diff --git a/.gitignore b/.gitignore index 9c20f8a..eeaaccf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-4646374.tar.gz -SOURCES/selinux-policy-contrib-3ea5231.tar.gz +SOURCES/selinux-policy-93ca24a.tar.gz +SOURCES/selinux-policy-contrib-9d51d06.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index b5771c2..aff5e9d 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -ef411248d42ced76bbb265cc8dbad21754e543bc SOURCES/container-selinux.tgz -4762890749afbb866a589f9adf6ff18925951650 SOURCES/selinux-policy-4646374.tar.gz -deb30dd93e805aa4c129ec9418dd452ba6ea8af1 SOURCES/selinux-policy-contrib-3ea5231.tar.gz +4a9a587fa8603d5d1475cfa4b14af977074f0117 SOURCES/container-selinux.tgz +6b106f89917b89eab74bfedbe9b9cf90f2fc7271 SOURCES/selinux-policy-93ca24a.tar.gz +178f844f4df2d469925f77324318a93266eacca6 SOURCES/selinux-policy-contrib-9d51d06.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 48d07f3..4fb9774 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 464637407b7bd6226bc1cbeb2afd7409ee3a8419 +%global commit0 93ca24a255e1d6e6f1b7fe46bec93eb76b4bd8df %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 3ea5231d3764b0c8d8576f92f14db89496780410 +%global commit1 9d51d067411e272b0f9bf8a7b98da35b6937ca3f %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 75%{?dist} +Release: 76%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -715,6 +715,34 @@ exit 0 %endif %changelog +* Tue Aug 10 2021 Zdenek Pytela - 3.14.3-76 +- Allow login_userdomain read and map /var/lib/systemd files +Resolves: rhbz#1965251 +- Allow sysadm acces to kernel module resources +Resolves: rhbz#1965251 +- Allow sysadm to read/write scsi files and manage shadow +Resolves: rhbz#1965251 +- Allow sysadm access to files_unconfined and bind rpc ports +Resolves: rhbz#1965251 +- Allow sysadm read and view kernel keyrings +Resolves: rhbz#1965251 +- Allow bootloader to read tuned etc files +Resolves: rhbz#1965251 +- Update the policy for systemd-journal-upload +Resolves: rhbz#1913414 +- Allow journal mmap and read var lib files +Resolves: rhbz#1965251 +- Allow tuned to read rhsmcertd config files +Resolves: rhbz#1965251 +- Allow bootloader to read tuned etc files +Resolves: rhbz#1965251 +- Confine rhsm service and rhsm-facts service as rhsmcertd_t +Resolves: rhbz#1846081 +- Allow virtlogd_t read process state of user domains +Resolves: rhbz#1797899 +- Allow cockpit_ws_t get attributes of fs_t filesystems +Resolves: rhbz#1979182 + * Thu Jul 29 2021 Zdenek Pytela - 3.14.3-75 - Add the unconfined_dgram_send() interface Resolves: rhbz#1978562