* Thu Aug 11 2022 Zdenek Pytela <zpytela@redhat.com> - 37.9-1

- Allow nm-dispatcher custom plugin dbus chat with nm
- Allow nm-dispatcher sendmail plugin get status of systemd services
- Allow xdm read the kernel key ring
- Allow login_userdomain check status of mount units
- Allow postfix/smtp and postfix/virtual read kerberos key table
- Allow services execute systemd-notify
- Do not allow login_userdomain use sd_notify()
- Allow launch-xenstored read filesystem sysctls
- Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd
- Allow openvswitch fsetid capability
- Allow openvswitch use its private tmpfs files and dirs
- Allow openvswitch search tracefs dirs
- Allow pmdalinux read files on an nfsd filesystem
- Allow winbind-rpcd write to winbind pid files
- Allow networkmanager to signal unconfined process
- Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t
- Allow samba-bgqd get a printer list
- fix(init.fc): Fix section description
- Allow fedora-third-party read the passwords file
- Remove permissive domain for rhcd_t
- Allow pmie read network state information and network sysctls
- Revert "Dontaudit domain the fowner capability"
- Allow sysadm_t to run bpftool on the userdomain attribute
- Add the userdom_prog_run_bpf_userdomain() interface
- Allow insights-client rpm named file transitions
- Add /var/tmp/insights-archive to insights_client_filetrans_named_content
This commit is contained in:
Zdenek Pytela 2022-08-11 21:24:24 +02:00
parent 1ccfff1aa1
commit 5ac843b27b
2 changed files with 32 additions and 4 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources # github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy %global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 732080208e6841a86d7b19710602ae7f749f224d %global commit 74a82f55c34a26e138d8ba4577a349e302ee0a1e
%global shortcommit %(c=%{commit}; echo ${c:0:7}) %global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2 %define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 37.8 Version: 37.9
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -816,6 +816,34 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Aug 11 2022 Zdenek Pytela <zpytela@redhat.com> - 37.9-1
- Allow nm-dispatcher custom plugin dbus chat with nm
- Allow nm-dispatcher sendmail plugin get status of systemd services
- Allow xdm read the kernel key ring
- Allow login_userdomain check status of mount units
- Allow postfix/smtp and postfix/virtual read kerberos key table
- Allow services execute systemd-notify
- Do not allow login_userdomain use sd_notify()
- Allow launch-xenstored read filesystem sysctls
- Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd
- Allow openvswitch fsetid capability
- Allow openvswitch use its private tmpfs files and dirs
- Allow openvswitch search tracefs dirs
- Allow pmdalinux read files on an nfsd filesystem
- Allow winbind-rpcd write to winbind pid files
- Allow networkmanager to signal unconfined process
- Allow systemd_hostnamed label /run/systemd/* as hostnamed_etc_t
- Allow samba-bgqd get a printer list
- fix(init.fc): Fix section description
- Allow fedora-third-party read the passwords file
- Remove permissive domain for rhcd_t
- Allow pmie read network state information and network sysctls
- Revert "Dontaudit domain the fowner capability"
- Allow sysadm_t to run bpftool on the userdomain attribute
- Add the userdom_prog_run_bpf_userdomain() interface
- Allow insights-client rpm named file transitions
- Add /var/tmp/insights-archive to insights_client_filetrans_named_content
* Mon Aug 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.8-1 * Mon Aug 01 2022 Zdenek Pytela <zpytela@redhat.com> - 37.8-1
- Allow sa-update to get init status and start systemd files - Allow sa-update to get init status and start systemd files
- Use insights_client_filetrans_named_content - Use insights_client_filetrans_named_content

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-7320802.tar.gz) = 0a94d5e0d838de07af737741153d6d666b54d01a97fcb0f9024930a096669ef3ec3ac00522b3034f4f608228447fc2afed67cbdb7f1ac3bc8d6e7b8af1a8f19f SHA512 (selinux-policy-74a82f5.tar.gz) = cea477b6796fa51c9613714027f2d3be1eb863c7c8fc1e5d9fecf11a6f5ac814b9ad9a98ccce6808cbd0c205896c482d8f3520f7172d9486a25c069f3790ce15
SHA512 (container-selinux.tgz) = 7c850ed168c58de7b96f8ac06f3885b5a333ad5ef742e8420e6306b931c15ad25134d40ad1f56d3cad669b1015078f83434c246c1f86e238560b3c02a2e9ca2a SHA512 (container-selinux.tgz) = 5811b508b20f9999568f84a12077caf0e0c5d21902bbd43962eb6f35bc7c4f0a46900c06b243e8357e42d1fa367c93da1bd1828132f88dbceb63857699f900b8
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4