From fd145120f1828368630c354db923aa4fb18801a4 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Jul 16 2024 07:47:08 +0000 Subject: * Tue Jul 16 2024 Zdenek Pytela - 41.9-1 - Allow virtqemud connect to sanlock over a unix stream socket - Allow virtqemud relabel virt_var_run_t directories - Allow svirt_tcg_t read vm sysctls - Allow virtnodedevd connect to systemd-userdbd over a unix socket - Allow svirt read virtqemud fifo files - Allow svirt attach_queue to a virtqemud tun_socket - Allow virtqemud run ssh client with a transition - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket - Update keyutils policy - Allow sshd_keygen_t connect to userdbd over a unix stream socket - Allow postfix-smtpd read mysql config files - Allow locate stream connect to systemd-userdbd - Allow the staff user use wireshark - Allow updatedb connect to userdbd over a unix stream socket - Allow gpg_t set attributes of public-keys.d - Allow gpg_t get attributes of login_userdomain stream - Allow systemd_getty_generator_t read /proc/1/environ - Allow systemd_getty_generator_t to read and write to tty_device_t --- diff --git a/changelog b/changelog index e9b7ad3..bedced1 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,35 @@ +* Tue Jul 16 2024 Zdenek Pytela - 41.9-1 +- Allow virtqemud connect to sanlock over a unix stream socket +- Allow virtqemud relabel virt_var_run_t directories +- Allow svirt_tcg_t read vm sysctls +- Allow virtnodedevd connect to systemd-userdbd over a unix socket +- Allow svirt read virtqemud fifo files +- Allow svirt attach_queue to a virtqemud tun_socket +- Allow virtqemud run ssh client with a transition +- Allow virt_dbus_t connect to virtqemud_t over a unix stream socket +- Update keyutils policy +- Allow sshd_keygen_t connect to userdbd over a unix stream socket +- Allow postfix-smtpd read mysql config files +- Allow locate stream connect to systemd-userdbd +- Allow the staff user use wireshark +- Allow updatedb connect to userdbd over a unix stream socket +- Allow gpg_t set attributes of public-keys.d +- Allow gpg_t get attributes of login_userdomain stream +- Allow systemd_getty_generator_t read /proc/1/environ +- Allow systemd_getty_generator_t to read and write to tty_device_t + +* Thu Jul 11 2024 Petr Lautrbach 41.8-4 +- Move %%postInstall to %%posttrans +- Use `Requires(meta): (rpm-plugin-selinux if rpm-libs)` +- Drop obsolete modules from config +- Install dnf protected files only when policy is built + +* Thu Jul 11 2024 Zbigniew Jędrzejewski-Szmek - 41.8-3 +- Relabel files under /usr/bin to fix stale context after sbin merge + +* Mon Jun 24 2024 Petr Lautrbach 41.8-2 +- Merge -base and -contrib + * Wed Jul 10 2024 Zdenek Pytela - 41.8-1 - Drop publicfile module - Remove permissive domain for systemd_nsresourced_t diff --git a/selinux-policy.spec b/selinux-policy.spec index d80ba97..f0740bd 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -5,7 +5,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 217c6fe8b66011538042ec81c30d4481ba4d2ecf +%global commit 2a167c7a0f3dcfb9271f2ef340be9522d7573db8 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -17,8 +17,8 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 41.8 -Release: 4%{?dist} +Version: 41.9 +Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted.conf diff --git a/sources b/sources index 6935b83..3d61df5 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-217c6fe.tar.gz) = 5c592dfecb7662e4d521551c0f96109868e43236691018792e39c71fb24b9cae3b552d65e3d07091446385feb83d69a4d96b819cd7435fa5ee417646fdceaafc +SHA512 (selinux-policy-2a167c7.tar.gz) = b7a243c2c5a43533a843f6f57b46a3183e5f8856b7da6a6a652896411f11285a8f33ee96bd3078bc711f3b8aa7085046cd8f191260e8bace5aafc25133d256d2 +SHA512 (container-selinux.tgz) = 36158c9051ea87cd0071638efb411eebf10a016e3d90757da9388fa904ae19db5cad582833a8a11e06450a216962a0e59f6df0e13dec4d5a2c241dcd95d6d1d8 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 02407c8f3742e0824c7893e8558fbf489723e8e5fbb89ab2aca5438c7b806d4da89bed2fd207b059081d6b5a85ed64ea32b60c1b0f86859dcd97200c0dc8ac58