From df4c66da890c9cbcb0122ee6b81658a7f44c9c0a Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Dec 13 2023 15:42:42 +0000 Subject: * Wed Dec 13 2023 Zdenek Pytela - 40.7-1 - Make named_zone_t and named_var_run_t a part of the mountpoint attribute - Allow sysadm execute traceroute in sysadm_t domain using sudo - Allow sysadm execute tcpdump in sysadm_t domain using sudo - Allow opafm search nfs directories - Add support for syslogd unconfined scripts - Allow gpsd use /dev/gnss devices - Allow gpg read rpm cache - Allow virtqemud additional permissions - Allow virtqemud manage its private lock files - Allow virtqemud use the io_uring api - Allow ddclient send e-mail notifications - Allow postfix_master_t map postfix data files - Allow init create and use vsock sockets - Allow thumb_t append to init unix domain stream sockets - Label /dev/vas with vas_device_t - Change domain_kernel_load_modules boolean to true - Create interface selinux_watch_config and add it to SELinux users --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 5996ce8..f49a4e6 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 048e9da4ddef5829bef5141a48b5ad083c17c361 +%global commit 21648f766d2f09a86df8eaede5bb3262db488b92 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.6 +Version: 40.7 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -814,6 +814,25 @@ exit 0 %endif %changelog +* Wed Dec 13 2023 Zdenek Pytela - 40.7-1 +- Make named_zone_t and named_var_run_t a part of the mountpoint attribute +- Allow sysadm execute traceroute in sysadm_t domain using sudo +- Allow sysadm execute tcpdump in sysadm_t domain using sudo +- Allow opafm search nfs directories +- Add support for syslogd unconfined scripts +- Allow gpsd use /dev/gnss devices +- Allow gpg read rpm cache +- Allow virtqemud additional permissions +- Allow virtqemud manage its private lock files +- Allow virtqemud use the io_uring api +- Allow ddclient send e-mail notifications +- Allow postfix_master_t map postfix data files +- Allow init create and use vsock sockets +- Allow thumb_t append to init unix domain stream sockets +- Label /dev/vas with vas_device_t +- Change domain_kernel_load_modules boolean to true +- Create interface selinux_watch_config and add it to SELinux users + * Tue Nov 28 2023 Zdenek Pytela - 40.6-1 - Add afterburn to modules-targeted-contrib.conf - Update cifs interfaces to include fs_search_auto_mountpoints() diff --git a/sources b/sources index d5e55ff..bd09e4b 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-048e9da.tar.gz) = 32c3344c6a3c89f034657f4223ee073706aeb5742f2dcae51998f64fff9887723c7ed5011c6ad1d6545ecb8906f05dc611c83b2f15a96f4de3042fb62a54562f -SHA512 (container-selinux.tgz) = a0d7850d3e3af052fff48b3b8928ad9735774a66661edb7250dc529e5d7fe6efbe60281bbe1698e1af984f97f5edb5164d83a9ea5e2781d0d72bde53b4cce2e7 +SHA512 (selinux-policy-21648f7.tar.gz) = ff074e7ed686960fdcc048e76327da80d46170c89e9a4dba61b5fa3e43fc4e413195c7caaa44ceec58e36e25b8643ff724052a16e1d6d0be6cf8616afd1ad92e +SHA512 (container-selinux.tgz) = e8ea7b7b6a21cc2525c90c1729b187361c17044c314f0262369aeeb8029e8a0b842a9d9b268aae6324a5786308d18dd1665f87a3cb2837d52e9fab00973e3a7e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4