import UBI selinux-policy-3.14.3-128.el8

This commit is contained in:
eabdullin 2023-11-14 18:50:07 +00:00
parent fd4ae372bc
commit 5e3d4c805f
3 changed files with 134 additions and 33 deletions

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/container-selinux.tgz SOURCES/container-selinux.tgz
SOURCES/selinux-policy-9a47a4a.tar.gz SOURCES/selinux-policy-b5586ba.tar.gz
SOURCES/selinux-policy-contrib-a8396fe.tar.gz SOURCES/selinux-policy-contrib-267743a.tar.gz

View File

@ -1,3 +1,3 @@
d83aa4d6d4668e9ca15a3e5160506af44eaf56f1 SOURCES/container-selinux.tgz 3c2810a578a2983781de5c969ba7a7dd7b6227d7 SOURCES/container-selinux.tgz
3a0184fb534ece4e1fb8b5c2102c9d615ef49623 SOURCES/selinux-policy-9a47a4a.tar.gz 7de814a764fbd6c004c726b384e9f919a3af3883 SOURCES/selinux-policy-b5586ba.tar.gz
7fbb4d1e48eeed45e637fe3c0ac63f2fed74dfe6 SOURCES/selinux-policy-contrib-a8396fe.tar.gz 9fe88da07caee56a7d36642383d1913e01f339e6 SOURCES/selinux-policy-contrib-267743a.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 9a47a4acc0a62b081f8681508a87f974de4bfd7f %global commit0 b5586baa73b14fb8ca458fa4bbe70522b1ec264b
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 a8396fef9ea6130a68308bfbd54dfc656fb5037f %global commit1 267743aa7d7e85fe2bf3ccd199927d6c00bb4439
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.3 Version: 3.14.3
Release: 117%{?dist}.3 Release: 128%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -165,6 +165,7 @@ SELinux policy documentation package
%files doc %files doc
%{_mandir}/man*/* %{_mandir}/man*/*
%{_mandir}/ru/*/* %{_mandir}/ru/*/*
%exclude %{_mandir}/man8/container_selinux.8.gz
%doc %{_usr}/share/doc/%{name} %doc %{_usr}/share/doc/%{name}
%define makeCmds() \ %define makeCmds() \
@ -717,43 +718,143 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Aug 29 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117.3 * Fri Aug 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-128
- Add unconfined_server_read_semaphores() interface - Allow ssh_agent_type manage generic cache home files
Resolves: rhbz#2233929 Resolves: rhbz#2177704
- Add chromium_sandbox_t setcap capability
Resolves: rhbz#2221573
* Thu Aug 17 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-127
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 3
Resolves: rhbz#2229726
* Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-126
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 1/2
Resolves: rhbz#2229726
- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
Resolves: rhbz#2177704
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 2/2
Resolves: rhbz#2229726
- Make insights_client_t an unconfined domain
Resolves: rhbz#2225527
- Allow insights-client create all rpm logs with a correct label - Allow insights-client create all rpm logs with a correct label
Resolves: rhbz#2233929 Resolves: rhbz#2229559
- Allow insights-client manage generic logs - Allow insights-client manage generic logs
Resolves: rhbz#2233929 Resolves: rhbz#2229559
* Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-125
- Allow user_u and staff_u get attributes of non-security dirs
Resolves: rhbz#2216151
- Allow unconfined user filetrans chrome_sandbox_home_t 1/2
Resolves: rhbz#2221573
- Allow unconfined user filetrans chrome_sandbox_home_t 2/2
Resolves: rhbz#2221573
- Allow insights-client execmem - Allow insights-client execmem
Resolves: rhbz#2233929 Resolves: rhbz#2225233
- Allow svnserve execute postdrop with a transition
Resolves: rhbz#2004843
- Do not make postfix_postdrop_t type an MTA executable file
Resolves: rhbz#2004843
- Allow samba-dcerpc service manage samba tmp files
Resolves: rhbz#2210771
- Update samba-dcerpc policy for printing
Resolves: rhbz#2210771
* Thu Jul 20 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-124
- Add the files_getattr_non_auth_dirs() interface
Resolves: rhbz#2076937
- Update policy for the sblim-sfcb service
Resolves: rhbz#2076937
- Dontaudit sfcbd sys_ptrace cap_userns
Resolves: rhbz#2076937
- Label /usr/sbin/sos with sosreport_exec_t
Resolves: rhbz#2167731
- Allow sa-update manage spamc home files
Resolves: rhbz#2222200
- Allow sa-update connect to systemlog services
Resolves: rhbz#2222200
- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
Resolves: rhbz#2222200
* Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-123
- Label only /usr/sbin/ripd and ripngd with zebra_exec_t
Resolves: rhbz#2213606
- Allow httpd tcp connect to redis port conditionally
Resolves: rhbz#2213965
- Exclude container-selinux manpage from selinux-policy-doc
Resolves: rhbz#2218362
* Thu Jun 15 2023 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-122
- Update cyrus_stream_connect() to use sockets in /run
Resolves: rhbz#2165752
- Allow insights-client map generic log files - Allow insights-client map generic log files
Resolves: rhbz#2233929 Resolves: rhbz#2214572
- Allow insights-client work with pipe and socket tmp files - Allow insights-client work with pipe and socket tmp files
Resolves: rhbz#2233929 Resolves: rhbz#2207819
- Allow insights-client getsession process permission - Allow insights-client getsession process permission
Resolves: rhbz#2233929 Resolves: rhbz#2207819
- Allow insights-client work with teamdctl - Allow keepalived to manage its tmp files
Resolves: rhbz#2233929 Resolves: rhbz#2179335
- Allow insights-client read unconfined service semaphores
Resolves: rhbz#2233929
- Allow insights-client get quotas of all filesystems
Resolves: rhbz#2233929
- Allow insights-client read all sysctls
Resolves: rhbz#2233931
* Mon Jun 12 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117.2 * Thu May 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-121
- Label /run/fsck with fsadm_var_run_t - Update pkcsslotd policy for sandboxing 2/2
Resolves: rhbz#2212328 Resolves: rhbz#2208162
- Update pkcsslotd policy for sandboxing 1/2
Resolves: rhbz#2208162
- Allow abrt_t read kernel persistent storage files
Resolves: rhbz#2207914
- Add allow rules for lttng-sessiond domain
Resolves: rhbz#2203509
- Allow rpcd_lsad setcap and use generic ptys
Resolves: rhbz#2107106
- Allow samba-dcerpcd connect to systemd_machined over a unix socket
Resolves: rhbz#2107106
- Dontaudit targetd search httpd config dirs
Resolves: rhbz#2203720
* Mon May 15 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117.1 * Thu May 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-120
- Allow unconfined service inherit signal state from init
Resolves: rhbz#2177254
- Allow systemd-pstore delete kernel persistent storage files - Allow systemd-pstore delete kernel persistent storage files
Resolves: rhbz#2188268 Resolves: rhbz#2181558
- Add fs_delete_pstore_files() interface - Add fs_delete_pstore_files() interface
Resolves: rhbz#2188268 Resolves: rhbz#2181558
- Allow certmonger manage cluster library files
Resolves: rhbz#2177836
- Allow samba-rpcd work with passwords
Resolves: rhbz#2107106
- Allow snmpd read raw disk data
Resolves: rhbz#2160000
- Allow cluster_t dbus chat with various services
Resolves: rhbz#2196524
* Fri Apr 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-119
- Add unconfined_server_read_semaphores() interface
Resolves: rhbz#2183351
- Allow systemd-pstore read kernel persistent storage files - Allow systemd-pstore read kernel persistent storage files
Resolves: rhbz#2188268 Resolves: rhbz#2181558
- Add fs_read_pstore_files() interface - Add fs_read_pstore_files() interface
Resolves: rhbz#2188268 Resolves: rhbz#2181558
- Allow insights-client work with teamdctl
Resolves: rhbz#2185158
- Allow insights-client read unconfined service semaphores
Resolves: rhbz#2183351
- Allow insights-client get quotas of all filesystems
Resolves: rhbz#2183351
* Thu Apr 13 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-118
- Allow login_pgm setcap permission
Resolves: rhbz#2172541
- Label /run/fsck with fsadm_var_run_t
Resolves: rhbz#2184348
- Add boolean qemu-ga to run unconfined script
Resolves: rhbz#2028762
- Allow dovecot-deliver write to the main process runtime fifo files
Resolves: rhbz#2170495
- Allow certmonger dbus chat with the cron system domain
Resolves: rhbz#2173289
- Allow insights-client read all sysctls
Resolves: rhbz#2177607
* Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117 * Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
- Fix opencryptoki file names in /dev/shm - Fix opencryptoki file names in /dev/shm