diff --git a/.gitignore b/.gitignore index b771ba4..0430c40 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-c83f33e.tar.gz +SOURCES/selinux-policy-442902f.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 28de381..83f0c24 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,2 +1,2 @@ -5f808fe4b733903f3f14e4a41757a64e1c210782 SOURCES/container-selinux.tgz -a4f606cc703e7bf64e66ff9c9ffbcbbc1cad0cdc SOURCES/selinux-policy-c83f33e.tar.gz +8d849c2b4216bc1686a3633209da18b8ccee2631 SOURCES/container-selinux.tgz +81f38a8b9d37a3e1bfddf98a1518ad997211fac1 SOURCES/selinux-policy-442902f.tar.gz diff --git a/SOURCES/modules-targeted-contrib.conf b/SOURCES/modules-targeted-contrib.conf index abdba8e..0e66811 100644 --- a/SOURCES/modules-targeted-contrib.conf +++ b/SOURCES/modules-targeted-contrib.conf @@ -2382,13 +2382,6 @@ minissdpd = module freeipmi = module # Layer: contrib -# Module: freeipmi -# -# ipa policy module contain SELinux policies for IPA services -# -ipa = module - -# Layer: contrib # Module: mirrormanager # # mirrormanager policy diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 1d821b8..66eec46 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit c83f33e3527d42c92dd0cd40190aa808b998bc69 +%global commit 442902f5605db078a727fe3fad4fb4693a32cad5 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.1.16 +Version: 34.1.18 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -792,9 +792,51 @@ exit 0 %endif %changelog -* Thu Sep 02 2021 Zdenek Pytela - 34.1.16-1 +* Mon Nov 01 2021 Zdenek Pytela - 34.1.18-1 +- Allow fetchmail search cgroup directories +Resolves: rhbz#2015118 +- Add the auth_read_passwd_file() interface +Resolves: rhbz#2014611 +- Allow redis-sentinel execute a notification script +Resolves: rhbz#2014611 +- Support new PING_CHECK health checker in keepalived +Resolves: rhbz#2014423 + +* Thu Oct 14 2021 Zdenek Pytela - 34.1.17-1 +- Label /usr/sbin/virtproxyd as virtd_exec_t +Resolves: rhbz#2002143 +- Allow at-spi-bus-launcher read and map xdm pid files +Resolves: rhbz#2011772 +- Remove references to init_watch_path_type attribute +Resolves: rhbz#2007960 +- Remove all redundant watch permissions for systemd +Resolves: rhbz#2007960 +- Allow systemd watch non_security_file_type dirs, files, lnk_files +Resolves: rhbz#2007960 +- Allow systemd-resolved watch /run/systemd +Resolves: rhbz#1992461 +- Allow sssd watch /run/systemd +Resolves: rhbz#1992461 + +* Thu Sep 23 2021 Zdenek Pytela - 34.1.16-1 +- Allow fprintd install a sleep delay inhibitor +Resolves: rhbz#1999537 +- Update mount_manage_pid_files() to use manage_files_pattern +Resolves: rhbz#1999997 +- Allow gnome at-spi processes create and use stream sockets +Resolves: rhbz#2004885 +- Allow haproxy list the sysfs directories content +Resolves: rhbz#1986823 +- Allow virtlogd_t read process state of user domains +Resolves: rhbz#1994592 +- Support hitless reloads feature in haproxy +Resolves: rhbz#1997182 +- Allow firewalld load kernel modules +Resolves: rhbz#1999152 - Allow communication between at-spi and gdm processes -Resolves: rhbz#1972655 +Resolves: rhbz#2003037 +- Remove "ipa = module" from modules-targeted-contrib.conf +Resolves: rhbz#2006039 * Mon Aug 30 2021 Zdenek Pytela - 34.1.15-1 - Update ica_filetrans_named_content() with create_file_perms