From 4508ded93f13c1fa587b3deaf18cd16ed30cfc88 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Sat, 20 Feb 2021 17:32:55 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#7d544924d94f99f4e8c9ee3c995d131c8c6be206 --- selinux-policy.spec | 24 ++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index d3c93ba1..3230dc59 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit e4ea1e13059ac475c3f012a3f58cbf0b0e554164 +%global commit 30654cfd4d8c2949d8c5c2c5b56655045ae3c7b7 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 21%{?dist} +Release: 22%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,6 +792,26 @@ exit 0 %endif %changelog +* Fri Feb 19 2021 Zdenek Pytela - 3.14.7-22 +- Allow systemd-sleep get attributes of fixed disk device nodes +- Complete initial policy for systemd-coredump +- Label SDC(scini) Dell Driver +- Allow upowerd to send syslog messages +- Remove the disk write permissions from tlp_t +- Label NVMe devices as fixed_disk_device_t +- Allow rhsmcertd bind tcp sockets to a generic node +- Allow systemd-importd manage machines.lock file +- Allow unconfined integrity lockdown permission +- Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined +- Allow systemd-machined manage systemd-userdbd runtime sockets +- Enable systemd-sysctl domtrans for udev +- Introduce kernel_load_unsigned_module interface and use it for couple domains +- Allow gpg watch user gpg secrets dirs +- Build also the container module in CI +- Remove duplicate code from kernel.te +- Allow restorecond to watch all non-auth directories +- Allow restorecond to watch its config file + * Tue Feb 16 2021 Zdenek Pytela - 3.14.7-21 - Allow unconfined integrity lockdown permission - Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined diff --git a/sources b/sources index fc948e9c..6ef9b49d 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-e4ea1e1.tar.gz) = a672247aa1de8111062dac3e37ca5840e548175740eccb65ebe92bc6d3477227c0119981b3411491d100af601468c876f68de6ec02fbdfcb07ea7e276aa6cffb -SHA512 (container-selinux.tgz) = dd7b52f74d44047f0e6ceea1a10755eae2ac661660d2192ece0ceb4a9ae65ad580868f39718d3f7028b7d22eddde33440b9e1ef0f0260714daa21221ca701b41 +SHA512 (selinux-policy-30654cf.tar.gz) = 99d0f364ec6e047391b026b2e64b53b763a17ecb742fb75cb39bb3fffe65f3f834506e0c7a35f8e4fb664ee60bf23e769fd7284ba041a3dd887d3074e8bce6a3 +SHA512 (container-selinux.tgz) = 0bdf939a5c4f5ab4b973f8f9b39c3dd3fcebd3dc660428904c055bd78fc3af1603514c8f44fc16579e1e254cae052f44dbd89c395c02a09cfbf0dc2f7356848e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4