From 915415a763d05d87a568f61b1f108b77e6d4a653 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Jul 10 2024 08:48:40 +0000 Subject: * Wed Jul 10 2024 Zdenek Pytela - 41.8-1 - Drop publicfile module - Remove permissive domain for systemd_nsresourced_t - Change fs_dontaudit_write_cgroup_files() to apply to cgroup_t - Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t - Allow to create and delete socket files created by rhsm.service - Allow virtnetworkd exec shell when virt_hooks_unconfined is on - Allow unconfined_service_t transition to passwd_t - Support /var is empty - Allow abrt-dump-journal read all non_security socket files - Allow timemaster write to sysfs files - Dontaudit domain write cgroup files - Label /usr/lib/node_modules/npm/bin with bin_t - Allow ip the setexec permission - Allow systemd-networkd write files in /var/lib/systemd/network - Fix typo in systemd_nsresourced_prog_run_bpf() --- diff --git a/changelog b/changelog index 4488709..e9b7ad3 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,20 @@ +* Wed Jul 10 2024 Zdenek Pytela - 41.8-1 +- Drop publicfile module +- Remove permissive domain for systemd_nsresourced_t +- Change fs_dontaudit_write_cgroup_files() to apply to cgroup_t +- Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t +- Allow to create and delete socket files created by rhsm.service +- Allow virtnetworkd exec shell when virt_hooks_unconfined is on +- Allow unconfined_service_t transition to passwd_t +- Support /var is empty +- Allow abrt-dump-journal read all non_security socket files +- Allow timemaster write to sysfs files +- Dontaudit domain write cgroup files +- Label /usr/lib/node_modules/npm/bin with bin_t +- Allow ip the setexec permission +- Allow systemd-networkd write files in /var/lib/systemd/network +- Fix typo in systemd_nsresourced_prog_run_bpf() + * Fri Jun 28 2024 Zdenek Pytela - 41.7-1 - Confine libvirt-dbus - Allow virtqemud the kill capability in user namespace diff --git a/selinux-policy.spec b/selinux-policy.spec index e74fd6f..4bedeee 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -5,7 +5,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 00589e858e74799cbc09924ddf6a56dc132d61d3 +%global commit 217c6fe8b66011538042ec81c30d4481ba4d2ecf %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -17,7 +17,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 41.7 +Version: 41.8 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz diff --git a/sources b/sources index 747ebbc..6935b83 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-00589e8.tar.gz) = b0c2c35b3657f5c5a9394564e4b470eac7121c556da31a30236ad3ee0a77868a910ced541900276dd7097a48d0366652858079e236fa68735d3f69391db69953 -SHA512 (container-selinux.tgz) = 43f2df8cce321873a06291320b0c36e37b16de9dae90595b5dbe774d6019e5b2e01f1465b1fde21aaf76bf7535d038d9aa7076c7d0f585398f760d059cae2904 +SHA512 (selinux-policy-217c6fe.tar.gz) = 5c592dfecb7662e4d521551c0f96109868e43236691018792e39c71fb24b9cae3b552d65e3d07091446385feb83d69a4d96b819cd7435fa5ee417646fdceaafc SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = 02407c8f3742e0824c7893e8558fbf489723e8e5fbb89ab2aca5438c7b806d4da89bed2fd207b059081d6b5a85ed64ea32b60c1b0f86859dcd97200c0dc8ac58