diff --git a/.gitignore b/.gitignore index 78d2229..3c595ac 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-1b02d17.tar.gz -SOURCES/selinux-policy-contrib-f0a9f74.tar.gz +SOURCES/selinux-policy-61eb717.tar.gz +SOURCES/selinux-policy-contrib-b05e8b2.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 02bd259..bba7eb2 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -d1acf51fa5e48df7689df7f5b20758d97986f4f8 SOURCES/container-selinux.tgz -9fc17aed658d2dce41a5f2f0e27b0ed7f2ba007d SOURCES/selinux-policy-1b02d17.tar.gz -67809e7b4b217ee64c245cd12367535ac54f8296 SOURCES/selinux-policy-contrib-f0a9f74.tar.gz +b56406b7fadd4f0af0393a6bc424df47bd07d1f8 SOURCES/container-selinux.tgz +48f4629f2296bc0464f042d9a740c277b49c17d4 SOURCES/selinux-policy-61eb717.tar.gz +9e36d7941b0f34b5d6c6887cd5c3fc4d0f9d44b0 SOURCES/selinux-policy-contrib-b05e8b2.tar.gz diff --git a/SOURCES/file_contexts.subs_dist b/SOURCES/file_contexts.subs_dist index f64b231..0f127d9 100644 --- a/SOURCES/file_contexts.subs_dist +++ b/SOURCES/file_contexts.subs_dist @@ -17,3 +17,4 @@ /var/roothome /root /sbin /usr/sbin /sysroot/tmp /tmp +/var/usrlocal /usr/local diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index bd70510..65bbc8a 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 1b02d17c0a0bac51bdc0980bcfd337de0ffa853f +%global commit0 61eb71715d2d2f260402c03730245b965a660c23 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 f0a9f7489d377ea5c0e41d5a9a46d67969dcf215 +%global commit1 b05e8b2ba33639b2e8e26ae4e8b25f497bdb4e5e %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 68%{?dist} +Release: 69%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -715,6 +715,34 @@ exit 0 %endif %changelog +* Wed Jun 02 2021 Zdenek Pytela - 3.14.3-69 +- Add /var/usrlocal equivalency rule +Resolves: rhbz#1943381 +- Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t +Resolves: rhbz#1943381 +- Label /dev/trng with random_device_t +Resolves: rhbz#1934483 +- Allow systemd-sleep transition to sysstat_t +Resolves: rhbz#1927551 +- Allow systemd-sleep transition to tlp_t +Resolves: rhbz#1927551 +- Allow systemd-sleep transition to unconfined_service_t on bin_t executables +Resolves: rhbz#1927551 +- Allow systemd-sleep execute generic programs +Resolves: rhbz#1948070 +- Allow systemd-sleep execute shell +Resolves: rhbz#1954358 +- Allow nsswitch_domain read init pid lnk_files +Resolves: rhbz#1860924 +- Introduce logging_syslogd_list_non_security_dirs tunable +Resolves: rhbz#1823669 +- Add sysstat_domtrans() to allow systemd-sleep transition to sysstat_t +Resolves: rhbz#1927551 +- Change param description in cron interfaces to userdomain_prefix +Resolves: rhbz#1801249 +- Add missing declaration in rpm_named_filetrans() +Resolves: rhbz#1801249 + * Thu May 20 2021 Zdenek Pytela - 3.14.3-68 - Allow pluto IKEv2 / ESP over TCP Resolves: rhbz#1931848