diff --git a/.gitignore b/.gitignore index 759db1c..1b9a9e7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-c49d479.tar.gz -SOURCES/selinux-policy-contrib-c5d8cee.tar.gz +SOURCES/selinux-policy-b060f75.tar.gz +SOURCES/selinux-policy-contrib-67d81a2.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 2a3fb05..89259e2 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -5b46f3a2694ba1e21944f1ec9386202448aded3d SOURCES/container-selinux.tgz -699742eb05f02e553428b5405262d4298c6d00f0 SOURCES/selinux-policy-c49d479.tar.gz -fa52cccaafdbfeec634ccce080ef00713b11b2e5 SOURCES/selinux-policy-contrib-c5d8cee.tar.gz +e2e35900c0f6b83f5f30924b99b1d8c00976bb94 SOURCES/container-selinux.tgz +172e6c50321dec4815f474d4add417b07c671194 SOURCES/selinux-policy-b060f75.tar.gz +5bb5e3b7c86e3a41ab62a18bda962094e39dbf02 SOURCES/selinux-policy-contrib-67d81a2.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 35b3a93..dde498c 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 c49d4791b610a9a3ce8a0a2a015817a9f1724be8 +%global commit0 b060f75003ffda62ccb0f7f35c78899d9e5c5d19 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 c5d8ceee7fe06f305aff364df091ad77cfad7086 +%global commit1 67d81a2670f52d13bfbb765f506d20a516612d93 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 41%{?dist} +Release: 43%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -715,6 +715,43 @@ exit 0 %endif %changelog +* Fri Apr 17 2020 Zdenek Pytela - 3.14.3-43 +- Update radiusd policy +Resolves: rhbz#1803407 +- Allow sssd read NetworkManager's runtime directory +Resolves: rhbz#1781818 +- Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t +Resolves: rhbz#1777506 +- Allow ipa_helper_t to read kr5_keytab_t files +Resolves: rhbz#1769423 +- Add ibacm_t ipc_lock capability +Resolves: rhbz#1754719 +- Allow opafm_t to create and use netlink rdma sockets. +Resolves: rhbz#1786670 +- Allow ptp4l_t create and use packet_socket sockets +Resolves: rhbz#1759214 +- Update ctdbd_t policy +Resolves: rhbz#1735748 +- Allow glusterd synchronize between master and slave +Resolves: rhbz#1824662 +- Allow auditd poweroff or switch to single mode +Resolves: rhbz#1826788 +- Allow init_t set the nice level of all domains +Resolves: rhbz#1819121 +- Label /etc/sysconfig/ip6?tables\.save as system_conf_t +Resolves: rhbz#1776873 +- Add file context entry and file transition for /var/run/pam_timestamp +Resolves: rhbz#1791957 + +* Wed Apr 08 2020 Zdenek Pytela - 3.14.3-42 +- Allow ssh-keygen create file in /var/lib/glusterd +Resolves: rhbz#1816663 +- Update ctdbd_manage_lib_files() to also allow mmap ctdbd_var_lib_t files +Resolves: rhbz#1819243 +- Remove container interface calling by named_filetrans_domain. +- Makefile: fix tmp/%.mod.fc target +Resolves: rhbz#1821191 + * Mon Mar 16 2020 Zdenek Pytela - 3.14.3-41 - Allow NetworkManager read its unit files and manage services - Mark nm-cloud-setup systemd units as NetworkManager_unit_file_t