Nov 28
  • Fix nonexisting types in rtas_errd_rw_lock interface
  • Allow snmpd_t domain to trace processes in user namespace
  • Allow timedatex_t domain to read relatime clock and adjtime_t files
  • Allow zebra_t domain to execute zebra binaries
  • Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t
  • Allow ksmtuned_t domain to trace processes in user namespace
  • Allow systemd to read symlinks in /var/lib
  • Update dev_mounton_all_device_nodes() interface
  • Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro.
  • Allow systemd_domain to map files in /usr.
  • Allow strongswan start using swanctl method BZ(1773381)
  • Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976)
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.14.5-15.fc32 to 3.14.5-16.fc32

Nov 26
  • Allow timedatex_t domain dbus chat with both confined and unconfined users
  • Allow timedatex_t domain dbus chat with unconfined users
  • Allow NetworkManager_t manage dhcpc_state_t BZ(1770698)
  • Make unconfined domains part of domain_named_attribute
  • Label tcp ports 24816,24817 as pulp_port_t
  • Remove duplicate entries for initrc_t in init.te

Related packages

selinux - Security-Enhanced Linux runtime support
selinux-policy - SELinux policy configuration
⇧ Top