diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf index 7f2c938..12d56ec 100644 --- a/modules-targeted-contrib.conf +++ b/modules-targeted-contrib.conf @@ -2691,3 +2691,10 @@ insights_client = module # stalld # stalld = module + +# Layer: contrib +# Module: rhcd +# +# rhcd +# +rhcd = module diff --git a/selinux-policy.spec b/selinux-policy.spec index 4085406..ebdc787 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit c19e4cb9a3f23f2b14c31c978627f9c486a369f4 +%global commit e485345b572121f09778da9c146cf1bcd22ae0cf %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 37.10 +Version: 37.11 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -816,6 +816,33 @@ exit 0 %endif %changelog +* Wed Sep 14 2022 Zdenek Pytela - 37.11-1 +- Allow tor get filesystem attributes +- Allow utempter append to login_userdomain stream +- Allow login_userdomain accept a stream connection to XDM +- Allow login_userdomain write to boltd named pipes +- Allow staff_u and user_u users write to bolt pipe +- Allow login_userdomain watch various directories +- Update rhcd policy for executing additional commands 5 +- Update rhcd policy for executing additional commands 4 +- Allow rhcd create rpm hawkey logs with correct label +- Allow systemd-gpt-auto-generator to check for empty dirs +- Update rhcd policy for executing additional commands 3 +- Allow journalctl read rhcd fifo files +- Update insights-client policy for additional commands execution 5 +- Allow init remount all file_type filesystems +- Confine insights-client systemd unit +- Update insights-client policy for additional commands execution 4 +- Allow pcp pmcd search tracefs and acct_data dirs +- Allow httpd read network sysctls +- Dontaudit domain map permission on directories +- Revert "Allow X userdomains to mmap user_fonts_cache_t dirs" +- Revert "Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)" +- Update insights-client policy for additional commands execution 3 +- Allow systemd permissions needed for sandboxed services +- Add rhcd module +- Make dependency on rpm-plugin-selinux unordered + * Fri Sep 02 2022 Zdenek Pytela - 37.10-1 - Allow ipsec_t read/write tpm devices - Allow rhcd execute all executables diff --git a/sources b/sources index 434f750..572600b 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-c19e4cb.tar.gz) = c94cce85023394a8825169dbdad94b91617c2b0ec83f2c27c42e3a97eedec6d574868c696288b84ee2754c2ae7d56fcb94eaf13bb7f69680351ab04b1236dabb -SHA512 (container-selinux.tgz) = 59ea54cc84bc74b45a9318d027ae36b3a0d49e1d0ca2ff740f63ab155e0382a095a213a36d50f6cf4d7aae916c2d86841eca4633a3675097b5bee6980f47251f +SHA512 (selinux-policy-e485345.tar.gz) = 9c25f7efa8d3f497f40bf5aeb180d588c794661b40b636a9adbf9d68d20a45dea0126f9b19eb0597e80c4486f9c13f882dc2733e34d5b81e0f5a575ce841f974 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = 8a837e3865b5a56530ce34e36c829f6ddd6ab02ab0a4e16f1b73ee7345efd19f5bee90846dc0ee5acf8c0173b99b1ae961726c7069c20fb8fc69f2dbbac49481