* Wed Feb 24 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-4
- iptables.fc: Add missing legacy entries - iptables.fc: Remove some duplicate entries - iptables.fc: Remove duplicate file context entries - Allow libvirtd to create generic netlink sockets - Allow libvirtd the fsetid capability - Allow libvirtd to read /run/utmp - Dontaudit sys_ptrace capability when calling systemctl - Allow udisksd to read /dev/random - Allow udisksd to watch files under /run/mount - Allow udisksd to watch /etc - Allow crond to watch user_cron_spool_t directories - Allow accountsd watch xdm config directories - Label /etc/avahi with avahi_conf_t - Allow sssd get cgroup filesystems attributes and search cgroup dirs - Allow systemd-hostnamed read udev runtime data - Remove dev_getattr_sysfs_fs() interface calls for particular domains - Allow domain stat the /sys filesystem - Dontaudit NetworkManager write to initrc_tmp_t pipes - policykit.te: Clean up watch rule for policykit_auth_t - Revert further unnecessary watch rules - Revert "Allow getty watch its private runtime files" - Allow systemd watch generic /var directories - Allow init watch network config files and lnk_files - Allow systemd-sleep get attributes of fixed disk device nodes - Complete initial policy for systemd-coredump - Label SDC(scini) Dell Driver - Allow upowerd to send syslog messages - Remove the disk write permissions from tlp_t - Label NVMe devices as fixed_disk_device_t - Allow rhsmcertd bind tcp sockets to a generic node - Allow systemd-importd manage machines.lock file
This commit is contained in:
Zdenek Pytela
parent
aa1f535cb2
commit
2faa5c2293
@ -1,6 +1,6 @@
|
||||
# github repo with selinux-policy sources
|
||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit e4ea1e13059ac475c3f012a3f58cbf0b0e554164
|
||||
%global commit feefaa074e75466aa75c29f17a3d83ac6ce004f0
|
||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -24,7 +24,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.8
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||
Source1: modules-targeted-base.conf
|
||||
@ -792,6 +792,39 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 24 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-4
|
||||
- iptables.fc: Add missing legacy entries
|
||||
- iptables.fc: Remove some duplicate entries
|
||||
- iptables.fc: Remove duplicate file context entries
|
||||
- Allow libvirtd to create generic netlink sockets
|
||||
- Allow libvirtd the fsetid capability
|
||||
- Allow libvirtd to read /run/utmp
|
||||
- Dontaudit sys_ptrace capability when calling systemctl
|
||||
- Allow udisksd to read /dev/random
|
||||
- Allow udisksd to watch files under /run/mount
|
||||
- Allow udisksd to watch /etc
|
||||
- Allow crond to watch user_cron_spool_t directories
|
||||
- Allow accountsd watch xdm config directories
|
||||
- Label /etc/avahi with avahi_conf_t
|
||||
- Allow sssd get cgroup filesystems attributes and search cgroup dirs
|
||||
- Allow systemd-hostnamed read udev runtime data
|
||||
- Remove dev_getattr_sysfs_fs() interface calls for particular domains
|
||||
- Allow domain stat the /sys filesystem
|
||||
- Dontaudit NetworkManager write to initrc_tmp_t pipes
|
||||
- policykit.te: Clean up watch rule for policykit_auth_t
|
||||
- Revert further unnecessary watch rules
|
||||
- Revert "Allow getty watch its private runtime files"
|
||||
- Allow systemd watch generic /var directories
|
||||
- Allow init watch network config files and lnk_files
|
||||
- Allow systemd-sleep get attributes of fixed disk device nodes
|
||||
- Complete initial policy for systemd-coredump
|
||||
- Label SDC(scini) Dell Driver
|
||||
- Allow upowerd to send syslog messages
|
||||
- Remove the disk write permissions from tlp_t
|
||||
- Label NVMe devices as fixed_disk_device_t
|
||||
- Allow rhsmcertd bind tcp sockets to a generic node
|
||||
- Allow systemd-importd manage machines.lock file
|
||||
|
||||
* Tue Feb 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-3
|
||||
- Allow unconfined integrity lockdown permission
|
||||
- Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined
|
||||
|
||||
4
sources
4
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (selinux-policy-e4ea1e1.tar.gz) = a672247aa1de8111062dac3e37ca5840e548175740eccb65ebe92bc6d3477227c0119981b3411491d100af601468c876f68de6ec02fbdfcb07ea7e276aa6cffb
|
||||
SHA512 (container-selinux.tgz) = f8dc9a03dac5ac8efb775c61f4c8ac071a5fa2f33306a2ddad4ca6241e2241b9ff038e2ceb081c9d0785c3a1c7e0b8992f94bad3af11546597e2af1af4a979d5
|
||||
SHA512 (selinux-policy-feefaa0.tar.gz) = 5d0fe18dc0d345a4cf5673ce28f1abdbdbcc5c8b97bbaa553e036ca559dfa0610b62b07ee7045e8ebefe95dcf0ef865dc3e764804c4561505bd3c92ed6572055
|
||||
SHA512 (container-selinux.tgz) = 4d92b9a5c23d9ac64bcb5c5578b14e6408f19156ba8d79cdb3b573ce602f9732c450564d6da3029484c9554de17c30dbb74921761f088abf20f6b3b513c7d53e
|
||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||
|
||||
Loading…
Reference in New Issue
Block a user