From 1264eb633569fb648adeae71233f25484da5a71f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 05 2022 11:02:16 +0000 Subject: import selinux-policy-34.1.28-1.el9_0 --- diff --git a/.gitignore b/.gitignore index b7ef001..4f75e87 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-0b21d4c.tar.gz +SOURCES/selinux-policy-9dcf505.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 9c4150c..718aac7 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,2 +1,2 @@ -a405401da19909415b7ee69e2b2cdfed0c0fb03d SOURCES/container-selinux.tgz -b281e81483dc3f6b56caa221d3b42930ee0b7f37 SOURCES/selinux-policy-0b21d4c.tar.gz +ff295d4c0bb4af2a3972c810f93a7fb2c17fbf27 SOURCES/container-selinux.tgz +be1161ae8772afa2747bf1cf58d59828934ba05a SOURCES/selinux-policy-9dcf505.tar.gz diff --git a/SOURCES/booleans-targeted.conf b/SOURCES/booleans-targeted.conf index 274d3cc..b62755a 100644 --- a/SOURCES/booleans-targeted.conf +++ b/SOURCES/booleans-targeted.conf @@ -12,6 +12,7 @@ pppd_can_insmod = false privoxy_connect_any = true selinuxuser_direct_dri_enabled = true selinuxuser_execmem = true +selinuxuser_execstack = true selinuxuser_rw_noexattrfile=true selinuxuser_ping = true squid_connect_any = true diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index c5f39f4..196e803 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 0b21d4c0c4587cf2f8503a27109b729394bc68c1 +%global commit 9dcf505fec91d3cc2feae61d9b76726a98dd6b98 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -19,11 +19,11 @@ %define BUILD_MLS 1 %endif %define POLICYVER 33 -%define POLICYCOREUTILSVER 3.2 +%define POLICYCOREUTILSVER 3.3-5 %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.1.26 +Version: 34.1.28 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -268,6 +268,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \ %ghost %{_sharedstatedir}/selinux/%1/active/seusers.linked \ %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \ %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \ %nil %define relabel() \ @@ -792,6 +793,36 @@ exit 0 %endif %changelog +* Thu Mar 24 2022 Zdenek Pytela - 34.1.28-1 +- Allow logrotate a domain transition to cluster administrative domain +Resolves: rhbz#2061277 +- Change the selinuxuser_execstack boolean value to true +Resolves: rhbz#2064274 + +* Thu Feb 24 2022 Zdenek Pytela - 34.1.27-1 +- Allow ModemManager connect to the unconfined user domain +Resolves: rhbz#2000196 +- Label /dev/wwan.+ with modem_manager_t +Resolves: rhbz#2000196 +- Allow systemd-coredump userns capabilities and root mounton +Resolves: rhbz#2057435 +- Allow systemd-coredump read and write usermodehelper state +Resolves: rhbz#2057435 +- Allow sysadm_passwd_t to relabel passwd and group files +Resolves: rhbz#2053458 +- Allow systemd-sysctl read the security state information +Resolves: rhbz#2056999 +- Remove unnecessary /etc file transitions for insights-client +Resolves: rhbz#2055823 +- Label all content in /var/lib/insights with insights_client_var_lib_t +Resolves: rhbz#2055823 +- Update insights-client policy +Resolves: rhbz#2055823 +- Update insights-client: fc pattern, motd, writing to etc +Resolves: rhbz#2055823 +- Update specfile to buildrequire policycoreutils-devel >= 3.3-5 +- Add modules_checksum to %files + * Thu Feb 17 2022 Zdenek Pytela - 34.1.26-1 - Remove permissive domain for insights_client_t Resolves: rhbz#2055823