diff --git a/.gitignore b/.gitignore index 1910ae7..7262057 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-59775e9.tar.gz -SOURCES/selinux-policy-contrib-a825695.tar.gz +SOURCES/selinux-policy-4411b2b.tar.gz +SOURCES/selinux-policy-contrib-b10e5e7.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 5509d24..42c4c17 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -44ceb78ea504e2f0229ad0b6b9c1dc9314ada501 SOURCES/container-selinux.tgz -e8118cb4c39d30c5899422011bfc52cc054078c6 SOURCES/selinux-policy-59775e9.tar.gz -e6f011ba8529c4441a7d48b56ed6eba85f84d7bc SOURCES/selinux-policy-contrib-a825695.tar.gz +76cfc3eaa9784a4be53730aee2ae998f280d281d SOURCES/container-selinux.tgz +023b94bf24221d16d192f49d13cc9fa656eed60a SOURCES/selinux-policy-4411b2b.tar.gz +a70ce3396639945b1dff5f773c30712883742fe1 SOURCES/selinux-policy-contrib-b10e5e7.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 08a68c6..fef3d34 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 59775e92a1b4a872486a406c2a7efee7d5cba406 +%global commit0 4411b2b18c4ab2fa9da59ff1a982e08b96d179cb %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 a82569595e2a018eafbfeb195b3d5c416f6fed4d +%global commit1 b10e5e72663f3aa1ef0bd01f4bbc1ca71d161406 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 86%{?dist} +Release: 88%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -141,6 +141,7 @@ SELinux policy development and man page package %dir %{_usr}/share/selinux/devel %dir %{_usr}/share/selinux/devel/include %{_usr}/share/selinux/devel/include/* +%exclude %{_usr}/selinux/devel/include/contrib/container.if %dir %{_usr}/share/selinux/devel/html %{_usr}/share/selinux/devel/html/*html %{_usr}/share/selinux/devel/html/*css @@ -715,6 +716,30 @@ exit 0 %endif %changelog +* Thu Jan 20 2022 Zdenek Pytela - 3.14.3-88 +- Revert "Label /etc/cockpit/ws-certs.d with cert_t" +Related: rhbz#1907473 + +* Tue Jan 18 2022 Zdenek Pytela - 3.14.3-87 +- Set default file context for /sys/firmware/efi/efivars +Resolves: rhbz#2039458 +- Allow sysadm_t start and stop transient services +Resolves: rhbz#2031065 +- Label /etc/cockpit/ws-certs.d with cert_t +Resolves: rhbz#1907473 +- Allow smbcontrol read the network state information +Resolves: rhbz#2033873 +- Allow rhsm-service read/write its private memfd: objects +Resolves: rhbz#2029873 +- Allow fcoemon request the kernel to load a module +Resolves: rhbz#1940317 +- Allow radiusd connect to the radacct port +Resolves: rhbz#2038955 +- Label /var/lib/shorewall6-lite with shorewall_var_lib_t +Resolves: rhbz#2041447 +- Exclude container.if from selinux-policy-devel +Resolves: rhbz#1861968 + * Mon Jan 03 2022 Zdenek Pytela - 3.14.3-86 - Allow sysadm execute sysadmctl in sysadm_t domain using sudo Resolves: rhbz#2013749