diff --git a/.gitignore b/.gitignore index 6ff91ba..1d0caa0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-contrib-b92279d.tar.gz -SOURCES/selinux-policy-f97682b.tar.gz +SOURCES/selinux-policy-contrib-cd13e4d.tar.gz +SOURCES/selinux-policy-e0a8ee2.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 66eaeec..bcd5270 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -067ed7d292874ca8d2934cdf0e0ebef9acd6215e SOURCES/container-selinux.tgz -46ddc77e462dce3995bc930cffe3eb7401545410 SOURCES/selinux-policy-contrib-b92279d.tar.gz -edc9c36b2dcd98d0c999c58454b665cc14f69cd2 SOURCES/selinux-policy-f97682b.tar.gz +9b76bfa95fc1323ea6d6f833acad0f53654b813d SOURCES/container-selinux.tgz +25e7d3c8ec84c1b81f6803c341bd0d329d7a1efb SOURCES/selinux-policy-contrib-cd13e4d.tar.gz +2a4f0892f05eba5d144bd36f7d8fd9423b43d4bf SOURCES/selinux-policy-e0a8ee2.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 0cae2bb..ba00ff7 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 f97682b8264c69161490df4cc7d12f03fa7f700b +%global commit0 e0a8ee21365132c1f4668c975670621c889c5e35 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 b92279d8e140758a2f2fbcd85bd4731fee44f194 +%global commit1 cd13e4d375d95fcb472eec6692f7b1b372f4e804 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 100%{?dist} +Release: 104%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -717,6 +717,70 @@ exit 0 %endif %changelog +* Tue Jun 28 2022 Zdenek Pytela - 3.14.3-104 +- Update samba-dcerpcd policy for kerberos usage 2 +Resolves: rhbz#2096825 + +* Mon Jun 27 2022 Zdenek Pytela - 3.14.3-103 +- Allow domain read usermodehelper state information +Resolves: rhbz#2083504 +- Remove all kernel_read_usermodehelper_state() interface calls +Resolves: rhbz#2083504 +- Allow samba-dcerpcd work with sssd +Resolves: rhbz#2096825 +- Allow winbind_rpcd_t connect to self over a unix_stream_socket +Resolves: rhbz#2096825 +- Update samba-dcerpcd policy for kerberos usage +Resolves: rhbz#2096825 +- Allow keepalived read the contents of the sysfs filesystem +Resolves: rhbz#2098189 +- Update policy for samba-dcerpcd +Resolves: rhbz#2083504 +- Remove all kernel_read_usermodehelper_state() interface calls 2/2 +Resolves: rhbz#2083504 +- Update insights_client_filetrans_named_content() +Resolves: rhbz#2091117 + +* Wed Jun 22 2022 Zdenek Pytela - 3.14.3-102 +- Allow transition to insights_client named content +Resolves: rhbz#2091117 +- Add the insights_client_filetrans_named_content() interface +Resolves: rhbz#2091117 +- Update policy for insights-client to run additional commands 3 +Resolves: rhbz#2091117 + +* Fri Jun 17 2022 Zdenek Pytela - 3.14.3-101 +- Add the init_status_config_transient_files() interface +Resolves: rhbz#2091117 +- Allow init_t to rw insights_client unnamed pipe +Resolves: rhbz#2091117 +- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling +Resolves: rhbz#2091117 +- Allow insights-client get status of the systemd transient scripts +Resolves: rhbz#2091117 +- Allow insights-client execute its private memfd: objects +Resolves: rhbz#2091117 +- Update policy for insights-client to run additional commands 2 +Resolves: rhbz#2091117 +- Do not call systemd_userdbd_stream_connect() for insights-client +Resolves: rhbz#2091117 +- Use insights_client_tmp_t instead of insights_client_var_tmp_t +Resolves: rhbz#2091117 +- Change space indentation to tab in insights-client +Resolves: rhbz#2091117 +- Use socket permissions sets in insights-client +Resolves: rhbz#2091117 +- Update policy for insights-client to run additional commands +Resolves: rhbz#2091117 +- Change rpm_setattr_db_files() to use a pattern +Resolves: rhbz#2091117 +- Add rpm setattr db files macro +Resolves: rhbz#2091117 +- Fix insights client +Resolves: rhbz#2091117 +- Do not let system_cronjob_t create redhat-access-insights.log with var_log_t +Resolves: rhbz#2091117 + * Tue Jun 07 2022 Zdenek Pytela - 3.14.3-100 - Update logging_create_generic_logs() to use create_files_pattern() Resolves: rhbz#2081907