* Mon Feb 05 2024 Zdenek Pytela <zpytela@redhat.com> - 40.11-1
- Replace init domtrans rule for confined users to allow exec init - Update dbus_role_template() to allow user service status - Allow polkit status all systemd services - Allow setroubleshootd create and use inherited io_uring - Allow load_policy read and write generic ptys - Allow gpg manage rpm cache - Allow login_userdomain name_bind to howl and xmsg udp ports - Allow rules for confined users logged in plasma - Label /dev/iommu with iommu_device_t - Remove duplicate file context entries in /run - Dontaudit getty and plymouth the checkpoint_restore capability - Allow su domains write login records - Revert "Allow su domains write login records" - Allow login_userdomain delete session dbusd tmp socket files - Allow unix dgram sendto between exim processes - Allow su domains write login records - Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on
This commit is contained in:
parent
ac73b2b07b
commit
0ec128677b
@ -1,6 +1,6 @@
|
|||||||
# github repo with selinux-policy sources
|
# github repo with selinux-policy sources
|
||||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit 210bb812c1d727318cf8d977b5440437135f02a0
|
%global commit 20114105ce9cccef6775736565f449c27c4a669e
|
||||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -23,7 +23,7 @@
|
|||||||
%define CHECKPOLICYVER 3.2
|
%define CHECKPOLICYVER 3.2
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 40.10
|
Version: 40.11
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
@ -814,6 +814,25 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 05 2024 Zdenek Pytela <zpytela@redhat.com> - 40.11-1
|
||||||
|
- Replace init domtrans rule for confined users to allow exec init
|
||||||
|
- Update dbus_role_template() to allow user service status
|
||||||
|
- Allow polkit status all systemd services
|
||||||
|
- Allow setroubleshootd create and use inherited io_uring
|
||||||
|
- Allow load_policy read and write generic ptys
|
||||||
|
- Allow gpg manage rpm cache
|
||||||
|
- Allow login_userdomain name_bind to howl and xmsg udp ports
|
||||||
|
- Allow rules for confined users logged in plasma
|
||||||
|
- Label /dev/iommu with iommu_device_t
|
||||||
|
- Remove duplicate file context entries in /run
|
||||||
|
- Dontaudit getty and plymouth the checkpoint_restore capability
|
||||||
|
- Allow su domains write login records
|
||||||
|
- Revert "Allow su domains write login records"
|
||||||
|
- Allow login_userdomain delete session dbusd tmp socket files
|
||||||
|
- Allow unix dgram sendto between exim processes
|
||||||
|
- Allow su domains write login records
|
||||||
|
- Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on
|
||||||
|
|
||||||
* Wed Jan 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.10-1
|
* Wed Jan 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.10-1
|
||||||
- Allow chronyd-restricted read chronyd key files
|
- Allow chronyd-restricted read chronyd key files
|
||||||
- Allow conntrackd_t to use bpf capability2
|
- Allow conntrackd_t to use bpf capability2
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-210bb81.tar.gz) = 90f56160f3e80279188843540b684bb33acf0e6ca9ba006378e2709f2cef49284c7cce69e7842ab14a89a07ddd130bbf89485ed6abbb4e9f81e07fe0f93203e7
|
SHA512 (selinux-policy-2011410.tar.gz) = bbc50497b5a551a20f65271ca2df2c010a0c63b1dcc0e069870aba888c0bb86f15275f2636a1dcc5a321d56060ab323452d0f02d6dd3da13b938cd8d9bff0b5b
|
||||||
|
SHA512 (container-selinux.tgz) = f8ad7e38fd170f5ee4b8fa3d2c4052ec3e80d3bc06a4d42f80ade040c8fefad2c76230cfadd7580d11a5349ba95bc819d5681f9e5df83330676e34896ac458fe
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
SHA512 (container-selinux.tgz) = 2e5cbc50bd81ac51c35da8563a292c7c2dbbad4d82de2470d2db825e472ab33b5d86fb71714bbe53764ed705c1710f7f646789ad1a4a04dabfd99c33bf9cb4b7
|
|
||||||
|
Loading…
Reference in New Issue
Block a user