From 757d64d9d6aa72dbbe9d536cef9ece5ef5576978 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Aug 12 2021 16:39:36 +0000 Subject: * Thu Aug 12 2021 Zdenek Pytela - 34.16-1 - Allow systemd-timesyncd watch system dbus pid socket files - Allow firewalld drop capabilities - Allow rhsmcertd execute gpg - Allow lldpad send to kdump over a unix dgram socket - Allow systemd-gpt-auto-generator read udev pid files - Set default file context for /sys/firmware/efi/efivars - Allow tcpdump run as a systemd service - Allow nmap create and use netlink generic socket - Allow nscd watch system db files in /var/db - Allow cockpit_ws_t get attributes of fs_t filesystems - Allow sysadm acces to kernel module resources - Allow sysadm to read/write scsi files and manage shadow - Allow sysadm access to files_unconfined and bind rpc ports - Allow sysadm read and view kernel keyrings - Allow journal mmap and read var lib files - Allow tuned to read rhsmcertd config files - Allow bootloader to read tuned etc files - Label /usr/bin/qemu-storage-daemon with virtd_exec_t --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 6f18330..c8e966c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 66323a2d3fef73b2a6aa8b32f8cf6d8d78fa0d3b +%global commit 14f55fbbd083aa0bee8dd76f8084221e9b813e79 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.15 +Version: 34.16 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -810,6 +810,26 @@ exit 0 %endif %changelog +* Thu Aug 12 2021 Zdenek Pytela - 34.16-1 +- Allow systemd-timesyncd watch system dbus pid socket files +- Allow firewalld drop capabilities +- Allow rhsmcertd execute gpg +- Allow lldpad send to kdump over a unix dgram socket +- Allow systemd-gpt-auto-generator read udev pid files +- Set default file context for /sys/firmware/efi/efivars +- Allow tcpdump run as a systemd service +- Allow nmap create and use netlink generic socket +- Allow nscd watch system db files in /var/db +- Allow cockpit_ws_t get attributes of fs_t filesystems +- Allow sysadm acces to kernel module resources +- Allow sysadm to read/write scsi files and manage shadow +- Allow sysadm access to files_unconfined and bind rpc ports +- Allow sysadm read and view kernel keyrings +- Allow journal mmap and read var lib files +- Allow tuned to read rhsmcertd config files +- Allow bootloader to read tuned etc files +- Label /usr/bin/qemu-storage-daemon with virtd_exec_t + * Fri Aug 06 2021 Zdenek Pytela - 34.15-1 - Disable seccomp on CI containers - Allow systemd-machined stop generic service units diff --git a/sources b/sources index 194198c..fc0a6ac 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-66323a2.tar.gz) = 441bbc9dd9460ce588913bf047b308beb962017df7185c36a79137431f9d49f4365bb6f64cc4f6f33c1f7efc079e650382807f00243330b4e33f2b32eb92cceb +SHA512 (selinux-policy-14f55fb.tar.gz) = 5b489a5758fc3c673facd4f1742e62901cd86992882f4ef84222cb96ed0af5bd8d1351b5c16602675c68a6068eb44cb17f0f124f8572cd39afc05cb31ed8a8eb +SHA512 (container-selinux.tgz) = 73fe355b37ec70f66e08c02e03c5f25e30a57f8506277af025e6e51c12bb670d929c915d22467e47c66b782d7275c7dac7d3d28c43342dc9dbfe0ee92be9359e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 65d39fedde3c43b4dce4d021772a1ec178e93a687a23595c76701d3efa84eac19a1d469a55d7b9a4a07da1682264432fca04c9a937c71e87fcc1082789d3709a