From 1f5673f9d0a117c42f292d19a8c7fa43dce82f99 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Thu, 6 Feb 2025 23:35:20 +0100 Subject: [PATCH] * Thu Feb 06 2025 Zdenek Pytela - 40.13.25-1 - Update ktlshd policy to read /proc/keys and domain keyrings Resolves: RHEL-42672 - Allow pcmsensor read nmi_watchdog state information Resolves: RHEL-52838 - Support peer-to-peer migration of vms using ssh Resolves: RHEL-77351 - Allow virt_domain read hardware state information unconditionally Resolves: RHEL-71270 - Allow timemaster write to sysfs files Resolves: RHEL-44637 - Allow virtqemud map svirt_image_t plain files Resolves: RHEL-40080 - Allow virtqemud unmount a filesystem with extended attributes Resolves: RHEL-40080 - Allow virtqemud work with nvdimm devices Resolves: RHEL-71656 - Update virtqemud policy regarding the svirt_tcg_t domain Resolves: RHEL-71270 - Allow virtqemud use hostdev usb devices conditionally Resolves: RHEL-74230 - Support saving and restoring a VM to/from a block device Resolves: RHEL-76138 - Allow virtnwfilterd dbus chat with firewalld Resolves: RHEL-76138 - Allow virt_domain to use pulseaudio - conditional Resolves: RHEL-62763 - Allow virtstoraged write to sysfs files Resolves: RHEL-44637 - Allow irqbalance to run unconfined scripts conditionally Resolves: RHEL-54019 - Allow rhsmcertd notify virt-who Resolves: RHEL-77114 - Allow init mounton crypto sysctl files Resolves: RHEL-56250 --- changelog | 36 ++++++++++++++++++++++++++++++++++++ selinux-policy.spec | 4 ++-- sources | 4 ++-- 3 files changed, 40 insertions(+), 4 deletions(-) diff --git a/changelog b/changelog index 58231b34..570ac245 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,39 @@ +* Thu Feb 06 2025 Zdenek Pytela - 40.13.25-1 +- Update ktlshd policy to read /proc/keys and domain keyrings +Resolves: RHEL-42672 +- Allow pcmsensor read nmi_watchdog state information +Resolves: RHEL-52838 +- Support peer-to-peer migration of vms using ssh +Resolves: RHEL-77351 +- Allow virt_domain read hardware state information unconditionally +Resolves: RHEL-71270 +- Allow timemaster write to sysfs files +Resolves: RHEL-44637 +- Allow virtqemud map svirt_image_t plain files +Resolves: RHEL-40080 +- Allow virtqemud unmount a filesystem with extended attributes +Resolves: RHEL-40080 +- Allow virtqemud work with nvdimm devices +Resolves: RHEL-71656 +- Update virtqemud policy regarding the svirt_tcg_t domain +Resolves: RHEL-71270 +- Allow virtqemud use hostdev usb devices conditionally +Resolves: RHEL-74230 +- Support saving and restoring a VM to/from a block device +Resolves: RHEL-76138 +- Allow virtnwfilterd dbus chat with firewalld +Resolves: RHEL-76138 +- Allow virt_domain to use pulseaudio - conditional +Resolves: RHEL-62763 +- Allow virtstoraged write to sysfs files +Resolves: RHEL-44637 +- Allow irqbalance to run unconfined scripts conditionally +Resolves: RHEL-54019 +- Allow rhsmcertd notify virt-who +Resolves: RHEL-77114 +- Allow init mounton crypto sysctl files +Resolves: RHEL-56250 + * Mon Jan 27 2025 Zdenek Pytela - 40.13.24-1 - Allow systemd-generator connect to syslog over a unix datagram socket Resolves: RHEL-75879 diff --git a/selinux-policy.spec b/selinux-policy.spec index d5879691..d229fe9e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -5,7 +5,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit f13cb453322580ba0fcf31157b3e6dd83c81c5d9 +%global commit 93ce705ccc0021a4b16df9d15b34b0f12edc0f1d %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -17,7 +17,7 @@ %define CHECKPOLICYVER 3.8 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.13.24 +Version: 40.13.25 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz diff --git a/sources b/sources index 5a9cd1ad..c25fe466 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-f13cb45.tar.gz) = 0d78bda93ec6204e2e28995640bc5036407ecb18b8306ddb59995b84f5d960b7b5ecb362b5031cc53c5228abb5b3b3ac716bcf4beb88560d29bc2f228b22a9b3 +SHA512 (selinux-policy-93ce705.tar.gz) = 284644b2f7f2dc8127fe18c1457730ea17d4ef3e7c9182e896d6ba00561aeb09ac9bb1170e9f8ff12dd231dfd1f60d6d7964655665d0f6589588f5b82c1d661c SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 28ab5fd91690607d56a47a57844faf8b6ba38799d40291ab05c31bed7d8dbc6e89d8f4c7f07cb44ed56f8871d11800e14210757141d9765bc8e861fdf00f770f +SHA512 (container-selinux.tgz) = 4246770978a80ac9d4e4047b0d36912a1338491c258a81f22837f59a738d506505ae1d29296e22518d88516b623ad2ce0f99ea32d0bc0566db5d028cad91afb9