* Thu Aug 11 2022 Zdenek Pytela <zpytela@redhat.com> - 37.9-1
- Allow nm-dispatcher custom plugin dbus chat with nm - Allow nm-dispatcher sendmail plugin get status of systemd services - Allow xdm read the kernel key ring - Allow login_userdomain check status of mount units - Allow postfix/smtp and postfix/virtual read kerberos key table - Allow services execute systemd-notify - Do not allow login_userdomain use sd_notify() - Allow launch-xenstored read filesystem sysctls - Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd - Allow openvswitch fsetid capability - Allow openvswitch use its private tmpfs files and dirs - Allow openvswitch search tracefs dirs - Allow pmdalinux read files on an nfsd filesystem - Allow winbind-rpcd write to winbind pid files - Allow networkmanager to signal unconfined process - Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t - Allow samba-bgqd get a printer list - fix(init.fc): Fix section description - Allow fedora-third-party read the passwords file - Remove permissive domain for rhcd_t - Allow pmie read network state information and network sysctls - Revert "Dontaudit domain the fowner capability" - Allow sysadm_t to run bpftool on the userdomain attribute - Add the userdom_prog_run_bpf_userdomain() interface - Allow insights-client rpm named file transitions - Add /var/tmp/insights-archive to insights_client_filetrans_named_content
This commit is contained in:
parent
1ccfff1aa1
commit
5ac843b27b
@ -1,6 +1,6 @@
|
|||||||
# github repo with selinux-policy sources
|
# github repo with selinux-policy sources
|
||||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit 732080208e6841a86d7b19710602ae7f749f224d
|
%global commit 74a82f55c34a26e138d8ba4577a349e302ee0a1e
|
||||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -23,7 +23,7 @@
|
|||||||
%define CHECKPOLICYVER 3.2
|
%define CHECKPOLICYVER 3.2
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 37.8
|
Version: 37.9
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
@ -816,6 +816,34 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 11 2022 Zdenek Pytela <zpytela@redhat.com> - 37.9-1
|
||||||
|
- Allow nm-dispatcher custom plugin dbus chat with nm
|
||||||
|
- Allow nm-dispatcher sendmail plugin get status of systemd services
|
||||||
|
- Allow xdm read the kernel key ring
|
||||||
|
- Allow login_userdomain check status of mount units
|
||||||
|
- Allow postfix/smtp and postfix/virtual read kerberos key table
|
||||||
|
- Allow services execute systemd-notify
|
||||||
|
- Do not allow login_userdomain use sd_notify()
|
||||||
|
- Allow launch-xenstored read filesystem sysctls
|
||||||
|
- Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd
|
||||||
|
- Allow openvswitch fsetid capability
|
||||||
|
- Allow openvswitch use its private tmpfs files and dirs
|
||||||
|
- Allow openvswitch search tracefs dirs
|
||||||
|
- Allow pmdalinux read files on an nfsd filesystem
|
||||||
|
- Allow winbind-rpcd write to winbind pid files
|
||||||
|
- Allow networkmanager to signal unconfined process
|
||||||
|
- Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t
|
||||||
|
- Allow samba-bgqd get a printer list
|
||||||
|
- fix(init.fc): Fix section description
|
||||||
|
- Allow fedora-third-party read the passwords file
|
||||||
|
- Remove permissive domain for rhcd_t
|
||||||
|
- Allow pmie read network state information and network sysctls
|
||||||
|
- Revert "Dontaudit domain the fowner capability"
|
||||||
|
- Allow sysadm_t to run bpftool on the userdomain attribute
|
||||||
|
- Add the userdom_prog_run_bpf_userdomain() interface
|
||||||
|
- Allow insights-client rpm named file transitions
|
||||||
|
- Add /var/tmp/insights-archive to insights_client_filetrans_named_content
|
||||||
|
|
||||||
* Mon Aug 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.8-1
|
* Mon Aug 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.8-1
|
||||||
- Allow sa-update to get init status and start systemd files
|
- Allow sa-update to get init status and start systemd files
|
||||||
- Use insights_client_filetrans_named_content
|
- Use insights_client_filetrans_named_content
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-7320802.tar.gz) = 0a94d5e0d838de07af737741153d6d666b54d01a97fcb0f9024930a096669ef3ec3ac00522b3034f4f608228447fc2afed67cbdb7f1ac3bc8d6e7b8af1a8f19f
|
SHA512 (selinux-policy-74a82f5.tar.gz) = cea477b6796fa51c9613714027f2d3be1eb863c7c8fc1e5d9fecf11a6f5ac814b9ad9a98ccce6808cbd0c205896c482d8f3520f7172d9486a25c069f3790ce15
|
||||||
SHA512 (container-selinux.tgz) = 7c850ed168c58de7b96f8ac06f3885b5a333ad5ef742e8420e6306b931c15ad25134d40ad1f56d3cad669b1015078f83434c246c1f86e238560b3c02a2e9ca2a
|
SHA512 (container-selinux.tgz) = 5811b508b20f9999568f84a12077caf0e0c5d21902bbd43962eb6f35bc7c4f0a46900c06b243e8357e42d1fa367c93da1bd1828132f88dbceb63857699f900b8
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
|
Loading…
Reference in New Issue
Block a user