From 5377ddcffe2e0a165f1d0f54687d7dae64dbaa69 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 08 2021 08:09:36 +0000 Subject: import selinux-policy-3.14.3-59.el8 --- diff --git a/.gitignore b/.gitignore index a93c7c2..629ed8d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-7216241.tar.gz -SOURCES/selinux-policy-contrib-63e387b.tar.gz +SOURCES/selinux-policy-a872c0a.tar.gz +SOURCES/selinux-policy-contrib-1bb6b5d.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index b924741..ce8038e 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -bd53e20b8eb7343a895a15e0f3314316df9869b5 SOURCES/container-selinux.tgz -b50c79d98b09d963a6b89554bb736c2daf2db691 SOURCES/selinux-policy-7216241.tar.gz -77fdab81154ae52cfdcd535b8ab9f376e26ae416 SOURCES/selinux-policy-contrib-63e387b.tar.gz +0672d81ce36ecf0cd3909b5ea73eca95f4e89e1d SOURCES/container-selinux.tgz +aecffa2fc4ba4105d7f71c980700953d126deb54 SOURCES/selinux-policy-a872c0a.tar.gz +ba0dd435f3d48783320fe8d823716e5370396699 SOURCES/selinux-policy-contrib-1bb6b5d.tar.gz diff --git a/SOURCES/modules-targeted-contrib.conf b/SOURCES/modules-targeted-contrib.conf index 02c9839..7c6c66d 100644 --- a/SOURCES/modules-targeted-contrib.conf +++ b/SOURCES/modules-targeted-contrib.conf @@ -2389,13 +2389,6 @@ minissdpd = module freeipmi = module # Layer: contrib -# Module: freeipmi -# -# ipa policy module contain SELinux policies for IPA services -# -ipa = module - -# Layer: contrib # Module: mirrormanager # # mirrormanager policy diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 393ae06..4b55ec4 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 7216241330785c138778ad31a9871b7628ae127f +%global commit0 a872c0a80e32612bd2fb406f63d1cfc61355c9d3 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 63e387b4b66208466437d882df6f5d8f55bd8ba1 +%global commit1 1bb6b5d8d840a2f4619d521faca8d5e7195792f2 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 58%{?dist} +Release: 59%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -715,6 +715,32 @@ exit 0 %endif %changelog +* Thu Dec 17 2020 Zdenek Pytela - 3.14.3-59 +- Add cron_dbus_chat_system_job() interface +Resolves: rhbz#1883906 +- Dontaudit firewalld dac_override capability +Resolves: rhbz#1759010 +- Allow tcsd the setgid capability +Resolves: rhbz#1898694 +- Allow timedatex dbus chat with cron system domain +Resolves: rhbz#1883906 +- Allow systemd_hostnamed_t domain to dbus chat with sosreport_t domain +Resolves: rhbz#1854299 +- Allow pcp-pmcd manage perf_events +Resolves: rhbz#1901958 +- Label /dev/isst_interface as cpu_device_t +Resolves: rhbz#1902227 +- Allow ipsec set the context of a SPD entry to the default context +Resolves: rhbz#1880474 +- Allow sysadm_u user and unconfined_domain_type manage perf_events +Resolves: rhbz#1901958 +- Add manage_perf_event_perms object permissions set +Resolves: rhbz#1901958 +- Add perf_event access vectors. +Resolves: rhbz#1901958 +- Remove "ipa = module" from modules-targeted-contrib.conf +Resolves: rhbz#1461914 + * Thu Dec 3 2020 Zdenek Pytela - 3.14.3-58 - Allow kexec manage generic tmp files Resolves: rhbz#1896424