import selinux-policy-3.14.3-117.el8
This commit is contained in:
CentOS Sources
root
parent
0a0f01d4b6
commit
5d7ac82501
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,3 +1,3 @@
|
||||
SOURCES/container-selinux.tgz
|
||||
SOURCES/selinux-policy-8a7c84e.tar.gz
|
||||
SOURCES/selinux-policy-contrib-3fdedc8.tar.gz
|
||||
SOURCES/selinux-policy-426c028.tar.gz
|
||||
SOURCES/selinux-policy-contrib-c6da44c.tar.gz
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
d0e11bf7b5ed075673adf6b4f0a273c85b1c45a8 SOURCES/container-selinux.tgz
|
||||
76b2e33f2f4a051d9b2b4bd4b542146ce867846b SOURCES/selinux-policy-8a7c84e.tar.gz
|
||||
e03893817cec19f671f3254f424f313af3e3e3ee SOURCES/selinux-policy-contrib-3fdedc8.tar.gz
|
||||
bbb33f1d3ec06ac961c111b66a324496cbe9768f SOURCES/container-selinux.tgz
|
||||
8f77181d801751fdd49e7a537b291af8b455ed51 SOURCES/selinux-policy-426c028.tar.gz
|
||||
84a66625f87ed784dc752c76eca051d058abfa8d SOURCES/selinux-policy-contrib-c6da44c.tar.gz
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 8a7c84e9d530d1ef4bea7895c18095254ed0cb2b
|
||||
%global commit0 426c028e3d055a6ae74f8bf7cc92107f3e43a5ea
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 3fdedc8e457a69925e40d245785d132185c27fb3
|
||||
%global commit1 c6da44cc670eb76341a756f7d338e60cfa7cd8ac
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.3
|
||||
Release: 108%{?dist}.2
|
||||
Release: 117%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
@ -717,59 +717,182 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Feb 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.2
|
||||
- Add domain_unix_read_all_semaphores() interface
|
||||
Resolves: rhbz#2170510
|
||||
- Add interfaces in domain, files, and unconfined modules
|
||||
Resolves: rhbz#2170510
|
||||
* Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
|
||||
- Fix opencryptoki file names in /dev/shm
|
||||
Resolves: rhbz#2028637
|
||||
- Allow system_cronjob_t transition to rpm_script_t
|
||||
Resolves: rhbz#2154242
|
||||
- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
|
||||
Resolves: rhbz#2154242
|
||||
- Allow httpd work with tokens in /dev/shm
|
||||
Resolves: rhbz#2028637
|
||||
- Allow keepalived to set resource limits
|
||||
Resolves: rhbz#2168638
|
||||
- Allow insights-client manage fsadm pid files
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client work with su and lpstat
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client read nvme devices
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client tcp connect to all ports
|
||||
Resolves: rhbz#2170510
|
||||
- Add insights additional capabilities
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights client work with gluster and pcp
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client tcp connect to various ports
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client work with pcp and manage user config files
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client dbus chat with various services
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client dbus chat with abrt
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights client communicate with cupsd, mysqld, openvswitch, redis
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights client read raw memory devices
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client domain transition on semanage execution
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client create gluster log dir with a transition
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client manage generic locks
|
||||
Resolves: rhbz#2170510
|
||||
- Allow insights-client unix_read all domain semaphores
|
||||
Resolves: rhbz#2170510
|
||||
|
||||
* Fri Nov 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.1
|
||||
- Add the files_map_read_etc_files() interface
|
||||
Resolves: rhbz#2136762
|
||||
* Thu Feb 09 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-116
|
||||
- Allow sysadm_t run initrc_t script and sysadm_r role access
|
||||
Resolves: rhbz#2039662
|
||||
- Allow insights-client manage fsadm pid files
|
||||
Resolves: rhbz#2166802
|
||||
- Add journalctl the sys_resource capability
|
||||
Resolves: rhbz#2136189
|
||||
|
||||
* Thu Jan 26 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-115
|
||||
- Fix syntax problem in redis.te
|
||||
Resolves: rhbz#2112228
|
||||
- Allow unconfined user filetransition for sudo log files
|
||||
Resolves: rhbz#2164047
|
||||
- Allow winbind-rpcd make a TCP connection to the ldap port
|
||||
Resolves: rhbz#2152642
|
||||
- Allow winbind-rpcd manage samba_share_t files and dirs
|
||||
Resolves: rhbz#2152642
|
||||
- Allow insights-client work with su and lpstat
|
||||
Resolves: rhbz#2134125
|
||||
- Allow insights-client read nvme devices
|
||||
Resolves: rhbz#2143878
|
||||
- Allow insights-client tcp connect to all ports
|
||||
Resolves: rhbz#2143878
|
||||
- Allow redis-sentinel execute a notification script
|
||||
Resolves: rhbz#2112228
|
||||
|
||||
* Thu Jan 12 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-114
|
||||
- Add interfaces in domain, files, and unconfined modules
|
||||
Resolves: rhbz#2141311
|
||||
- Allow sysadm_t read/write ipmi devices
|
||||
Resolves: rhbz#2148561
|
||||
- Allow sudodomain use sudo.log as a logfile
|
||||
Resolves: rhbz#2143762
|
||||
- Add insights additional capabilities
|
||||
Resolves: rhbz#2158779
|
||||
- Allow insights client work with gluster and pcp
|
||||
Resolves: rhbz#2141311
|
||||
- Allow prosody manage its runtime socket files
|
||||
Resolves: rhbz#2157902
|
||||
- Allow system mail service read inherited certmonger runtime files
|
||||
Resolves: rhbz#2143337
|
||||
- Add lpr_roles to system_r roles
|
||||
Resolves: rhbz#2151111
|
||||
|
||||
* Thu Dec 15 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-113
|
||||
- Allow systemd-socket-proxyd get attributes of cgroup filesystems
|
||||
Resolves: rhbz#2088441
|
||||
- Allow systemd-socket-proxyd get filesystems attributes
|
||||
Resolves: rhbz#2088441
|
||||
- Allow sysadm read ipmi devices
|
||||
Resolves: rhbz#2148561
|
||||
- Allow system mail service read inherited certmonger runtime files
|
||||
Resolves: rhbz#2143337
|
||||
- Add lpr_roles to system_r roles
|
||||
Resolves: rhbz#2151111
|
||||
- Allow insights-client tcp connect to various ports
|
||||
Resolves: rhbz#2151111
|
||||
- Allow insights-client work with pcp and manage user config files
|
||||
Resolves: rhbz#2151111
|
||||
- Allow insights-client dbus chat with various services
|
||||
Resolves: rhbz#2152867
|
||||
- Allow insights-client dbus chat with abrt
|
||||
Resolves: rhbz#2152867
|
||||
- Allow redis get user names
|
||||
Resolves: rhbz#2112228
|
||||
- Add winbind-rpcd to samba_enable_home_dirs boolean
|
||||
Resolves: rhbz#2143696
|
||||
|
||||
* Wed Nov 30 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-112
|
||||
- Allow ipsec_t only read tpm devices
|
||||
Resolves: rhbz#2147380
|
||||
- Allow ipsec_t read/write tpm devices
|
||||
Resolves: rhbz#2147380
|
||||
- Label udf tools with fsadm_exec_t
|
||||
Resolves: rhbz#1972230
|
||||
- Allow the spamd_update_t domain get generic filesystem attributes
|
||||
Resolves: rhbz#2144501
|
||||
- Allow cdcc mmap dcc-client-map files
|
||||
Resolves: rhbz#2144505
|
||||
- Allow insights client communicate with cupsd, mysqld, openvswitch, redis
|
||||
Resolves: rhbz#2143878
|
||||
- Allow insights client read raw memory devices
|
||||
Resolves: rhbz#2143878
|
||||
- Allow winbind-rpcd get attributes of device and pty filesystems
|
||||
Resolves: rhbz#2107106
|
||||
- Allow postfix/smtpd read kerberos key table
|
||||
Resolves: rhbz#1983308
|
||||
|
||||
* Fri Nov 11 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-111
|
||||
- Add domain_unix_read_all_semaphores() interface
|
||||
Resolves: rhbz#2141311
|
||||
- Allow iptables list cgroup directories
|
||||
Resolves: rhbz#2134820
|
||||
- Allow systemd-hostnamed dbus chat with init scripts
|
||||
Resolves: rhbz#2111632
|
||||
- Allow systemd to read symlinks in /var/lib
|
||||
Resolves: rhbz#2118784
|
||||
- Allow insights-client domain transition on semanage execution
|
||||
Resolves: rhbz#2141311
|
||||
- Allow insights-client create gluster log dir with a transition
|
||||
Resolves: rhbz#2141311
|
||||
- Allow insights-client manage generic locks
|
||||
Resolves: rhbz#2141311
|
||||
- Allow insights-client unix_read all domain semaphores
|
||||
Resolves: rhbz#2141311
|
||||
- Allow winbind-rpcd use the terminal multiplexor
|
||||
Resolves: rhbz#2107106
|
||||
- Allow mrtg send mails
|
||||
Resolves: rhbz#2103675
|
||||
- Allow sssd dbus chat with system cronjobs
|
||||
Resolves: rhbz#2132922
|
||||
- Allow postfix/smtp and postfix/virtual read kerberos key table
|
||||
Resolves: rhbz#1983308
|
||||
|
||||
* Thu Oct 20 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-110
|
||||
- Add the systemd_connectto_socket_proxyd_unix_sockets() interface
|
||||
Resolves: rhbz#208441
|
||||
- Add the dev_map_vhost() interface
|
||||
Resolves: rhbz#2122920
|
||||
- Allow init remount all file_type filesystems
|
||||
Resolves: rhbz#2122239
|
||||
- added policy for systemd-socket-proxyd
|
||||
Resolves: rhbz#2088441
|
||||
- Allow virt_domain map vhost devices
|
||||
Resolves: rhbz#2122920
|
||||
- Allow virt domains to access xserver devices
|
||||
Resolves: rhbz#2122920
|
||||
- Allow rotatelogs read httpd_log_t symlinks
|
||||
Resolves: rhbz#2030633
|
||||
- Allow vlock search the contents of the /dev/pts directory
|
||||
Resolves: rhbz#2122838
|
||||
- Allow system cronjobs dbus chat with setroubleshoot
|
||||
Resolves: rhbz#2125008
|
||||
- Allow ptp4l_t name_bind ptp_event_port_t
|
||||
Resolves: rhbz#2130168
|
||||
- Allow pcp_domain execute its private memfd: objects
|
||||
Resolves: rhbz#2090711
|
||||
- Allow samba-dcerpcd use NSCD services over a unix stream socket
|
||||
Resolves: rhbz#2121709
|
||||
- Allow insights-client manage samba var dirs
|
||||
Resolves: rhbz#2136762
|
||||
Resolves: rhbz#2132230
|
||||
|
||||
* Wed Oct 12 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-109
|
||||
- Add the files_map_read_etc_files() interface
|
||||
Resolves: rhbz#2132230
|
||||
- Allow insights-client manage samba var dirs
|
||||
Resolves: rhbz#2132230
|
||||
- Allow insights-client send null signal to rpm and system cronjob
|
||||
Resolves: rhbz#2136762
|
||||
Resolves: rhbz#2132230
|
||||
- Update rhcd policy for executing additional commands 4
|
||||
Resolves: rhbz#2136762
|
||||
Resolves: rhbz#2132230
|
||||
- Allow insights-client connect to postgresql with a unix socket
|
||||
Resolves: rhbz#2136762
|
||||
Resolves: rhbz#2132230
|
||||
- Allow insights-client domtrans on unix_chkpwd execution
|
||||
Resolves: rhbz#2136762
|
||||
Resolves: rhbz#2132230
|
||||
- Add file context entries for insights-client and rhc
|
||||
Resolves: rhbz#2136762
|
||||
Resolves: rhbz#2132230
|
||||
- Allow snmpd_t domain to trace processes in user namespace
|
||||
Resolves: rhbz#2121084
|
||||
- Allow sbd the sys_ptrace capability
|
||||
Resolves: rhbz#2124552
|
||||
- Allow pulseaudio create gnome content (~/.config)
|
||||
Resolves: rhbz#2124387
|
||||
|
||||
* Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
|
||||
- Allow unconfined_service_t insights client content filetrans
|
||||
|
||||
Loading…
Reference in New Issue
Block a user