* Mon Dec 19 2022 Zdenek Pytela <zpytela@redhat.com> - 38.4-1

- Allow NetworkManager and wpa_supplicant the bpf capability - Allow systemd-rfkill the bpf capability - Allow winbind-rpcd manage samba_share_t files and dirs - Label /var/lib/httpd/md(/.*)? with httpd_sys_rw_content_t - Allow gpsd the sys_ptrace userns capability - Introduce gpsd_tmp_t for sockfiles managed by gpsd_t - Allow load_policy_t write to unallocated ttys - Allow ndc read hardware state information - Allow system mail service read inherited certmonger runtime files - Add lpr_roles to system_r roles - Revert "Allow insights-client run lpr and allow the proper role" - Allow stalld to read /sys/kernel/security/lockdown file - Allow keepalived to set resource limits - Add policy for mptcpd - Add policy for rshim - Allow admin users to create user namespaces - Allow journalctl relabel with var_log_t and syslogd_var_run_t files - Do not run restorecon /etc/NetworkManager/dispatcher.d in targeted - Trim changelog so that it starts at F35 time - Add mptcpd and rshim modules
2022-12-19 16:56:42 +01:00 · 2022-12-19 16:56:42 +01:00 · 328d37031b
commit 328d37031b
parent be364fec7b
2 changed files with 26 additions and 4 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 4343b56750c77ff3fc562c1dddc24ad5da115a12
+%global commit b42deb870faaa63be41cd6b6b9d8a5846205e6ea
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.3
+Version: 38.4
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -813,6 +813,28 @@ exit 0
 %endif
 %changelog
 * Mon Dec 19 2022 Zdenek Pytela <zpytela@redhat.com> - 38.4-1
 - Allow NetworkManager and wpa_supplicant the bpf capability
 - Allow systemd-rfkill the bpf capability
 - Allow winbind-rpcd manage samba_share_t files and dirs
 - Label /var/lib/httpd/md(/.*)? with httpd_sys_rw_content_t
 - Allow gpsd the sys_ptrace userns capability
 - Introduce gpsd_tmp_t for sockfiles managed by gpsd_t
 - Allow load_policy_t write to unallocated ttys
 - Allow ndc read hardware state information
 - Allow system mail service read inherited certmonger runtime files
 - Add lpr_roles  to system_r roles
 - Revert "Allow insights-client run lpr and allow the proper role"
 - Allow stalld to read /sys/kernel/security/lockdown file
 - Allow keepalived to set resource limits
 - Add policy for mptcpd
 - Add policy for rshim
 - Allow admin users to create user namespaces
 - Allow journalctl relabel with var_log_t and syslogd_var_run_t files
 - Do not run restorecon /etc/NetworkManager/dispatcher.d in targeted
 - Trim changelog so that it starts at F35 time
 - Add mptcpd and rshim modules
 * Wed Dec 14 2022 Zdenek Pytela <zpytela@redhat.com> - 38.3-1
 - Allow insights-client dbus chat with various services
 - Allow insights-client tcp connect to various ports
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-4343b56.tar.gz) = ca8107d98eacd3b4e101958fb9f341c0ee37501855484d37536764044d38310ad9cf17f12fe68150d9fd7047e01f51e86a26fb6f3f41f634b7b650de80607201
+SHA512 (selinux-policy-b42deb8.tar.gz) = 30ee807d451dac182392f4a47254c576fb1ea617c0f86081cc061cfb09f4a5126ebab11f352efe0bad310b2ce9a74743e2a76dde6809829ac945c20c969ba302
 SHA512 (container-selinux.tgz) = 9ec574c1441e656930c25e5e6decf71c89327c520b0b9af9cf3286e377bc1aad7efaf0c221fab49315d47946c5ca6313f162631def7c7981466c7646fcf3ce5a
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
 SHA512 (container-selinux.tgz) = 4eb975c285c791a5f7a005a52d54f788cb8b4ca4abcbe891caa67f28c5ef4b7be35dec749d1dc261ba112ff84e749dd2efcc067c5f300c5094efb398f57ad665