selinux-policy - SELinux policy configuration

Property Value
Distribution CentOS 7
Repository CentOS x86_64
Package filename selinux-policy-3.13.1-229.el7.noarch.rpm
Package name selinux-policy
Package version 3.13.1
Package release 229.el7
Package architecture noarch
Package type rpm
Category System Environment/Base
License GPLv2+
Maintainer -
Download size 481.80 KB
Installed size 6.33 KB
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117


Package Version Architecture Repository
selinux-policy-3.13.1-229.el7_6.12.noarch.rpm 3.13.1 noarch CentOS Updates
selinux-policy-3.13.1-229.el7_6.9.noarch.rpm 3.13.1 noarch CentOS Updates
selinux-policy-3.13.1-229.el7_6.6.noarch.rpm 3.13.1 noarch CentOS Updates
selinux-policy-3.13.1-229.el7_6.5.noarch.rpm 3.13.1 noarch CentOS Updates
selinux-policy - - -


Name Value
/bin/awk -
/usr/bin/sha512sum -
libsemanage >= 2.5-13
policycoreutils >= 2.5-24


Name Value
config(selinux-policy) = 3.13.1-229.el7
selinux-policy = 3.13.1-229.el7


Type URL
Binary Package selinux-policy-3.13.1-229.el7.noarch.rpm
Source Package selinux-policy-3.13.1-229.el7.src.rpm

Install Howto

Install selinux-policy rpm package:

# yum install selinux-policy




2018-09-26 - Lukas Vrabec <> - 3.13.1-229
- Allow neutron domain to read/write /var/run/utmp
Resolves: rhbz#1630318
2018-09-25 - Lukas Vrabec <> - 3.13.1-228
- Allow tomcat_domain to read /dev/random
Resolves: rhbz#1631666
- Allow neutron_t domain to use pam
Resolves: rhbz#1630318
2018-09-17 - Lukas Vrabec <> - 3.13.1-227
- Add interface apache_read_tmp_dirs()
- Allow dirsrvadmin_script_t domain to list httpd_tmp_t dirs
Resolves: rhbz#1622602
2018-09-15 - Lukas Vrabec <> - 3.13.1-226
- Allow tomcat servers to manage usr_t files
Resolves: rhbz#1625678
- Dontaudit tomcat serves to append to /dev/random device
Resolves: rhbz#1625678
- Allow sys_nice capability to mysqld_t domain
- Allow dirsrvadmin_script_t domain to read httpd tmp files
Resolves: rhbz#1622602
- Allow syslogd_t domain to manage cert_t files
Resolves: rhbz#1615995
2018-09-12 - Lukas Vrabec <> - 3.13.1-225
- Allow sbd_t domain to getattr of all char files in /dev and read sysfs_t files and dirs
Resolves: rhbz#1627114
- Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t
Resolves: rhbz#1567753
2018-09-07 - Lukas Vrabec <> - 3.13.1-224
- Allow tomcat Tomcat to delete a temporary file used when compiling class files for JSPs.
Resolves: rhbz#1625678
- Allow chronyd_t domain to read virt_var_lib_t files
- Allow virtual machines to use dri devices. This allows use openCL GPU calculations. BZ(1337333)
Resolves: rhbz#1625613
- Allow tomcat services create link file in /tmp
Resolves: rhbz#1624289
- Add boolean: domain_can_mmap_files.
Resolves: rhbz#1460322
2018-09-02 - Lukas Vrabec <> - 3.13.1-223
- Make working SELinux sandbox with Wayland.
Resolves: rhbz#1624308
- Allow svirt_t domain to mmap svirt_image_t block files
Resolves: rhbz#1624224
- Add caps dac_read_search and dav_override to pesign_t domain
- Allow iscsid_t domain to mmap userio chr files
Resolves: rhbz#1623589
- Add boolean: domain_can_mmap_files.
Resolves: rhbz#1460322
- Add execute_no_trans permission to mmap_exec_file_perms pattern
- Allow sudodomain to search caller domain proc info
- Allow xdm_t domain to mmap and read cert_t files
- Replace optional policy blocks to make dbus interfaces effective
Resolves: rhbz#1624414
- Add interface dev_map_userio_dev()
2018-08-29 - Lukas Vrabec <> - 3.13.1-222
- Allow readhead_t domain to mmap own pid files
Resolves: rhbz#1614169
2018-08-28 - Lukas Vrabec <> - 3.13.1-221
- Allow ovs-vswitchd labeled as openvswitch_t domain communicate with qemu-kvm via UNIX stream socket
- Allow httpd_t domain to mmap tmp files
Resolves: rhbz#1608355
- Update dirsrv_read_share() interface to allow caller domain to mmap dirsrv_share_t files
- Update dirsrvadmin_script_t policy to allow read httpd_tmp_t symlinks
- Label /dev/tpmrm[0-9]* as tpm_device_t
- Allow semanage_t domain mmap usr_t files
Resolves: rhbz#1622607
- Update dev_filetrans_all_named_dev() to allow create event22-30 character files with label event_device_t
2018-08-24 - Lukas Vrabec <> - 3.13.1-220
- Allow nagios_script_t domain to mmap nagios_log_t files
Resolves: rhbz#1620013
- Allow nagios_script_t domain to mmap nagios_spool_t files
Resolves: rhbz#1620013
- Update userdom_security_admin() and userdom_security_admin_template() to allow use auditctl
Resolves: rhbz#1622197
- Update selinux_validate_context() interface to allow caller domain to mmap security_t files
Resolves: rhbz#1622061

See Also

Package Description
selinux-policy-devel-3.13.1-229.el7.noarch.rpm SELinux policy devel
selinux-policy-doc-3.13.1-229.el7.noarch.rpm SELinux policy documentation
selinux-policy-minimum-3.13.1-229.el7.noarch.rpm SELinux minimum base policy
selinux-policy-mls-3.13.1-229.el7.noarch.rpm SELinux mls base policy
selinux-policy-sandbox-3.13.1-229.el7.noarch.rpm SELinux policy sandbox
selinux-policy-targeted-3.13.1-229.el7.noarch.rpm SELinux targeted base policy
sendmail-8.14.7-5.el7.x86_64.rpm A widely used Mail Transport Agent (MTA)
sendmail-cf-8.14.7-5.el7.noarch.rpm The files needed to reconfigure Sendmail
sendmail-devel-8.14.7-5.el7.i686.rpm Extra development include files and development files
sendmail-devel-8.14.7-5.el7.x86_64.rpm Extra development include files and development files
sendmail-doc-8.14.7-5.el7.noarch.rpm Documentation about the Sendmail Mail Transport Agent program
sendmail-milter-8.14.7-5.el7.i686.rpm The sendmail milter library
sendmail-milter-8.14.7-5.el7.x86_64.rpm The sendmail milter library
sendmail-sysvinit-8.14.7-5.el7.noarch.rpm SysV initscript for sendmail
setools-3.3.8-4.el7.x86_64.rpm Policy analysis tools for SELinux