* Fri Aug 06 2021 Zdenek Pytela <zpytela@redhat.com> - 34.15-1

- Disable seccomp on CI containers - Allow systemd-machined stop generic service units - Allow virtlogd_t read process state of user domains - Add "/" at the beginning of dev/shm/var\.lib\.opencryptoki.* regexp - Label /dev/crypto/nx-gzip with accelerator_device_t - Update the policy for systemd-journal-upload - Allow unconfined domains to bpf all other domains - Confine rhsm service and rhsm-facts service as rhsmcertd_t - Allow fcoemon talk with unconfined user over unix domain datagram socket - Allow abrt_domain read and write z90crypt device - Allow mdadm read iscsi pid files - Change dev_getattr_infiniband_dev() to use getattr_chr_files_pattern() - Label /usr/lib/pcs/pcs_snmp_agent with cluster_exec_t - Allow hostapd bind UDP sockets to the dhcpd port - Unconfined domains should not be confined
2021-08-06 19:30:54 +02:00 · 2021-08-06 19:30:54 +02:00 · 58dbb0353c
commit 58dbb0353c
parent 418902d2f4
2 changed files with 22 additions and 5 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 0fc68a1f54d3789a30461f76f3469b6190be95dd
+%global commit 66323a2d3fef73b2a6aa8b32f8cf6d8d78fa0d3b
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,8 +23,8 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.14
-Release: 2%{?dist}
+Version: 34.15
+Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -810,6 +810,23 @@ exit 0
 %endif

 %changelog
+* Fri Aug 06 2021 Zdenek Pytela <zpytela@redhat.com> - 34.15-1
+- Disable seccomp on CI containers
+- Allow systemd-machined stop generic service units
+- Allow virtlogd_t read process state of user domains
+- Add "/" at the beginning of dev/shm/var\.lib\.opencryptoki.* regexp
+- Label /dev/crypto/nx-gzip with accelerator_device_t
+- Update the policy for systemd-journal-upload
+- Allow unconfined domains to bpf all other domains
+- Confine rhsm service and rhsm-facts service as rhsmcertd_t
+- Allow fcoemon talk with unconfined user over unix domain datagram socket
+- Allow abrt_domain read and write z90crypt device
+- Allow mdadm read iscsi pid files
+- Change dev_getattr_infiniband_dev() to use getattr_chr_files_pattern()
+- Label /usr/lib/pcs/pcs_snmp_agent with cluster_exec_t
+- Allow hostapd bind UDP sockets to the dhcpd port
+- Unconfined domains should not be confined
+
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 34.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-0fc68a1.tar.gz) = 7a25368ba4d6635e93bf9f2f81a829ce9cb73d5043cbb7de96f7025bbc16c16209d0b832c9e91cc5ee6e3eb4708a1139e4dfe8c0921e23cd39e3e4f0d21b7271
-SHA512 (container-selinux.tgz) = 123edc2c719bfe2c95ee973e7bf02142c69d001a9324d99f2c5259a04a26e71772eafe0b962694a14cc539104d8d8b06ff75971e4bc722d643e16a76354b8d35
+SHA512 (selinux-policy-66323a2.tar.gz) = 441bbc9dd9460ce588913bf047b308beb962017df7185c36a79137431f9d49f4365bb6f64cc4f6f33c1f7efc079e650382807f00243330b4e33f2b32eb92cceb
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (container-selinux.tgz) = 65d39fedde3c43b4dce4d021772a1ec178e93a687a23595c76701d3efa84eac19a1d469a55d7b9a4a07da1682264432fca04c9a937c71e87fcc1082789d3709a