* Mon Feb 15 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-2

- Allow userdomain watch various filesystem objects - Allow systemd-logind and systemd-sleep integrity lockdown permission - Allow unconfined_t and kprop_t to create krb5_0.rcache2 with the right context - Allow pulseaudio watch devices and systemd-logind session dirs - Allow abrt-dump-journal-* watch generic log dirs and /run/log/journal dir - Remove duplicate files_mounton_etc(init_t) call - Add watch permissions to manage_* object permissions sets - Allow journalctl watch generic log dirs and /run/log/journal dir - Label /etc/resolv.conf as net_conf_t even when it's a symlink - Allow SSSD to watch /var/run/NetworkManager - Allow dnsmasq_t to watch /etc - Remove unnecessary lines from the new watch interfaces - Fix docstring for init_watch_dir() - Allow xdm watch its private lib dirs, /etc, /usr
2021-02-15 20:38:28 +01:00 · 2021-02-15 20:38:28 +01:00 · 15dc304d75
parent d558c4f1c7
commit 15dc304d75
2 changed files with 20 additions and 4 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117
+%global commit e82ad03883fec6968f07d229ce8720dd593ee72e
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -792,6 +792,22 @@ exit 0
 %endif

 %changelog
+* Mon Feb 15 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-2
+- Allow userdomain watch various filesystem objects
+- Allow systemd-logind and systemd-sleep integrity lockdown permission
+- Allow unconfined_t and kprop_t to create krb5_0.rcache2 with the right context
+- Allow pulseaudio watch devices and systemd-logind session dirs
+- Allow abrt-dump-journal-* watch generic log dirs and /run/log/journal dir
+- Remove duplicate files_mounton_etc(init_t) call
+- Add watch permissions to manage_* object permissions sets
+- Allow journalctl watch generic log dirs and /run/log/journal dir
+- Label /etc/resolv.conf as net_conf_t even when it's a symlink
+- Allow SSSD to watch /var/run/NetworkManager
+- Allow dnsmasq_t to watch /etc
+- Remove unnecessary lines from the new watch interfaces
+- Fix docstring for init_watch_dir()
+- Allow xdm watch its private lib dirs, /etc, /usr
+
 * Thu Feb 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-1
 - Bump version as Fedora 34 has been branched off rawhide
 - Allow xdm watch its private lib dirs, /etc, /usr
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725
-SHA512 (container-selinux.tgz) = 67b1a06c43f0779951471c9f36b14936168c0d0f5c9c0c929a499905ab3420b77e43661a39b8ca1b9a2926a7c7b699e0da6e2f2bf88ebd737a2dd67d05fbf88c
+SHA512 (selinux-policy-e82ad03.tar.gz) = d59dbb452e659f0b7eec45dfdd37c7adc9bd03efd8d179344aa8ef1b89d3b51df9c092cc28964db5724db8a23ee1736ba00be72178d9f4dc3fcbc61cbe3074d2
+SHA512 (container-selinux.tgz) = e6c8002a7c9be615f3352f85500b8855c9c1f8b611aef249f1e5eb1b67623ca77e77ed71cc59094b4a06ed328c7c68f0ad8b91846e1e4b6ea37807b49ebb8a9b
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4