From 1b1eb8edb49f2d549ae7879bb541e90dd2aeb326 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Fri, 4 Aug 2023 16:16:26 +0200 Subject: [PATCH] * Fri Aug 04 2023 Zdenek Pytela - 3.14.3-125 - Allow user_u and staff_u get attributes of non-security dirs Resolves: rhbz#2216151 - Allow unconfined user filetrans chrome_sandbox_home_t 1/2 Resolves: rhbz#2221573 - Allow unconfined user filetrans chrome_sandbox_home_t 2/2 Resolves: rhbz#2221573 - Allow insights-client execmem Resolves: rhbz#2225233 - Allow svnserve execute postdrop with a transition Resolves: rhbz#2004843 - Do not make postfix_postdrop_t type an MTA executable file Resolves: rhbz#2004843 - Allow samba-dcerpc service manage samba tmp files Resolves: rhbz#2210771 - Update samba-dcerpc policy for printing Resolves: rhbz#2210771 --- .gitignore | 2 ++ selinux-policy.spec | 24 +++++++++++++++++++++--- sources | 6 +++--- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 2bb1fc62..dbe65737 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,5 @@ SOURCES/selinux-policy-contrib-c6da44c.tar.gz /selinux-policy-contrib-595dfde.tar.gz /selinux-policy-c6ff36f.tar.gz /selinux-policy-contrib-8dc6e4c.tar.gz +/selinux-policy-e552306.tar.gz +/selinux-policy-contrib-b02d4cb.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index cf01258d..2a44e567 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 c6ff36ffd9294bfdc2a77b9a010dd9a6d09bf473 +%global commit0 e5523064d8d7cd26f641091edbc37b4747396175 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 8dc6e4cecd052fa44fc1c5f0b4fb52139300526d +%global commit1 b02d4cb3b716adeb862550e41757e1ee6c40beaa %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 124%{?dist} +Release: 125%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -718,6 +718,24 @@ exit 0 %endif %changelog +* Fri Aug 04 2023 Zdenek Pytela - 3.14.3-125 +- Allow user_u and staff_u get attributes of non-security dirs +Resolves: rhbz#2216151 +- Allow unconfined user filetrans chrome_sandbox_home_t 1/2 +Resolves: rhbz#2221573 +- Allow unconfined user filetrans chrome_sandbox_home_t 2/2 +Resolves: rhbz#2221573 +- Allow insights-client execmem +Resolves: rhbz#2225233 +- Allow svnserve execute postdrop with a transition +Resolves: rhbz#2004843 +- Do not make postfix_postdrop_t type an MTA executable file +Resolves: rhbz#2004843 +- Allow samba-dcerpc service manage samba tmp files +Resolves: rhbz#2210771 +- Update samba-dcerpc policy for printing +Resolves: rhbz#2210771 + * Thu Jul 20 2023 Zdenek Pytela - 3.14.3-124 - Add the files_getattr_non_auth_dirs() interface Resolves: rhbz#2076937 diff --git a/sources b/sources index 7b942cea..72e9b62d 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-c6ff36f.tar.gz) = 15826aee744a35ef888bdf9407b0f0b99ead0d81c9c84981a30ddcf20f980f3afaeee18a4c82e74066f1ea6f18b41eaf2672f940b005fadca03dd3c6d902b8a9 -SHA512 (selinux-policy-contrib-8dc6e4c.tar.gz) = 05fd6fd7456275a55674569fca8e637ea2f804dd1e0b71ca33a2bfb6354d3643dba6c7096659e4a77920c15de7d2b8dacb084ab88aebedd47def1a5f08686c1c +SHA512 (selinux-policy-e552306.tar.gz) = 5370529c67dfb0a7518b8bc7f56ea73914b521564801be67f099d1feff064e92c1f2975896770ec034fcd1f2f3d3762eca6beb5c93bbf2ef7a1a4a01000c065c +SHA512 (selinux-policy-contrib-b02d4cb.tar.gz) = 82245c994557cf66542c76a9ea9c7545965f32948f46fd031bbd19b9c9e5f593bf47bc877d7e20e011265ded1be5f8fa3fcca650c4514573e7536ea59a9b8de1 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = f6964fbc509c1c52486689b4ba02f07c0e5a173afa7ea20135ffef97cc01344e52de948dc6b6122776b1d0228fc396bb8e8cacfede5c02a0f4972090c330880c +SHA512 (container-selinux.tgz) = f662eb2eca9f48598984a8a2d60b13102116752ed51591b097536d5e65fc432c604d056e38fba487036c1e7e8cf65a31ac0756dca7a663b08b0e53b1fb6f61d6