diff --git a/.gitignore b/.gitignore index 218fa70..78aef59 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-599ea13.tar.gz -SOURCES/selinux-policy-contrib-0a6ca75.tar.gz +SOURCES/selinux-policy-4c3b7d3.tar.gz +SOURCES/selinux-policy-contrib-88b9517.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 12059ee..ce71b76 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -918fd9344446a8b0ea2852dfc42bd1a8899c5337 SOURCES/container-selinux.tgz -5a7f2b80030e9cb4419ca0e7ba0022d810cd2228 SOURCES/selinux-policy-599ea13.tar.gz -3994703112488b7529339a94d902b71980136a37 SOURCES/selinux-policy-contrib-0a6ca75.tar.gz +b15953440b924d21a81e4df79fdcb10f679c8aa5 SOURCES/container-selinux.tgz +afa5826493350e51e548487a403baabf15b7e9cf SOURCES/selinux-policy-4c3b7d3.tar.gz +2ed837b3ac267d90ad8854a8b138b97e5b643793 SOURCES/selinux-policy-contrib-88b9517.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index c83e4af..c81f803 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 599ea1311cbb2e8dea05f89507de009eb370db51 +%global commit0 4c3b7d30413032b45585248983844f2e1a32c6db %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 0a6ca756d70637c08a9205910a2eabe853e31677 +%global commit1 88b951795c1c83534a369b1aec29d35c37049e05 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 62%{?dist} +Release: 63%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -254,12 +254,12 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u \ -%{_sharedstatedir}/selinux/%1/active/commit_num \ -%{_sharedstatedir}/selinux/%1/active/users_extra \ -%{_sharedstatedir}/selinux/%1/active/homedir_template \ -%{_sharedstatedir}/selinux/%1/active/seusers \ -%{_sharedstatedir}/selinux/%1/active/file_contexts \ -%{_sharedstatedir}/selinux/%1/active/policy.kern \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/commit_num \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/users_extra \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/homedir_template \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/seusers \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/policy.kern \ %ghost %{_sharedstatedir}/selinux/%1/active/policy.linked \ %ghost %{_sharedstatedir}/selinux/%1/active/seusers.linked \ %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \ @@ -715,6 +715,26 @@ exit 0 %endif %changelog +* Thu Feb 11 2021 Zdenek Pytela - 3.14.3-63 +- Allow rtkit_daemon_t domain set process nice value in user namespaces +Resolves: rhbz#1910507 +- Allow gpsd read and write ptp4l_t shared memory. +Resolves: rhbz#1803845 +- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type +Resolves: rhbz#1804626 +- Allow Certmonger to use opencryptoki services +Resolves: rhbz#1894132 +- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm +Resolves: rhbz#1815603 +- Allow rhsmcertd_t read kpatch lib files +Resolves: rhbz#1895322 +- Allow ipsec_t connectto ipsec_mgmt_t +Resolves: rhbz#1848355 +- Allow IPsec to use opencryptoki services +Resolves: rhbz#1894132 +- Allow systemd-importd create /run/systemd/machines.lock file +Resolves: rhbz#1788055 + * Fri Jan 29 2021 Zdenek Pytela - 3.14.3-62 - Allow rhsmcertd_t domain transition to kpatch_t Resolves: rhbz#1895322