selinux-policy - SELinux policy configuration

Property Value
Distribution Fedora 27
Repository Fedora Updates Testing x86_64
Package filename selinux-policy-3.13.1-284.38.fc27.noarch.rpm
Package name selinux-policy
Package version 3.13.1
Package release 284.38.fc27
Package architecture noarch
Package type rpm
Homepage -
License -
Maintainer -
Download size 542.78 KB
Installed size 23.92 KB
SELinux Base package for SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117


Package Version Architecture Repository
selinux-policy-3.13.1-284.38.fc27.noarch.rpm 3.13.1 noarch Fedora Updates Testing
selinux-policy-3.13.1-284.37.fc27.noarch.rpm 3.13.1 noarch Fedora Updates
selinux-policy-3.13.1-284.37.fc27.noarch.rpm 3.13.1 noarch Fedora Updates
selinux-policy-3.13.1-283.14.fc27.noarch.rpm 3.13.1 noarch Fedora
selinux-policy-3.13.1-283.14.fc27.noarch.rpm 3.13.1 noarch Fedora
selinux-policy - - -


Name Value
/bin/awk -
/usr/bin/sha512sum -
policycoreutils >= 2.7-1


Name Value
config(selinux-policy) = 3.13.1-284.38.fc27
selinux-policy = 3.13.1-284.38.fc27


Type URL
Binary Package selinux-policy-3.13.1-284.38.fc27.noarch.rpm
Source Package selinux-policy-3.13.1-284.38.fc27.src.rpm

Install Howto

Install selinux-policy rpm package:

# dnf --enablerepo=updates-testing install selinux-policy




2018-11-06 - Lukas Vrabec <> - 3.13.1-284.38
- Allow httpd_t domain to mmap httpd_config_t files
- Update dev_filetrans_all_named_dev() to allow create event22-30 character files with label event_device_t
2018-07-25 - Lukas Vrabec <> - 3.13.1-284.37
- Allow tgtd_t domain to create dirs in /var/run labeled as tgtd_var_run_t BZ(1492377)
- Allow xdm_t domain to mmap xserver_misc_device_t files
2018-07-18 - Lukas Vrabec <> - 3.13.1-283.36
- Fix smartmon policy
- Revert "Allow ntop_t domain to create/map various sockets/files."
- Update raid_access_check_mdadm() interface to dontaudit caller domain to mmap mdadm_exec_t binary files
- Allow fsdaemon_t domain to write to mta home files BZ(1588212)
- Label /usr/sbin/rhn_check-[0-9]+.[0-9]+ as rpm_exec_t
- Allow devicekit_power_t start with nnp systemd security feature with proper SELinux Domain transition BZ(1593817)
- Add log file type to collectd and allow corresponding access
- Allow sssd_selinux_manager_t domain to chat with systemd
- Allow ntop_t domain to create/map various sockets/files.
- Fix wrong path in tlp context file BZ(1586329)
- Allow systemd_networkd_t create and relabel tun sockets
2018-05-27 - Lukas Vrabec <> - 3.13.1-283.35
- Allow sssd_t to kill sssd_selinux_manager_t
- Allow brltty_t domain to be dbusd system client
- Allow gpg_agent_t to send msgs to syslog/journal
- Allow hypervvssd_t domain to read fixed disk devices
- Allow userdom_use_user_ttys for loadkeys_t domain
- Allow fsdaemon_t to create own fsdaemon_var_lib_t dirs BZ(1569724)
- Append map permission to apache_read_modules() interface
- Allow geoclue start with nnp systemd security feature with proper SELinux Domain transition BZ(1575212)
- Allow xdm_t domain to listen ofor unix dgram sockets BZ(1581495)
- Associate sysctl_vm_overcommit_t with fs_t
2018-04-27 - Lukas Vrabec <> - 3.13.1-283.34
- Allow slapd_t domain to mmap slapd_var_run_t files
- Allow virtd_t domain to relabel virt_var_lib_t files
- Allow hsqldb_t domain to mmap own temp files
- We have inconsistency in cgi templates with upstream, we use _content_t, but refpolicy use httpd__content_t. Created aliasses to make it consistence
- Allow nfsd_t domain to read/write sysctl fs files
- Allow conman to read system state
- Allow zebra_t domain to bind on babel udp port
- Allow freeipmi domain to read sysfs_t files
- Allow targetd_t domain mmap lvm config files
- Allow abrt_t domain to manage kdump crash files
- Allow svirt_t domain mmap svirt_image_t files BZ(1514538)
- Allow ftpd_t domain to chat with systemd
- Allow systemd to use virtio console
- Label /run/ebtables.lock as iptables_var_run_t
- Allow udev_t domain to manage udev_rules_t char files.
- Assign babel_port_t label to udp port 6696
- Add new interface lvm_map_config
- Allow local_login_t reads of udev_var_run_t context
2018-04-18 - Lukas Vrabec <> - 3.13.1-283.33
- Allow networkmanager domain to write to ecryptfs_t files BZ(1566706)
- Allow l2tpd domain to stream connect to sssd BZ(1568160)
- Dontaudit abrt_t to write to lib_t dirs BZ(1566784)
2018-04-16 - Lukas Vrabec <> - 3.13.1-283.32
- Allow git to mmap git_(sys|user)_content_t files BZ(1518027)
- removed boinc dev_getattr_*_dev
- Allow abrt_dump_oops_t domain to mmap all non security files BZ(1565748)
- Allow gpg_t domain mmap cert_t files Allow gpg_t mmap gpg_agent_t files
- Allow NetworkManager_ssh_t domain use generic ptys. BZ(1565851)
- Allow abrt to map var_lib_t files
- Allow keepalived_t domain to chat with systemd via dbus
- Allow iptables_t domain to create dirs in etc_t with system_conf_t labels
- Allow x userdomain to mmap xserver_tmpfs_t files
- Allow sysadm_t to mount tracefs_t
- Add new interface files_map_var_lib_files()
- Allow systemd-networkd to read sysctl_t files
- Allow systemd_networkd_t to read/write tun tap devices

See Also

Package Description
selinux-policy-devel-3.13.1-284.38.fc27.noarch.rpm SELinux policy devel
selinux-policy-doc-3.13.1-284.38.fc27.noarch.rpm SELinux policy documentation
selinux-policy-minimum-3.13.1-284.38.fc27.noarch.rpm SELinux minimum base policy
selinux-policy-mls-3.13.1-284.38.fc27.noarch.rpm SELinux mls base policy
selinux-policy-sandbox-3.13.1-284.38.fc27.noarch.rpm SELinux policy sandbox
selinux-policy-targeted-3.13.1-284.38.fc27.noarch.rpm SELinux targeted base policy
subtitleeditor-0.54.0-1.fc27.i686.rpm GTK+2 tool to edit subtitles for GNU/Linux/*BSD
subtitleeditor-0.54.0-1.fc27.x86_64.rpm GTK+2 tool to edit subtitles for GNU/Linux/*BSD
sugar-finance-14-1.fc27.noarch.rpm Financial planning for Sugar
swatch-3.2.3-24.fc27.noarch.rpm Tool for actively monitoring log files
tcalc-2.1-7.fc27.x86_64.rpm The terminal calculator
thunderbird-60.3.1-1.fc27.x86_64.rpm Mozilla Thunderbird mail/newsgroup client
thunderbird-wayland-60.3.1-1.fc27.x86_64.rpm Thunderbird Wayland launcher.
tipcutils-2.2.0-2.fc27.x86_64.rpm Utils package required to configure TIPC
tmux-2.8-2.fc27.x86_64.rpm A terminal multiplexer