From 38bdf8abba4dd35e96a434a2697566f1f5e0a000 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Mon, 10 Jan 2022 21:09:15 +0100 Subject: [PATCH] * Mon Jan 10 2022 Zdenek Pytela - 34.1.21-1 - Remove the lockdown class from the policy Resolves: rhbz#2017848 - Revert "define lockdown class and access" Resolves: rhbz#2017848 - Allow gssproxy access to various system files. Resolves: rhbz#2026974 - Allow gssproxy read, write, and map ica tmpfs files Resolves: rhbz#2026974 - Allow gssproxy read and write z90crypt device Resolves: rhbz#2026974 - Allow sssd_kcm read and write z90crypt device Resolves: rhbz#2026974 - Allow abrt_domain read and write z90crypt device Resolves: rhbz#2026974 - Allow NetworkManager read and write z90crypt device Resolves: rhbz#2026974 - Allow smbcontrol read the network state information Resolves: rhbz#2038157 - Allow virt_domain map vhost devices Resolves: rhbz#2035702 - Allow fcoemon request the kernel to load a module Resolves: rhbz#2034463 - Allow lldpd connect to snmpd with a unix domain stream socket Resolves: rhbz#2033315 - Allow ModemManager create a qipcrtr socket Resolves: rhbz#2036582 - Allow ModemManager request to load a kernel module Resolves: rhbz#2036582 - Allow sshd read sysctl files Resolves: rhbz#2036585 --- selinux-policy.spec | 36 ++++++++++++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 023e3e36..88b8ef7a 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 0b4c1a7aa0be1129efd7e7749100734416a3a10d +%global commit be6fc65ad949510ec105f4547d7f90a10d2ee33e %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.1.20 +Version: 34.1.21 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -792,6 +792,38 @@ exit 0 %endif %changelog +* Mon Jan 10 2022 Zdenek Pytela - 34.1.21-1 +- Remove the lockdown class from the policy +Resolves: rhbz#2017848 +- Revert "define lockdown class and access" +Resolves: rhbz#2017848 +- Allow gssproxy access to various system files. +Resolves: rhbz#2026974 +- Allow gssproxy read, write, and map ica tmpfs files +Resolves: rhbz#2026974 +- Allow gssproxy read and write z90crypt device +Resolves: rhbz#2026974 +- Allow sssd_kcm read and write z90crypt device +Resolves: rhbz#2026974 +- Allow abrt_domain read and write z90crypt device +Resolves: rhbz#2026974 +- Allow NetworkManager read and write z90crypt device +Resolves: rhbz#2026974 +- Allow smbcontrol read the network state information +Resolves: rhbz#2038157 +- Allow virt_domain map vhost devices +Resolves: rhbz#2035702 +- Allow fcoemon request the kernel to load a module +Resolves: rhbz#2034463 +- Allow lldpd connect to snmpd with a unix domain stream socket +Resolves: rhbz#2033315 +- Allow ModemManager create a qipcrtr socket +Resolves: rhbz#2036582 +- Allow ModemManager request to load a kernel module +Resolves: rhbz#2036582 +- Allow sshd read sysctl files +Resolves: rhbz#2036585 + * Wed Dec 15 2021 Zdenek Pytela - 34.1.20-1 - Allow dnsmasq watch /etc/dnsmasq.d directories Resolves: rhbz#2029866 diff --git a/sources b/sources index c8c76653..0c97c4b7 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-0b4c1a7.tar.gz) = be30e30973d5cdebe3089ab29af733ea0c3cd63dad925f55e10f585ccd62e3c70a257be1afaaba3897473e217544d8b1f4304f01a33f3203bcc16f0652c075c5 +SHA512 (selinux-policy-be6fc65.tar.gz) = a1fee08dfe700f6423f71582b343e200bece1297c9315e80178bdf4db3bafd6aa68dcc74a8ebdda0cb46ab65981f44ebfbed4120d10603acc5b2f464cc519559 +SHA512 (container-selinux.tgz) = 99584896b4945360b2a5142f77c8d34fdf26ff769672e47f83920547c7249b45def97afa13f03434287fbe51396f017267e94a1d0ca2ed00728c631c5cbecb60 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 3372653abf4de573861602bf8f1217a427df40937b1172ee6b3ac98ce2fc2a1f0c8bc4ffd7210cbc428da901d8832281bb7401dc49035a539d2388144f892646