diff --git a/.gitignore b/.gitignore index 8c4174a..1e4fce9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-contrib-fd10e7c.tar.gz -SOURCES/selinux-policy-db25c0e.tar.gz +SOURCES/selinux-policy-8d1a96d.tar.gz +SOURCES/selinux-policy-contrib-f3211b5.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index f9fba18..1174075 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -96c4e7788edd3c312cf691480a58bb403d0a13ef SOURCES/container-selinux.tgz -b3cd1635dfa8d9c1e2a207cad5df4682771d85b6 SOURCES/selinux-policy-contrib-fd10e7c.tar.gz -4ddf11da780b6eaa124536869c85baec229640c1 SOURCES/selinux-policy-db25c0e.tar.gz +06478bf63e74d423c31bb0c53edf719f7df63ddc SOURCES/container-selinux.tgz +832cd73e46beab5d8046c7b3a5754c645edd1634 SOURCES/selinux-policy-8d1a96d.tar.gz +eb1855b018df25e33ef7234048c32acc58d4df0b SOURCES/selinux-policy-contrib-f3211b5.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 59e5256..186c4cd 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 db25c0eff1c59aff96dd7d14e5d3043dae2aee9e +%global commit0 8d1a96d5f0e72ebf7a3f5f5930db644af91e4abe %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 fd10e7cb92ddfd82248e1c8f5f68eadfbd74b4f7 +%global commit1 f3211b540925d040fb1d21b4ff33ea65119169a6 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 54%{?dist} +Release: 56%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -715,6 +715,38 @@ exit 0 %endif %changelog +* Thu Nov 12 2020 Zdenek Pytela - 3.14.3-56 +- Let keepalived bind a raw socket +Resolves: rhbz#1895130 +- Add fetchmail_uidl_cache_t type for /var/mail/.fetchmail.pid +Resolves: rhbz#1853389 +- Allow arpwatch create and use rdma socket +Resolves: rhbz#1843409 +- Set correct default file context for /usr/libexec/pcp/lib/* +Resolves: rhbz#1886369 +- Allow systemd-logind manage efivarfs files +Resolves: rhbz#1869979 +- Allow systemd_resolved_t to read efivarfs +Resolves: rhbz#1869979 +- Allow systemd_modules_load_t to read efivarfs +Resolves: rhbz#1869979 +- Allow read efivarfs_t files by domains executing systemctl file +Resolves: rhbz#1869979 +- Introduce systemd_read_efivarfs_type attribute +Resolves: rhbz#1869979 + +* Mon Oct 26 2020 Zdenek Pytela - 3.14.3-55 +- Allow init dbus chat with kernel +Resolves: rhbz#1694681 +- Confine systemd-sleep service +Resolves: rhbz#1850177 +- Add default file context for /usr/libexec/pcp/lib/* +Resolves: rhbz#1886369 +- Allow rtkit_daemon_t to uise sys_ptrace usernamespace capability +Resolves: rhbz#1873658 +- Add fstools_rw_swap_files() interface +Resolves: rhbz#1850177 + * Thu Sep 17 2020 Zdenek Pytela - 3.14.3-54 - Allow plymouth sys_chroot capability Resolves: rhbz#1869814