selinux-policy-sandbox-41.33-1.fc42 >t 6 6_DHL\` 3!XPȬI^Dg6 ȬI^D k% Y:k~jUORH>,#B&[Mv0afBh%9Douȝεcw;`"bl7d F'vj`^{Ag.њ9%CM{ӧnR@b F0$\8Ħa䚨j\75s(z^hxY)f`٩,FAk*Lڬqly ig(5P,U욺.#dgMV!-VDFw,KCꤓuEl}=$II.%:3Ũn'CυF3Spyԯ3pfjҹ@h #f)EK,g b &}^b874e19a82afcdcf6447b7370ed50547d46dd7b56f2bb4528e8624870c2eb501b04a475fc713bed4f435a5958c76fbcb706d77b603020462f02aa400473045022100fee2ca79c12bb9906e10055116497dc7eb5f0761facfe9b74679f0ec79c520d102204777490c0a43a6ed062a96c0817fd0fa7cf36aa032523f80ef647cdfcaa76c41PPn_9+T.nO:Vx>`?e=?e-d & =x| #)0Z    E HLQV|Y(8'98': 2'>bJ?bRGb\Hb`IbdXbhYbl\b|]b^bbbdd8ed=fdBldEtd`uddvdhdldpddddCselinux-policy-sandbox41.331.fc42SELinux sandbox policySELinux sandbox policy for use with the sandbox utility.g`buildvm-s390x-08.s390.fedoraproject.orgUaFedora ProjectFedora ProjectGPL-2.0-or-laterFedora ProjectUnspecifiedhttps://github.com/fedora-selinux/selinux-policylinuxnoarchrm -f /etc/selinux/*/modules/active/modules/sandbox.pp.disabled 2>/dev/null rm -f /var/lib/selinux/*/active/modules/disabled/sandbox 2>/dev/null /usr/bin/semodule -n -X 100 -i /usr/share/selinux/packages/sandbox.pp 2> /dev/null if /usr/bin/selinuxenabled ; then /usr/bin/load_policy fi; exit 0if [ $1 -eq 0 ] ; then /usr/bin/semodule -n -d sandbox 2>/dev/null if /usr/bin/selinuxenabled ; then /usr/bin/load_policy fi; fi; exit 0UagM4f309c7769b433177871290175431bec60a9ce0c133bb4091250f4587d9f759drootrootselinux-policy-41.33-1.fc42.src.rpmselinux-policy-sandbox     /bin/sh/bin/shrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)selinux-policy-baseselinux-policy-targeted3.0.4-14.6.0-14.0-15.4.18-141.33-1.fc4241.33-1.fc424.20.0ggRg@gu@g@gw@gaggM@g<}g@g@gB@gg @f@ffffffbf@f@f'@f>@fIff`f@f@fwfwf~fr@fqvfp%@fh<@fb@f]@Zdenek Pytela - 41.33-1Zdenek Pytela - 41.32-1Zdenek Pytela - 41.31-1Zdenek Pytela - 41.30-1Zdenek Pytela - 41.29-1Zdenek Pytela - 41.28-1Zdenek Pytela - 41.27-1Petr Lautrbach - 41.26-2Zdenek Pytela - 41.26-1Zdenek Pytela - 41.25-1Zdenek Pytela - 41.24-1Zdenek Pytela - 41.23-1Zdenek Pytela - 41.22-1Zdenek Pytela - 41.21-1Zdenek Pytela - 41.20-1Zdenek Pytela - 41.19-1Petr Lautrbach - 41.18-1Zdenek Pytela - 41.17-2Petr Lautrbach - 41.17-1Zdenek Pytela - 41.16-1Zdenek Pytela - 41.15-1Zdenek Pytela - 41.14-1Zdenek Pytela - 41.13-1Zdenek Pytela - 41.12-1Zdenek Pytela - 41.11-1Zdenek Pytela - 41.10-1Fedora Release Engineering - 41.9-2Zdenek Pytela - 41.9-1Petr Lautrbach 41.8-4Zbigniew Jędrzejewski-Szmek - 41.8-3Petr Lautrbach 41.8-2Zdenek Pytela - 41.8-1Zdenek Pytela - 41.7-1Zdenek Pytela - 41.6-1Zdenek Pytela - 41.5-1Zdenek Pytela - 41.4-1Zdenek Pytela - 41.3-1Zdenek Pytela - 41.2-1Zdenek Pytela - 41.1-1- Allow systemd-networkd the sys_admin capability - Update systemd-networkd policy in systemd v257 - Separate insights-core from insights-client - Removed unused insights_client interfaces calls from other modules - Update policy for insights_client wrt new rules for insights_core_t - Add policy for insights-core - Allow systemd-networkd use its private tmpfs files - Allow boothd connect to systemd-machined over a unix socket - Update init_explicit_domain() interface - Allow tlp to read/write nmi_watchdog state information - Allow power-profiles-daemon the bpf capability - Allow svirt_t to connect to nbdkit over a unix stream socket - Update ktlshd policy to read /proc/keys and domain keyrings - Allow virt_domain read hardware state information unconditionally - Allow init mounton crypto sysctl files - Rename winbind_rpcd_* types to samba_dcerpcd_* - Support peer-to-peer migration of vms using ssh- Allow virtqemud use hostdev usb devices conditionally - Allow virtqemud map svirt_image_t plain files - Allow virtqemud work with nvdimm devices - Support saving and restoring a VM to/from a block device - Allow virtnwfilterd dbus chat with firewalld - Dontaudit systemd-logind remove all files - Add the files_dontaudit_read_all_dirs() interface - Add the files_dontaudit_delete_all_files() interface - Allow rhsmcertd notify virt-who - Allow irqbalance to run unconfined scripts conditionally- Allow snapperd execute systemctl in the caller domain - Allow svirt_tcg_t to connect to nbdkit over a unix stream socket - Allow iio-sensor-proxy read iio devices - Label /dev/iio:device[0-9]+ devices - Allow systemd-coredump the sys_admin capability - Allow apcupsd's apccontrol to send messages using wall - contrib/thumb: also allow per-user thumbnailers - contrib/thumb: fix thunar thumbnailer (rhbz#2315893) - Allow virt_domain to use pulseaudio - conditional - Allow pcmsensor read nmi_watchdog state information - Allow init_t nnp domain transition to gssproxy_t- Allow systemd-generator connect to syslog over a unix stream socket - Allow virtqemud manage fixed disk device nodes - Allow iio-sensor-proxy connect to syslog over a unix stream socket - Allow virtstoraged write to sysfs files - Allow power-profiles-daemon write sysfs files - Update iiosensorproxy policy - Allow pcmsensor write nmi_watchdog state information - Label /proc/sys/kernel/nmi_watchdog with sysctl_nmi_watchdog_t - Allow virtnodedev create /etc/mdevctl.d/scripts.d with bin_t type - Add the gpg_read_user_secrets() interface - Allow gnome-remote-desktop read resolv.conf - Update switcheroo policy - Allow nfsidmap connect to systemd-homed over a unix socket - Add the auth_write_motd_var_run_files() interface - Add the bind_exec_named_checkconf() interface - Add the virt_exec_virsh() interface- Allow virtqemud domain transition to nbdkit - Add nbdkit interfaces defined conditionally - Allow samba-bgqd connect to cupsd over an unix domain stream socket - Confine the switcheroo-control service - Allow svirt_t read sysfs files - Add rhsmcertd interfaces - Add the ssh_exec_sshd() interface - Add the gpg_domtrans_agent() interface - Label /usr/bin/dnf5 with rpm_exec_t - Label /dev/pmem[0-9]+ with fixed_disk_device_t - allow kdm to create /root/.kde/ with correct label - Change /usr/sbin entries to use /usr/bin or remove them - Allow systemd-homed get filesystem quotas - Allow login_userdomain getattr nsfs files - Allow virtqemud send a generic signal to the ssh client domain - Dontaudit request-key read /etc/passwd- Update virtqemud policy regarding the svirt_tcg_t domain - Allow virtqemud domain transition on numad execution - Support virt live migration using ssh - Allow virtqemud permissions needed for live migration - Allow virtqemud the getpgid process permission - Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on - Allow virtqemud relabelfrom virt_log_t files - Allow virtqemud relabel tun_socket - Add policy for systemd-import-generator - Confine vsftpd systemd system generator - Allow virtqemud read and write sgx_vepc devices - Allow systemd-networkd list cgroup directories - Allow xdm dbus chat with power-profiles-daemon - Allow ssh_t read systemd config files - Add Valkey rules to Redis module- Update ktlsh policy - Allow request-key to read /etc/passwd - Allow request-key to manage all domains' keys - Add support for the KVM guest memfd anon inodes - Allow auditctl signal auditd - Dontaudit systemd-coredump the sys_resource capability - Allow traceroute_t bind rawip sockets to unreserved ports - Fix the cups_read_pid_files() interface to use read_files_pattern - Allow virtqemud additional permissions for tmpfs_t blk devices - Allow virtqemud rw access to svirt_image_t chr files - Allow virtqemud rw and setattr access to fixed block devices - Label /etc/mdevctl.d/scripts.d with bin_t - Allow virtqemud open svirt_devpts_t char files - Allow virtqemud relabelfrom virt_log_t files - Allow svirt_tcg_t read virtqemud_t fifo_files - Allow virtqemud rw and setattr access to sev devices - Allow virtqemud directly read and write to a fixed disk - Allow virtqemud_t relabel virt_var_lib_t files - Allow virtqemud_t relabel virtqemud_var_run_t sock_files - Add gnome_filetrans_gstreamer_admin_home_content() interface - Label /dev/swradio, /dev/v4l-subdev, /dev/v4l-touch with v4l_device_t - Make bootupd_t permissive - Allow init_t nnp domain transition to locate_t - allow gdm and iiosensorproxy talk to each other via D-bus - Allow systemd-journald getattr nsfs files - Allow sendmail to map mail server configuration files - Allow procmail to read mail aliases - Allow cifs.idmap helper to set attributes on kernel keys - Allow irqbalance setpcap capability in the user namespace - Allow sssd_selinux_manager_t the setcap process permission - Allow systemd-sleep manage efivarfs files - Allow systemd-related domains getattr nsfs files - Allow svirt_t the sys_rawio capability - Allow alsa watch generic device directories - Move systemd-homed interfaces to seperate optional_policy block - Update samba-bgqd policy - Update virtlogd policy - Allow svirt_t the sys_rawio capability - Allow qemu-ga the dac_override and dac_read_search capabilities - Allow bacula execute container in the container domain - Allow httpd get attributes of dirsrv unit files - Allow samba-bgqd read cups config files - Add label rshim_var_run_t for /run/rshim.pid- Rebuild with SELinux Userspace 3.8- [5/5][sync from 'mysql-selinux'] Add mariadb-backup - [4/5][sync from 'mysql-selinux'] Fix regex to also match '/var/lib/mysql/mysqlx.sock' - [3/5][sync from 'mysql-selinux'] Allow mysqld_t to read and write to the 'memory.pressure' file in cgroup2 - [2/5][sync from 'mysql-selinux'] 2nd attempt to fix rhbz#2186996 rhbz#2221433 rhbz#2245705 - [1/5][sync from 'mysql-selinux'] Allow 'mysqld' to use '/usr/bin/hostname' - Allow systemd-networkd read mount pid files - Update policy for samba-bgqd - Allow chronyd read networkmanager's pid files - Allow staff user connect to generic tcp ports - Allow gnome-remote-desktop dbus chat with policykit - Allow tlp the setpgid process permission - Update the bootupd policy - Allow sysadm_t use the io_uring API - Allow sysadm user dbus chat with virt-dbus - Allow virtqemud_t read virsh_t files - Allow virt_dbus_t connect to virtd_t over a unix stream socket - Allow systemd-tpm2-generator read hardware state information - Allow coreos-installer-generator execute generic programs - Allow coreos-installer domain transition on udev execution - Revert "Allow unconfined_t execute kmod in the kmod domain" - Allow iio-sensor-proxy create and use unix dgram socket - Allow virtstoraged read vm sysctls - Support ssh connections via systemd-ssh-generator - Label all semanage store files in /etc as semanage_store_t - Add file transition for nvidia-modeset- Allow dirsrv-snmp map dirsv_tmpfs_t files - Label /usr/lib/node_modules_22/npm/bin with bin_t - Add policy for /usr/libexec/samba/samba-bgqd - Allow gnome-remote-desktop watch /etc directory - Allow rpcd read network sysctls - Allow journalctl connect to systemd-userdbd over a unix socket - Allow some confined users send to lldpad over a unix dgram socket - Allow lldpad send to unconfined_t over a unix dgram socket - Allow lldpd connect to systemd-machined over a unix socket - Confine the ktls service- Allow dirsrv read network sysctls - Label /run/sssd with sssd_var_run_t - Label /etc/sysctl.d and /run/sysctl.d with system_conf_t - Allow unconfined_t execute kmod in the kmod domain - Allow confined users r/w to screen unix stream socket - Label /root/.screenrc and /root/.tmux.conf with screen_home_t - Allow virtqemud read virtd_t files - Allow ping_t read network sysctls- Allow systemd-homework connect to init over a unix socket - Fix systemd-homed blobs directory permissions - Allow virtqemud read sgx_vepc devices - Allow lldpad create and use netlink_generic_socket- Allow systemd-homework write to init pid socket - Allow init create /var/cache/systemd/home - Confine the pcm service - Allow login_userdomain read thumb tmp files - Update power-profiles-daemon policy - Fix the /etc/mdevctl\.d(/.*)? regexp - Grant rhsmcertd chown capability & userdb access - Allow iio-sensor-proxy the bpf capability - Allow systemd-machined the kill user-namespace capability- Remove the fail2ban module sources - Remove the linuxptp module sources - Remove legacy rules for slrnpull - Remove the aiccu module sources - Remove the bcfg2 module sources - Remove the amtu module sources - Remove the rhev module sources - Remove all file context entries for /bin and /lib - Allow ptp4l the sys_admin capability - Confine power-profiles-daemon - Label /var/cache/systemd/home with systemd_homed_cache_t - Allow login_userdomain connect to systemd-homed over a unix socket - Allow boothd connect to systemd-homed over a unix socket - Allow systemd-homed get attributes of a tmpfs filesystem - Allow abrt-dump-journal-core connect to systemd-homed over a unix socket - Allow aide connect to systemd-homed over a unix socket - Label /dev/hfi1_[0-9]+ devices - Suppress semodule's stderr- Remove the openct module sources - Remove the timidity module sources - Enable the slrn module - Remove i18n_input module sources - Enable the distcc module - Remove the ddcprobe module sources - Remove the timedatex module sources - Remove the djbdns module sources - Confine iio-sensor-proxy - Allow staff user nlmsg_write - Update policy for xdm with confined users - Allow virtnodedev watch mdevctl config dirs - Allow ssh watch home config dirs - Allow ssh map home configs files - Allow ssh read network sysctls - Allow chronyc sendto to chronyd-restricted - Allow cups sys_ptrace capability in the user namespace- Add policy for systemd-homed - Remove fc entry for /usr/bin/pump - Label /usr/bin/noping and /usr/bin/oping with ping_exec_t - Allow accountsd read gnome-initial-setup tmp files - Allow xdm write to gnome-initial-setup fifo files - Allow rngd read and write generic usb devices - Allow qatlib search the content of the kernel debugging filesystem - Allow qatlib connect to systemd-machined over a unix socket- Drop ru man pages - mls/modules.conf - fix typo - Allow unprivileged user watch /run/systemd - Allow boothd connect to kernel over a unix socket- Relabel /etc/mdevctl.d- Clean up and sync securetty_types - Bring config files from dist-git into the source repo - Confine gnome-remote-desktop - Allow virtstoraged execute mount programs in the mount domain - Make mdevctl_conf_t member of the file_type attribute- Label /etc/mdevctl.d with mdevctl_conf_t - Sync users with Fedora targeted users - Update policy for rpc-virtstorage - Allow virtstoraged get attributes of configfs dirs - Fix SELinux policy for sandbox X server to fix 'sandbox -X' command - Update bootupd policy when ESP is not mounted - Allow thumb_t map dri devices - Allow samba use the io_uring API - Allow the sysadm user use the secretmem API - Allow nut-upsmon read systemd-logind session files - Allow sysadm_t to create PF_KEY sockets - Update bootupd policy for the removing-state-file test - Allow coreos-installer-generator manage mdadm_conf_t files- Allow setsebool_t relabel selinux data files - Allow virtqemud relabelfrom virtqemud_var_run_t dirs - Use better escape method for "interface" - Allow init and systemd-logind to inherit fds from sshd - Allow systemd-ssh-generator read sysctl files - Sync modules.conf with Fedora targeted modules - Allow virtqemud relabel user tmp files and socket files - Add missing sys_chroot capability to groupadd policy - Label /run/libvirt/qemu/channel with virtqemud_var_run_t - Allow virtqemud relabelfrom also for file and sock_file - Add virt_create_log() and virt_write_log() interfaces - Call binaries without full path- Update libvirt policy - Add port 80/udp and 443/udp to http_port_t definition - Additional updates stalld policy for bpf usage - Label systemd-pcrextend and systemd-pcrlock properly - Allow coreos_installer_t work with partitions - Revert "Allow coreos-installer-generator work with partitions" - Add policy for systemd-pcrextend - Update policy for systemd-getty-generator - Allow ip command write to ipsec's logs - Allow virt_driver_domain read virtd-lxc files in /proc - Revert "Allow svirt read virtqemud fifo files" - Update virtqemud policy for libguestfs usage - Allow virtproxyd create and use its private tmp files - Allow virtproxyd read network state - Allow virt_driver_domain create and use log files in /var/log - Allow samba-dcerpcd work with ctdb cluster- Allow NetworkManager_dispatcher_t send SIGKILL to plugins - Allow setroubleshootd execute sendmail with a domain transition - Allow key.dns_resolve set attributes on the kernel key ring - Update qatlib policy for v24.02 with new features - Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t - Allow tlp status power services - Allow virtqemud domain transition on passt execution - Allow virt_driver_domain connect to systemd-userdbd over a unix socket - Allow boothd connect to systemd-userdbd over a unix socket - Update policy for awstats scripts - Allow bitlbee execute generic programs in system bin directories - Allow login_userdomain read aliases file - Allow login_userdomain read ipsec config files - Allow login_userdomain read all pid files - Allow rsyslog read systemd-logind session files - Allow libvirt-dbus stream connect to virtlxcd- Update bootupd policy - Allow rhsmcertd read/write access to /dev/papr-sysparm - Label /dev/papr-sysparm and /dev/papr-vpd - Allow abrt-dump-journal-core connect to winbindd - Allow systemd-hostnamed shut down nscd - Allow systemd-pstore send a message to syslogd over a unix domain - Allow postfix_domain map postfix_etc_t files - Allow microcode create /sys/devices/system/cpu/microcode/reload - Allow rhsmcertd read, write, and map ica tmpfs files - Support SGX devices - Allow initrc_t transition to passwd_t - Update fstab and cryptsetup generators policy - Allow xdm_t read and write the dma device - Update stalld policy for bpf usage - Allow systemd_gpt_generator to getattr on DOS directories- Make cgroup_memory_pressure_t a part of the file_type attribute - Allow ssh_t to change role to system_r - Update policy for coreos generators - Allow init_t nnp domain transition to firewalld_t - Label /run/modprobe.d with modules_conf_t - Allow virtnodedevd run udev with a domain transition - Allow virtnodedev_t create and use virtnodedev_lock_t - Allow virtstoraged manage files with virt_content_t type - Allow virtqemud unmount a filesystem with extended attributes - Allow svirt_t connect to unconfined_t over a unix domain socket- Update afterburn file transition policy - Allow systemd_generator read attributes of all filesystems - Allow fstab-generator read and write cryptsetup-generator unit file - Allow cryptsetup-generator read and write fstab-generator unit file - Allow systemd_generator map files in /etc - Allow systemd_generator read init's process state - Allow coreos-installer-generator read sssd public files - Allow coreos-installer-generator work with partitions - Label /etc/mdadm.conf.d with mdadm_conf_t - Confine coreos generators - Label /run/metadata with afterburn_runtime_t - Allow afterburn list ssh home directory - Label samba certificates with samba_cert_t - Label /run/coreos-installer-reboot with coreos_installer_var_run_t - Allow virtqemud read virt-dbus process state - Allow staff user dbus chat with virt-dbus - Allow staff use watch /run/systemd - Allow systemd_generator to write kmsg- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild- Allow virtqemud connect to sanlock over a unix stream socket - Allow virtqemud relabel virt_var_run_t directories - Allow svirt_tcg_t read vm sysctls - Allow virtnodedevd connect to systemd-userdbd over a unix socket - Allow svirt read virtqemud fifo files - Allow svirt attach_queue to a virtqemud tun_socket - Allow virtqemud run ssh client with a transition - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket - Update keyutils policy - Allow sshd_keygen_t connect to userdbd over a unix stream socket - Allow postfix-smtpd read mysql config files - Allow locate stream connect to systemd-userdbd - Allow the staff user use wireshark - Allow updatedb connect to userdbd over a unix stream socket - Allow gpg_t set attributes of public-keys.d - Allow gpg_t get attributes of login_userdomain stream - Allow systemd_getty_generator_t read /proc/1/environ - Allow systemd_getty_generator_t to read and write to tty_device_t- Move %postInstall to %posttrans - Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)` - Drop obsolete modules from config - Install dnf protected files only when policy is built- Relabel files under /usr/bin to fix stale context after sbin merge- Merge -base and -contrib- Drop publicfile module - Remove permissive domain for systemd_nsresourced_t - Change fs_dontaudit_write_cgroup_files() to apply to cgroup_t - Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t - Allow to create and delete socket files created by rhsm.service - Allow virtnetworkd exec shell when virt_hooks_unconfined is on - Allow unconfined_service_t transition to passwd_t - Support /var is empty - Allow abrt-dump-journal read all non_security socket files - Allow timemaster write to sysfs files - Dontaudit domain write cgroup files - Label /usr/lib/node_modules/npm/bin with bin_t - Allow ip the setexec permission - Allow systemd-networkd write files in /var/lib/systemd/network - Fix typo in systemd_nsresourced_prog_run_bpf()- Confine libvirt-dbus - Allow virtqemud the kill capability in user namespace - Allow rshim get options of the netlink class for KOBJECT_UEVENT family - Allow dhcpcd the kill capability - Allow systemd-networkd list /var/lib/systemd/network - Allow sysadm_t run systemd-nsresourced bpf programs - Update policy for systemd generators interactions - Allow create memory.pressure files with cgroup_memory_pressure_t - Add support for libvirt hooks- Allow certmonger read and write tpm devices - Allow all domains to connect to systemd-nsresourced over a unix socket - Allow systemd-machined read the vsock device - Update policy for systemd generators - Allow ptp4l_t request that the kernel load a kernel module - Allow sbd to trace processes in user namespace - Allow request-key execute scripts - Update policy for haproxyd- Update policy for systemd-nsresourced - Correct sbin-related file context entries- Allow login_userdomain execute systemd-tmpfiles in the caller domain - Allow virt_driver_domain read files labeled unconfined_t - Allow virt_driver_domain dbus chat with policykit - Allow virtqemud manage nfs files when virt_use_nfs boolean is on - Add rules for interactions between generators - Label memory.pressure files with cgroup_memory_pressure_t - Revert "Allow some systemd services write to cgroup files" - Update policy for systemd-nsresourced - Label /usr/bin/ntfsck with fsadm_exec_t - Allow systemd_fstab_generator_t read tmpfs files - Update policy for systemd-nsresourced - Alias /usr/sbin to /usr/bin and change all /usr/sbin paths to /usr/bin - Remove a few lines duplicated between {dkim,milter}.fc - Alias /bin → /usr/bin and remove redundant paths - Drop duplicate line for /usr/sbin/unix_chkpwd - Drop duplicate paths for /usr/sbin- Update systemd-generator policy - Remove permissive domain for bootupd_t - Remove permissive domain for coreos_installer_t - Remove permissive domain for afterburn_t - Add the sap module to modules.conf - Move unconfined_domain(sap_unconfined_t) to an optional block - Create the sap module - Allow systemd-coredumpd sys_admin and sys_resource capabilities - Allow systemd-coredump read nsfs files - Allow generators auto file transition only for plain files - Allow systemd-hwdb write to the kernel messages device - Escape "interface" as a file name in a virt filetrans pattern - Allow gnome-software work for login_userdomain - Allow systemd-machined manage runtime sockets - Revert "Allow systemd-machined manage runtime sockets"- Allow postfix_domain connect to postgresql over a unix socket - Dontaudit systemd-coredump sys_admin capability - Allow all domains read and write z90crypt device - Allow tpm2 generator setfscreate - Allow systemd (PID 1) manage systemd conf files - Allow pulseaudio map its runtime files - Update policy for getty-generator - Allow systemd-hwdb send messages to kernel unix datagram sockets - Allow systemd-machined manage runtime sockets- Allow fstab-generator create unit file symlinks - Update policy for cryptsetup-generator - Update policy for fstab-generator - Allow virtqemud read vm sysctls - Allow collectd to trace processes in user namespace - Allow bootupd search efivarfs dirs - Add policy for systemd-mountfsd - Add policy for systemd-nsresourced - Update policy generators - Add policy for anaconda-generator - Update policy for fstab and gpt generators - Add policy for kdump-dep-generator/bin/sh/bin/sh41.33-1.fc42sandbox.pp/usr/share/selinux/packages/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wno-complain-wrong-lang -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protectioncpiozstd19noarch-redhat-linux-gnuhttps://bugz.fedoraproject.org/selinux-policyutf-814b7137c89a817ab46f554677c46c4992dd3ca2c417331d9bf607c0ad1b331161bc0d3e5d2ad146fa4b22c151347076fc1a4a256c1213e2171cabdd62d8ea0fa?(/h\w:pHMRmpc1c1eww 90FEyŕ?HDDDDDDD3?ÅF x!LICNum? g]ֶ IV&~LsfYGc{JR|S(gt ]$M\#ݲ/R&K].U̲Sޝ?/P)УLyӏ44k $~3X+qc1Zu(gPTu{!lKOdufֺ9A)~nݼ=7o =+k.fqՋXdÃ)-E\dO$1))$%C"?(ω'Dm$p!Y 4*}%Uu!@yUN0嵄BarhnNCcdWqm:<*7gްJ@& =_mJQK}yy=\XsgqPCY-Zm)qaei,w -,= 2J$~g%mܕ;D;#~I5Rrn}g]DҒʖ;wkwK;8";ǿ{G+4,w"Lz=@%N zbQڜ4apn.N2Vuys֏g1Y"fbLL=FRyP i~uaVl'wo@b #A O(B b >|j%a$dJ<%9|Hp8|PHP2bPy`_:Nj %2_bHOݫHNIb9B$v7$r`PD1 Cf _[vonGLjСVeWf_gFG[:G~J ?rCØ)8U%43C;hij Ro@0R΢H ^|L0U!ya?Y`lfO4^$0 !B#Tr68 :1%s> OA5v,7i?(jIE?QF{PQ9c{:T%WWAY&aTG`}v?ץ"bfS*_Z ܮf\*"V|΋e}KAX VtNNQ+?zqi;{ERo#DfPD ) 9ȶP%~"6'#)+]ˁ@K2*bAacC)O;PܕC9x RfS͢yzy֏^J[eˁDj<ʭ2yqN}f"ŭ`wIн9,XAAJ?+QC\PߚcHohBeʥ?q'A~(k$;mTDhK44UtΎw6ɁaC Z@L-|Qh W5E !fK^{+ MGRۂchqXJ#8|7"A MHTDQgoفn}.j)!.?)?j.$0̲BEЏnDj7TJMF[r]zr(ًO- .V({7ESy 0 ){|Ts;^1՜%σHgyPR^>PRZ}'c.?MX @+zއ3$۬ =}7п0\XrFipxIG ٜvGzL'*e`@ zR1!*3eJכhstvSEQSS:2hGJ$NZ&%}:<ڹYi)5PKB=ڸß5:'PteI,^B]_Iõt!3|}$K'ػ~[$HkOeL#E])єR0hf5N4 Z>ko|W&>4:xC#S=MlGAa]+~;ʄ]57=X (z@WD6M+oo- u|I~ҁIi$ ~ Dzuξ mhkoWUEe0se97 YbL{C!s\ʞHԺg΅]–^0RءFZdRI*%)@=Hyt" A'Εpe.SKR p.y }'tF[)laYQ*>BoNjc{p5>L~~ҬQko0,F8&awFj%,F5DTRvh4HՄC#ڭw3pAmvF mRz8 lB1KwȺ,lX<y{ si&v;p0.t^%WUP&VZ 0/pp-OUXe^aGؖ0=; t4vh@^t54 ]ŕ'~4lR|Ը 6O?^PQ U3C =6 Qr$:(~񧋪^P 9& Et:\.kԩsH4T^%UI@ &31@bp` FC*f7YG(F?]B"/$7;@6nzN`,5J$ 4 $3  #0\ 3JR2)dqom;{Q:Aα\t ^B.UMZ⇞K-P" m$DAW<<7pp icg<3*TyHmLYt$_#EQfm|PRkilsĖ 1!Mto$$#Y;~"Bv)Gy)IC&.q6&2h/l!Y‡)O]szG*E<{GN87E5_׃i8 gz8Qt&5f{H>Y\Lކw(7&VݾګhPZyf.it߳=s7|W3׆іm b&q;m4^ c1F7b;5~-E4HXH(ӋVmOHPaE-]Pϒfo!j<-Nhfᣤ+"ߤ8SKǽ,k{vU1ܻ"i'վqJ /2iUp+hmx3CK 梄UW@h:W'z's/}M& *cS]:^)ԥ|-%T3]!!>~@EP'AD~?Kb"^,fOƖZxɻZGxBQcUE6CZ4DljgOK/&- TҸR Q^lxUolp^@<V5mFՓ[3S>&]@U[H p1i@F<'SR)US3RQ%0ϋCZ#0  NM#@|ڐz%hCY;Ɂ~ڟ7﷜NX0Uq|D ~D,a#N,)ɝ }ܝ{p>!{8e_E[yt1ۡ,`uҥ~ :0w!V|i& Z!zC#2~?W Н1# S j=˜Ep߫Ƃ<\Ή_;);9Ņo#3|3-8;񆳲aNwNF?g}=9̹]-iW!me$%Џf!φa"[DyOog(Ҁl FF=qִSaV?GV4G^ !j>NFfiv{Us37Z(]g[*H#_9͟$/15@ TI0TtX9`0GoMo}O?s3O!AUl9QhD1H-JR4Y ! M< Y Dq/SwBb&ADs)ߍPS͂to.Of?pɑ6a%n a')J2beL PT@t;߭Pv,d*CUSZSZ0<0C)ɔRJ<~=vuvw7뭷G'=۵~b*mn͛nSCQwNky\;[yGY+, Fy➥)fŹʓpNq][v:7Gu4WB/swO@A5[3wC9w蛿Kn +{SЗ{Fiqlg1%wgdb >Gv#h) 8{S\"l4NJ}eM;}hہ=HKCH&~vWrffiL_ziz>kLF>_lUZ[<5^QRS~;eY؟j}Ǵ=Cm^lni/`>̷}[Nj} ܍wv>žp\z hmNb@DN@ql3.B|Uiܹu)S "dkJ.8Px:!X/e|kmqf5mq2D`wN| 16{x@Eݣbǥ];S %靆=q{rArA }sg={ Ә(ˑ]%&qruѷL\pK"\+ަx+% :9%=ǩiCLYǖhD)g(p]8G>>/G=eЍ=ldb Mi8 3k`\hup440n81m69e68f9]0^1_`3a4b5c6d799\5[V30U21T12S03Z74Y65X56W4786Q485R943291807K26L5I04J13O6P71M490N5859H3G8D52C43F70E61@16?07B34A25698=2>9941:50;63<72505614727836-   S @ | :( %  @SDS  's^ 2#M"h!N$"Ƶ1ç^:zV.oWxH'(Hp:h9,_w0ڠJv-qv7"hwEP{$CorwJW==΢z\}I)t6(O`0@/k^_G&cDH,L*o;K$l(#ɛ]N%¼uNcg];jM 4Z~ vo!v=9a^9'T'j!!L<"H B! %`BD""B"gk - ƈ9dL̝i%4P-L.lGx QۘV)4_ L#U}d8 Ѱá[وyJ[ZFVrv\2ń, akPYhb=/{C!q= ;GY1UڗX1q"צMFfm.=!NX;1WwSƪ(B}x|7ƶc: }Ň0a%|XF|*jqYUfBkjn(MAeƉ๋32v-oĵʋrQHhwZVSy0x"3Y p}~`%*|OǓ3L\ɚR >Ʃ24gĊi Ӭӡ.JzHwU=̋Z1إZ"|17lBb#um{!/ L\ɗx-qR3H #@s0.,+eJ2_|[\?*3HǠ 4EN2%lzH1bwiz/:+EPJltO 7(1CŅpz1+/7qO:p@  6pp@84p( `P tPA2 ``eWfXBQI \2>!^睥8Oc?ETe&Z᷊=.Dl;`Hbrx;KxX:v~n.-;CQUe~g'`:Z?j BX]D44.$*d v2 rL,z!)Fe WU&"{Ud Ke1[lCSMHILp 'cLܩk"gXῊ[|̔$UEig0a„ $`*B<@AnǬE*+oK9$5՝5FHZC%z=^Ch E.!GVNOz$wB,MT1J/VUX#>sEM ($w(T CVݓS;j # 27 #`  A a@ğ$) kSa_FDUi|\^EA܉v<=rs+Teo$MW:et ^}u|YcDI>[ѨWZ'h^{HО:_XuU݄+z=$gIddl<:tC0HCh?8'ny*,}I^,v舞o{v JO>p_mn̗^^}g w}*3 F%(ߩAwl*r L#R?b6Wد7L=B+__{7?\ZV 0dKtt[Ɩt} |k/ܿk ;ͦ\l4\ œhY; v]a&a̳4Ƴ6=Cc爻I[>A7~BnnBdOl1f =V,Aud H]c֖Ӎ,1 8MaNзVUS.zQ_ZzR5z1\t?9{p(KJ%zsӷۃ_I_`M>*fuJu`h6/N~ByF-wtjqEUir/v/g| d tp'"5;ppFʶtK ̒Reb p} ŬӋ+@@ʸзy(֩@䌪"} *ŀԻSb6@S|@a7 l~|eW /,W^IJpjrRQ(PjNz>hb%H=czhX|ٲ