From aa1f535cb2fc9a3546609e3b3972d7a673bb36da Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Feb 16 2021 21:47:33 +0000 Subject: * Tue Feb 16 2021 Zdenek Pytela - 3.14.8-3 - Allow unconfined integrity lockdown permission - Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined - Allow systemd-machined manage systemd-userdbd runtime sockets - Enable systemd-sysctl domtrans for udev - Introduce kernel_load_unsigned_module interface and use it for couple domains - Allow gpg watch user gpg secrets dirs - Build also the container module in CI - Remove duplicate code from kernel.te - Allow restorecond to watch all non-auth directories - Allow restorecond to watch its config file --- diff --git a/selinux-policy.spec b/selinux-policy.spec index d823231..5246879 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit e82ad03883fec6968f07d229ce8720dd593ee72e +%global commit e4ea1e13059ac475c3f012a3f58cbf0b0e554164 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.8 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,6 +792,18 @@ exit 0 %endif %changelog +* Tue Feb 16 2021 Zdenek Pytela - 3.14.8-3 +- Allow unconfined integrity lockdown permission +- Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined +- Allow systemd-machined manage systemd-userdbd runtime sockets +- Enable systemd-sysctl domtrans for udev +- Introduce kernel_load_unsigned_module interface and use it for couple domains +- Allow gpg watch user gpg secrets dirs +- Build also the container module in CI +- Remove duplicate code from kernel.te +- Allow restorecond to watch all non-auth directories +- Allow restorecond to watch its config file + * Mon Feb 15 2021 Zdenek Pytela - 3.14.8-2 - Allow userdomain watch various filesystem objects - Allow systemd-logind and systemd-sleep integrity lockdown permission diff --git a/sources b/sources index 3ee56dd..9d1a3bf 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-e82ad03.tar.gz) = d59dbb452e659f0b7eec45dfdd37c7adc9bd03efd8d179344aa8ef1b89d3b51df9c092cc28964db5724db8a23ee1736ba00be72178d9f4dc3fcbc61cbe3074d2 -SHA512 (container-selinux.tgz) = e6c8002a7c9be615f3352f85500b8855c9c1f8b611aef249f1e5eb1b67623ca77e77ed71cc59094b4a06ed328c7c68f0ad8b91846e1e4b6ea37807b49ebb8a9b +SHA512 (selinux-policy-e4ea1e1.tar.gz) = a672247aa1de8111062dac3e37ca5840e548175740eccb65ebe92bc6d3477227c0119981b3411491d100af601468c876f68de6ec02fbdfcb07ea7e276aa6cffb +SHA512 (container-selinux.tgz) = f8dc9a03dac5ac8efb775c61f4c8ac071a5fa2f33306a2ddad4ca6241e2241b9ff038e2ceb081c9d0785c3a1c7e0b8992f94bad3af11546597e2af1af4a979d5 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4