diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf index ff35624..bd60331 100644 --- a/modules-targeted-contrib.conf +++ b/modules-targeted-contrib.conf @@ -2684,3 +2684,10 @@ stalld = module # rhcd # rhcd = module + +# Layer: contrib +# Module: wireguard +# +# wireguard +# +wireguard = module diff --git a/selinux-policy.spec b/selinux-policy.spec index 59d2982..89f30eb 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit c0f6c3be2b0059221dfc086ceb0632ad726fa34d +%global commit 3c80e8b26a1ff6f8f282169e0971e705daddb01a %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 37.14 +Version: 38.1 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -143,7 +143,7 @@ and some additional files. %dir %{_datadir}/selinux/devel %dir %{_datadir}/selinux/devel/include %{_datadir}/selinux/devel/include/* -%exclude %{_datadir}/selinux/devel/include/container.if +%exclude %{_datadir}/selinux/devel/include/contrib/container.if %dir %{_datadir}/selinux/devel/html %{_datadir}/selinux/devel/html/*html %{_datadir}/selinux/devel/html/*css @@ -816,6 +816,35 @@ exit 0 %endif %changelog +* Mon Nov 21 2022 Zdenek Pytela - 38.1-1 +- Revert "Allow sysadm_t read raw memory devices" +- Allow systemd-socket-proxyd get attributes of cgroup filesystems +- Allow rpc.gssd read network sysctls +- Allow winbind-rpcd get attributes of device and pty filesystems +- Allow insights-client domain transition on semanage execution +- Allow insights-client create gluster log dir with a transition +- Allow insights-client manage generic locks +- Allow insights-client unix_read all domain semaphores +- Add domain_unix_read_all_semaphores() interface +- Allow winbind-rpcd use the terminal multiplexor +- Allow mrtg send mails +- Allow systemd-hostnamed dbus chat with init scripts +- Allow sssd dbus chat with system cronjobs +- Add interface to watch all filesystems +- Add watch_sb interfaces +- Add watch interfaces +- Allow dhcpd bpf capability to run bpf programs +- Allow netutils and traceroute bpf capability to run bpf programs +- Allow pkcs_slotd_t bpf capability to run bpf programs +- Allow xdm bpf capability to run bpf programs +- Allow pcscd bpf capability to run bpf programs +- Allow lldpad bpf capability to run bpf programs +- Allow keepalived bpf capability to run bpf programs +- Allow ipsec bpf capability to run bpf programs +- Allow fprintd bpf capability to run bpf programs +- Allow systemd-socket-proxyd get filesystems attributes +- Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files + * Mon Oct 31 2022 Zdenek Pytela - 37.14-1 - Allow rotatelogs read httpd_log_t symlinks - Add winbind-rpcd to samba_enable_home_dirs boolean diff --git a/sources b/sources index 66ef779..092e529 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ +SHA512 (selinux-policy-3c80e8b.tar.gz) = c3d9e981d8f9ad4d749b70ed3cd7e84bb4951f1e0b8d90e0062111dc43514f47f9c61da1f48b3693843286ddb864ee9c80052b9d9ac7e8a7d581a4fa1f8fb173 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = cb79b7d59e67efc94165023b826df2f18ee0e2ed6e8d39831f79188f954f810d952d3aae128172377cfdc7bb775bb96e8756d828bbb314cbd49d600b1aaed8d1 -SHA512 (selinux-policy-c0f6c3b.tar.gz) = b72b31a14232ee2b5c58475437384532b4da89cdaf3e3a01977b5e145aad81d8ebbd7396112776593b2ba9e94e85b66cee053782a3a75ccbb2b2d1a336a8117c +SHA512 (container-selinux.tgz) = 20f368b761fcd01c5ca9b7f9e0be7b5b805727a28eb07d16e8b2e678251afdc90d26cc8145972e8db16ed619833185e57e01d55161a2f75e68e4535c513153b2