From 4715f116ff42ed55c0e7201094351c6be7a89a22 Mon Sep 17 00:00:00 2001 From: Juraj Marcin Date: Tue, 14 Nov 2023 19:35:13 +0100 Subject: [PATCH] * Tue Nov 14 2023 Juraj Marcin - 38.1.27-1 - Remove glusterd module Resolves: RHEL-1548 - Improve default file context(None) of /var/lib/authselect/backups Resolves: RHEL-15220 - Set default file context of /var/lib/authselect/backups to <> Resolves: RHEL-15220 - Create policy for afterburn Resolves: RHEL-12591 - Allow unconfined_domain_type use io_uring cmd on domain Resolves: RHEL-11792 - Add policy for coreos installer Resovles: RHEL-5164 - Add policy for nvme-stas Resolves: RHEL-1557 - Label /var/run/auditd.state as auditd_var_run_t Resolves: RHEL-14374 - Allow ntp to bind and connect to ntske port. Resolves: RHEL-15085 - Allow ip an explicit domain transition to other domains Resolves: RHEL-14246 - Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t Resolves: RHEL-14289 - Allow sssd domain transition on passkey_child execution conditionally Resolves: RHEL-14014 - Allow sssd use usb devices conditionally Resolves: RHEL-14014 - Allow kdump create and use its memfd: objects Resolves: RHEL-14413 --- selinux-policy.spec | 34 ++++++++++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 8f847a61..eba808c8 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 6db967dce7e16fe866971321e6897eb67fea493a +%global commit d87b949698006e555b2eab658104245b21f869b6 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 38.1.26 +Version: 38.1.27 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -809,6 +809,36 @@ exit 0 %endif %changelog +* Tue Nov 14 2023 Juraj Marcin - 38.1.27-1 +- Remove glusterd module +Resolves: RHEL-1548 +- Improve default file context(None) of /var/lib/authselect/backups +Resolves: RHEL-15220 +- Set default file context of /var/lib/authselect/backups to <> +Resolves: RHEL-15220 +- Create policy for afterburn +Resolves: RHEL-12591 +- Allow unconfined_domain_type use io_uring cmd on domain +Resolves: RHEL-11792 +- Add policy for coreos installer +Resovles: RHEL-5164 +- Add policy for nvme-stas +Resolves: RHEL-1557 +- Label /var/run/auditd.state as auditd_var_run_t +Resolves: RHEL-14374 +- Allow ntp to bind and connect to ntske port. +Resolves: RHEL-15085 +- Allow ip an explicit domain transition to other domains +Resolves: RHEL-14246 +- Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t +Resolves: RHEL-14289 +- Allow sssd domain transition on passkey_child execution conditionally +Resolves: RHEL-14014 +- Allow sssd use usb devices conditionally +Resolves: RHEL-14014 +- Allow kdump create and use its memfd: objects +Resolves: RHEL-14413 + * Tue Oct 31 2023 Zdenek Pytela - 38.1.26-1 - Allow kdump create and use its memfd: objects Resolves: RHEL-14413 diff --git a/sources b/sources index 8a3f8cc5..794c783a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-6db967d.tar.gz) = 83902717f065f59f0d47dd6e4cdfb765ff5b9bfb20715f4032cdbfe24eaabd1dca9d6d4ed06accfa7468ba63d758bdeacba1f8fff181565b159884ff2ba91abe -SHA512 (container-selinux.tgz) = bf5dce5ddb9e2ad4b7220ae60250d1aedafa0cf68ab62f6e3839369844aa5b9fc33b03aa46ef337910d35a3522200bfddc6e3a5aeab6ea02d55e473a2db2f2f3 +SHA512 (selinux-policy-d87b949.tar.gz) = 461e6d54b60ec20f552b94b15fb00cb83a5bbb738415a783bec46fb56a284abfc33b24c5ec753e67a099dc431871b167222d1b80cb2d3a8da16441225c5d6f8a +SHA512 (container-selinux.tgz) = a50550bd9158b77b12ab6aa214ea9ae352c85142c706a47e0004d7cc8cca2d3f5be7a68538b6d88fa8ecae3a6ce8152552e0cf6cca98c3cdae3544026fb2dddf SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4