diff --git a/.gitignore b/.gitignore index 7fdc123..02d8877 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-13afa66.tar.gz -SOURCES/selinux-policy-contrib-4221121.tar.gz +SOURCES/selinux-policy-2049cb7.tar.gz +SOURCES/selinux-policy-contrib-1debe42.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 754698f..05667c0 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -b314e3dd86901e3eac1b9f45dc87550764339875 SOURCES/container-selinux.tgz -dbc37c4f43c34a5e0a3dfb816b41476dc1c4005a SOURCES/selinux-policy-13afa66.tar.gz -168cee2e06d02873b674db2681a901cd9a399b69 SOURCES/selinux-policy-contrib-4221121.tar.gz +b4449b72eb942612b111105c501bf6ded157c1d5 SOURCES/container-selinux.tgz +a5d2bba6d46a871fa8bd0cb83ffea26f86d8a21e SOURCES/selinux-policy-2049cb7.tar.gz +0cc01efc49dfc5c792175482071f08cfb94089ee SOURCES/selinux-policy-contrib-1debe42.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 225cc51..af19d51 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 13afa66082aa47acba05fffbf1348b1be22c7f8c +%global commit0 2049cb7a3ba6f00fd0e9630889c4a05ed38c79be %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 42211213de1e0296bf2c16d6dc30af33e2c157c1 +%global commit1 1debe424a9d4d91c0eb5be1911a682bc8d42b701 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 49%{?dist} +Release: 51%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -715,6 +715,36 @@ exit 0 %endif %changelog +* Mon Aug 03 2020 Zdenek Pytela - 3.14.3-51 +- Allow kadmind manage kerberos host rcache +Resolves: rhbz#1863043 +- Allow virtlockd only getattr and lock block devices +Resolves: rhbz#1832756 +- Allow qemu-ga read all non security file types conditionally +Resolves: rhbz#1747960 +- Allow virtlockd manage VMs posix file locks +Resolves: rhbz#1832756 +- Add dev_lock_all_blk_files() interface +Resolves: rhbz#1832756 +- Allow systemd-logind dbus chat with fwupd +Resolves: rhbz#1851932 +- Update xserver_rw_session macro +Resolves: rhbz#1851448 + +* Wed Jul 29 2020 Zdenek Pytela - 3.14.3-50 +- Revert "Allow qemu-kvm read and write /dev/mapper/control" +This reverts commit f948eaf3d010215fc912e42013e4f88870279093. +- Allow smbd get attributes of device files labeled samba_share_t +Resolves: rhbz#1851816 +- Allow tomcat read user temporary files +Resolves: rhbz#1857675 +- Revert "Dontaudit and disallow sys_admin capability for keepalived_t domain" +Resolves: rhbz#1815281 +- Label /tmp/krb5_0.rcache2 with krb5_host_rcache_t +Resolves: rhbz#1848953 +- Allow auditd manage kerberos host rcache files +Resolves: rhbz#1855770 + * Thu Jul 09 2020 Zdenek Pytela - 3.14.3-49 - Additional support for keepalived running in a namespace Resolves: rhbz#1815281