From 26af380b9a376af4f7306fb67d91d59ccfc28a3c Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Jun 17 2024 22:38:14 +0000 Subject: * Mon Jun 17 2024 Zdenek Pytela - 41.4-1 - Allow login_userdomain execute systemd-tmpfiles in the caller domain - Allow virt_driver_domain read files labeled unconfined_t - Allow virt_driver_domain dbus chat with policykit - Allow virtqemud manage nfs files when virt_use_nfs boolean is on - Add rules for interactions between generators - Label memory.pressure files with cgroup_memory_pressure_t - Revert "Allow some systemd services write to cgroup files" - Update policy for systemd-nsresourced - Label /usr/bin/ntfsck with fsadm_exec_t - Allow systemd_fstab_generator_t read tmpfs files - Update policy for systemd-nsresourced - Alias /usr/sbin to /usr/bin and change all /usr/sbin paths to /usr/bin - Remove a few lines duplicated between {dkim,milter}.fc - Alias /bin → /usr/bin and remove redundant paths - Drop duplicate line for /usr/sbin/unix_chkpwd - Drop duplicate paths for /usr/sbin --- diff --git a/changelog b/changelog index f22f142..fe75d58 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,21 @@ +* Mon Jun 17 2024 Zdenek Pytela - 41.4-1 +- Allow login_userdomain execute systemd-tmpfiles in the caller domain +- Allow virt_driver_domain read files labeled unconfined_t +- Allow virt_driver_domain dbus chat with policykit +- Allow virtqemud manage nfs files when virt_use_nfs boolean is on +- Add rules for interactions between generators +- Label memory.pressure files with cgroup_memory_pressure_t +- Revert "Allow some systemd services write to cgroup files" +- Update policy for systemd-nsresourced +- Label /usr/bin/ntfsck with fsadm_exec_t +- Allow systemd_fstab_generator_t read tmpfs files +- Update policy for systemd-nsresourced +- Alias /usr/sbin to /usr/bin and change all /usr/sbin paths to /usr/bin +- Remove a few lines duplicated between {dkim,milter}.fc +- Alias /bin → /usr/bin and remove redundant paths +- Drop duplicate line for /usr/sbin/unix_chkpwd +- Drop duplicate paths for /usr/sbin + * Tue Jun 11 2024 Zdenek Pytela - 41.3-1 - Update systemd-generator policy - Remove permissive domain for bootupd_t diff --git a/selinux-policy.spec b/selinux-policy.spec index 175aaa4..2cec803 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -5,7 +5,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 8acf4e61c347a2b851ad68324a6489aa75791fcd +%global commit 0a6aeb9f221dfd7ba88d9dd12661365fc2dad715 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -17,7 +17,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 41.3 +Version: 41.4 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz diff --git a/sources b/sources index 704a5cc..f202b14 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-8acf4e6.tar.gz) = 46f1c91f783216524c59c768da586431b0b4a1b0e89ffd938065b924968148d7a87b501a6417a874e62243bb8ab69d46d48fa9840ff855152e204ca1e94c3b12 +SHA512 (selinux-policy-0a6aeb9.tar.gz) = 4be34d963716b202e29c81f0b0a1d351c845507de77edf0b7affa4fc16545bb5c33a6e441dd8c3bfa033db705248836ed6f036b934ba2a7752a32a63f3176260 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = ab6916605d56e8d122d4f64d1c14cd5395c1078143c91986e50208fccb717e2e905b4d7ad2989c92307a1edf64d82e69be1d225c599af326939e5bd6839d12b5 +SHA512 (container-selinux.tgz) = f1f0f01224330f3f7677277be198c978913098210a8f0d18ca8f51329fd5fec63009ab0b9217e7de0c0a8a9be39182780bef22cb57e7f9e05d90acce71846c34