diff --git a/.gitignore b/.gitignore index 54bfe55..b47ff72 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-80bc808.tar.gz -SOURCES/selinux-policy-contrib-642134c.tar.gz +SOURCES/selinux-policy-9be3eca.tar.gz +SOURCES/selinux-policy-contrib-b0231a7.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 7f91446..7d3a113 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -ee38536ea5d8e99565ebb3c6b4f86bff206da845 SOURCES/container-selinux.tgz -507546bfc01679770d8bc7fcd640afd7b3816e48 SOURCES/selinux-policy-80bc808.tar.gz -874435ea359562e20c88f607d1781a5bb07da5b3 SOURCES/selinux-policy-contrib-642134c.tar.gz +d54e5660cc9242c2f2327164fa7deb1b4f3ac65e SOURCES/container-selinux.tgz +1b42706fd8caf7383fe4bae43ef9047e48e2191c SOURCES/selinux-policy-9be3eca.tar.gz +4e8b8f74cf4df91655bfbdaf85761a2d80c08c79 SOURCES/selinux-policy-contrib-b0231a7.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index dc52aae..0cbb99a 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 80bc8083e8271465d62a4a58bb017386dc58d8b8 +%global commit0 9be3eca557b4eb9fa25896ed5b33b1fb9d194ddf %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 642134c6d708b5788ae982288b5321813c4d4ea6 +%global commit1 b0231a70d065a7885c24b6b91cef2eee812ce960 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 83%{?dist} +Release: 84%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -715,6 +715,34 @@ exit 0 %endif %changelog +* Wed Nov 24 2021 Zdenek Pytela - 3.14.3-84 +- Allow sysadm_t read/write pkcs shared memory segments +Resolves: rhbz#1965251 +- Allow sysadm_t connect to sanlock over a unix stream socket +Resolves: rhbz#1965251 +- Allow sysadm_t dbus chat with sssd +Resolves: rhbz#1965251 +- Allow sysadm_t set attributes on character device nodes +Resolves: rhbz#1965251 +- Allow sysadm_t read and write watchdog devices +Resolves: rhbz#1965251 +- Allow sysadm_t connect to cluster domains over a unix stream socket +Resolves: rhbz#1965251 +- Allow sysadm_t dbus chat with tuned 2/2 +Resolves: rhbz#1965251 +- Update userdom_exec_user_tmp_files() with an entrypoint rule +Resolves: rhbz#1920883 +- Allow sudodomain send a null signal to sshd processes +Resolves: rhbz#1966945 +- Allow sysadm_t dbus chat with tuned 1/2 +Resolves: rhbz#1965251 +- Allow cloud-init dbus chat with systemd-logind +Resolves: rhbz#2009769 +- Allow svnserve send mail from the system +Resolves: rhbz#2004843 +- Allow svnserve_t domain to read system state +Resolves: rhbz#2004843 + * Tue Nov 09 2021 Zdenek Pytela - 3.14.3-83 - VQP: Include IANA-assigned TCP/1589 Resolves: rhbz#1924038