* Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1

- Confine gnome-initial-setup - Allow qemu-guest-agent create and use vsock socket - Allow login_pgm setcap permission - Allow chronyc read network sysctls - Enhancement of the /usr/sbin/request-key helper policy - Fix opencryptoki file names in /dev/shm - Allow system_cronjob_t transition to rpm_script_t - Revert "Allow system_cronjob_t domtrans to rpm_script_t" - Add tunable to allow squid bind snmp port - Allow staff_t getattr init pid chr & blk files and read krb5 - Allow firewalld to rw z90crypt device - Allow httpd work with tokens in /dev/shm - Allow svirt to map svirt_image_t char files - Allow sysadm_t run initrc_t script and sysadm_r role access - Allow insights-client manage fsadm pid files
2023-03-03 17:49:15 +01:00 · 2023-03-03 17:49:15 +01:00 · 4a6ce4bf1f
commit 4a6ce4bf1f
parent 0d20c35838
2 changed files with 23 additions and 6 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit fe62ff64ca224f40cffb1ebe12e282a6d101e2b9
+%global commit bc228bd0c249a9e4aa3dcf238c2b1bb138943b07
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 38.7
+Version: 38.8
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -813,6 +813,23 @@ exit 0
 %endif

 %changelog
+* Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1
+- Confine gnome-initial-setup
+- Allow qemu-guest-agent create and use vsock socket
+- Allow login_pgm setcap permission
+- Allow chronyc read network sysctls
+- Enhancement of the /usr/sbin/request-key helper policy
+- Fix opencryptoki file names in /dev/shm
+- Allow system_cronjob_t transition to rpm_script_t
+- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
+- Add tunable to allow squid bind snmp port
+- Allow staff_t getattr init pid chr & blk files and read krb5
+- Allow firewalld to rw z90crypt device
+- Allow httpd work with tokens in /dev/shm
+- Allow svirt to map svirt_image_t char files
+- Allow sysadm_t run initrc_t script and sysadm_r role access
+- Allow insights-client manage fsadm pid files
+
 * Wed Feb 08 2023 Zdenek Pytela <zpytela@redhat.com> - 38.7-1
 - Allowing snapper to create snapshots of /home/ subvolume/partition
 - Add boolean qemu-ga to run unconfined script
@ -846,8 +863,8 @@ exit 0
 - Allow icecast rename its log files
 - Allow upsd to send signal to itself
 - Allow wireguard to create udp sockets and read net_conf
- Use %autosetup instead of %setup
- Pass -p 1 to %autosetup
+- Use '%autosetup' instead of '%setup'
+- Pass -p 1 to '%autosetup'

 * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-fe62ff6.tar.gz) = 175f8fdb9954b032dbb24668b3df77a423bd49b26b502b547e2a11dcb85999a14249a2cb9222aab641d07eb1532bcb8984565fb5232b519f46c176aff34865ff
-SHA512 (container-selinux.tgz) = 54093a9a8a524e13388ecfc55679121fe18a3588c655fb7d326b226a21ae0b6dbc1aa9cb5ad10ab6149bd88326b2312c3522d22f41c8be151b68ab9a08d31bbe
+SHA512 (selinux-policy-bc228bd.tar.gz) = 4966196ed89433ea0d146719bfcfa970c774d360ed45a413973851a0aaae940b8a16277a972852b7ff4df1d07bbc1ee012ff705c861ec62ecc3ae0d9efaad832
+SHA512 (container-selinux.tgz) = 3402d47f99449a7ea83ae7588e7506f72c7a85f9772d3133a62a165e883c216fe5b8c6d658f9f982fabc00788647dbd57684a69e287cba7d8e2ff2227f69c042
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4