|
| 1 | +* Wed Jun 18 2025 Chris PeBenito < [email protected]> - 2.20250618 |
| 2 | +Antonio Enrico Russo (1): |
| 3 | + Remove unneeded backticks from gen_tunable |
| 4 | + |
| 5 | +Benstone Zhang (1): |
| 6 | + filesystem: support bcachefs |
| 7 | + |
| 8 | +Chris PeBenito (57): |
| 9 | + lvm: Add fc entries for veritysetup. |
| 10 | + bootloader: Chane efibootmgr from fsadm. |
| 11 | + lldpad: Configure FW-LLDP on i40e NICs. |
| 12 | + networkmanager: Watch systemd directories for nm-session-monitor. |
| 13 | + systemd: Add log env to systemd-machine-id-setup. |
| 14 | + validate-policy.yml: Change sechecker output to stdout and use tee to |
| 15 | + collect the log. |
| 16 | + |
| 17 | +Clayton Casciato (15): |
| 18 | + chronyd: fix dac_read_search denials |
| 19 | + unconfined: fix oddjob security_compute_sid |
| 20 | + firewalld: fix lib_t Python cache denial auditing |
| 21 | + firewalld: fix firewalld_t firewalld_tmpfs_t exec |
| 22 | + files, init: filetrans /run/machine-id etc_runtime_t |
| 23 | + locallogin: dontaudit sulogin_t checkpoint_restore |
| 24 | + locallogin: allow sulogin_t unconfined domtrans |
| 25 | + locallogin: allow sulogin_t user_tty_device_t rw |
| 26 | + oddjob: allow oddjob_mkhomedir_t privfd:fd use |
| 27 | + oddjob: allow oddjob_mkhomedir_t user_terminals |
| 28 | + systemd: allow systemd_generator_t use user ttys |
| 29 | + files: add files_delete_var_chr_files interface |
| 30 | + unconfined: allow firewalld_t unconfined_t:dbus send_msg |
| 31 | + chronyd: allow chronyd_t kernel_t:system module_request |
| 32 | + ssh: allow sshd_t kernel_t:system module_request |
| 33 | + |
| 34 | +Daniel Burgener (1): |
| 35 | + Don't build the fc subs dist install path in the builtappfiles target |
| 36 | + |
| 37 | +Daniel De Graaf (1): |
| 38 | + systemd: allow reading /dev/cpu/0/msr |
| 39 | + |
| 40 | +Dave Sugar (7): |
| 41 | + Fix mislabeling of /etc/shadow |
| 42 | + Module for ipmitool |
| 43 | + Label snmp unit files |
| 44 | + NNP transition interface for dmesg |
| 45 | + Let modules-load.d call commands from modprobe.d |
| 46 | + NNP transition interface for chronyc |
| 47 | + fix building when dbus module is not enabled |
| 48 | + |
| 49 | +Guido Trentalancia (6): |
| 50 | + Add the minimum set of additional permissions to the screen module, as |
| 51 | + required to run version 5. |
| 52 | + Revert db33386c014fce3890b0b3832a605bc5d1762d8c |
| 53 | + Improve the style of the screen module by removing a recently added |
| 54 | + unneeded interface. |
| 55 | + Fix the file context definition for the screen utility executable file |
| 56 | + according to the new install rules in place since at least version |
| 57 | + 4.5.1. |
| 58 | + Since version 5.0.1 the screen utility also requires the |
| 59 | + CAP_DAC_READ_SEARCH capability. |
| 60 | + Add a comment in the xserver module about the need to read and write |
| 61 | + xserver tmpfs files for the Qt library version 5 (boolean). |
| 62 | + |
| 63 | +Maciej Czarnecki (2): |
| 64 | + Allow to specify module version |
| 65 | + fixup! Allow to specify module version |
| 66 | + |
| 67 | +Nicolas PARLANT (4): |
| 68 | + Add setcap to knotd / add knotc_initrc_domtrans |
| 69 | + use init_use_script_ptys for knotc in initscript |
| 70 | + sshd: label sshd-auth as sshd_exec_t #797 |
| 71 | + |
| 72 | +Pat Riehecky (1): |
| 73 | + Permit init_t to start a detached screen session |
| 74 | + |
| 75 | +Rahul Sandhu (1): |
| 76 | + auditd: don't grant write as implied by manage_files_pattern for logs |
| 77 | + |
| 78 | +Russell Coker (15): |
| 79 | + This patch removed the sysadmin capability from cups. This is the one |
| 80 | + change needed to dramatically reduce the potential damage from a |
| 81 | + compromise of cupsd. |
| 82 | + Policy for needrestart to run with minimum privs so it can't be exploited |
| 83 | + Policy for the userspace feedback daemon for handsets, for vibration etc |
| 84 | + Fix for thunderbolt, laben the run dir, dontaudit the net_admin capability |
| 85 | + for the usual reasons, allow writing to sysfs for the force_power file, |
| 86 | + and allow reading udev runtime files |
| 87 | + New version of the kea PR with the order issues fixed |
| 88 | + Made the changes requested |
| 89 | + File contexts for new files for xdm/xserver |
| 90 | + apt and aptcacher changes |
| 91 | + Updates for recent versions of ntpd interacting with systemd |
| 92 | + Some small phone related patches |
| 93 | + fwupd-fixed-more (#928) |
| 94 | + changed the order as requested |
| 95 | + changed the netlink_route_socket operations to { create_socket_perms |
| 96 | + nlmsg_write } as requested |
| 97 | + networking (#937) |
| 98 | + device (#939) |
| 99 | + |
| 100 | +Yi Zhao (2): |
| 101 | + systemd: allow system --user to get attributes of nsfs inodes |
| 102 | + systemd: allow systemd-hostnamed and systemd-rfkill to get attributes of |
| 103 | + nsfs inodes |
| 104 | + |
1 | 105 | * Thu Feb 13 2025 Chris PeBenito < [email protected]> - 2.20250213 |
2 | 106 | Björn Esser (1): |
3 | 107 | authlogin: fix regex for /etc/tcb |
|
0 commit comments