2.20210203

Added modules:

• certbot
• memlockd

Removed modules:

• consolekit
• dnssectrigger
• hal
• hotplug
• kdumpgui
• keyboardd
• kudzu
• pcmcia
• readahead
• rhgb
• roundup
• smoltclient
• speedtouch
• firewallgui
• gift
• podsleuth
• ptchown
• sambagui
• w3c
• xprint
• yam

Changes:

• ACPI shutdown fixes.
• Revised policy style based on suggestions from SELint.
• Add file context specs for unbound.
• Update systemd for SELinux status page use.
• Several corosync and pacemaker updates.
• Improve support for handling cryptsetup and veritysetup devices.
• Openrc Gentoo updates.
• Added support for systemd-socket-proxyd.
• Move XDG rules to userdomain.
• Add -E option to setfiles commands
• Dropped deprecated udev_tbl_t support.
• Chromium updates along with X server DRI.
• Removed interfaces deprecated 2018 or earlier.
• Add rspamd support in spamassassin
• Add support for acme.sh to certbot
• Improvements to the monolithic build process
• Several other minor fixes.

Name	SHA-256 SUM
refpolicy-2.20210203.tar.bz2	48cbf2c63ff9003bef05e03c8d3cdddb4e8f63fef2a072ae51c987301f0b874d

2.20200818

New modules:

• usbguard
• aptcacher

Changes:

• Renamed "pid" interfaces to "runtime" interfaces to match the *_var_run_t to *_runtime_t rename
• Merge systemd generator domains
• Several systemd updates
• Set value of build options to "true" so m4 ifelse can be used
• Revise relabeling access to prevent relabeling to unlabeled_t
• Makefile, Vagrant, and m4 improvements
• First pass of cleanups from SELint
• Clean up domains that had user tty or pty access but could be used from either
• Add various inotify watch permissions
• Add rules for apt-catcher-ng and acngtool
• Add support for generating nft tables to gennetfilter
• Many more minor fixes across the policy

Removals:

• Drop Python 2 compatibility code from genhomedircon.py
• Remove unlabeled packet access
• Remove ada module

Name	SHA-256 SUM
refpolicy-2.20200818.tar.bz2	1488f9b94060de28addbcb29fb8437ee0d75cba15e11280dd9dfa3e09986f57b

2.20200229

This release includes several new modules:

• cryfs
• consolesetup
• knot
• tpm2
• wireguard

Changes:

• *_var_run_t types are renamed to *_runtime_t to remove the path from the type name
• Added inotify watch permissions defined and added to systemd and other common services
• Defined perf_event object class
• Reimplemented fc_sort in Python
• Added file contexts lint tool in Travis CI build
• Updated Vagrant tooling for refpolicy testing on Fedora and Debian VMs
• Added general interfaces for systemd bind mount points
• Many more minor fixes across the policy

Removals:

• Removed obsolete permissions

This release requires SELinux userspace 2.8 or higher and Python 3.4 to build.

Name	SHA-256 SUM
refpolicy-2.20200229.tar.bz2	dec854512ed00cd057408f330c2cea4de7a4405f7a147458f59c994bf578e4b0

2.20190609

This release includes one new module (stubby) and several systemd updates, including initial support for systemd --user sessions.

This release requires SELinux userspace 2.8 or higher and Python 3 to build.

79 files changed, 1329 insertions, 191 deletions

Name	SHA-256 SUM
refpolicy-2.20190609.tar.bz2	67bd1213e9d014ada15512028bb7f35ef6610c2d209cc5117b8577474aa6147f

2.20190201

This release includes three new modules (chromium, hostapd, and sigrok) among other miscellaneous fixes.

142 files changed, 2499 insertions, 270 deletions

Name	SHA-256 SUM
refpolicy-2.20190201.tar.bz2	ed620dc91c4e09eee6271b373f7c61a364a82ea57bd2dc86ca1f7075304e2843

2.20180701

In this release, the refpolicy and refpolicy-contrib repositories were remerged; the modules were moved out of the contrib layer. It also includes a large update for the X Desktop Group base directory specification and SCTP support, among various other fixes.

Refpolicy now requires SELinux userspace v2.8 to compile.

SHA-256	Filename
dca99ee829b41f216474170c0e38aae99b01a0406a841bdc7347b49aa24f6c7d	refpolicy-2.20180701.tar.bz2