rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import selinux-policy-3.14.3-108.el8

This commit is contained in:
CentOS Sources 2022-11-08 01:54:46 -05:00 committed by Stepan Oksanichenko
parent cd23a37542
commit 2caa19eb77
3 changed files with 236 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/container-selinux.tgz
SOURCES/selinux-policy-31a9744.tar.gz
SOURCES/selinux-policy-contrib-f659db9.tar.gz
SOURCES/selinux-policy-76d3f46.tar.gz
SOURCES/selinux-policy-contrib-f71a764.tar.gz

6
.selinux-policy.metadata
View File

@ -1,3 +1,3 @@
7e8924346f497afc19e9e727b431673b7a9d68a9 SOURCES/container-selinux.tgz
029927e86dab9c8acfb0f9ee90b7727537c7657b SOURCES/selinux-policy-31a9744.tar.gz
138acf482a7c4c350809c7b31c79294281be49db SOURCES/selinux-policy-contrib-f659db9.tar.gz
630fb93dc3f0c54c9bac3e9e29742b235e3d3226 SOURCES/container-selinux.tgz
868d9fd6e2fed0794a9a7b698586a5419d97cb7e SOURCES/selinux-policy-76d3f46.tar.gz
fe5e8136583726cb626ba6eacc7c148df57926a7 SOURCES/selinux-policy-contrib-f71a764.tar.gz

303
SPECS/selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 31a9744d4abf9817c82d29dd791b0439bd632852
%global commit0 76d3f46c6576aa301aef3702c1c30739f506691f
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 f659db9cce300873aabec1a11fcc39d69e043267
%global commit1 f71a76424ebaf8e8af3896bc758cfe10b9102892
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.3
Release: 95%{?dist}.4
Release: 108%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -148,7 +148,7 @@ SELinux policy development and man page package
%{_usr}/share/selinux/devel/Makefile
%{_usr}/share/selinux/devel/example.*
%{_usr}/share/selinux/devel/policy.*
%ghost %{_sharedstatedir}/sepolgen/interface_info
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/sepolgen/interface_info
%post devel
selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null
@ -717,92 +717,251 @@ exit 0
%endif
%changelog
* Mon Aug 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.4
- rebuild
Resolves: rhbz#2103606
* Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
- Allow unconfined_service_t insights client content filetrans
Resolves: rhbz#2119507
- Allow nsswitch_domain to connect to systemd-machined using a unix socket
Resolves: rhbz#2119507
- Add init_status_all_script_files() interface
Resolves: rhbz#2119507
- Add dev_dontaudit_write_raw_memory() and dev_read_vsock() interfaces
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 5
Resolves: rhbz#2119507
- Confine insights-client systemd unit
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 4
Resolves: rhbz#2119507
- Change rhsmcertd_t to insights_client_t in insights-client policy
Resolves: rhbz#2119507
- Allow insights-client send signull to unconfined_service_t
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 3
Resolves: rhbz#2119507
- Allow journalctl read init state
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 2
Resolves: rhbz#2119507
* Thu Aug 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.3
* Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107
- Label 319/udp port with ptp_event_port_t
Resolves: rhbz#2118628
- Allow unconfined and sysadm users transition for /root/.gnupg
Resolves: rhbz#2119507
- Add the kernel_read_proc_files() interface
Resolves: rhbz#2119507
- Add userdom_view_all_users_keys() interface
Resolves: rhbz#2119507
- Allow system_cronjob_t domtrans to rpm_script_t
Resolves: rhbz#2118362
- Allow smbd_t process noatsecure permission for winbind_rpcd_t
Resolves: rhbz#2117199
- Allow chronyd bind UDP sockets to ptp_event ports
Resolves: rhbz#2118628
- Allow samba-bgqd to read a printer list
Resolves: rhbz#2118958
- Add gpg_filetrans_admin_home_content() interface
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution
Resolves: rhbz#2119507
- Allow gpg read and write generic pty type
Resolves: rhbz#2119507
- Allow chronyc read and write generic pty type
Resolves: rhbz#2119507
- Disable rpm verification on interface_info
Resolves: rhbz#2119472
* Wed Aug 10 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-106
- Allow networkmanager to signal unconfined process
Resolves: rhbz#1918148
- Allow sa-update to get init status and start systemd files
Resolves: rhbz#2011239
- Allow samba-bgqd get a printer list
Resolves: rhbz#2114737
- Allow insights-client rpm named file transitions
Resolves: rhbz#2103606
Resolves: rhbz#2104913
- Add /var/tmp/insights-archive to insights_client_filetrans_named_content
Resolves: rhbz#2103606
Resolves: rhbz#2104913
- Use insights_client_filetrans_named_content
Resolves: rhbz#2103606
Resolves: rhbz#2104913
- Make default file context match with named transitions
Resolves: rhbz#2103606
Resolves: rhbz#2104913
- Allow rhsmcertd to read insights config files
Resolves: rhbz#2103606
Resolves: rhbz#2104913
- Label /etc/insights-client/machine-id
Resolves: rhbz#2103606
Resolves: rhbz#2104913
* Tue Jul 12 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.2
- Add the init_status_config_transient_files() interface
Resolves: rhbz#2103606
- Allow transition to insights_client named content
Resolves: rhbz#2103606
- Allow init_t to rw insights_client unnamed pipe
Resolves: rhbz#2103606
- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
Resolves: rhbz#2103606
- Add the gpg_manage_admin_home_content() interface
Resolves: rhbz#2103606
* Fri Jul 29 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-105
- Do not call systemd_userdbd_stream_connect() for winbind-rpcd
Resolves: rhbz#2108383
- Update winbind_rpcd_t
Resolves: rhbz#2108383
- Allow irqbalance file transition for pid sock_files and directories
Resolves: rhbz#2111916
- Update irqbalance runtime directory file context
Resolves: rhbz#2111916
* Tue Jun 28 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-104
- Update samba-dcerpcd policy for kerberos usage 2
Resolves: rhbz#2096825
* Mon Jun 27 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-103
- Allow domain read usermodehelper state information
Resolves: rhbz#2083504
- Remove all kernel_read_usermodehelper_state() interface calls
Resolves: rhbz#2083504
- Allow samba-dcerpcd work with sssd
Resolves: rhbz#2096825
- Allow winbind_rpcd_t connect to self over a unix_stream_socket
Resolves: rhbz#2096825
- Update samba-dcerpcd policy for kerberos usage
Resolves: rhbz#2096825
- Allow keepalived read the contents of the sysfs filesystem
Resolves: rhbz#2098189
- Update policy for samba-dcerpcd
Resolves: rhbz#2083504
- Remove all kernel_read_usermodehelper_state() interface calls 2/2
Resolves: rhbz#2083504
- Update insights_client_filetrans_named_content()
Resolves: rhbz#2103606
- Add the insights_client_filetrans_named_content() interface
Resolves: rhbz#2103606
- Update policy for insights-client to run additional commands 3
Resolves: rhbz#2103606
- Allow insights-client get status of the systemd transient scripts
Resolves: rhbz#2103606
- Allow insights-client execute its private memfd: objects
Resolves: rhbz#2103606
- Update policy for insights-client to run additional commands 2
Resolves: rhbz#2103606
- Do not call systemd_userdbd_stream_connect() for insights-client
Resolves: rhbz#2103606
- Use insights_client_tmp_t instead of insights_client_var_tmp_t
Resolves: rhbz#2103606
- Change space indentation to tab in insights-client
Resolves: rhbz#2103606
- Use socket permissions sets in insights-client
Resolves: rhbz#2103606
- Update policy for insights-client to run additional commands
Resolves: rhbz#2103606
- Change rpm_setattr_db_files() to use a pattern
Resolves: rhbz#2103606
- Add rpm setattr db files macro
Resolves: rhbz#2103606
- Fix insights client
Resolves: rhbz#2103606
- Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
Resolves: rhbz#2103606
- Allow insights-client manage gpg admin home content
Resolves: rhbz#2103606
- Label /var/cache/insights with insights_client_cache_t
Resolves: rhbz#2103606
- Allow insights-client search gconf homedir
Resolves: rhbz#2103606
- Allow insights-client create and use unix_dgram_socket
Resolves: rhbz#2103606
- Allow insights-client create_socket_perms for tcp/udp sockets
Resolves: rhbz#2103606
- Allow insights-client read rhnsd config files
Resolves: rhbz#2103606
- Allow insights-client search rhnsd configuration directory
Resolves: rhbz#2103606
Resolves: rhbz#2091117
* Thu Jun 09 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95.1
* Wed Jun 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-102
- Allow transition to insights_client named content
Resolves: rhbz#2091117
- Add the insights_client_filetrans_named_content() interface
Resolves: rhbz#2091117
- Update policy for insights-client to run additional commands 3
Resolves: rhbz#2091117
* Fri Jun 17 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-101
- Add the init_status_config_transient_files() interface
Resolves: rhbz#2091117
- Allow init_t to rw insights_client unnamed pipe
Resolves: rhbz#2091117
- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
Resolves: rhbz#2091117
- Allow insights-client get status of the systemd transient scripts
Resolves: rhbz#2091117
- Allow insights-client execute its private memfd: objects
Resolves: rhbz#2091117
- Update policy for insights-client to run additional commands 2
Resolves: rhbz#2091117
- Do not call systemd_userdbd_stream_connect() for insights-client
Resolves: rhbz#2091117
- Use insights_client_tmp_t instead of insights_client_var_tmp_t
Resolves: rhbz#2091117
- Change space indentation to tab in insights-client
Resolves: rhbz#2091117
- Use socket permissions sets in insights-client
Resolves: rhbz#2091117
- Update policy for insights-client to run additional commands
Resolves: rhbz#2091117
- Change rpm_setattr_db_files() to use a pattern
Resolves: rhbz#2091117
- Add rpm setattr db files macro
Resolves: rhbz#2091117
- Fix insights client
Resolves: rhbz#2091117
- Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
Resolves: rhbz#2091117
* Tue Jun 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-100
- Update logging_create_generic_logs() to use create_files_pattern()
Resolves: rhbz#2081907
- Add the auth_read_passwd_file() interface
Resolves: rhbz#2083504
- Allow auditd_t noatsecure for a transition to audisp_remote_t
Resolves: rhbz#2081907
- Add support for samba-dcerpcd
Resolves: rhbz#2083504
- Allow rhsmcertd create generic log files
Resolves: rhbz#1852086
- Allow ctdbd nlmsg_read on netlink_tcpdiag_socket
Resolves: rhbz#2090800
* Mon May 23 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-99
- Allow ifconfig_t domain to manage vmware logs
Resolves: rhbz#1721943
- Allow insights-client manage gpg admin home content
Resolves: rhbz#2060834
- Add the gpg_manage_admin_home_content() interface
Resolves: rhbz#2060834
- Label /var/cache/insights with insights_client_cache_t
Resolves: rhbz#2063195
- Allow insights-client search gconf homedir
Resolves: rhbz#2087069
- Allow insights-client create and use unix_dgram_socket
Resolves: rhbz#2087069
- Label more vdsm utils with virtd_exec_t
Resolves: rhbz#2095184
Resolves: rhbz#2063871
- Label /usr/libexec/vdsm/supervdsmd and vdsmd with virtd_exec_t
Resolves: rhbz#2063871
- Allow sblim-gatherd the kill capability
Resolves: rhbz#2082677
- Allow privoxy execmem
Resolves: rhbz#2083940
* Wed May 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-98
- Allow sysadm user execute init scripts with a transition
Resolves: rhbz#2039662
- Change invalid type redisd_t to redis_t in redis_stream_connect()
Resolves: rhbz#1897517
- Allow php-fpm write access to /var/run/redis/redis.sock
Resolves: rhbz#1897517
- Allow sssd read systemd-resolved runtime directory
Resolves: rhbz#2060721
- Allow postfix stream connect to cyrus through runtime socket
Resolves: rhbz#2066005
- Allow insights-client create_socket_perms for tcp/udp sockets
Resolves: rhbz#2073395
- Allow insights-client read rhnsd config files
Resolves: rhbz#2073395
- Allow sblim-sfcbd connect to sblim-reposd stream
Resolves: rhbz#2075810
- Allow rngd drop privileges via setuid/setgid/setcap
Resolves: rhbz#2076641
- Allow rngd_t domain to use nsswitch
Resolves: rhbz#2076641
* Fri Apr 22 2022 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-97
- Create macro corenet_icmp_bind_generic_node()
Resolves: rhbz#2070870
- Allow traceroute_t and ping_t to bind generic nodes.
Resolves: rhbz#2070870
- Allow administrative users the bpf capability
Resolves: rhbz#2070983
- Allow insights-client search rhnsd configuration directory
Resolves: rhbz#2073395
- Allow ntlm_auth read the network state information
Resolves: rhbz#2073349
- Allow keepalived setsched and sys_nice
Resolves: rhbz#2008033
- Revert "Allow administrative users the bpf capability"
Resolves: rhbz#2070983
* Thu Apr 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-96
- Add interface rpc_manage_exports
Resolves: rhbz#2062183
- Allow sshd read filesystem sysctl files
Resolves: rhbz#2061403
- Update targetd nfs & lvm
Resolves: rhbz#2062183
- Allow dhcpd_t domain to read network sysctls.
Resolves: rhbz#2059509
- Allow chronyd talk with unconfined user over unix domain dgram socket
Resolves: rhbz#2065313
- Allow fenced read kerberos key tables
Resolves: rhbz#1964839
* Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95
- Allow hostapd talk with unconfined user over unix domain dgram socket
Resolves: rhbz#2064284
Resolves: rhbz#2068007
* Thu Mar 10 2022 Nikola Knazekova nknazeko@redhat.com - 3.14.3-94
- Allow chronyd send a message to sosreport over datagram socket
- Allow systemd-logind dbus chat with sosreport
Resolves: rhbz#1949493
Resolves: rhbz#2062607
* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93
- Allow systemd-networkd dbus chat with sosreport