From d76e0b4040478d5497587132b1c5aba5af644aed Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Jan 08 2021 17:44:14 +0000 Subject: * Fri Jan 8 18:41:06 CET 2021 Zdenek Pytela - 3.14.7-14 - Allow domain read usermodehelper state information - Remove all kernel_read_usermodehelper_state() interface calls - .copr: improve timestamp format - Allow wireshark create and use rdma socket - Allow domain stat /proc filesystem - Remove all kernel_getattr_proc() interface calls - Revert "Allow passwd to get attributes in proc_t" - Revert "Allow dovecot_auth_t stat /proc filesystem" - Revert "Allow sssd, unix_chkpwd, groupadd stat /proc filesystem" - Allow sssd read /run/systemd directory - Label /dev/vhost-vdpa-[0-9]+ as vhost_device_t --- diff --git a/selinux-policy.spec b/selinux-policy.spec index e1ce068..e7040f8 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 5b841a63b80fc0fbf22fe54eaf8ff3af80dadb53 +%global commit c23c6a5242560e8a9946db5bf4440adc0f39febc %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 13%{?dist} +Release: 14%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,6 +792,19 @@ exit 0 %endif %changelog +* Fri Jan 8 18:41:06 CET 2021 Zdenek Pytela - 3.14.7-14 +- Allow domain read usermodehelper state information +- Remove all kernel_read_usermodehelper_state() interface calls +- .copr: improve timestamp format +- Allow wireshark create and use rdma socket +- Allow domain stat /proc filesystem +- Remove all kernel_getattr_proc() interface calls +- Revert "Allow passwd to get attributes in proc_t" +- Revert "Allow dovecot_auth_t stat /proc filesystem" +- Revert "Allow sssd, unix_chkpwd, groupadd stat /proc filesystem" +- Allow sssd read /run/systemd directory +- Label /dev/vhost-vdpa-[0-9]+ as vhost_device_t + * Thu Dec 17 20:07:23 CET 2020 Zdenek Pytela - 3.14.7-13 - Label /dev/isst_interface as cpu_device_t - Dontaudit firewalld dac_override capability diff --git a/sources b/sources index 734f472..785dcf1 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-5b841a6.tar.gz) = ee120c604364b9a33d9aa48c0f94511a046f60825fa4c9051149160c6723deda77187ce373bea22c7904f6c8a87d7ff157dbe950d82c461809cbfa4d52bc880d -SHA512 (container-selinux.tgz) = f2a6db821b2fe6cadcb6092703b0b897be2786b4d5f6a17b435a5d905d1dd65f2aba6f94d47e80a9c83001f2fec5c6f99f4e80642092085b8de05cb253a23952 +SHA512 (selinux-policy-c23c6a5.tar.gz) = adbec861963b05b68c140f702bf68db8007d9facaa5e295b717ed7bd7e3549a06f92b57ca03322f033f65f59ec783f2231df0720eb80c5a48eebae587daf9c9a +SHA512 (container-selinux.tgz) = 63d1448a8291ed9869c28205d015c567b09cf91e8235fdc27a7e1c3fa8bb03dc824558860c5f494b1ed734e38670bf3b9cc5bfca02d93d34cf7e4c597655a12c SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4