| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: selinux-policy-sandbox | Distribution: AlmaLinux | 
| Version: 40.13.31 | Vendor: AlmaLinux | 
| Release: 2.el10 | Build date: Thu Jun 5 07:42:35 2025 | 
| Group: Unspecified | Build host: s390x-builder02.almalinux.org | 
| Size: 87249 | Source RPM: selinux-policy-40.13.31-2.el10.src.rpm | 
| Packager: AlmaLinux Packaging Team <packager@almalinux.org> | |
| Url: https://github.com/fedora-selinux/selinux-policy | |
| Summary: SELinux sandbox policy | |
SELinux sandbox policy for use with the sandbox utility.
GPL-2.0-or-later
* Wed May 21 2025 Petr Lautrbach <lautrbach@redhat.com> - 40.13.31-4
  - Revert "Add selinux-policy-epel test plan"
* Wed May 21 2025 Petr Lautrbach <lautrbach@redhat.com> - 40.13.31-3
  - Revert "Make make-rhat-patches.sh selinux-policy-epel aware"
* Wed May 21 2025 Petr Lautrbach <lautrbach@redhat.com> - 40.13.31-2
  - Build selinux-policy-extra packages
  - Obsolete selinux-policy-epel packages
* Tue May 20 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.31-1
  - Label /dev/diag as diagnostic_device_t
  Resolves: RHEL-89804
  - Label SetroubleshootPrivileged.py with setroubleshootd_exec_t
  Resolves: RHEL-87727
  - Allow syslogd watch syslog_conf_t directories
  Resolves: RHEL-87648
  - Allow networkmanager send a general signal to iptables
  Resolves: RHEL-86780
  - Define file equivalency for /var/etc
  Resolves: RHEL-86678
  - Update bootupd policy when ESP is not mounted
  Resolves: RHEL-86588
  - dontaudit execmem for modemmanager
  Resolves: RHEL-86176
  - Allow systemd create journal pid files
  Resolves: RHEL-72692
  - Allow virtqemud read/write/setattr input event devices
  Resolves: RHEL-46385
* Mon Apr 28 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.30-1
  - Allow auditctl signal auditd
  Resolves: RHEL-87418
  - Update bootupd policy for the removing-state-file test
  Resolves: RHEL-87372
  - Allow systemd-user-runtime-dir get/set tmpfs quotas
  Resolves: RHEL-86789
  - Allow systemd-user-runtime-dir delete gnome homedir content
  Resolves: RHEL-86789
  - Confine /usr/lib/systemd/systemd-user-runtime-dir
  Resolves: RHEL-86789
  - Allow system-dbusd list systemd-machined directories
  Resolves: RHEL-86528
  - Allow NetworkManager create and use icmp_socket
  Resolves: RHEL-86258
  - Allow tuned-ppd dbus chat with xdm
  Resolves: RHEL-85849
  - Allow virt_domain write to virt_image_t files
  Resolves: RHEL-85319
  - Allow rhsmcertd connect to systemd-machined
  Resolves: RHEL-83925
  - Allow varnishd execute the prlimit64() syscall
  Resolves: RHEL-77779
  - Allow systemd-machined the kill user-namespace capability
  Resolves: RHEL-77087
  - Allow system_dbusd_t r/w unix stream sockets of unconfined_service_t
  Resolves: RHEL-62185
  - Allow tlshd read network sysctls
  Resolves: RHEL-74424
* Tue Apr 15 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.29-1
  - Revert "Dontaudit access of virt-related permissive domains"
  Resolves: RHEL-79833
  - Remove permissive domains
  Resolves: RHEL-82672
* Tue Apr 08 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.28-1
  - Change path of tuned and tuned-ppd to /usr/sbin
  Resolves: RHEL-69450
  - Update the pcmsensor policy
  Resolves: RHEL-80452
  - Allow dovecot-deliver read mail aliases
  Resolves: RHEL-80153
  - Allow boothd connect to systemd-machined over a unix socket
  Resolves: RHEL-75471
  - Allow chronyd-restricted sendto to chronyc
  Resolves: RHEL-82299
  - Allow chronyc sendto to chronyd-restricted
  Resolves: RHEL-82299
  - Allow cifs.idmap helper to set attributes on kernel keys
  Resolves: RHEL-83921
  - Remove ktls from modules-filtered.lst
  Resolves: RHEL-74424
* Mon Mar 31 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.27-1
  - Allow afterburn to mount and read config drives
  Resolves: RHEL-82120
  - Update afterburn file transition policy
  Resolves: RHEL-82120
  - Label /run/metadata with afterburn_runtime_t
  Resolves: RHEL-82120
  - Allow afterburn list ssh home directory
  Resolves: RHEL-82120
  - Confine tuned-ppd
  Resolves: RHEL-69450
  - Update ktls policy
  Resolves: RHEL-74424
  - Add the switcheroo module
  Resolves: RHEL-83267
  - Update switcheroo policy
  Resolves: RHEL-83267
  - Confine the switcheroo-control service
  Resolves: RHEL-83267
* Mon Feb 17 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.26-1
  - Rename winbind_rpcd_* types to samba_dcerpcd_*
  Resolves: RHEL-14759
  - Allow samba-dcerpcd work with ctdb cluster
  Resolves: RHEL-14759
  - Revert "Remove socket from unconfined_domain_type allow rule"
  Resolves: RHEL-77327
  - Dontaudit access of virt-related permissive domains
  Resolves: RHEL-77808
  - Add selinux_requires_min macro
  Resolves: RHEL-54715
  - Filter out EPEL related modules
  Resolves: RHEL-73505
* Thu Feb 06 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.25-1
  - Update ktlshd policy to read /proc/keys and domain keyrings
  Resolves: RHEL-42672
  - Allow pcmsensor read nmi_watchdog state information
  Resolves: RHEL-52838
  - Support peer-to-peer migration of vms using ssh
  Resolves: RHEL-77351
  - Allow virt_domain read hardware state information unconditionally
  Resolves: RHEL-71270
  - Allow timemaster write to sysfs files
  Resolves: RHEL-44637
  - Allow virtqemud map svirt_image_t plain files
  Resolves: RHEL-40080
  - Allow virtqemud unmount a filesystem with extended attributes
  Resolves: RHEL-40080
  - Allow virtqemud work with nvdimm devices
  Resolves: RHEL-71656
  - Update virtqemud policy regarding the svirt_tcg_t domain
  Resolves: RHEL-71270
  - Allow virtqemud use hostdev usb devices conditionally
  Resolves: RHEL-74230
  - Support saving and restoring a VM to/from a block device
  Resolves: RHEL-76138
  - Allow virtnwfilterd dbus chat with firewalld
  Resolves: RHEL-76138
  - Allow virt_domain to use pulseaudio - conditional
  Resolves: RHEL-62763
  - Allow virtstoraged write to sysfs files
  Resolves: RHEL-44637
  - Allow irqbalance to run unconfined scripts conditionally
  Resolves: RHEL-54019
  - Allow rhsmcertd notify virt-who
  Resolves: RHEL-77114
  - Allow init mounton crypto sysctl files
  Resolves: RHEL-56250
* Mon Jan 27 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.24-1
  - Allow systemd-generator connect to syslog over a unix datagram socket
  Resolves: RHEL-75879
  - Allow ssh_t to change role to system_r
  Resolves: RHEL-53972
  - Allow virtnodedev create /etc/mdevctl.d/scripts.d with bin_t type
  Resolves: RHEL-39893
  - Allow virtqemud manage fixed disk device nodes
  Resolves: RHEL-71656
  - Allow samba-bgqd connect to cupsd over an unix domain stream socket
  Resolves: RHEL-72861
  - Allow systemd-machined read the vsock device
  Resolves: RHEL-74280
  - Allow pcmsensor write nmi_watchdog state information
  Resolves: RHEL-52838
  - Label /proc/sys/kernel/nmi_watchdog with sysctl_nmi_watchdog_t
  Resolves: RHEL-52838
* Fri Jan 24 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-2
  - Rebuild other packages with with selinux-policy-40.13.23
  Resolves: RHEL-36741
* Thu Jan 23 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.23-1
  - Remove the lockdown class from the policy
  Resolves: RHEL-36741
  - Remove socket from unconfined_domain_type allow rule
  Resolves: RHEL-36741
  - Include key_socket in socket_class_set
  Resolves: RHEL-36741
* Thu Jan 16 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.22-1
  - Allow staff user dbus chat with virt-dbus
  Resolves: RHEL-73914
  - Allow virtqemud domain transition to nbdkit
  Resolves: RHEL-69118
  - Add nbdkit interfaces defined conditionally
  Resolves: RHEL-69118
  - Allow svirt_t read sysfs files
  Resolves: RHEL-71270
  - Label /dev/pmem[0-9]+ with fixed_disk_device_t
  Resolves: RHEL-71656
  - Add support for the KVM guest memfd anon inodes
  Resolves: RHEL-69128
  - Allow sysadm user dbus chat with virt-dbus
  Resolves: RHEL-73914
  - Allow initrc_t transition to passwd_t
  Resolves: RHEL-71665
  - Allow unconfined_service_t transition to passwd_t
  Resolves: RHEL-71665
* Wed Jan 08 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.21-1
  - Allow init create vsock socket for sshd
  Resolves: RHEL-72549
  - Support ssh connections via systemd-ssh-generator
  Resolves: RHEL-72549
  - Allow ssh generator work with systemd unit files
  Resolves: RHEL-72549
  - Confine systemd system-ssh-generator
  Resolves: RHEL-72549
  - Allow login_userdomain getattr nsfs files
  Resolves: RHEL-72549
  - Allow virtqemud send a generic signal to the ssh client domain
  Resolves: RHEL-53972
  - Add the auth_dontaudit_read_passwd_file() interface
  Resolves: RHEL-71490
  - Dontaudit request-key read /etc/passwd
  Resolves: RHEL-71490
* Fri Jan 03 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.20-1
  - Allow virtqemud domain transition on numad execution
  Resolves: RHEL-65789
  - Support virt live migration using ssh
  Resolves: RHEL-53972
  - Allow ssh_t read systemd config files
  Resolves: RHEL-53972
  - Allow virtqemud permissions needed for live migration
  Resolves: RHEL-43217
  - Allow virtqemud the getpgid process permission
  Resolves: RHEL-46357
  - Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on
  Resolves: RHEL-71068
  - Allow virtqemud relabelfrom virt_log_t files
  Resolves: RHEL-48236
  - Allow virtqemud relabel tun_socket
  Resolves: RHEL-71394
  - Allow gnome-remote-desktop dbus chat with policykit
  Resolves: RHEL-35877
  - Update ktlsh policy
  Resolves: RHEL-42672
  - Confine the ktls service
  Resolves: RHEL-42672
  - Allow request-key to read /etc/passwd
  Resolves: RHEL-71490
  - Allow request-key to manage all domains' keys
  Resolves: RHEL-71490
* Fri Dec 20 2024 Petr Lautrbach <lautrbach@redhat.com> - 40.13.19-2
  - Rebuild with SELinux Userspace 3.8
* Wed Dec 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.19-1
  - Allow systemd-journald getattr nsfs files
  Resolves: RHEL-71803
  - Allow systemd-related domains getattr nsfs files
  Resolves: RHEL-71803
* Fri Dec 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.18-1
  - Sync dist/targeted/modules.conf with Fedora 42
  Resolves: RHEL-70850
  - Add support for sap
  Resolves: RHEL-70850
  - Allow sssd_selinux_manager_t the setcap process permission
  Resolves: RHEL-70822
  - Allow virtqemud open svirt_devpts_t char files
  Resolves: RHEL-43446
  - Fix the cups_read_pid_files() interface to use read_files_pattern
  Resolves: RHEL-69512
* Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1
  - Update samba-bgqd policy
  Resolves: RHEL-69512
  - Allow samba-bgqd read cups config files
  Resolves: RHEL-69512
  - Allow virtqemud additional permissions for tmpfs_t blk devices
  Resolves: RHEL-61235
  - Allow virtqemud rw access to svirt_image_t chr files
  Resolves: RHEL-61235
  - Allow virtqemud rw and setattr access to fixed block devices
  Resolves: RHEL-61235
  - Label /etc/mdevctl.d/scripts.d with bin_t
  Resolves: RHEL-39893
  - Fix the /etc/mdevctl\.d(/.*)? regexp
  Resolves: RHEL-39893
  - Allow virtnodedev watch mdevctl config dirs
  Resolves: RHEL-39893
  - Make mdevctl_conf_t member of the file_type attribute
  Resolves: RHEL-39893
  - Label /etc/mdevctl.d with mdevctl_conf_t
  Resolves: RHEL-39893
  - Allow virtqemud relabelfrom virt_log_t files
  Resolves: RHEL-48236
  - Allow virtqemud_t relabel virtqemud_var_run_t sock_files
  Resolves: RHEL-48236
  - Allow virtqemud relabelfrom virtqemud_var_run_t dirs
  Resolves: RHEL-48236
  - Allow svirt_tcg_t read virtqemud_t fifo_files
  Resolves: RHEL-48236
  - Allow virtqemud rw and setattr access to sev devices
  Resolves: RHEL-69128
  - Allow virtqemud directly read and write to a fixed disk
  Resolves: RHEL-61235
  - Allow svirt_t the sys_rawio capability
  Resolves: RHEL-61235
  - Allow svirt_t the sys_rawio capability
  Resolves: RHEL-61235
  - Allow virtqemud connect to sanlock over a unix stream socket
  Resolves: RHEL-44352
  - allow gdm and iiosensorproxy talk to each other via D-bus
  Resolves: RHEL-70850
  - Allow sendmail to map mail server configuration files
  Related: RHEL-54014
  - Allow procmail to read mail aliases
  Resolves: RHEL-54014
  - Grant rhsmcertd chown capability & userdb access
  Resolves: RHEL-68481
* Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1
  - Fix the file type for /run/systemd/generator
  Resolves: RHEL-68313
* Thu Nov 28 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.15-1
  - Allow qatlib search the content of the kernel debugging filesystem
  Resolves: RHEL-66334
  - Allow qatlib connect to systemd-machined over a unix socket
  Resolves: RHEL-66334
  - Update policy for samba-bgqd
  Resolves: RHEL-64908
  - Allow httpd get attributes of dirsrv unit files
  Resolves: RHEL-62706
  - Allow virtstoraged read vm sysctls
  Resolves: RHEL-61742
  - Allow virtstoraged execute mount programs in the mount domain
  Resolves: RHEL-61742
  - Update policy for rpc-virtstorage
  Resolves: RHEL-61742
  - Allow virtstoraged get attributes of configfs dirs
  Resolves: RHEL-61742
  - Allow virt_driver_domain read virtd-lxc files in /proc
  Resolves: RHEL-61742
  - Allow virtstoraged manage files with virt_content_t type
  Resolves: RHEL-61742
  - Allow virtstoraged use the io_uring API
  Resolves: RHEL-61742
  - Allow virtstoraged execute lvm programs in the lvm domain
  Resolves: RHEL-61742
  - Allow svirt_t connect to unconfined_t over a unix domain socket
  Resolves: RHEL-61246
  - Label /usr/lib/node_modules_22/npm/bin with bin_t
  Resolves: RHEL-56350
  - Allow bacula execute container in the container domain
  Resolves: RHEL-39529
  - Label /run/systemd/generator with systemd_unit_file_t
  Resolves: RHEL-68313
* Tue Nov 19 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.14-1
  - mls/modules.conf - fix typo
  - Use dist/targeted/modules.conf in build workflow
  - Fix default and dist config files
  - CI: update to actions/checkout@v4
  - Clean up and sync securetty_types
  - Bring config files from dist-git into the source repo
  - Sync users with Fedora targeted users
* Tue Nov 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.13-1
  - Revert "Allow unconfined_t execute kmod in the kmod domain"
  Resolves: RHEL-65190
  - Add policy for /usr/libexec/samba/samba-bgqd
  Resolves: RHEL-64908
  - Label samba certificates with samba_cert_t
  Resolves: RHEL-64908
  - Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t
  Resolves: RHEL-64908
  - Allow rpcd read network sysctls
  Resolves: RHEL-64737
  - Label all semanage store files in /etc as semanage_store_t
  Resolves: RHEL-65864
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 40.13.12-2
  - Bump release for October 2024 mass rebuild:
    Resolves: RHEL-64018
* Thu Oct 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.12-1
  - Dontaudit subscription manager setfscreate and read file contexts
  Resolves: RHEL-58009
  - Allow the sysadm user use the secretmem API
  Resolves: RHEL-40953
  - Allow sudodomain list files in /var
  Resolves: RHEL-58068
  - Allow gnome-remote-desktop watch /etc directory
  Resolves: RHEL-35877
  - Allow journalctl connect to systemd-userdbd over a unix socket
  Resolves: RHEL-58072
  - systemd: allow sys_admin capability for systemd_notify_t
  Resolves: RHEL-58072
  - Allow some confined users send to lldpad over a unix dgram socket
  Resolves: RHEL-61634
  - Allow lldpad send to sysadm_t over a unix dgram socket
  Resolves: RHEL-61634
  - Allow lldpd connect to systemd-machined over a unix socket
  Resolves: RHEL-61634
* Wed Oct 23 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.11-1
  - Allow ping_t read network sysctls
  Resolves: RHEL-54299
  - Label /usr/lib/node_modules/npm/bin with bin_t
  Resolves: RHEL-56350
  - Label /run/sssd with sssd_var_run_t
  Resolves: RHEL-57065
  - Allow virtqemud read virtd_t files
  Resolves: RHEL-57713
  - Allow wdmd read hardware state information
  Resolves: RHEL-57982
  - Allow wdmd list the contents of the sysfs directories
  Resolves: RHEL-57982
  - Label /etc/sysctl.d and /run/sysctl.d with system_conf_t
  Resolves: RHEL-58380
  - Allow dirsrv read network sysctls
  Resolves: RHEL-58381
  - Allow lldpad create and use netlink_generic_socket
  Resolves: RHEL-61634
  - Allow unconfined_t execute kmod in the kmod domain
  Resolves: RHEL-61755
  - Confine the pcm service
  Resolves: RHEL-52838
  - Allow iio-sensor-proxy the bpf capability
  Resolves: RHEL-62355
  - Confine iio-sensor-proxy
  Resolves: RHEL-62355
* Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1
  - Confine gnome-remote-desktop
  Resolves: RHEL-35877
  - Allow virtqemud get attributes of a tmpfs filesystem
  Resolves: RHEL-40855
  - Allow virtqemud get attributes of cifs files
  Resolves: RHEL-40855
  - Allow virtqemud get attributes of filesystems with extended attributes
  Resolves: RHEL-39668
  - Allow virtqemud get attributes of NFS filesystems
  Resolves: RHEL-40855
  - Add support for secretmem anon inode
  Resolves: RHEL-40953
  - Allow systemd-sleep read raw disk data
  Resolves: RHEL-49600
  - Allow systemd-hwdb send messages to kernel unix datagram sockets
  Resolves: RHEL-50810
  - Label /run/modprobe.d with modules_conf_t
  Resolves: RHEL-54591
  - Allow setsebool_t relabel selinux data files
  Resolves: RHEL-55412
  - Don't audit crontab_domain write attempts to user home
  Resolves: RHEL-56349
  - Differentiate between staff and sysadm when executing crontab with sudo
  Resolves: RHEL-56349
  - Add crontab_admin_domtrans interface
  Resolves: RHEL-56349
  - Add crontab_domtrans interface
  Resolves: RHEL-56349
  - Allow boothd connect to kernel over a unix socket
  Resolves: RHEL-58060
  - Fix label of pseudoterminals created from sudodomain
  Resolves: RHEL-58068
  - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets
  Resolves: RHEL-58072
  - Allow rsyslog read systemd-logind session files
  Resolves: RHEL-40961
  - Label /dev/mmcblk0rpmb character device with removable_device_t
  Resolves: RHEL-55265
  - Label /dev/hfi1_[0-9]+ devices
  Resolves: RHEL-62836
  - Label /dev/papr-sysparm and /dev/papr-vpd
  Resolves: RHEL-56908
  - Support SGX devices
  Resolves: RHEL-62354
  - Suppress semodule's stderr
  Resolves: RHEL-59192
* Mon Aug 26 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.9-1
  - Allow virtqemud relabelfrom also for file and sock_file
  Resolves: RHEL-49763
  - Allow virtqemud relabel user tmp files and socket files
  Resolves: RHEL-49763
  - Update virtqemud policy for libguestfs usage
  Resolves: RHEL-49763
  - Label /run/libvirt/qemu/channel with virtqemud_var_run_t
  Resolves: RHEL-47274
* Tue Aug 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.8-1
  - Add virt_create_log() and virt_write_log() interfaces
  Resolves: RHEL-47274
  - Update libvirt policy
  Resolves: RHEL-45464
  Resolves: RHEL-49763
  - Allow svirt_tcg_t map svirt_image_t files
  Resolves: RHEL-47274
  - Allow svirt_tcg_t read vm sysctls
  Resolves: RHEL-47274
  - Additional updates stalld policy for bpf usage
  Resolves: RHEL-50356
* Thu Aug 08 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.7-1
  - Add the swtpm.if interface file for interactions with other domains
  Resolves: RHEL-47274
  - Allow virtproxyd create and use its private tmp files
  Resolves: RHEL-40499
  - Allow virtproxyd read network state
  Resolves: RHEL-40499
  - Allow virtqemud domain transition on swtpm execution
  Resolves: RHEL-47274
  Resolves: RHEL-49763
  - Allow virtqemud relabel virt_var_run_t directories
  Resolves: RHEL-47274
  Resolves: RHEL-45464
  Resolves: RHEL-49763
  - Allow virtqemud domain transition on passt execution
  Resolves: RHEL-45464
  - Allow virt_driver_domain create and use log files in /var/log
  Resolves: RHEL-40239
  - Allow virt_driver_domain connect to systemd-userdbd over a unix socket
  Resolves: RHEL-44932
  Resolves: RHEL-44898
  - Update stalld policy for bpf usage
  Resolves: RHEL-50356
  - Allow boothd connect to systemd-userdbd over a unix socket
  Resolves: RHEL-45907
  - Allow linuxptp configure phc2sys and chronyd over a unix domain socket
  Resolves: RHEL-46011
  - Allow systemd-machined manage runtime sockets
  Resolves: RHEL-49567
  - Allow ip command write to ipsec's logs
  Resolves: RHEL-41222
  - Allow init_t nnp domain transition to firewalld_t
  Resolves: RHEL-52481
  - Update qatlib policy for v24.02 with new features
  Resolves: RHEL-50377
  - Allow postfix_domain map postfix_etc_t files
  Resolves: RHEL-46327
* Thu Jul 25 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.6-1
  - Allow virtnodedevd run udev with a domain transition
  Resolves: RHEL-39890
  - Allow virtnodedev_t create and use virtnodedev_lock_t
  Resolves: RHEL-39890
  - Allow svirt attach_queue to a virtqemud tun_socket
  Resolves: RHEL-44312
  - Label /run/systemd/machine with systemd_machined_var_run_t
  Resolves: RHEL-49567
  - Allow to create and delete socket files created by rhsm.service
* Tue Jul 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.5-1
  - Allow to create and delete socket files created by rhsm.service
  Resolves: RHEL-40857
  - Allow svirt read virtqemud fifo files
  Resolves: RHEL-40350
  - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket
  Resolves: RHEL-37822
  - Allow virtqemud read virt-dbus process state
  Resolves: RHEL-37822
  - Allow virtqemud run ssh client with a transition
  Resolves: RHEL-43215
  - Allow virtnetworkd exec shell when virt_hooks_unconfined is on
  Resolves: RHEL-41168
  - Allow NetworkManager the sys_ptrace capability in user namespace
  Resolves: RHEL-46717
  - Update keyutils policy
  Resolves: RHEL-38920
  - Allow ip the setexec permission
  Resolves: RHEL-41182
* Fri Jun 28 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.4-1
  - Confine libvirt-dbus
  Resolves: RHEL-37822
  - Allow sssd create and use io_uring
  Resolves: RHEL-43448
  - Allow virtqemud the kill capability in user namespace
  Resolves: RHEL-44996
  - Allow login_userdomain execute systemd-tmpfiles in the caller domain
  Resolves: RHEL-44191
  - Allow virtqemud read vm sysctls
  Resolves: RHEL-40938
  - Allow svirt_t read vm sysctls
  Resolves: RHEL-40938
  - Allow rshim get options of the netlink class for KOBJECT_UEVENT family
  Resolves: RHEL-40859
  - Allow systemd-hostnamed read the vsock device
  Resolves: RHEL-45309
  - Allow systemd (PID 1) manage systemd conf files
  Resolves: RHEL-45304
  - Allow journald read systemd config files and directories
  Resolves: RHEL-45304
  - Allow systemd_domain read systemd_conf_t dirs
  Resolves: RHEL-45304
  - Label systemd configuration files with systemd_conf_t
  Resolves: RHEL-45304
  - Allow dhcpcd the kill capability
  Resolves: RHEL-43417
  - Add support for libvirt hooks
  Resolves: RHEL-41168
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 40.13.3-2
  - Bump release for June 2024 mass rebuild
* Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.3-1
  - Allow virtqemud manage nfs files when virt_use_nfs boolean is on
  Resolves: RHEL-40205
  - Allow virt_driver_domain read files labeled unconfined_t
  Resolves: RHEL-40262
  - Allow virt_driver_domain dbus chat with policykit
  Resolves: RHEL-40346
  - Escape "interface" as a file name in a virt filetrans pattern
  Resolves: RHEL-34769
  - Allow setroubleshootd get attributes of all sysctls
  Resolves: RHEL-40923
  - Allow qemu-ga read vm sysctls
  Resolves: RHEL-40829
  - Allow sbd to trace processes in user namespace
  Resolves: RHEL-39989
  - Allow request-key execute scripts
  Resolves: RHEL-38920
  - Update policy for haproxyd
  Resolves: RHEL-40877
* Fri Jun 07 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.2-1
  - Allow all domains read and write z90crypt device
  Resolves: RHEL-28539
  - Allow dhcpc read /run/netns files
  Resolves: RHEL-39510
  - Allow bootupd search efivarfs dirs
  Resolves: RHEL-39514
* Fri May 17 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.1-1
  - Allow logwatch read logind sessions files
  Resolves: RHEL-30441
  - Allow sulogin relabel tty1
  Resolves: RHEL-30440
  - Dontaudit sulogin the checkpoint_restore capability
  Resolves: RHEL-30440
  - Allow postfix smtpd map aliases file
  Resolves: RHEL-35544
  - Ensure dbus communication is allowed bidirectionally
  Resolves: RHEL-35783
  - Allow various services read and write z90crypt device
  Resolves: RHEL-28539
  - Allow dhcpcd use unix_stream_socket
  Resolves: RHEL-33081
  - Allow xdm_t to watch and watch_reads mount_var_run_t
  Resolves: RHEL-36073
  - Allow plymouthd log during shutdown
  Resolves: RHEL-30455
  - Update rpm configuration for the /var/run equivalency change
  Resolves: RHEL-36094
/usr/share/selinux/packages/sandbox.pp
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 24 06:19:54 2025