selinux-policy-sandbox-41.20-1.fc41 >t 6 6_DHL\` 3!Flض zE>b$bjf' b$bjnr0BfYyˤ H/咄lC@{rĴԴ9oIP١eaBoSc4`|7>$x KhW-hA X]CbPxa+d 2՝[D\kX R3Y'_L c8f0@Ů?v2fz FhW!z V)ģ?b3́J CUc!R V0n/73B3h]1k]uwy*,b݅,M^[S|`ܔ {^|XZZ5`Ԯ#pTߺ?^ċk"vb[UźfCfBqތn 3oOw-j[8u9SLn 2|# y,#l㵹 qkCdnlSm !Z^y>\6<8ߩR~%l -@QDo& "._aaa3ac539edc45ae9a676ae7501eaf7a9fcc5ec16801ad71dff77b17bd74b6af86dc0cb9080bfa9bf93d490d9415ca91236b0bfb030204876d743500473045022100c9ac0309c27c1592143b4ab0095637fd735596eff49aab393e475046466a714b0220092fb87351e68d0b041db69bc88e91259fcc73c1f24fdb8ddd55f16ea50d7f41PRzYl|Ұ]5iVx>`?)q?)ad & =x| '-4T    A DHMRx|U(89:.>&{?&G&H&I&X&Y&\&]&^&b&d(me(rf(wl(zt(u(v((((()) Cselinux-policy-sandbox41.201.fc41SELinux sandbox policySELinux sandbox policy for use with the sandbox utility.fbuildvm-ppc64le-29.iad2.fedoraproject.orgUaFedora ProjectFedora ProjectGPL-2.0-or-laterFedora ProjectUnspecifiedhttps://github.com/fedora-selinux/selinux-policylinuxnoarchrm -f /etc/selinux/*/modules/active/modules/sandbox.pp.disabled 2>/dev/null rm -f /var/lib/selinux/*/active/modules/disabled/sandbox 2>/dev/null /usr/sbin/semodule -n -X 100 -i /usr/share/selinux/packages/sandbox.pp if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy fi; exit 0if [ $1 -eq 0 ] ; then /usr/sbin/semodule -n -d sandbox 2>/dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy fi; fi; exit 0Uaf0300cb0047d2df1320393db9096cc3aaa97a5c17733ea4401dacd87ef1a698de4rootrootselinux-policy-41.20-1.fc41.src.rpmselinux-policy-sandbox     /bin/sh/bin/shrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)selinux-policy-baseselinux-policy-targeted3.0.4-14.6.0-14.0-15.4.18-141.20-1.fc4141.20-1.fc414.19.94ff@ffff4f4fbf@f@f'@f>@fIff`f@f@fy_Zdenek Pytela - 41.20-1Zdenek Pytela - 41.19-1Petr Lautrbach - 41.18-1Zdenek Pytela - 41.17-2Petr Lautrbach - 41.17-1Zdenek Pytela - 41.16-2Zdenek Pytela - 41.16-1Zdenek Pytela - 41.15-1Zdenek Pytela - 41.14-1Zdenek Pytela - 41.13-1Zdenek Pytela - 41.12-1Zdenek Pytela - 41.11-1Zdenek Pytela - 41.10-1Fedora Release Engineering - 41.9-2Zdenek Pytela - 41.9-1Petr Lautrbach 41.8-4Zbigniew Jędrzejewski-Szmek - 41.8-3Petr Lautrbach 41.8-2- Remove the openct module sources - Remove the timidity module sources - Enable the slrn module - Remove i18n_input module sources - Enable the distcc module - Remove the ddcprobe module sources - Remove the timedatex module sources - Remove the djbdns module sources - Confine iio-sensor-proxy - Allow staff user nlmsg_write - Update policy for xdm with confined users - Allow virtnodedev watch mdevctl config dirs - Allow ssh watch home config dirs - Allow ssh map home configs files - Allow ssh read network sysctls - Allow chronyc sendto to chronyd-restricted - Allow cups sys_ptrace capability in the user namespace- Add policy for systemd-homed - Remove fc entry for /usr/bin/pump - Label /usr/bin/noping and /usr/bin/oping with ping_exec_t - Allow accountsd read gnome-initial-setup tmp files - Allow xdm write to gnome-initial-setup fifo files - Allow rngd read and write generic usb devices - Allow qatlib search the content of the kernel debugging filesystem - Allow qatlib connect to systemd-machined over a unix socket- Drop ru man pages - mls/modules.conf - fix typo - Allow unprivileged user watch /run/systemd - Allow boothd connect to kernel over a unix socket- Relabel /etc/mdevctl.d- Clean up and sync securetty_types - Bring config files from dist-git into the source repo - Confine gnome-remote-desktop - Allow virtstoraged execute mount programs in the mount domain - Make mdevctl_conf_t member of the file_type attribute- Rebuild- Label /etc/mdevctl.d with mdevctl_conf_t - Sync users with Fedora targeted users - Update policy for rpc-virtstorage - Allow virtstoraged get attributes of configfs dirs - Fix SELinux policy for sandbox X server to fix 'sandbox -X' command - Update bootupd policy when ESP is not mounted - Allow thumb_t map dri devices - Allow samba use the io_uring API - Allow the sysadm user use the secretmem API - Allow nut-upsmon read systemd-logind session files - Allow sysadm_t to create PF_KEY sockets - Update bootupd policy for the removing-state-file test - Allow coreos-installer-generator manage mdadm_conf_t files- Allow setsebool_t relabel selinux data files - Allow virtqemud relabelfrom virtqemud_var_run_t dirs - Use better escape method for "interface" - Allow init and systemd-logind to inherit fds from sshd - Allow systemd-ssh-generator read sysctl files - Sync modules.conf with Fedora targeted modules - Allow virtqemud relabel user tmp files and socket files - Add missing sys_chroot capability to groupadd policy - Label /run/libvirt/qemu/channel with virtqemud_var_run_t - Allow virtqemud relabelfrom also for file and sock_file - Add virt_create_log() and virt_write_log() interfaces - Call binaries without full path- Update libvirt policy - Add port 80/udp and 443/udp to http_port_t definition - Additional updates stalld policy for bpf usage - Label systemd-pcrextend and systemd-pcrlock properly - Allow coreos_installer_t work with partitions - Revert "Allow coreos-installer-generator work with partitions" - Add policy for systemd-pcrextend - Update policy for systemd-getty-generator - Allow ip command write to ipsec's logs - Allow virt_driver_domain read virtd-lxc files in /proc - Revert "Allow svirt read virtqemud fifo files" - Update virtqemud policy for libguestfs usage - Allow virtproxyd create and use its private tmp files - Allow virtproxyd read network state - Allow virt_driver_domain create and use log files in /var/log - Allow samba-dcerpcd work with ctdb cluster- Allow NetworkManager_dispatcher_t send SIGKILL to plugins - Allow setroubleshootd execute sendmail with a domain transition - Allow key.dns_resolve set attributes on the kernel key ring - Update qatlib policy for v24.02 with new features - Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t - Allow tlp status power services - Allow virtqemud domain transition on passt execution - Allow virt_driver_domain connect to systemd-userdbd over a unix socket - Allow boothd connect to systemd-userdbd over a unix socket - Update policy for awstats scripts - Allow bitlbee execute generic programs in system bin directories - Allow login_userdomain read aliases file - Allow login_userdomain read ipsec config files - Allow login_userdomain read all pid files - Allow rsyslog read systemd-logind session files - Allow libvirt-dbus stream connect to virtlxcd- Update bootupd policy - Allow rhsmcertd read/write access to /dev/papr-sysparm - Label /dev/papr-sysparm and /dev/papr-vpd - Allow abrt-dump-journal-core connect to winbindd - Allow systemd-hostnamed shut down nscd - Allow systemd-pstore send a message to syslogd over a unix domain - Allow postfix_domain map postfix_etc_t files - Allow microcode create /sys/devices/system/cpu/microcode/reload - Allow rhsmcertd read, write, and map ica tmpfs files - Support SGX devices - Allow initrc_t transition to passwd_t - Update fstab and cryptsetup generators policy - Allow xdm_t read and write the dma device - Update stalld policy for bpf usage - Allow systemd_gpt_generator to getattr on DOS directories- Make cgroup_memory_pressure_t a part of the file_type attribute - Allow ssh_t to change role to system_r - Update policy for coreos generators - Allow init_t nnp domain transition to firewalld_t - Label /run/modprobe.d with modules_conf_t - Allow virtnodedevd run udev with a domain transition - Allow virtnodedev_t create and use virtnodedev_lock_t - Allow virtstoraged manage files with virt_content_t type - Allow virtqemud unmount a filesystem with extended attributes - Allow svirt_t connect to unconfined_t over a unix domain socket- Update afterburn file transition policy - Allow systemd_generator read attributes of all filesystems - Allow fstab-generator read and write cryptsetup-generator unit file - Allow cryptsetup-generator read and write fstab-generator unit file - Allow systemd_generator map files in /etc - Allow systemd_generator read init's process state - Allow coreos-installer-generator read sssd public files - Allow coreos-installer-generator work with partitions - Label /etc/mdadm.conf.d with mdadm_conf_t - Confine coreos generators - Label /run/metadata with afterburn_runtime_t - Allow afterburn list ssh home directory - Label samba certificates with samba_cert_t - Label /run/coreos-installer-reboot with coreos_installer_var_run_t - Allow virtqemud read virt-dbus process state - Allow staff user dbus chat with virt-dbus - Allow staff use watch /run/systemd - Allow systemd_generator to write kmsg- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild- Allow virtqemud connect to sanlock over a unix stream socket - Allow virtqemud relabel virt_var_run_t directories - Allow svirt_tcg_t read vm sysctls - Allow virtnodedevd connect to systemd-userdbd over a unix socket - Allow svirt read virtqemud fifo files - Allow svirt attach_queue to a virtqemud tun_socket - Allow virtqemud run ssh client with a transition - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket - Update keyutils policy - Allow sshd_keygen_t connect to userdbd over a unix stream socket - Allow postfix-smtpd read mysql config files - Allow locate stream connect to systemd-userdbd - Allow the staff user use wireshark - Allow updatedb connect to userdbd over a unix stream socket - Allow gpg_t set attributes of public-keys.d - Allow gpg_t get attributes of login_userdomain stream - Allow systemd_getty_generator_t read /proc/1/environ - Allow systemd_getty_generator_t to read and write to tty_device_t- Move %postInstall to %posttrans - Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)` - Drop obsolete modules from config - Install dnf protected files only when policy is built- Relabel files under /usr/bin to fix stale context after sbin merge- Merge -base and -contrib/bin/sh/bin/sh41.20-1.fc41sandbox.pp/usr/share/selinux/packages/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wno-complain-wrong-lang -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -fasynchronous-unwind-tables -fstack-clash-protectioncpiozstd19noarch-redhat-linux-gnuhttps://bugz.fedoraproject.org/selinux-policyutf-8d1c91ffff7670941bcdbca3e28a35e065683eb78c440f4bb9597d6a761b99f7216018423f220b7d51ea68f4182b05749c6a32a63450c2f93a5aed845966a067d?(/hoB4n2FBJ9Ͻ3nedXӘe_هԬqyGZ4u6w,M'ɹ\(6W]6ii]%7Xr}dXMDad.)g|a@GfӤ-3ݓ}Ofd!1Vo B== 8>[9^זI{i#E|g{:f߶vrttP $!lI$^DB@/FpD BKP+,MMPֵ߭gI&Y&%,JJIשPdZ9[`$ gTaJ%6#zެh_l"#zcK$~k~m% xָ}8=-ҞfCyȰv 1*!?u;˭r峚ǘ͓yD=u ? }Z38y|d1oW=WQ#)myo}eiKs}Ӛ>a914MZ.>}o:7Z]'7Xg4d8v=yp:ʎ˭F,ke'( 2zbxu,]I$pnhyqd!imgcO#ŧ4ksH8/kF /PÂEg 8Cn%M(G".]R^ۃt+Բjl7o~rRHgTu# io,EE slNō~&.eH2bv5 VsQ^75n_/%\WCerrW=[-' uuGF17ghm\>ڡZlE }})d@L*" !D'@<BJ'?b,D@)"  2$IJ(&*8RnP ذ"b9 ؁d!1u79'X#mώ\_QoaVѕYۋ=;fi.$%[ezb ZD2t:vZ {NxYΎL'%T]\..2\'^M7 'Tq0JAm_\$ɕn==NP. #{wY+cu@)]g.&.w dvlhsTpUy͂cܲBgJ2фtF s JFDӱY A,D"!D DF!k9{$8u-̱N-I) v y#&kvhA])3CcV?* ~4a StCw `o3Ql?{3O=N% ʼ|*a ^L.sqp+8K͡}E W`^\_ot>+tp_cwc\S\`X:ac]㖼 ^],pgo#jDjCe'2p% _:Jˣwg+ hQLmD.g[KK?*Ǯ9 GRbeaϘ9A{?z]' xC {}|: hdgS)QK͏Q۔rNh`a2xdX#`H?3^MJ*J!X N+\"nJ7MZyqgp N j; 5wۅTFwRk*aZ"pmwo<-[cwcY~5֬a~ӳlEd+Eg\@OF#Q"qHYv'SuM0!] *rT-*{;fHiӜ2øDxu*B5ҚNY]NdTk_W.Rڂuq0q@i+$OWPԥ8Wf)Y tTQQ|i 3=avT# 崢>lIY&]H0Oc\i'D,?@]UOs._ #ͦd)s֛rx%ק7m@F3ڪm<$eѻ>M 9 zRtTm)e"vxAj[Zكl S̍HuhA|*wTIҐ2՝5?[OJEd5YW%CS*D Gzp2ݞwB%%)㌙S[_%r!˪y \f_9b5TgM\0r4s[\ͷC4LPd @/$N?묯!ޕ X/ f66Y3i2cFGM_y`K;|LL(E&2cz)%&S?xyk-nRD.))lDH*~0nQy_kF&5Օǵ(fPԜ'v7ect^RQ*"Es;$H*!W~>Dݩףe\} ƿb0KhO/ =h1M7]hfܒ4x4b@q8eQ>ehǹX(<)[nNGTVoոZ &r AG Iu^[γ^Z*i20ܾ6\?սna"y.Du&7 1RBo ,P$.2W a'^C+2&Q 2Zu讉+`LaA<4-5鹄JC|\">,Q2>ԻHsk]xn3y^}":r#c9ϊcje,4/?%B\ ]pcpkIi$=zuN'6B- |gҴAa]ppoH\Kt}ʈZiȷs NW݁q~B hYmRd2G|_7mi8P|L.߉Kr b8^HN ܃o Ad-^mu50\tY_.C֐lxfFٿe`KC@6M&O ;{1bWCTz<2֦[2CllCوTjmӃAn|]Y ].ls&᮰kd;zzSJLcJm~)ξPn$I K#:FB.) 9\!#63!?@JQr{fJ7>RŎH֑9sN)ja Dx_jj )f!V! 8(֊"^'K3Q̧&"m. k:oZoP>EޒLZ|ɻ2f ~19?y455jJ# 4 $3 ÐIfd p)eJIŁHw"i˹O/Qnm"4}ev*Z#YsiCEVVA% ڽhǐx6t83DjN^i(ۄwc"cx]bWDΖB/I xBIq5 8ü7C Ehٴ/|PFqB)lOwÉzs74Sa>YTMfUӇoB9=C>C`540f!\:AyvA9]瀒t$v؁m5zAckKNM4D%' ajJ4$Ò}4!GUޑ@D^bqzEw!GE.^ނny[ KK9+"CLW|Ҵ#ۡa3PfZyJY|' DU?֮ h*Vr+$+W VÅ}M+hhچ 34kDp$ t3ne>agp[Qik?^ ݮ)L٩0Թ'Z0W0>~N6zO; #1 b߷٘W!;S42Zx“qްw='_4;%kEdVhV;4 "ZhhdhђaTLŞ1&$ž^j!Zʏ`k L Wb%|NڣU469fCCgZL梱-#dF &Ō=>?]9R˚솸^-`vsM_y3:c>c]]}p[ w} W7d tP'C9ћ{!xf{Bּ 8fw5~xæqU:<ۼ{_Ad l7ע 9.[#(+eTT>gut b]$fM?E%DlQ|ͷmͶ-0L-xW&})ϣ'ϺS&̸"ڎJ7)H*x-_nM9\ f[mzٮ r[Lu2ۇg sz<OQsel΀|@۝M[3D YCǏΰG&1LT&=X$ʕhs}I9\Hپ^Dsw c9fpj7#]xSoڌ<[]º5Ԁ{ Ԛ~Њ\"7r$cuC2$v*r0Iew8YIk˕FH\#A M_:93H=@ OEgׄCՀOS9lAw|tg?xpgcKN5LsڰsJBe僃ʬ[bQa*A(v(O_`3a4b5c6d799\5[V30U21T12S03Z74Y65X56W4786Q485R943291807K26L5I04J13O6P71M490N5859H3G8D52C43F70E61@16?07B34A25698=2>9941:50;63<72505614727836-   S @ | :( %  @SDS  (s@dfI"PB!EH" $P$1`3J=CNؓw%'Jꖧ}Te˛%ɃsK_"ڱyG{ |6ڴeF"r#T*Qk/zƃ< tQ" ={.݈jN-I3rgBl3,jNA_ 5Oh7'WKc#Z*wV0Bcc $gT}?R+ÄRvG怆M[;h R %!Swwa9ളg&at` +IRzs7y aʲ?> W{Hcc/QK_`<(O5wV$ߑWaO|W_a~I9{o8kz{_B)Q!)<"8!%@" l!H$"B"F-#A~" }/b~mrZ6,@j50.~0*-[3X2wg@hv :J".HG%yL'ȒRJ \H,ޑ\=b Wmz9e_C17/vt\6kkN1l7 AAyK~UŸT+썹Bɛ@$5!B )Jl2]zM&as!T"AEy[d!>ǫr[R@x}h6 qb";[tLzoWbpsV=& sq|{d n#ٖ,ǜokXJl i4&HHI;qΎ>VwrgySD 9=&E :*&2E #P03䱜[K)SJ2IzG#|zDUDeN_gQ2n" b"O?~CF >5e ?QMߎedHpyɝDŽ Jب>5e4w7(OMŘНEû (G^LoCA`8` 80pC p88`p8 `\ 8Hk:Tl*(dQgQO{!_ꌇSDոҘQ8E-Z**SFɣ3 ×LPL.a{/'D>]ς UDŽ1a9j""OC~1HVsk^C J(IUSDEE56 wLOT^\%)R,dNi^/TwuUXA+6. wi̙ř]5:" p LXTd89ZY=)MR1Dg9gE2hz#8!Ɗ^ULZyԨj$ObQDԟ"nUmt+Bn3fA?T%OMEC8鄢3߫3 17 #P @`?IR7"`ZP↑_UX#.RMϗ//H^Sy`RONFor}ė#:фS;;#'Ɂ\JfU1O48[k]wI?"ڏQ7jݓ!JlF;SϿeJxb[,'2ai4\Ya6hVQʪI|}6P~,HG4SS7͢Ӿ -Kc~PCOkeһL=zs+{ykl9ytMZd_rs1mCs= fͧC_l=eo=p d WWR‡fEkm[Jq36^q-䌯EQi? I=6!*쩟N[K}HxiO)o0j7 `(LQa1:_.;KjĨӝ:r幭?r#ZK|jbqr[S1CGխӞNi=X6ؾD{Gt=ιXIcmo 7k*M`S<\HF qVе0RlfW%R3!b6ZR_ 'P"'Unr0Ӌ+ R/mi&@}(JTdoܻ84z/%)n4;PT4'Cx:@!/se( ۟iq#R~KD )h,CU&ԃs