From 2a0889385ef336cdee18d70e7abbb82a2ce0b768 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 11 Apr 2024 12:07:58 +0300 Subject: [PATCH] Import 135 released from CS --- .gitignore | 4 +-- .selinux-policy.metadata | 4 +-- SPECS/selinux-policy.spec | 56 +++------------------------------------ 3 files changed, 8 insertions(+), 56 deletions(-) diff --git a/.gitignore b/.gitignore index 00e79ce..4022bbd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-552905c.tar.gz -SOURCES/selinux-policy-contrib-91c6683.tar.gz +SOURCES/selinux-policy-61dd8ba.tar.gz +SOURCES/selinux-policy-contrib-de23cff.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index a55c999..048d443 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ bbb12996896e2ee34641583ae64503c3e3c186e0 SOURCES/container-selinux.tgz -ac42e4401f30f57e1ffea73fb82ba208d5f96c88 SOURCES/selinux-policy-552905c.tar.gz -5ed5ccc182ac21e43920a7b1dcc17cd4fc1b7216 SOURCES/selinux-policy-contrib-91c6683.tar.gz +28b3d418be6422cbc97283bf4295e6b81cd3e58d SOURCES/selinux-policy-61dd8ba.tar.gz +2a054f0b9270940e30817ae8b66d5f07721fb5c4 SOURCES/selinux-policy-contrib-de23cff.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 12d1ebe..c964898 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 552905cb94a7790fb51586b7778d303be21692a4 +%global commit0 61dd8ba370aedb16deafa02188ea920dd5378e6c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 91c6683da692e18fea6e20aa37a34ba988746d6c +%global commit1 de23cffbbbbd97d50fa461217ef05e258f398c4b %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 137%{?dist} +Release: 135%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -443,7 +443,7 @@ mv %{buildroot}%{_usr}/share/man/man8/style.css %{buildroot}%{_usr}/share/selinu mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy -sed -i 's/SELINUXPOLICYVERSION/%{version}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy +sed -i 's/SELINUXPOLICYVERSION/%{version}-%{release}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy @@ -718,54 +718,6 @@ exit 0 %endif %changelog -* Thu Feb 22 2024 Zdenek Pytela - 3.14.3-137 -- Differentiate between staff and sysadm when executing crontab with sudo -Resolves: RHEL-1388 -- Allow su domains write login records -Resolves: RHEL-2606 -- Revert "Allow su domains write login records" -Resolves: RHEL-2606 -- Add crontab_admin_domtrans interface -Resolves: RHEL-1388 -- Allow gpg manage rpm cache -Resolves: RHEL-11249 - -* Thu Feb 15 2024 Zdenek Pytela - 3.14.3-136 -- Transition from sudodomains to crontab_t when executing crontab_exec_t -Resolves: RHEL-1388 -- Fix label of pseudoterminals created from sudodomain -Resolves: RHEL-1388 -- Allow login_userdomain to manage session_dbusd_tmp_t dirs/files -Resolves: RHEL-22500 -- Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t -Resolves: RHEL-23442 -- Allow admin user read/write on fixed_disk_device_t -Resolves: RHEL-23434 -- Only allow confined user domains to login locally without unconfined_login -Resolves: RHEL-1628 -- Add userdom_spec_domtrans_confined_admin_users interface -Resolves: RHEL-1628 -- Only allow admindomain to execute shell via ssh with ssh_sysadm_login -Resolves: RHEL-1628 -- Add userdom_spec_domtrans_admin_users interface -Resolves: RHEL-1628 -- Move ssh dyntrans to unconfined inside unconfined_login tunable policy -Resolves: RHEL-1628 -- Allow utempter_t use ptmx -Resolves: RHEL-25002 -- Dontaudit subscription manager setfscreate and read file contexts -Resolves: RHEL-21639 -- Don't audit crontab_domain write attempts to user home -Resolves: RHEL-1388 -- Add crontab_domtrans interface -Resolves: RHEL-1388 -- Add dbus_manage_session_tmp_files interface -Resolves: RHEL-22500 -- Allow httpd read network sysctls -Resolves: RHEL-22748 -- Allow keepalived_unconfined_script_t dbus chat with init -Resolves: RHEL-22843 - * Fri Jan 26 2024 Zdenek Pytela - 3.14.3-135 - Label /tmp/libdnf.* with user_tmp_t Resolves: RHEL-11249