rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

* Wed Feb 24 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-4

Browse Source 
- iptables.fc: Add missing legacy entries
- iptables.fc: Remove some duplicate entries
- iptables.fc: Remove duplicate file context entries
- Allow libvirtd to create generic netlink sockets
- Allow libvirtd the fsetid capability
- Allow libvirtd to read /run/utmp
- Dontaudit sys_ptrace capability when calling systemctl
- Allow udisksd to read /dev/random
- Allow udisksd to watch files under /run/mount
- Allow udisksd to watch /etc
- Allow crond to watch user_cron_spool_t directories
- Allow accountsd watch xdm config directories
- Label /etc/avahi with avahi_conf_t
- Allow sssd get cgroup filesystems attributes and search cgroup dirs
- Allow systemd-hostnamed read udev runtime data
- Remove dev_getattr_sysfs_fs() interface calls for particular domains
- Allow domain stat the /sys filesystem
- Dontaudit NetworkManager write to initrc_tmp_t pipes
- policykit.te: Clean up watch rule for policykit_auth_t
- Revert further unnecessary watch rules
- Revert "Allow getty watch its private runtime files"
- Allow systemd watch generic /var directories
- Allow init watch network config files and lnk_files
- Allow systemd-sleep get attributes of fixed disk device nodes
- Complete initial policy for systemd-coredump
- Label SDC(scini) Dell Driver
- Allow upowerd to send syslog messages
- Remove the disk write permissions from tlp_t
- Label NVMe devices as fixed_disk_device_t
- Allow rhsmcertd bind tcp sockets to a generic node
- Allow systemd-importd manage machines.lock file
This commit is contained in:
Zdenek Pytela 2021-02-24 10:14:28 +01:00
parent aa1f535cb2
commit 2faa5c2293
2 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
selinux-policy.spec
View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources # github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy %global giturl https://github.com/fedora-selinux/selinux-policy
%global commit e4ea1e13059ac475c3f012a3f58cbf0b0e554164 %global commit feefaa074e75466aa75c29f17a3d83ac6ce004f0
%global shortcommit %(c=%{commit}; echo ${c:0:7}) %global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -24,7 +24,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.8 Version: 3.14.8
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf Source1: modules-targeted-base.conf
@ -792,6 +792,39 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Feb 24 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-4
- iptables.fc: Add missing legacy entries
- iptables.fc: Remove some duplicate entries
- iptables.fc: Remove duplicate file context entries
- Allow libvirtd to create generic netlink sockets
- Allow libvirtd the fsetid capability
- Allow libvirtd to read /run/utmp
- Dontaudit sys_ptrace capability when calling systemctl
- Allow udisksd to read /dev/random
- Allow udisksd to watch files under /run/mount
- Allow udisksd to watch /etc
- Allow crond to watch user_cron_spool_t directories
- Allow accountsd watch xdm config directories
- Label /etc/avahi with avahi_conf_t
- Allow sssd get cgroup filesystems attributes and search cgroup dirs
- Allow systemd-hostnamed read udev runtime data
- Remove dev_getattr_sysfs_fs() interface calls for particular domains
- Allow domain stat the /sys filesystem
- Dontaudit NetworkManager write to initrc_tmp_t pipes
- policykit.te: Clean up watch rule for policykit_auth_t
- Revert further unnecessary watch rules
- Revert "Allow getty watch its private runtime files"
- Allow systemd watch generic /var directories
- Allow init watch network config files and lnk_files
- Allow systemd-sleep get attributes of fixed disk device nodes
- Complete initial policy for systemd-coredump
- Label SDC(scini) Dell Driver
- Allow upowerd to send syslog messages
- Remove the disk write permissions from tlp_t
- Label NVMe devices as fixed_disk_device_t
- Allow rhsmcertd bind tcp sockets to a generic node
- Allow systemd-importd manage machines.lock file
* Tue Feb 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-3 * Tue Feb 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-3
- Allow unconfined integrity lockdown permission - Allow unconfined integrity lockdown permission
- Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined - Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined

4
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-e4ea1e1.tar.gz) = a672247aa1de8111062dac3e37ca5840e548175740eccb65ebe92bc6d3477227c0119981b3411491d100af601468c876f68de6ec02fbdfcb07ea7e276aa6cffb SHA512 (selinux-policy-feefaa0.tar.gz) = 5d0fe18dc0d345a4cf5673ce28f1abdbdbcc5c8b97bbaa553e036ca559dfa0610b62b07ee7045e8ebefe95dcf0ef865dc3e764804c4561505bd3c92ed6572055
SHA512 (container-selinux.tgz) = f8dc9a03dac5ac8efb775c61f4c8ac071a5fa2f33306a2ddad4ca6241e2241b9ff038e2ceb081c9d0785c3a1c7e0b8992f94bad3af11546597e2af1af4a979d5 SHA512 (container-selinux.tgz) = 4d92b9a5c23d9ac64bcb5c5578b14e6408f19156ba8d79cdb3b573ce602f9732c450564d6da3029484c9554de17c30dbb74921761f088abf20f6b3b513c7d53e
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4