From 2b76eb38331ac03ab9dddc4ba8991c9b9c593fcf Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Apr 27 2021 17:55:59 +0000 Subject: * Tue Apr 27 2021 Zdenek Pytela - 34.4-1 - Allow domain create anonymous inodes - Add anon_inode class to the policy - Allow systemd-coredump getattr nsfs files and net_admin capability - Allow systemd-sleep transition to sysstat_t - Allow systemd-sleep transition to tlp_t - Allow systemd-sleep transition to unconfined_service_t on bin_t executables - Allow systemd-timedated watch runtime dir and its parent - Allow system dbusd read /var/lib symlinks - Allow unconfined_service_t confidentiality and integrity lockdown - Label /var/lib/brltty with brltty_var_lib_t - Allow domain and unconfined_domain_type watch /proc/PID dirs - Additional permission for confined users loging into graphic session - Make for screen fsetid/setuid/setgid permission conditional - Allow for confined users acces to wtmp and run utempter --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 1753ad2..d586d2c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit e08db953f4e4c662f62d1c8d3ec790c9d0833734 +%global commit 8a1746df03519636f179cc7bcc58029118822a8f %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.3 +Version: 34.4 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -796,6 +796,22 @@ exit 0 %endif %changelog +* Tue Apr 27 2021 Zdenek Pytela - 34.4-1 +- Allow domain create anonymous inodes +- Add anon_inode class to the policy +- Allow systemd-coredump getattr nsfs files and net_admin capability +- Allow systemd-sleep transition to sysstat_t +- Allow systemd -sleep transition to tlp_t +- Allow systemd-sleep transition to unconfined_service_t on bin_t executables +- Allow systemd-timedated watch runtime dir and its parent +- Allow system dbusd read /var/lib symlinks +- Allow unconfined_service_t confidentiality and integrity lockdown +- Label /var/lib/brltty with brltty_var_lib_t +- Allow domain and unconfined_domain_type watch /proc/PID dirs +- Additional permission for confined users loging into graphic session +- Make for screen fsetid/setuid/setgid permission conditional +- Allow for confined users acces to wtmp and run utempter + * Fri Apr 09 2021 Zdenek Pytela - 34.3-1 - Label /etc/redis as redis_conf_t - Add brltty new permissions required by new upstream version diff --git a/sources b/sources index 7877d4b..35b6672 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-e08db95.tar.gz) = f62925deca730f50f0f35e5df400101c6797a3c28ba831275af3b36a3a9171f077d8a0b01e0037d0cfa943210b27386d599268088705dc1bc97937cba17a73d3 -SHA512 (container-selinux.tgz) = 6ffbfb27f709e1c3e1e372a1941303e52f5f7ae8d5cd1334ace51f81b68a05ca8b98fb79174d36add0634f12be85edfc50cccaab121943276f87bddb31ca942f +SHA512 (selinux-policy-8a1746d.tar.gz) = cd17c3daf14cd86ea919e97979889a5111d720e7cc64336d1ff16846cda07b62a1834fd7b18b9ba50aa7f0fb4ec199ec86b2cc278175168266510a750453ce49 +SHA512 (container-selinux.tgz) = 7853f0e7012d1317eb8c0180ca15d8943013e712ee094e22919001b819f8d115adc601fd6ba50d5e17d90232573615319abdcc6407c0687f94be5300339044dc SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4