From 314088eca943d93166d315a8073a8b8fc3242c91 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Fri, 11 Aug 2023 23:48:28 +0200 Subject: [PATCH] * Fri Aug 11 2023 Zdenek Pytela - 38.25-1 - ci: Move srpm/rpm build to packit - .copr: Avoid subshell and changing directory - Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file - Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t - Make insights_client_t an unconfined domain - Allow insights-client manage user temporary files - Allow insights-client create all rpm logs with a correct label - Allow insights-client manage generic logs - Allow cloud_init create dhclient var files and init_t manage net_conf_t - Allow insights-client read and write cluster tmpfs files - Allow ipsec read nsfs files - Make tuned work with mls policy - Remove nsplugin_role from mozilla.if - allow mon_procd_t self:cap_userns sys_ptrace - Allow pdns name_bind and name_connect all ports - Set the MLS range of fsdaemon_t to s0 - mls_systemhigh - ci: Move to actions/checkout@v3 version - .copr: Replace chown call with standard workflow safe.directory setting - .copr: Enable `set -u` for robustness - .copr: Simplify root directory variable --- selinux-policy.spec | 26 ++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 8ddd8abe..743f50ed 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit d71265e00b14d67d5df685484975fc66ec340804 +%global commit 77e7428bf98c645389b8efaf61a2c3ed6e2441d8 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 38.24 +Version: 38.25 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -814,6 +814,28 @@ exit 0 %endif %changelog +* Fri Aug 11 2023 Zdenek Pytela - 38.25-1 +- ci: Move srpm/rpm build to packit +- .copr: Avoid subshell and changing directory +- Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file +- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t +- Make insights_client_t an unconfined domain +- Allow insights-client manage user temporary files +- Allow insights-client create all rpm logs with a correct label +- Allow insights-client manage generic logs +- Allow cloud_init create dhclient var files and init_t manage net_conf_t +- Allow insights-client read and write cluster tmpfs files +- Allow ipsec read nsfs files +- Make tuned work with mls policy +- Remove nsplugin_role from mozilla.if +- allow mon_procd_t self:cap_userns sys_ptrace +- Allow pdns name_bind and name_connect all ports +- Set the MLS range of fsdaemon_t to s0 - mls_systemhigh +- ci: Move to actions/checkout@v3 version +- .copr: Replace chown call with standard workflow safe.directory setting +- .copr: Enable `set -u` for robustness +- .copr: Simplify root directory variable + * Fri Aug 04 2023 Zdenek Pytela - 38.24-1 - Allow rhsmcertd dbus chat with policykit - Allow polkitd execute pkla-check-authorization with nnp transition diff --git a/sources b/sources index da71a200..7ffaaba2 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-d71265e.tar.gz) = 2edd7b54a715989f95aba334b72b06f037e37e28ed72116e8e84d5179d6bf55e0f3f3caf20d8c5c6d477358e99e8dc63de23f7122728b5b74aaff3e9189465e5 +SHA512 (selinux-policy-77e7428.tar.gz) = c0d65f956dcce0231a9a7936035eca3a71162727d533f5e0aee5a210b49393ccc6f3048d08dfee7882fca6682755ce16e016842b1e1724e6bb6d6485040b62f4 +SHA512 (container-selinux.tgz) = 0daa315c81b23885be0cebcd24b4601d72f40133476ecbfd0462d42ec13ab9101cd5ff76150ef8272cbfb2d67f269b6b4c47c0225c12513e04c90ccd6066042e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 1cd098756d09e4cae219271e67fb709dcd6851db94b1539a15aa582cc8dfc3a186f5d84a216da97e8ec4986dc03ff60e001f5ca8b1dbc9247e08da949665da8a