From 05fb517c90ca63c44475836508d3946a4eb6c232 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Nov 13 2020 09:13:13 +0000 Subject: * Fri Nov 13 2020 Zdenek Pytela - 3.14.7-8 - Set correct default file context for /usr/libexec/pcp/lib/* - Introduce rpmdb_t type - Allow slapd manage files/dirs in ldap certificates directory - Revert "Allow certmonger add new entries in a generic certificates directory" - Allow certmonger add new entries in a generic certificates directory - Allow slapd add new entries in ldap certificates directory - Remove retired PCP pmwebd and pmmgr daemons (since 5.0) - Let keepalived bind a raw socket - Add default file context for /usr/libexec/pcp/lib/* - squid: Allow net_raw capability when squid_use_tproxy is enabled - systemd: allow networkd to check namespaces - Add ability to read init_var_run_t where fs_read_efivarfs_files is allowed - Allow resolved to created varlink sockets and the domain to talk to it - selinux: tweak selinux_get_enforce_mode() to allow status page to be used - systemd: allow all systemd services to check selinux status - Set default file context for /var/lib/ipsec/nss - Allow user domains transition to rpmdb_t - Revert "Add miscfiles_add_entry_generic_cert_dirs() interface" - Revert "Add miscfiles_create_generic_cert_dirs() interface" - Update miscfiles_manage_all_certs() to include managing directories - Add miscfiles_create_generic_cert_dirs() interface - Add miscfiles_add_entry_generic_cert_dirs() interface - Revert "Label /var/run/zincati/public/motd.d/* as motd_var_run_t" --- diff --git a/selinux-policy.spec b/selinux-policy.spec index b03d204..356d434 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 4e77f92781238f6f7d58bdc54de4782e12e87802 +%global commit0 a324430fd4e7a1bf6aa64757a951a8a6320aa47e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 8b0ce8bfc91e990efcfb03ce3defae0b17682a7d +%global commit1 0cfef67283f2b55664c99611f2fcdf8fd47c63d9 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -807,6 +807,31 @@ exit 0 %endif %changelog +* Fri Nov 13 2020 Zdenek Pytela - 3.14.7-8 +- Set correct default file context for /usr/libexec/pcp/lib/* +- Introduce rpmdb_t type +- Allow slapd manage files/dirs in ldap certificates directory +- Revert "Allow certmonger add new entries in a generic certificates directory" +- Allow certmonger add new entries in a generic certificates directory +- Allow slapd add new entries in ldap certificates directory +- Remove retired PCP pmwebd and pmmgr daemons (since 5.0) +- Let keepalived bind a raw socket +- Add default file context for /usr/libexec/pcp/lib/* +- squid: Allow net_raw capability when squid_use_tproxy is enabled +- systemd: allow networkd to check namespaces +- Add ability to read init_var_run_t where fs_read_efivarfs_files is allowed +- Allow resolved to created varlink sockets and the domain to talk to it +- selinux: tweak selinux_get_enforce_mode() to allow status page to be used +- systemd: allow all systemd services to check selinux status +- Set default file context for /var/lib/ipsec/nss +- Allow user domains transition to rpmdb_t +- Revert "Add miscfiles_add_entry_generic_cert_dirs() interface" +- Revert "Add miscfiles_create_generic_cert_dirs() interface" +- Update miscfiles_manage_all_certs() to include managing directories +- Add miscfiles_create_generic_cert_dirs() interface +- Add miscfiles_add_entry_generic_cert_dirs() interface +- Revert "Label /var/run/zincati/public/motd.d/* as motd_var_run_t" + * Tue Nov 3 2020 Petr Lautrbach - 3.14.7-7 - Rebuild with latest libsepol - Bump policy version to 33 diff --git a/sources b/sources index b4906f3..841c650 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-4e77f92.tar.gz) = acf129d102d1741d8dc55002628837f365aa1c22ba08d2ee7ce5ce1629cf48e8016e64310435dcf326adb415dfee03d155203421ad30a46c75a7f16c679671ae -SHA512 (selinux-policy-contrib-8b0ce8b.tar.gz) = c5678da3b974b8a0feb227d5bbe992e971fdd1d4230058ceff1244b58032e85444c7cbe6a258b4a3a54518cde59186f6018b38ad61c648224adea15bd9b822e5 -SHA512 (container-selinux.tgz) = 046f16309786d60efbcec3ffcc90b7d0175592adaffd3de895770dcd507860029e633aee0f8f4827f57fd7cef5cfe31260dd008a91e6368a434668e058f43275 +SHA512 (selinux-policy-a324430.tar.gz) = ea00f0e2e50f07d3394a38dc1c407e9d6848db26fd1c1b3a9550c8b109d3cc1d960ebff3f6b73d99a82bc5899790dfe87795f185d3de15eca9e1f5f9d5b8bbcd +SHA512 (selinux-policy-contrib-0cfef67.tar.gz) = b894731b619fd015e47a39398e41b58d74b308f0f5bf6a5bcf9adb945854c49af160d7d5d111bad08df4f0c0e98c7588f4630469b11c65c51b1b51777868a1f0 +SHA512 (container-selinux.tgz) = 08fe2e197630012f3937ffa18bee5c658494e559ae3aa332bd9fac8a22ee4f7f12142ed18f92bd56486201798f3170cab3a1ed10241e7ebc91af2e1aafd42c68 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4