* Mon Nov 21 2022 Zdenek Pytela <zpytela@redhat.com> - 38.1-1

- Revert "Allow sysadm_t read raw memory devices" - Allow systemd-socket-proxyd get attributes of cgroup filesystems - Allow rpc.gssd read network sysctls - Allow winbind-rpcd get attributes of device and pty filesystems - Allow insights-client domain transition on semanage execution - Allow insights-client create gluster log dir with a transition - Allow insights-client manage generic locks - Allow insights-client unix_read all domain semaphores - Add domain_unix_read_all_semaphores() interface - Allow winbind-rpcd use the terminal multiplexor - Allow mrtg send mails - Allow systemd-hostnamed dbus chat with init scripts - Allow sssd dbus chat with system cronjobs - Add interface to watch all filesystems - Add watch_sb interfaces - Add watch interfaces - Allow dhcpd bpf capability to run bpf programs - Allow netutils and traceroute bpf capability to run bpf programs - Allow pkcs_slotd_t bpf capability to run bpf programs - Allow xdm bpf capability to run bpf programs - Allow pcscd bpf capability to run bpf programs - Allow lldpad bpf capability to run bpf programs - Allow keepalived bpf capability to run bpf programs - Allow ipsec bpf capability to run bpf programs - Allow fprintd bpf capability to run bpf programs - Allow systemd-socket-proxyd get filesystems attributes - Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files
2022-11-21 17:04:56 +01:00 · 2022-11-21 17:04:56 +01:00 · 17a6cf70e4
commit 17a6cf70e4
parent 5448967b7c
3 changed files with 41 additions and 5 deletions
--- a/modules-targeted-contrib.conf
+++ b/modules-targeted-contrib.conf
@ -2684,3 +2684,10 @@ stalld = module
 # rhcd
 #
 rhcd = module
+
+# Layer: contrib
+# Module: wireguard
+#
+# wireguard
+#
+wireguard = module
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit c0f6c3be2b0059221dfc086ceb0632ad726fa34d
+%global commit 3c80e8b26a1ff6f8f282169e0971e705daddb01a
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 37.14
+Version: 38.1
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -143,7 +143,7 @@ and some additional files.
 %dir %{_datadir}/selinux/devel
 %dir %{_datadir}/selinux/devel/include
 %{_datadir}/selinux/devel/include/*
-%exclude %{_datadir}/selinux/devel/include/container.if
+%exclude %{_datadir}/selinux/devel/include/contrib/container.if
 %dir %{_datadir}/selinux/devel/html
 %{_datadir}/selinux/devel/html/*html
 %{_datadir}/selinux/devel/html/*css
@ -816,6 +816,35 @@ exit 0
 %endif

 %changelog
+* Mon Nov 21 2022 Zdenek Pytela <zpytela@redhat.com> - 38.1-1
+- Revert "Allow sysadm_t read raw memory devices"
+- Allow systemd-socket-proxyd get attributes of cgroup filesystems
+- Allow rpc.gssd read network sysctls
+- Allow winbind-rpcd get attributes of device and pty filesystems
+- Allow insights-client domain transition on semanage execution
+- Allow insights-client create gluster log dir with a transition
+- Allow insights-client manage generic locks
+- Allow insights-client unix_read all domain semaphores
+- Add domain_unix_read_all_semaphores() interface
+- Allow winbind-rpcd use the terminal multiplexor
+- Allow mrtg send mails
+- Allow systemd-hostnamed dbus chat with init scripts
+- Allow sssd dbus chat with system cronjobs
+- Add interface to watch all filesystems
+- Add watch_sb interfaces
+- Add watch interfaces
+- Allow dhcpd bpf capability to run bpf programs
+- Allow netutils and traceroute bpf capability to run bpf programs
+- Allow pkcs_slotd_t bpf capability to run bpf programs
+- Allow xdm bpf capability to run bpf programs
+- Allow pcscd bpf capability to run bpf programs
+- Allow lldpad bpf capability to run bpf programs
+- Allow keepalived bpf capability to run bpf programs
+- Allow ipsec bpf capability to run bpf programs
+- Allow fprintd bpf capability to run bpf programs
+- Allow systemd-socket-proxyd get filesystems attributes
+- Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files
+
 * Mon Oct 31 2022 Zdenek Pytela <zpytela@redhat.com> - 37.14-1
 - Allow rotatelogs read httpd_log_t symlinks
 - Add winbind-rpcd to samba_enable_home_dirs boolean
--- a/4
+++ b/4
@ -1,3 +1,3 @@
+SHA512 (selinux-policy-3c80e8b.tar.gz) = c3d9e981d8f9ad4d749b70ed3cd7e84bb4951f1e0b8d90e0062111dc43514f47f9c61da1f48b3693843286ddb864ee9c80052b9d9ac7e8a7d581a4fa1f8fb173
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = cb79b7d59e67efc94165023b826df2f18ee0e2ed6e8d39831f79188f954f810d952d3aae128172377cfdc7bb775bb96e8756d828bbb314cbd49d600b1aaed8d1
-SHA512 (selinux-policy-c0f6c3b.tar.gz) = b72b31a14232ee2b5c58475437384532b4da89cdaf3e3a01977b5e145aad81d8ebbd7396112776593b2ba9e94e85b66cee053782a3a75ccbb2b2d1a336a8117c
+SHA512 (container-selinux.tgz) = 20f368b761fcd01c5ca9b7f9e0be7b5b805727a28eb07d16e8b2e678251afdc90d26cc8145972e8db16ed619833185e57e01d55161a2f75e68e4535c513153b2