Import 135 released from CS
This commit is contained in:
parent
afa009bf11
commit
2a0889385e
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,3 +1,3 @@
|
|||||||
SOURCES/container-selinux.tgz
|
SOURCES/container-selinux.tgz
|
||||||
SOURCES/selinux-policy-552905c.tar.gz
|
SOURCES/selinux-policy-61dd8ba.tar.gz
|
||||||
SOURCES/selinux-policy-contrib-91c6683.tar.gz
|
SOURCES/selinux-policy-contrib-de23cff.tar.gz
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
bbb12996896e2ee34641583ae64503c3e3c186e0 SOURCES/container-selinux.tgz
|
bbb12996896e2ee34641583ae64503c3e3c186e0 SOURCES/container-selinux.tgz
|
||||||
ac42e4401f30f57e1ffea73fb82ba208d5f96c88 SOURCES/selinux-policy-552905c.tar.gz
|
28b3d418be6422cbc97283bf4295e6b81cd3e58d SOURCES/selinux-policy-61dd8ba.tar.gz
|
||||||
5ed5ccc182ac21e43920a7b1dcc17cd4fc1b7216 SOURCES/selinux-policy-contrib-91c6683.tar.gz
|
2a054f0b9270940e30817ae8b66d5f07721fb5c4 SOURCES/selinux-policy-contrib-de23cff.tar.gz
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 552905cb94a7790fb51586b7778d303be21692a4
|
%global commit0 61dd8ba370aedb16deafa02188ea920dd5378e6c
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 91c6683da692e18fea6e20aa37a34ba988746d6c
|
%global commit1 de23cffbbbbd97d50fa461217ef05e258f398c4b
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -29,7 +29,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.3
|
Version: 3.14.3
|
||||||
Release: 137%{?dist}
|
Release: 135%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||||
@ -443,7 +443,7 @@ mv %{buildroot}%{_usr}/share/man/man8/style.css %{buildroot}%{_usr}/share/selinu
|
|||||||
|
|
||||||
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
|
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
|
||||||
install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
||||||
sed -i 's/SELINUXPOLICYVERSION/%{version}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
sed -i 's/SELINUXPOLICYVERSION/%{version}-%{release}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
||||||
sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
||||||
|
|
||||||
|
|
||||||
@ -718,54 +718,6 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Feb 22 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-137
|
|
||||||
- Differentiate between staff and sysadm when executing crontab with sudo
|
|
||||||
Resolves: RHEL-1388
|
|
||||||
- Allow su domains write login records
|
|
||||||
Resolves: RHEL-2606
|
|
||||||
- Revert "Allow su domains write login records"
|
|
||||||
Resolves: RHEL-2606
|
|
||||||
- Add crontab_admin_domtrans interface
|
|
||||||
Resolves: RHEL-1388
|
|
||||||
- Allow gpg manage rpm cache
|
|
||||||
Resolves: RHEL-11249
|
|
||||||
|
|
||||||
* Thu Feb 15 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-136
|
|
||||||
- Transition from sudodomains to crontab_t when executing crontab_exec_t
|
|
||||||
Resolves: RHEL-1388
|
|
||||||
- Fix label of pseudoterminals created from sudodomain
|
|
||||||
Resolves: RHEL-1388
|
|
||||||
- Allow login_userdomain to manage session_dbusd_tmp_t dirs/files
|
|
||||||
Resolves: RHEL-22500
|
|
||||||
- Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t
|
|
||||||
Resolves: RHEL-23442
|
|
||||||
- Allow admin user read/write on fixed_disk_device_t
|
|
||||||
Resolves: RHEL-23434
|
|
||||||
- Only allow confined user domains to login locally without unconfined_login
|
|
||||||
Resolves: RHEL-1628
|
|
||||||
- Add userdom_spec_domtrans_confined_admin_users interface
|
|
||||||
Resolves: RHEL-1628
|
|
||||||
- Only allow admindomain to execute shell via ssh with ssh_sysadm_login
|
|
||||||
Resolves: RHEL-1628
|
|
||||||
- Add userdom_spec_domtrans_admin_users interface
|
|
||||||
Resolves: RHEL-1628
|
|
||||||
- Move ssh dyntrans to unconfined inside unconfined_login tunable policy
|
|
||||||
Resolves: RHEL-1628
|
|
||||||
- Allow utempter_t use ptmx
|
|
||||||
Resolves: RHEL-25002
|
|
||||||
- Dontaudit subscription manager setfscreate and read file contexts
|
|
||||||
Resolves: RHEL-21639
|
|
||||||
- Don't audit crontab_domain write attempts to user home
|
|
||||||
Resolves: RHEL-1388
|
|
||||||
- Add crontab_domtrans interface
|
|
||||||
Resolves: RHEL-1388
|
|
||||||
- Add dbus_manage_session_tmp_files interface
|
|
||||||
Resolves: RHEL-22500
|
|
||||||
- Allow httpd read network sysctls
|
|
||||||
Resolves: RHEL-22748
|
|
||||||
- Allow keepalived_unconfined_script_t dbus chat with init
|
|
||||||
Resolves: RHEL-22843
|
|
||||||
|
|
||||||
* Fri Jan 26 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-135
|
* Fri Jan 26 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-135
|
||||||
- Label /tmp/libdnf.* with user_tmp_t
|
- Label /tmp/libdnf.* with user_tmp_t
|
||||||
Resolves: RHEL-11249
|
Resolves: RHEL-11249
|
||||||
|
Loading…
Reference in New Issue
Block a user