From 1cbbaa638f64a596001644f9366a070bc31cdc7e Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Mar 15 2024 17:51:08 +0000 Subject: * Fri Mar 15 2024 Zdenek Pytela - 40.15-1 - Update mmap_rw_file_perms to include the lock permission - Allow plymouthd log during shutdown - Add logging_watch_all_log_dirs() and logging_watch_all_log_files() - Allow journalctl_t read filesystem sysctls - Allow cgred_t to get attributes of cgroup filesystems - Allow wdmd read hardware state information - Allow wdmd list the contents of the sysfs directories - Allow linuxptp configure phc2sys and chronyd over a unix domain socket - Allow sulogin relabel tty1 - Dontaudit sulogin the checkpoint_restore capability - Modify sudo_role_template() to allow getpgid - Remove incorrect "local" usage in varrun-convert.sh --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 7865884..b28fc75 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit a3eca1d9f096c0e178c78e629bb129b178c85f95 +%global commit 2cdf4e71dc3557b4a87b1430edffcddc82e5d835 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,8 +23,8 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.14 -Release: 2%{?dist} +Version: 40.15 +Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -824,6 +824,20 @@ exit 0 %endif %changelog +* Fri Mar 15 2024 Zdenek Pytela - 40.15-1 +- Update mmap_rw_file_perms to include the lock permission +- Allow plymouthd log during shutdown +- Add logging_watch_all_log_dirs() and logging_watch_all_log_files() +- Allow journalctl_t read filesystem sysctls +- Allow cgred_t to get attributes of cgroup filesystems +- Allow wdmd read hardware state information +- Allow wdmd list the contents of the sysfs directories +- Allow linuxptp configure phc2sys and chronyd over a unix domain socket +- Allow sulogin relabel tty1 +- Dontaudit sulogin the checkpoint_restore capability +- Modify sudo_role_template() to allow getpgid +- Remove incorrect "local" usage in varrun-convert.sh + * Thu Mar 07 2024 Zdenek Pytela - 40.14-2 - Update varrun-convert.sh script to check for existing duplicate entries diff --git a/sources b/sources index 45f32fc..0ff7dc2 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-a3eca1d.tar.gz) = 5ab037401bfa1b56bef115eb40f9efc22672bff72df20198245bcbf30519721c342db10d049e44871451943cced4c7d89cc18ff968635b7258889cafb3a55df7 +SHA512 (selinux-policy-2cdf4e7.tar.gz) = bdf76d0847301bcec2e86ffc78fc04e67fc9d59467f6f1d2cdb2fddded9c27252b070557f108e22d973321c9eb74a250d731ea5974bdf590bb95e78ddf9949cd SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 8b1bd65b23ee2c5b25c39b382f259300b16063e2b1ec9ea8b234fcfc449761ee32dcfa5d998f82ffa568fe3de8e384fedd27d3849963aa083ca3ac26f9e48cc0 +SHA512 (container-selinux.tgz) = f9b2b8e299ed78453e84d480b17a00057f3dcbb70bf5397f99640b2addb785ef37cc663e20eaee1c6ab932b890eb96177677c8ffb61ee20993b1ec56f533b1d9 diff --git a/varrun-convert.sh b/varrun-convert.sh index 9ec978d..82fd88a 100755 --- a/varrun-convert.sh +++ b/varrun-convert.sh @@ -80,7 +80,7 @@ sed -i 's/system_u:object_r:\([^:]*\):\(.*\)$/(system_u object_r \1 ((\2) (\2))) sed -i s'/ <>$/ ())/' ${EXTRA_VARRUN_ENTRIES} # Wrap each line with an optional block -local i=1 +i=1 while read line do echo "(optional extra_var_run_${i}"