committing changes in /etc made by "-bash"

Package changes:

.etckeeper

@@ -23,6 +23,7 @@ mkdir -p './cxs/newusers'
 mkdir -p './dbus-1/session.d'
 mkdir -p './dconf/db/local.d/locks'
 mkdir -p './dconf/db/site.d/locks'
+mkdir -p './debuginfod'
 mkdir -p './dkms/framework.conf.d'
 mkdir -p './dnf/aliases.d'
 mkdir -p './dnf/modules.defaults.d'
@@ -252,6 +253,7 @@ maybe chmod 0644 'authselect/postlogin'
 maybe chmod 0644 'authselect/smartcard-auth'
 maybe chmod 0644 'authselect/system-auth'
 maybe chmod 0644 'authselect/user-nsswitch.conf'
+maybe chmod 0644 'authselect/user-nsswitch.conf.save_by_rpm'
 maybe chmod 0755 'awstats'
 maybe chmod 0644 'awstats/awstats.192.168.1.2.conf'
 maybe chmod 0644 'awstats/awstats.club3d.ro.conf'
@@ -518,7 +520,6 @@ maybe chmod 0755 'dconf/db/site.d/locks'
 maybe chmod 0755 'dconf/profile'
 maybe chmod 0644 'dconf/profile/user'
 maybe chmod 0755 'debuginfod'
-maybe chmod 0644 'debuginfod/elfutils.urls'
 maybe chmod 0755 'default'
 maybe chmod 0640 'default/color'
 maybe chmod 0644 'default/grub'
@@ -997,6 +998,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew'
 maybe chmod 0644 'httpd/conf.d/php.conf'
 maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
 maybe chmod 0644 'httpd/conf.d/squid.conf'
+maybe chmod 0644 'httpd/conf.d/ssl.conf'
 maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
 maybe chmod 0644 'httpd/conf.d/userdir.conf'
 maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -1148,23 +1150,23 @@ maybe chmod 0644 'issue.rpmnew'
 maybe chmod 0644 'issue.rpmsave'
 maybe chmod 0755 'java'
 maybe chmod 0755 'java/java-1.8.0-openjdk'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/calendars.properties'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/logging.properties'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/blacklisted.certs'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.policy'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.cfg'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.fips.cfg'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/local_policy.jar'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/local_policy.jar'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/calendars.properties'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/logging.properties'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/blacklisted.certs'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.policy'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.security'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.cfg'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.fips.cfg'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/local_policy.jar'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/local_policy.jar'
 maybe chmod 0755 'java/security'
 maybe chmod 0755 'java/security/security.d'
 maybe chmod 0755 'jvm'
@@ -4173,7 +4175,6 @@ maybe chmod 0644 'modprobe.d/rds.conf'
 maybe chmod 0644 'modprobe.d/sctp.conf'
 maybe chmod 0640 'modprobe.d/squashfs.conf'
 maybe chmod 0644 'modprobe.d/tipc.conf'
-maybe chmod 0644 'modprobe.d/truescale.conf'
 maybe chmod 0644 'modprobe.d/tuned.conf'
 maybe chmod 0640 'modprobe.d/udf.conf'
 maybe chmod 0640 'modprobe.d/vfat.conf'
@@ -4844,6 +4845,7 @@ maybe chmod 0644 'nginx/uwsgi_params'
 maybe chmod 0644 'npmrc'
 maybe chmod 0755 'nrpe.d'
 maybe chmod 0644 'nsswitch.conf'
+maybe chmod 0644 'nsswitch.conf.save_by_rpm'
 maybe chmod 0755 'oddjob'
 maybe chmod 0644 'oddjobd.conf'
 maybe chmod 0755 'oddjobd.conf.d'
@@ -5410,8 +5412,6 @@ maybe chmod 0644 'profile.d/colorxzgrep.sh'
 maybe chmod 0644 'profile.d/colorzgrep.csh'
 maybe chmod 0644 'profile.d/colorzgrep.sh'
 maybe chmod 0644 'profile.d/csh.local'
-maybe chmod 0644 'profile.d/debuginfod.csh'
-maybe chmod 0644 'profile.d/debuginfod.sh'
 maybe chmod 0644 'profile.d/gawk.csh'
 maybe chmod 0644 'profile.d/gawk.sh'
 maybe chmod 0640 'profile.d/grc.sh'
@@ -5679,6 +5679,7 @@ maybe chmod 0755 'security/namespace.d'
 maybe chmod 0755 'security/namespace.init'
 maybe chmod 0600 'security/opasswd'
 maybe chmod 0644 'security/pam_env.conf'
+maybe chmod 0644 'security/pwhistory.conf'
 maybe chmod 0644 'security/pwquality.conf'
 maybe chmod 0755 'security/pwquality.conf.d'
 maybe chmod 0644 'security/sepermit.conf'
@@ -5967,6 +5968,7 @@ maybe chmod 0644 'systemd/coredump.conf'
 maybe chmod 0644 'systemd/journald.conf'
 maybe chmod 0644 'systemd/logind.conf'
 maybe chmod 0644 'systemd/logind.conf.rpmnew'
+maybe chmod 0644 'systemd/pstore.conf'
 maybe chmod 0644 'systemd/resolved.conf'
 maybe chmod 0755 'systemd/system'
 maybe chmod 0644 'systemd/system.conf'
@@ -6022,7 +6024,6 @@ maybe chmod 0755 'udev'
 maybe chmod 0444 'udev/hwdb.bin'
 maybe chmod 0755 'udev/hwdb.d'
 maybe chmod 0755 'udev/rules.d'
-maybe chmod 0644 'udev/rules.d/70-persistent-ipoib.rules'
 maybe chmod 0644 'udev/rules.d/70-snap.snapd.rules'
 maybe chmod 0644 'udev/rules.d/75-cd-aliases-generator.rules'
 maybe chmod 0644 'udev/rules.d/75-persistent-net-generator.rules'

almalinux-release

@@ -1 +1 @@
-AlmaLinux release 8.7 (Stone Smilodon)
+AlmaLinux release 8.8 (Sapphire Caracal)

almalinux-release-upstream

@@ -1 +1 @@
-Derived from Red Hat Enterprise Linux 8.7 (Source)
+Derived from Red Hat Enterprise Linux 8.8 (Source)

alternatives/alt-java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/alt-java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/alt-java

alternatives/alt-java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/java

alternatives/java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/jjs

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/jjs
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/jjs

alternatives/jjs.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/jre

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre

alternatives/jre_1.8.0

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre

alternatives/jre_1.8.0_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64
+/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64

alternatives/jre_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre

alternatives/keytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/keytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/keytool

alternatives/keytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/orbd

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/orbd
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/orbd

alternatives/orbd.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/pack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/pack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/pack200

alternatives/pack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/policytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/policytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/policytool

alternatives/policytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/rmid

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/rmid
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/rmid

alternatives/rmid.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/rmiregistry

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/rmiregistry
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/rmiregistry

alternatives/rmiregistry.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/servertool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/servertool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/servertool

alternatives/servertool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/tnameserv

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/tnameserv
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/tnameserv

alternatives/tnameserv.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

alternatives/unpack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/unpack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/unpack200

alternatives/unpack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz
+/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz

authselect/user-nsswitch.conf

@@ -35,8 +35,6 @@
 #
 # Notes:
 #
-# 'sssd' performs its own 'files'-based caching, so it should generally
-# come before 'files'.
 #
 # WARNING: Running nscd with a secondary caching service like sssd may
 # 	   lead to unexpected behaviour, especially with how long
@@ -53,9 +51,9 @@
 # group:     db files
 
 # In order of likelihood of use to accelerate lookup.
-passwd:      sss files systemd
+passwd:      files sss systemd
 shadow:     files sss
-group:       sss files systemd
+group:       files sss systemd
 hosts:      files dns myhostname
 services:   files sss
 netgroup:   sss

authselect/user-nsswitch.conf.save_by_rpm

@@ -0,0 +1,72 @@
+#
+# /etc/nsswitch.conf
+#
+# Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
+#
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use Samba winbind support
+#	wins			Use Samba wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
+
+# In order of likelihood of use to accelerate lookup.
+passwd:      sss files systemd
+shadow:     files sss
+group:       sss files systemd
+hosts:      files dns myhostname
+services:   files sss
+netgroup:   sss
+automount:  files sss
+
+aliases:    files
+ethers:     files
+gshadow:    files
+# Allow initgroups to default to the setting for group.
+# initgroups: files
+networks:   files dns
+protocols:  files
+publickey:  files
+rpc:        files

debuginfod/elfutils.urls

@@ -1 +0,0 @@
-https://debuginfod.centos.org/

httpd/conf.d/ssl.conf

@@ -0,0 +1,203 @@
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTPS port in addition.
+#
+Listen 443 https
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   List the protocol versions which clients are allowed to connect with.
+#   The OpenSSL system profile is used by default.  See
+#   update-crypto-policies(8) for more details.
+#SSLProtocol all -SSLv3
+#SSLProxyProtocol all -SSLv3
+
+#   User agents such as web browsers are not configured for the user's
+#   own preference of either security or performance, therefore this
+#   must be the prerogative of the web server administrator who manages
+#   cpu load versus confidentiality, so enforce the server's cipher order.
+SSLHonorCipherOrder on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+#   The OpenSSL system profile is configured by default.  See
+#   update-crypto-policies(8) for more details.
+SSLCipherSuite PROFILE=SYSTEM
+SSLProxyCipherSuite PROFILE=SYSTEM
+
+#   Point SSLCertificateFile at a PEM encoded certificate.  If
+#   the certificate is encrypted, then you will be prompted for a
+#   pass phrase.  Note that restarting httpd will prompt again.  Keep
+#   in mind that if you have both an RSA and a DSA certificate you
+#   can configure both in parallel (to also allow the use of DSA
+#   ciphers, etc.)
+#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
+#   require an ECC certificate which can also be configured in
+#   parallel.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+#   ECC keys, when in use, can also be configured in parallel
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convenience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+    SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is sent or allowed to be received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is sent and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+

java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.security

@@ -240,9 +240,7 @@ package.access=sun.,\
                com.sun.activation.registries.,\
                jdk.jfr.events.,\
                jdk.jfr.internal.,\
-               jdk.management.jfr.internal.,\
-               org.GNOME.Accessibility.,\
-               org.GNOME.Bonobo.
+               jdk.management.jfr.internal.
 
 #
 # List of comma-separated packages that start with or equal this string
@@ -295,9 +293,7 @@ package.definition=sun.,\
                    com.sun.activation.registries.,\
                    jdk.jfr.events.,\
                    jdk.jfr.internal.,\
-                   jdk.management.jfr.internal.,\
-                   org.GNOME.Accessibility.,\
-                   org.GNOME.Bonobo.
+                   jdk.management.jfr.internal.
 
 #
 # Determines whether this properties file can be appended to
@@ -316,7 +312,7 @@ security.useSystemPropertiesFile=true
 # Specifies the system certificate store
 # This property may be disabled using an empty value
 #
-security.systemCACerts=/etc/pki/java/cacerts
+security.systemCACerts=${java.home}/lib/security/cacerts
 
 #
 # Determines the default key and trust manager factory algorithms for

logrotate.d/btmp

@@ -2,6 +2,6 @@
 /var/log/btmp {
     missingok
     monthly
-    create 0600 root utmp
+    create 0660 root utmp
     rotate 1
 }

logrotate.d/syslog

@@ -7,6 +7,6 @@
     missingok
     sharedscripts
     postrotate
-        /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
+        /usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
     endscript
 }

modprobe.d/truescale.conf

@@ -1 +0,0 @@
-install ib_qib modprobe -i ib_qib $CMDLINE_OPTS && /usr/libexec/truescale-serdes.cmds start

nsswitch.conf

@@ -46,8 +46,6 @@ session  include system-auth
 #
 # Notes:
 #
-# 'sssd' performs its own 'files'-based caching, so it should generally
-# come before 'files'.
 #
 # WARNING: Running nscd with a secondary caching service like sssd may
 #        lead to unexpected behaviour, especially with how long
@@ -64,9 +62,9 @@ session  include system-auth
 # group:     db files
 
 # In order of likelihood of use to accelerate lookup.
-passwd:      sss files systemd
+passwd:      files sss systemd
 shadow:     files sss
-group:       sss files systemd
+group:       files sss systemd
 hosts:      files dns myhostname
 services:   files sss
 netgroup:   sss

nsswitch.conf.save_by_rpm

@@ -0,0 +1,83 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+account  include system-auth
+
+session  required pam_selinux.so close
+session  required pam_selinux.so nottys open
+session  required pam_loginuid.so
+session  include system-auth
+[root@mail pam.d]# cat /etc/nsswitch.conf
+#
+# /etc/nsswitch.conf
+#
+# Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
+#
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+#    compat            Use /etc files plus *_compat pseudo-db
+#    db            Use the pre-processed /var/db files
+#    dns            Use DNS (Domain Name Service)
+#    files            Use the local files in /etc
+#    hesiod            Use Hesiod (DNS) for user lookups
+#    nis            Use NIS (NIS version 2), also called YP
+#    nisplus            Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+#    ldap            Use LDAP directory server
+#    myhostname        Use systemd host names
+#    mymachines        Use systemd machine names
+#    mdns*, mdns*_minimal    Use Avahi mDNS/DNS-SD
+#    resolve            Use systemd resolved resolver
+#    sss            Use System Security Services Daemon (sssd)
+#    systemd            Use systemd for dynamic user option
+#    winbind            Use Samba winbind support
+#    wins            Use Samba wins support
+#    wrapper            Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#        lead to unexpected behaviour, especially with how long
+#        entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
+
+# In order of likelihood of use to accelerate lookup.
+passwd:      sss files systemd
+shadow:     files sss
+group:       sss files systemd
+hosts:      files dns myhostname
+services:   files sss
+netgroup:   sss
+automount:  files sss
+
+aliases:    files
+ethers:     files
+gshadow:    files
+# Allow initgroups to default to the setting for group.
+# initgroups: files
+networks:   files dns
+protocols:  files
+publickey:  files
+rpc:        files

pam.d/cockpit

@@ -3,6 +3,8 @@ auth       required     pam_sepermit.so
 auth       substack     password-auth
 auth       include      postlogin
 auth       optional     pam_ssh_add.so
+# List of users to deny access to Cockpit, by default root is included.
+auth       required     pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
 account    required     pam_nologin.so
 account    include      password-auth
 password   include      password-auth

pam.d/systemd-user

@@ -8,4 +8,5 @@ account  include system-auth
 session  required pam_selinux.so close
 session  required pam_selinux.so nottys open
 session  required pam_loginuid.so
+session  required pam_namespace.so
 session  include system-auth

profile.d/debuginfod.csh

@@ -1,16 +0,0 @@
-# $HOME/.login* or similar files may first set $DEBUGINFOD_URLS.
-# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files.
-# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS.
-# See also [man debuginfod-client-config] for other environment variables
-# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS.
-
-if (! $?DEBUGINFOD_URLS) then
-    set prefix="/usr"
-    set DEBUGINFOD_URLS=`sh -c 'cat "$0"/*.urls 2>/dev/null; :' "/etc/debuginfod" | tr '\n' ' '`
-    if ( "$DEBUGINFOD_URLS" != "" ) then
-        setenv DEBUGINFOD_URLS "$DEBUGINFOD_URLS"
-    else
-        unset DEBUGINFOD_URLS
-    endif
-    unset prefix
-endif

profile.d/debuginfod.sh

@@ -1,12 +0,0 @@
-# $HOME/.profile* or similar files may first set $DEBUGINFOD_URLS.
-# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files.
-# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS.
-# See also [man debuginfod-client-config] for other environment variables
-# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS.
-
-if [ -z "$DEBUGINFOD_URLS" ]; then
-    prefix="/usr"
-    DEBUGINFOD_URLS=$(cat "/etc/debuginfod"/*.urls 2>/dev/null | tr '\n' ' ')
-    [ -n "$DEBUGINFOD_URLS" ] && export DEBUGINFOD_URLS || unset DEBUGINFOD_URLS
-    unset prefix
-fi

profile.d/lang.csh

@@ -13,7 +13,7 @@ foreach config (/etc/locale.conf "${HOME}/.i18n")
 end
 
 if (${?LANG_backup}) then
-    set LANG="${LANG_backup}"
+    setenv LANG "${LANG_backup}"
 endif
 
 unset LANG_backup config

security/pwhistory.conf

@@ -0,0 +1,21 @@
+# Configuration for remembering the last passwords used by a user.
+#
+# Enable the debugging logs.
+# Enabled if option is present.
+# debug
+#
+# root account's passwords are also remembered.
+# Enabled if option is present.
+# enforce_for_root
+#
+# Number of passwords to remember.
+# The default is 10.
+# remember = 10
+#
+# Number of times to prompt for the password.
+# The default is 1.
+# retry = 1
+#
+# The directory where the last passwords are kept.
+# The default is /etc/security/opasswd.
+# file = /etc/security/opasswd

selinux/targeted/.policy.sha512

@@ -1 +1 @@
-5020ff024b92d2d5d7a2b0066e3d83e856dfa88046c653658ee78523cb7cb82cc1ba0340b6c33d8a05bd0bc00c73843ee3c21bd8f02774c0117ee1a097701e10
+39819a81a29de9acf96a0e5b0509b4e45648c91f9c9db96e5345dd703622099dc0b0b2672071df7383f208fbd6fddee4f382f222874803430377bc522d200bfa

selinux/targeted/contexts/files/file_contexts

@@ -651,6 +651,7 @@
 /usr/bin/gpg(2)?	--	system_u:object_r:gpg_exec_t:s0
 /dev/cdc-wdm[0-9]	-c	system_u:object_r:modem_device_t:s0
 /dev/floppy/[^/]*	-b	system_u:object_r:removable_device_t:s0
+/dev/pktcdvd[0-7]	-b	system_u:object_r:removable_device_t:s0
 /etc/rsyslog.conf	system_u:object_r:syslog_conf_t:s0
 /dev/raw/raw[0-9]+	-c	system_u:object_r:fixed_disk_device_t:s0
 /dev/stratis(/.*)?	system_u:object_r:stratisd_data_t:s0
@@ -816,6 +817,7 @@
 /dev/watchdog.*	-c	system_u:object_r:watchdog_device_t:s0
 /dev/winradio.*	-c	system_u:object_r:v4l_device_t:s0
 /dev/ataraid/.*	-b	system_u:object_r:fixed_disk_device_t:s0
+/dev/pktcdvd/.+	-b	system_u:object_r:removable_device_t:s0
 /var/run/wsgi.*	-s	system_u:object_r:httpd_var_run_t:s0
 /dev/shm/mono.*	system_u:object_r:user_tmp_t:s0
 /var/log/cron.*	system_u:object_r:cron_log_t:s0
@@ -4306,6 +4308,7 @@
 /usr/sbin/lvmsadc	--	system_u:object_r:lvm_exec_t:s0
 /usr/sbin/metalog	--	system_u:object_r:syslogd_exec_t:s0
 /usr/sbin/mkdosfs	--	system_u:object_r:fsadm_exec_t:s0
+/usr/sbin/mkudffs	--	system_u:object_r:fsadm_exec_t:s0
 /usr/sbin/nfsdcld	--	system_u:object_r:rpcd_exec_t:s0
 /usr/sbin/nologin	--	system_u:object_r:shell_exec_t:s0
 /usr/sbin/ntpdate	--	system_u:object_r:ntpdate_exec_t:s0
@@ -4352,6 +4355,7 @@
 /usr/sbin/vnstatd	--	system_u:object_r:vnstatd_exec_t:s0
 /usr/sbin/wpa_cli	--	system_u:object_r:wpa_cli_exec_t:s0
 /var/dnscache/run	--	system_u:object_r:svc_run_exec_t:s0
+/var/log/sudo\.log	--	system_u:object_r:sudo_log_t:s0
 /var/run/abrt\.pid	--	system_u:object_r:abrt_var_run_t:s0
 /var/run/apmd\.pid	--	system_u:object_r:apmd_var_run_t:s0
 /var/run/gpsd\.pid	--	system_u:object_r:gpsd_var_run_t:s0
@@ -4498,6 +4502,7 @@
 /usr/sbin/ns-slapd	--	system_u:object_r:dirsrv_exec_t:s0
 /usr/sbin/opendkim	--	system_u:object_r:dkim_milter_exec_t:s0
 /usr/sbin/openhpid	--	system_u:object_r:openhpid_exec_t:s0
+/usr/sbin/pktsetup	--	system_u:object_r:fsadm_exec_t:s0
 /usr/sbin/pmap_set	--	system_u:object_r:portmap_helper_exec_t:s0
 /usr/sbin/postdrop	--	system_u:object_r:postfix_postdrop_exec_t:s0
 /usr/sbin/postgrey	--	system_u:object_r:postgrey_exec_t:s0
@@ -4521,6 +4526,7 @@
 /usr/sbin/synaptic	--	system_u:object_r:rpm_exec_t:s0
 /usr/sbin/tmpwatch	--	system_u:object_r:tmpreaper_exec_t:s0
 /usr/sbin/udevsend	--	system_u:object_r:udev_exec_t:s0
+/usr/sbin/udflabel	--	system_u:object_r:fsadm_exec_t:s0
 /usr/sbin/updfstab	--	system_u:object_r:updfstab_exec_t:s0
 /usr/sbin/utempter	--	system_u:object_r:utempter_exec_t:s0
 /usr/sbin/validate	--	system_u:object_r:chkpwd_exec_t:s0
@@ -4875,6 +4881,7 @@
 /var/run/\.iroha_unix	-d	system_u:object_r:canna_var_run_t:s0
 /dev/cpu_dma_latency	-c	system_u:object_r:netcontrol_device_t:s0
 /dev/network_latency	-c	system_u:object_r:netcontrol_device_t:s0
+/dev/pktcdvd/control	-c	system_u:object_r:pktcdvd_control_device_t:s0
 /var/run/auditd_sock	-s	system_u:object_r:auditd_var_run_t:s0
 /var/run/charon\.vici	-s	system_u:object_r:ipsec_var_run_t:s0
 /var/run/docker\.sock	-s	system_u:object_r:container_var_run_t:s0
@@ -5301,6 +5308,7 @@
 /usr/sbin/nsd-checkzone	--	system_u:object_r:nsd_exec_t:s0
 /usr/sbin/ods-enforcerd	--	system_u:object_r:opendnssec_exec_t:s0
 /usr/sbin/open_init_pty	--	system_u:object_r:initrc_exec_t:s0
+/usr/sbin/pktcdvd-check	--	system_u:object_r:fsadm_exec_t:s0
 /usr/sbin/puppetmasterd	--	system_u:object_r:puppetmaster_exec_t:s0
 /usr/sbin/rpc\.yppasswdd	--	system_u:object_r:yppasswdd_exec_t:s0
 /usr/sbin/stop-ds-admin	--	system_u:object_r:dirsrvadmin_exec_t:s0
@@ -6266,6 +6274,7 @@
 /usr/lib/nagios/plugins/check_file_age	--	system_u:object_r:nagios_admin_plugin_exec_t:s0
 /usr/lib/nspluginwrapper/plugin-config	--	system_u:object_r:mozilla_plugin_config_exec_t:s0
 /usr/lib/pgsql/test/regress/pg_regress	--	system_u:object_r:postgresql_exec_t:s0
+/usr/lib/systemd/systemd-socket-proxyd	--	system_u:object_r:systemd_socket_proxyd_exec_t:s0
 /usr/share/cluster/fence_scsi_check\.pl	--	system_u:object_r:fenced_exec_t:s0
 /usr/share/gnucash/finance-quote-check	--	system_u:object_r:bin_t:s0
 /usr/share/munin/plugins/http_loadtime	--	system_u:object_r:services_munin_plugin_exec_t:s0
@@ -6397,6 +6406,7 @@
 /usr/share/doc/ghc/html/libraries/gen_contents_index	--	system_u:object_r:bin_t:s0
 /usr/share/gitolite/hooks/gitolite-admin/post-update	--	system_u:object_r:bin_t:s0
 /usr/lib/systemd/system/systemd-modules-load\.service	system_u:object_r:systemd_modules_load_unit_file_t:s0
+/usr/lib/systemd/system/systemd-socket-proxyd\.service	--	system_u:object_r:systemd_socket_proxyd_unit_file_t:s0
 /usr/lib64/nagios/plugins/check_number_openshift_apps	--	system_u:object_r:nagios_openshift_plugin_exec_t:s0
 /usr/share/system-config-samba/system-config-samba\.py	--	system_u:object_r:bin_t:s0
 /usr/share/system-config-display/system-config-display	--	system_u:object_r:bin_t:s0

sysconfig/rngd

@@ -1,3 +1,3 @@
 # Optional arguments passed to rngd. See rngd(8) and
 # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
-RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon"
+RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon"

systemd/pstore.conf

@@ -0,0 +1,16 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See pstore.conf(5) for details.
+
+[PStore]
+#Storage=external
+#Unlink=yes

tuned/tuned-main.conf

@@ -49,3 +49,29 @@ log_file_max_size = 1MB
 # It can be used to force tuning for specific architecture.
 # If commented, "/proc/cpuinfo" will be read to fill its content.
 # cpuinfo_string = Intel
+
+# Enable TuneD listening on dbus
+# enable_dbus = 1
+
+# Enable TuneD listening on unix domain socket
+# As this functionality is not used commonly, we disable it by default
+# and it is needed to allow it manually
+# enable_unix_socket = 0
+
+# Path to socket for TuneD to listen
+# Existing files on given path will be removed
+# unix_socket_path = /run/tuned/tuned.sock
+
+# Paths to sockets for TuneD to send signals to separated by , or ;
+# unix_socket_signal_paths =
+
+# Default unix socket ownership
+# Can be set as id or name, -1 or non-existing name leaves unchanged
+# unix_socket_ownership = -1 -1
+
+# Permissions for listening sockets
+# unix_socket_permissions = 0o600
+
+# Size of connections backlog for listen function on socket
+# Higher value allows to process requests from more clients
+# connections_backlog = 1024

udev/rules.d/70-persistent-ipoib.rules

@@ -1,12 +0,0 @@
-# This is a sample udev rules file that demonstrates how to get udev to
-# set the name of IPoIB interfaces to whatever you wish.  There is a
-# 16 character limit on network device names.
-#
-# Important items to note: ATTR{type}=="32" is IPoIB interfaces, and the
-# ATTR{address} match must start with ?* and only reference the last 8
-# bytes of the address or else the address might not match the variable QPN
-# portion.
-#
-# Modern udev is case sensitive and all addresses need to be in lower case.
-#
-# ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTR{type}=="32", ATTR{address}=="?*00:02:c9:03:00:31:78:f2", NAME="mlx4_ib3"

vmware-tools/tools.conf.example

@@ -436,22 +436,37 @@
 
 [autoupgrade]
 
-# The autoupgrade plugin is only available for Windows.
-
 # The "allow-upgrade" option controls whether automatic upgrades (or reinstalls)
-# are allowed. The two options "allow-add-feature" and "allow-remove-feature"
-# control whether adding or removing a feature will be allowed. The two latter
-# ones only affect Windows tools.
-
+# are allowed.
 #allow-upgrade=true
+
+# The autoupgrade plugin is only available for Windows.
+# The "allow-add-feature" and "allow-remove-feature" control whether adding
+# or removing a feature will be allowed.
+# The allow-msi-transforms option controls whether TRANSFORMS property is
+# allowed.
+
 #allow-add-feature=true
 #allow-remove-feature=true
+#allow-msi-transforms=false
 
 [deployPkg]
 
 # to disable guest customization
 #enable-customization=false
 
+# This "wait-cloudinit-timeout" option controls how long does guest
+# customization wait for cloud-init execution done when it detects cloud-init
+# is available in guest.
+# Guest customization will continue executing as soon as it detects cloud-init
+# execution done within this option's value in seconds.
+# If cloud-init is still running beyond this option's value in seconds, guest
+# customization will continue executing regardless cloud-init execution status.
+# Minimum valid value is 0 second, set to 0 to disable waiting.
+# Maximum valid value is 1800 seconds (30 minutes).
+# Default value is 30 seconds.
+#wait-cloudinit-timeout=30
+
 [cbhelper]
 
 # The carbonblack helper plugin is only available for Windows.