Skip to content

Releases: SELinuxProject/refpolicy

2.20250923

23 Sep 15:15
@pebenito pebenito
RELEASE_2_20250923
This tag was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: C6363EF1C9697B14
Verified
Learn about vigilant mode.
004ca32
This commit was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: C6363EF1C9697B14
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2.20250923 Latest
Latest

Notable Changes

  • Several updates and fixes for systemd
  • Add new permissions and policy capabilities
  • Drop reiserfs support (it was removed in kernel 6.13)

New Modules

  • bubblewrap
  • incus
  • kanidm
  • seatd
  • opensnitch

Full Changelog

RELEASE_2_20250618...RELEASE_2_20250923

Name SHA-256 SUM
refpolicy-2.20250923.tar.bz2 e5b435c934048d01ca4415a1f2670a51e113f26f5d01ad4227c98fbe8dea8d5b
Assets 4
Loading

2.20250618

18 Jun 18:25
@pebenito pebenito
RELEASE_2_20250618
This tag was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: C6363EF1C9697B14
Verified
Learn about vigilant mode.
2bd7f1b
This commit was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: C6363EF1C9697B14
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2.20250618

Notable Changes

  • Updates to support screen 5.0.
  • Add labeling for bcachefs.
  • Various systemd updates and fixes.

New Modules

  • feedbackd
  • ipmitool
  • fwupd
  • needrestart

Full Changelog

Full Changelog: RELEASE_2_20250213...RELEASE_2_20250618

Name SHA-256 SUM
refpolicy-2.20250618.tar.bz2 89e91916b7532b41070665199a57d9f521a1478c3555b68fbbb513dcba9fd6cd
Loading

2.20250213

13 Feb 15:16
@pebenito pebenito
RELEASE_2_20250213
This tag was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: C6363EF1C9697B14
Verified
Learn about vigilant mode.
2d59cfe
This commit was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: C6363EF1C9697B14
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2.20250213

Notable Changes

  • Add tool for validating appconfig contexts files.
  • Add netlink extended permissions definitions.
  • Updates for Systemd up to v257.

New Module

  • openarc

Full Changelog: RELEASE_2_20240916...RELEASE_2_20250213

Name SHA-256 SUM
refpolicy-2.20250213.tar.bz2 d2487c49420e8710e999b18bbe699fbff033fe5adc5127e3f0c7dafaa9b4d209
Loading

2.20240916

16 Sep 18:17
@pebenito pebenito
RELEASE_2_20240916
This tag was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: 21698FD29D4355A4
Verified
Learn about vigilant mode.
2152e9b
This commit was signed with the committer’s verified signature.
pebenito Chris PeBenito
GPG key ID: 21698FD29D4355A4
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2.20240916

Notable Changes

  • Added sechecker configuration for GitHub CI actions.
  • Cleaned up concerning permissions uncovered by sechecker
  • Removed extremely deprecated domains in cups (ptal) and xen (xend/xm)
  • Systemd updates up to v256
  • Various container fixes

New Modules

  • haproxy

Full Changelog

RELEASE_2_20240226...RELEASE_2_20240916

Name SHA-256 SUM
refpolicy-2.20240916.tar.bz2 a4e39072ac91bf092a08660b246a49f3e986ca2c16402a5b1fad3ae374e8d747
Loading

2.20240226

26 Feb 19:18
@pebenito pebenito
RELEASE_2_20240226
fa84ee8

Choose a tag to compare

View all tags
2.20240226

Notable Changes

  • Many systemd updates up to v255.
  • RPM and dnf fixes
  • Tighten private key handling for Apache
  • Many container and kubernetes improvements
  • Add support for Cilium
  • Update object class definitions up to io_uring:cmd.
  • Add additional rules to cloud-init based on sysadm_t.

New Modules

  • cockpit

Full Changelog

RELEASE_2_20231002...RELEASE_2_20240226

Name SHA-256 SUM
refpolicy-2.20240226.tar.bz2 7ed41f4f45189b9ee9706da8ac357eccc103651b56daabaddb54c436e8117cf9
Loading

2.20231002

02 Oct 17:53
@pebenito pebenito
RELEASE_2_20231002
c6e84e7

Choose a tag to compare

View all tags
2.20231002

Notable Changes

  • Several Gentoo fixes ported from Gentoo policy
  • Fixes for containerd/docker
  • Move excessive capabilities in container_t to tunables.
  • Various systemd updates and fixes
  • Updated object class/permission definitions for recent kernels
  • Add support for systemd memory pressure notifications protocol
  • Xscreensaver updates for their newest release
  • Remove interfaces deprecated before 2021
  • Add tunables to control network access in:
    • *_dbusd_t
    • pulseaudio_t
    • spamc_t
    • syslogd_t
    • xdm_t
    • xserver_t

New Modules/Domains

  • crio
  • eg25manager
  • iiosensorproxy
  • kubernetes
  • lomemorymonitor
  • powerprofiles
  • rasdaemon
  • switcheroo
  • systemd-pcrphrase
  • thunderbolt

Full Changelog: RELEASE_2_20221101...RELEASE_2_20231002

Name SHA-256 SUM
refpolicy-2.20231002.tar.bz2 c89cd3b2e5d99765cc24536fd8e76de83951ad23e05472350328b5a4f8bee410
Loading

2.20221101

01 Nov 14:17
@pebenito pebenito
RELEASE_2_20221101
03d486e

Choose a tag to compare

View all tags
2.20221101

Notable changes:

  • Clean up MCS constraints and add missing checks for IPC and sockers.
  • Many minor fixes across the policy.

New modules:

  • cloud-init
  • fapolicyd
  • opensm
  • sympa
  • zfs
Name SHA-256 SUM
refpolicy-2.20221101.tar.bz2 44f88e62c8efcef54d019b9ca077520d5993de580926bd7575788cfa78515396
Loading

2.20220520

20 May 14:01
@pebenito pebenito
RELEASE_2_20220520
fdebaac

Choose a tag to compare

View all tags
2.20220520

Notable changes:

  • New support for containers using several container engines. Added udica templates.
  • Defined new object classes: mctp_socket, anon_inode, io_uring
  • Many minor fixes across the policy.

New modules:

  • container
  • docker
  • matrixd
  • node_exporter
  • podman
  • rootlesskit
Name SHA-256 SUM
refpolicy-2.20220520.tar.bz2 0ce9771eab8771180c249baaf6e8c55dda383a2ddf94460588f9f16e5d32f1f7
Loading

2.20220106

06 Jan 19:35
@pebenito pebenito
RELEASE_2_20220106
5343d31

Choose a tag to compare

View all tags
2.20220106

Notable changes:

  • Module versions were dropped. Policy module versions were removed in semodule many years ago, so they no longer serve a purpose in the policy. The policy_module() macro still supports the version argument. If it is missing, a default version is set, to satisfy the policy syntax.
  • The MCS constraints changed to reflect the usage in systems, primarily for separating containers and VMs. To separate a domain by MCS it will now need to opt in using the mcs_constrained() interface.
  • New support for grouping user domains and their surrogates, e.g. user_t surrogates user_wm_t and user_systemd_t, such that allowing the user domain to domain transition to a child domain will be allowed for surrogate domains. See pull requests #365 and #381 for more information.

New module:

  • obfs4proxy
Name SHA-256 SUM
refpolicy-2.20220106.tar.bz2 965f98f0b68a24fd0b8e8d973d319332aea88973e1d6c455ef9c2a31aefaeaa6
Loading

2.20210908

08 Sep 19:07
@pebenito pebenito
RELEASE_2_20210908
c2254a6

Choose a tag to compare

View all tags
2.20210908

Removed Modules:

  • aiccu
  • bcfg2
  • callweaver
  • ccs
  • cipe
  • clockspeed
  • clogd
  • cmirrord
  • dcc
  • denyhosts
  • dspam
  • ddcprobe
  • howl
  • imaze
  • jockey
  • ktalk
  • lockdev
  • mailscanner
  • oav
  • polipo
  • pyicqt
  • rgmanager
  • rhcs
  • ricci

Notable changes:

  • Use user_fonts_config_t in user font dirs, instead of xdg_config_t.
  • Add a secure_mode_boolean to disable boolean changing. Change generic booleans to boolean_t.
  • Drop second parameter of systemd_tmpfilesd_managed().
  • Add a new type for ICMP packets.
  • Add support for the blkmapd RPC service.
  • Set ubifs as an extended attribute handling filesystem.
  • Many other minor rule fixes.
Name SHA-256 SUM
refpolicy-2.20210908.tar.bz2 4d3140d9fbb91322f5de36d73959464ce1d8946dcd149e36fcaf60e92444e902
Loading