diff --git a/selinux-policy.spec b/selinux-policy.spec index 5246879..2ec8844 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit e4ea1e13059ac475c3f012a3f58cbf0b0e554164 +%global commit feefaa074e75466aa75c29f17a3d83ac6ce004f0 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.8 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,6 +792,39 @@ exit 0 %endif %changelog +* Wed Feb 24 2021 Zdenek Pytela - 3.14.8-4 +- iptables.fc: Add missing legacy entries +- iptables.fc: Remove some duplicate entries +- iptables.fc: Remove duplicate file context entries +- Allow libvirtd to create generic netlink sockets +- Allow libvirtd the fsetid capability +- Allow libvirtd to read /run/utmp +- Dontaudit sys_ptrace capability when calling systemctl +- Allow udisksd to read /dev/random +- Allow udisksd to watch files under /run/mount +- Allow udisksd to watch /etc +- Allow crond to watch user_cron_spool_t directories +- Allow accountsd watch xdm config directories +- Label /etc/avahi with avahi_conf_t +- Allow sssd get cgroup filesystems attributes and search cgroup dirs +- Allow systemd-hostnamed read udev runtime data +- Remove dev_getattr_sysfs_fs() interface calls for particular domains +- Allow domain stat the /sys filesystem +- Dontaudit NetworkManager write to initrc_tmp_t pipes +- policykit.te: Clean up watch rule for policykit_auth_t +- Revert further unnecessary watch rules +- Revert "Allow getty watch its private runtime files" +- Allow systemd watch generic /var directories +- Allow init watch network config files and lnk_files +- Allow systemd-sleep get attributes of fixed disk device nodes +- Complete initial policy for systemd-coredump +- Label SDC(scini) Dell Driver +- Allow upowerd to send syslog messages +- Remove the disk write permissions from tlp_t +- Label NVMe devices as fixed_disk_device_t +- Allow rhsmcertd bind tcp sockets to a generic node +- Allow systemd-importd manage machines.lock file + * Tue Feb 16 2021 Zdenek Pytela - 3.14.8-3 - Allow unconfined integrity lockdown permission - Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined diff --git a/sources b/sources index 9d1a3bf..890df64 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-e4ea1e1.tar.gz) = a672247aa1de8111062dac3e37ca5840e548175740eccb65ebe92bc6d3477227c0119981b3411491d100af601468c876f68de6ec02fbdfcb07ea7e276aa6cffb -SHA512 (container-selinux.tgz) = f8dc9a03dac5ac8efb775c61f4c8ac071a5fa2f33306a2ddad4ca6241e2241b9ff038e2ceb081c9d0785c3a1c7e0b8992f94bad3af11546597e2af1af4a979d5 +SHA512 (selinux-policy-feefaa0.tar.gz) = 5d0fe18dc0d345a4cf5673ce28f1abdbdbcc5c8b97bbaa553e036ca559dfa0610b62b07ee7045e8ebefe95dcf0ef865dc3e764804c4561505bd3c92ed6572055 +SHA512 (container-selinux.tgz) = 4d92b9a5c23d9ac64bcb5c5578b14e6408f19156ba8d79cdb3b573ce602f9732c450564d6da3029484c9554de17c30dbb74921761f088abf20f6b3b513c7d53e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4