* Tue Apr 27 2021 Zdenek Pytela <zpytela@redhat.com> - 34.4-1

- Allow domain create anonymous inodes - Add anon_inode class to the policy - Allow systemd-coredump getattr nsfs files and net_admin capability - Allow systemd-sleep transition to sysstat_t - Allow systemd-sleep transition to tlp_t - Allow systemd-sleep transition to unconfined_service_t on bin_t executables - Allow systemd-timedated watch runtime dir and its parent - Allow system dbusd read /var/lib symlinks - Allow unconfined_service_t confidentiality and integrity lockdown - Label /var/lib/brltty with brltty_var_lib_t - Allow domain and unconfined_domain_type watch /proc/PID dirs - Additional permission for confined users loging into graphic session - Make for screen fsetid/setuid/setgid permission conditional - Allow for confined users acces to wtmp and run utempter
2021-04-27 19:55:59 +02:00 · 2021-04-27 19:55:59 +02:00 · 2b76eb3833
commit 2b76eb3833
parent ab4d6094ae
2 changed files with 20 additions and 4 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit e08db953f4e4c662f62d1c8d3ec790c9d0833734
+%global commit 8a1746df03519636f179cc7bcc58029118822a8f
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.3
+Version: 34.4
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -796,6 +796,22 @@ exit 0
 %endif

 %changelog
+* Tue Apr 27 2021 Zdenek Pytela <zpytela@redhat.com> - 34.4-1
+- Allow domain create anonymous inodes
+- Add anon_inode class to the policy
+- Allow systemd-coredump getattr nsfs files and net_admin capability
+- Allow systemd-sleep transition to sysstat_t
+- Allow systemd -sleep transition to tlp_t
+- Allow systemd-sleep transition to unconfined_service_t on bin_t executables
+- Allow systemd-timedated watch runtime dir and its parent
+- Allow system dbusd read /var/lib symlinks
+- Allow unconfined_service_t confidentiality and integrity lockdown
+- Label /var/lib/brltty with brltty_var_lib_t
+- Allow domain and unconfined_domain_type watch /proc/PID dirs
+- Additional permission for confined users loging into graphic session
+- Make for screen fsetid/setuid/setgid permission conditional
+- Allow for confined users acces to wtmp and run utempter
+
 * Fri Apr 09 2021 Zdenek Pytela <zpytela@redhat.com> - 34.3-1
 - Label /etc/redis as redis_conf_t
 - Add brltty new permissions required by new upstream version
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-e08db95.tar.gz) = f62925deca730f50f0f35e5df400101c6797a3c28ba831275af3b36a3a9171f077d8a0b01e0037d0cfa943210b27386d599268088705dc1bc97937cba17a73d3
-SHA512 (container-selinux.tgz) = 6ffbfb27f709e1c3e1e372a1941303e52f5f7ae8d5cd1334ace51f81b68a05ca8b98fb79174d36add0634f12be85edfc50cccaab121943276f87bddb31ca942f
+SHA512 (selinux-policy-8a1746d.tar.gz) = cd17c3daf14cd86ea919e97979889a5111d720e7cc64336d1ff16846cda07b62a1834fd7b18b9ba50aa7f0fb4ec199ec86b2cc278175168266510a750453ce49
+SHA512 (container-selinux.tgz) = 7853f0e7012d1317eb8c0180ca15d8943013e712ee094e22919001b819f8d115adc601fd6ba50d5e17d90232573615319abdcc6407c0687f94be5300339044dc
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4