From 5fe9485b34c5a5e0eda0b990106e0c0feaafdc16 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 11 2022 18:19:15 +0000 Subject: import selinux-policy-34.1.20-1.el9 --- diff --git a/.gitignore b/.gitignore index 0430c40..cc5a552 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-442902f.tar.gz +SOURCES/selinux-policy-0b4c1a7.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 83f0c24..d5e6e69 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,2 +1,2 @@ -8d849c2b4216bc1686a3633209da18b8ccee2631 SOURCES/container-selinux.tgz -81f38a8b9d37a3e1bfddf98a1518ad997211fac1 SOURCES/selinux-policy-442902f.tar.gz +223e05c2904e656cd85ad50bf98f2a4294f5e361 SOURCES/container-selinux.tgz +c6ce6f465910d0376926a7fa36a54b50dd193619 SOURCES/selinux-policy-0b4c1a7.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 66eec46..023e3e3 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 442902f5605db078a727fe3fad4fb4693a32cad5 +%global commit 0b4c1a7aa0be1129efd7e7749100734416a3a10d %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.1.18 +Version: 34.1.20 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -792,6 +792,50 @@ exit 0 %endif %changelog +* Wed Dec 15 2021 Zdenek Pytela - 34.1.20-1 +- Allow dnsmasq watch /etc/dnsmasq.d directories +Resolves: rhbz#2029866 +- Label /usr/lib/pcs/pcs_snmp_agent with cluster_exec_t +Resolves: rhbz#2029316 +- Allow lldpd use an snmp subagent over a tcp socket +Resolves: rhbz#2028561 +- Allow smbcontrol use additional socket types +Resolves: rhbz#2027751 +- Add write permisson to userfaultfd_anon_inode_perms +Resolves: rhbz#2027660 +- Allow xdm_t watch generic directories in /lib +Resolves: rhbz#1960010 +- Allow xdm_t watch fonts directories +Resolves: rhbz#1960010 +- Label /dev/ngXnY and /dev/nvme-subsysX with fixed_disk_device_t +Resolves: rhbz#2027994 +- Add hwtracing_device_t type for hardware-level tracing and debugging +Resolves: rhbz#2029392 +- Change dev_getattr_infiniband_dev() to use getattr_chr_files_pattern() +Resolves: rhbz#2028791 +- Allow arpwatch get attributes of infiniband_device_t devices +Resolves: rhbz#2028791 +- Allow tcpdump and nmap get attributes of infiniband_device_t +Resolves: rhbz#2028791 + +* Mon Nov 29 2021 Zdenek Pytela - 34.1.19-1 +- Allow redis get attributes of filesystems with extended attributes +Resolves: rhbz#2014611 +- Allow dirsrv read slapd tmpfs files +Resolves: rhbz#2015928 +- Revert "Label /dev/shm/dirsrv/ with dirsrv_tmpfs_t label" +Resolves: rhbz#2015928 +- Allow login_userdomain open/read/map system journal +Resolves: rhbz#2017838 +- Allow login_userdomain read and map /var/lib/systemd files +Resolves: rhbz#2017838 +- Allow nftables read NetworkManager unnamed pipes +Resolves: rhbz#2023456 +- Allow xdm watch generic directories in /var/lib +Resolves: rhbz#1960010 +- Allow xdm_t watch generic pid directories +Resolves: rhbz#1960010 + * Mon Nov 01 2021 Zdenek Pytela - 34.1.18-1 - Allow fetchmail search cgroup directories Resolves: rhbz#2015118