* Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1

- Confine gnome-initial-setup
- Allow qemu-guest-agent create and use vsock socket
- Allow login_pgm setcap permission
- Allow chronyc read network sysctls
- Enhancement of the /usr/sbin/request-key helper policy
- Fix opencryptoki file names in /dev/shm
- Allow system_cronjob_t transition to rpm_script_t
- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
- Add tunable to allow squid bind snmp port
- Allow staff_t getattr init pid chr & blk files and read krb5
- Allow firewalld to rw z90crypt device
- Allow httpd work with tokens in /dev/shm
- Allow svirt to map svirt_image_t char files
- Allow sysadm_t run initrc_t script and sysadm_r role access
- Allow insights-client manage fsadm pid files
This commit is contained in:
Zdenek Pytela 2023-03-03 17:49:15 +01:00
parent 0d20c35838
commit 4a6ce4bf1f
2 changed files with 23 additions and 6 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit fe62ff64ca224f40cffb1ebe12e282a6d101e2b9
%global commit bc228bd0c249a9e4aa3dcf238c2b1bb138943b07
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 38.7
Version: 38.8
Release: 1%{?dist}
License: GPL-2.0-or-later
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -813,6 +813,23 @@ exit 0
%endif
%changelog
* Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1
- Confine gnome-initial-setup
- Allow qemu-guest-agent create and use vsock socket
- Allow login_pgm setcap permission
- Allow chronyc read network sysctls
- Enhancement of the /usr/sbin/request-key helper policy
- Fix opencryptoki file names in /dev/shm
- Allow system_cronjob_t transition to rpm_script_t
- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
- Add tunable to allow squid bind snmp port
- Allow staff_t getattr init pid chr & blk files and read krb5
- Allow firewalld to rw z90crypt device
- Allow httpd work with tokens in /dev/shm
- Allow svirt to map svirt_image_t char files
- Allow sysadm_t run initrc_t script and sysadm_r role access
- Allow insights-client manage fsadm pid files
* Wed Feb 08 2023 Zdenek Pytela <zpytela@redhat.com> - 38.7-1
- Allowing snapper to create snapshots of /home/ subvolume/partition
- Add boolean qemu-ga to run unconfined script
@ -846,8 +863,8 @@ exit 0
- Allow icecast rename its log files
- Allow upsd to send signal to itself
- Allow wireguard to create udp sockets and read net_conf
- Use %autosetup instead of %setup
- Pass -p 1 to %autosetup
- Use '%autosetup' instead of '%setup'
- Pass -p 1 to '%autosetup'
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-fe62ff6.tar.gz) = 175f8fdb9954b032dbb24668b3df77a423bd49b26b502b547e2a11dcb85999a14249a2cb9222aab641d07eb1532bcb8984565fb5232b519f46c176aff34865ff
SHA512 (container-selinux.tgz) = 54093a9a8a524e13388ecfc55679121fe18a3588c655fb7d326b226a21ae0b6dbc1aa9cb5ad10ab6149bd88326b2312c3522d22f41c8be151b68ab9a08d31bbe
SHA512 (selinux-policy-bc228bd.tar.gz) = 4966196ed89433ea0d146719bfcfa970c774d360ed45a413973851a0aaae940b8a16277a972852b7ff4df1d07bbc1ee012ff705c861ec62ecc3ae0d9efaad832
SHA512 (container-selinux.tgz) = 3402d47f99449a7ea83ae7588e7506f72c7a85f9772d3133a62a165e883c216fe5b8c6d658f9f982fabc00788647dbd57684a69e287cba7d8e2ff2227f69c042
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4