import UBI selinux-policy-3.14.3-128.el8
This commit is contained in:
parent
fd4ae372bc
commit
5e3d4c805f
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,3 +1,3 @@
|
|||||||
SOURCES/container-selinux.tgz
|
SOURCES/container-selinux.tgz
|
||||||
SOURCES/selinux-policy-9a47a4a.tar.gz
|
SOURCES/selinux-policy-b5586ba.tar.gz
|
||||||
SOURCES/selinux-policy-contrib-a8396fe.tar.gz
|
SOURCES/selinux-policy-contrib-267743a.tar.gz
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
d83aa4d6d4668e9ca15a3e5160506af44eaf56f1 SOURCES/container-selinux.tgz
|
3c2810a578a2983781de5c969ba7a7dd7b6227d7 SOURCES/container-selinux.tgz
|
||||||
3a0184fb534ece4e1fb8b5c2102c9d615ef49623 SOURCES/selinux-policy-9a47a4a.tar.gz
|
7de814a764fbd6c004c726b384e9f919a3af3883 SOURCES/selinux-policy-b5586ba.tar.gz
|
||||||
7fbb4d1e48eeed45e637fe3c0ac63f2fed74dfe6 SOURCES/selinux-policy-contrib-a8396fe.tar.gz
|
9fe88da07caee56a7d36642383d1913e01f339e6 SOURCES/selinux-policy-contrib-267743a.tar.gz
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 9a47a4acc0a62b081f8681508a87f974de4bfd7f
|
%global commit0 b5586baa73b14fb8ca458fa4bbe70522b1ec264b
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 a8396fef9ea6130a68308bfbd54dfc656fb5037f
|
%global commit1 267743aa7d7e85fe2bf3ccd199927d6c00bb4439
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -29,7 +29,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.3
|
Version: 3.14.3
|
||||||
Release: 117%{?dist}.3
|
Release: 128%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||||
@ -165,6 +165,7 @@ SELinux policy documentation package
|
|||||||
%files doc
|
%files doc
|
||||||
%{_mandir}/man*/*
|
%{_mandir}/man*/*
|
||||||
%{_mandir}/ru/*/*
|
%{_mandir}/ru/*/*
|
||||||
|
%exclude %{_mandir}/man8/container_selinux.8.gz
|
||||||
%doc %{_usr}/share/doc/%{name}
|
%doc %{_usr}/share/doc/%{name}
|
||||||
|
|
||||||
%define makeCmds() \
|
%define makeCmds() \
|
||||||
@ -717,43 +718,143 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Aug 29 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117.3
|
* Fri Aug 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-128
|
||||||
- Add unconfined_server_read_semaphores() interface
|
- Allow ssh_agent_type manage generic cache home files
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2177704
|
||||||
|
- Add chromium_sandbox_t setcap capability
|
||||||
|
Resolves: rhbz#2221573
|
||||||
|
|
||||||
|
* Thu Aug 17 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-127
|
||||||
|
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 3
|
||||||
|
Resolves: rhbz#2229726
|
||||||
|
|
||||||
|
* Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-126
|
||||||
|
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 1/2
|
||||||
|
Resolves: rhbz#2229726
|
||||||
|
- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
|
||||||
|
Resolves: rhbz#2177704
|
||||||
|
- Allow cloud_init create dhclient var files and init_t manage net_conf_t 2/2
|
||||||
|
Resolves: rhbz#2229726
|
||||||
|
- Make insights_client_t an unconfined domain
|
||||||
|
Resolves: rhbz#2225527
|
||||||
- Allow insights-client create all rpm logs with a correct label
|
- Allow insights-client create all rpm logs with a correct label
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2229559
|
||||||
- Allow insights-client manage generic logs
|
- Allow insights-client manage generic logs
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2229559
|
||||||
|
|
||||||
|
* Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-125
|
||||||
|
- Allow user_u and staff_u get attributes of non-security dirs
|
||||||
|
Resolves: rhbz#2216151
|
||||||
|
- Allow unconfined user filetrans chrome_sandbox_home_t 1/2
|
||||||
|
Resolves: rhbz#2221573
|
||||||
|
- Allow unconfined user filetrans chrome_sandbox_home_t 2/2
|
||||||
|
Resolves: rhbz#2221573
|
||||||
- Allow insights-client execmem
|
- Allow insights-client execmem
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2225233
|
||||||
|
- Allow svnserve execute postdrop with a transition
|
||||||
|
Resolves: rhbz#2004843
|
||||||
|
- Do not make postfix_postdrop_t type an MTA executable file
|
||||||
|
Resolves: rhbz#2004843
|
||||||
|
- Allow samba-dcerpc service manage samba tmp files
|
||||||
|
Resolves: rhbz#2210771
|
||||||
|
- Update samba-dcerpc policy for printing
|
||||||
|
Resolves: rhbz#2210771
|
||||||
|
|
||||||
|
* Thu Jul 20 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-124
|
||||||
|
- Add the files_getattr_non_auth_dirs() interface
|
||||||
|
Resolves: rhbz#2076937
|
||||||
|
- Update policy for the sblim-sfcb service
|
||||||
|
Resolves: rhbz#2076937
|
||||||
|
- Dontaudit sfcbd sys_ptrace cap_userns
|
||||||
|
Resolves: rhbz#2076937
|
||||||
|
- Label /usr/sbin/sos with sosreport_exec_t
|
||||||
|
Resolves: rhbz#2167731
|
||||||
|
- Allow sa-update manage spamc home files
|
||||||
|
Resolves: rhbz#2222200
|
||||||
|
- Allow sa-update connect to systemlog services
|
||||||
|
Resolves: rhbz#2222200
|
||||||
|
- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
|
||||||
|
Resolves: rhbz#2222200
|
||||||
|
|
||||||
|
* Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-123
|
||||||
|
- Label only /usr/sbin/ripd and ripngd with zebra_exec_t
|
||||||
|
Resolves: rhbz#2213606
|
||||||
|
- Allow httpd tcp connect to redis port conditionally
|
||||||
|
Resolves: rhbz#2213965
|
||||||
|
- Exclude container-selinux manpage from selinux-policy-doc
|
||||||
|
Resolves: rhbz#2218362
|
||||||
|
|
||||||
|
* Thu Jun 15 2023 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-122
|
||||||
|
- Update cyrus_stream_connect() to use sockets in /run
|
||||||
|
Resolves: rhbz#2165752
|
||||||
- Allow insights-client map generic log files
|
- Allow insights-client map generic log files
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2214572
|
||||||
- Allow insights-client work with pipe and socket tmp files
|
- Allow insights-client work with pipe and socket tmp files
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2207819
|
||||||
- Allow insights-client getsession process permission
|
- Allow insights-client getsession process permission
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2207819
|
||||||
- Allow insights-client work with teamdctl
|
- Allow keepalived to manage its tmp files
|
||||||
Resolves: rhbz#2233929
|
Resolves: rhbz#2179335
|
||||||
- Allow insights-client read unconfined service semaphores
|
|
||||||
Resolves: rhbz#2233929
|
|
||||||
- Allow insights-client get quotas of all filesystems
|
|
||||||
Resolves: rhbz#2233929
|
|
||||||
- Allow insights-client read all sysctls
|
|
||||||
Resolves: rhbz#2233931
|
|
||||||
|
|
||||||
* Mon Jun 12 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117.2
|
* Thu May 25 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-121
|
||||||
- Label /run/fsck with fsadm_var_run_t
|
- Update pkcsslotd policy for sandboxing 2/2
|
||||||
Resolves: rhbz#2212328
|
Resolves: rhbz#2208162
|
||||||
|
- Update pkcsslotd policy for sandboxing 1/2
|
||||||
|
Resolves: rhbz#2208162
|
||||||
|
- Allow abrt_t read kernel persistent storage files
|
||||||
|
Resolves: rhbz#2207914
|
||||||
|
- Add allow rules for lttng-sessiond domain
|
||||||
|
Resolves: rhbz#2203509
|
||||||
|
- Allow rpcd_lsad setcap and use generic ptys
|
||||||
|
Resolves: rhbz#2107106
|
||||||
|
- Allow samba-dcerpcd connect to systemd_machined over a unix socket
|
||||||
|
Resolves: rhbz#2107106
|
||||||
|
- Dontaudit targetd search httpd config dirs
|
||||||
|
Resolves: rhbz#2203720
|
||||||
|
|
||||||
* Mon May 15 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117.1
|
* Thu May 11 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-120
|
||||||
|
- Allow unconfined service inherit signal state from init
|
||||||
|
Resolves: rhbz#2177254
|
||||||
- Allow systemd-pstore delete kernel persistent storage files
|
- Allow systemd-pstore delete kernel persistent storage files
|
||||||
Resolves: rhbz#2188268
|
Resolves: rhbz#2181558
|
||||||
- Add fs_delete_pstore_files() interface
|
- Add fs_delete_pstore_files() interface
|
||||||
Resolves: rhbz#2188268
|
Resolves: rhbz#2181558
|
||||||
|
- Allow certmonger manage cluster library files
|
||||||
|
Resolves: rhbz#2177836
|
||||||
|
- Allow samba-rpcd work with passwords
|
||||||
|
Resolves: rhbz#2107106
|
||||||
|
- Allow snmpd read raw disk data
|
||||||
|
Resolves: rhbz#2160000
|
||||||
|
- Allow cluster_t dbus chat with various services
|
||||||
|
Resolves: rhbz#2196524
|
||||||
|
|
||||||
|
* Fri Apr 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-119
|
||||||
|
- Add unconfined_server_read_semaphores() interface
|
||||||
|
Resolves: rhbz#2183351
|
||||||
- Allow systemd-pstore read kernel persistent storage files
|
- Allow systemd-pstore read kernel persistent storage files
|
||||||
Resolves: rhbz#2188268
|
Resolves: rhbz#2181558
|
||||||
- Add fs_read_pstore_files() interface
|
- Add fs_read_pstore_files() interface
|
||||||
Resolves: rhbz#2188268
|
Resolves: rhbz#2181558
|
||||||
|
- Allow insights-client work with teamdctl
|
||||||
|
Resolves: rhbz#2185158
|
||||||
|
- Allow insights-client read unconfined service semaphores
|
||||||
|
Resolves: rhbz#2183351
|
||||||
|
- Allow insights-client get quotas of all filesystems
|
||||||
|
Resolves: rhbz#2183351
|
||||||
|
|
||||||
|
* Thu Apr 13 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-118
|
||||||
|
- Allow login_pgm setcap permission
|
||||||
|
Resolves: rhbz#2172541
|
||||||
|
- Label /run/fsck with fsadm_var_run_t
|
||||||
|
Resolves: rhbz#2184348
|
||||||
|
- Add boolean qemu-ga to run unconfined script
|
||||||
|
Resolves: rhbz#2028762
|
||||||
|
- Allow dovecot-deliver write to the main process runtime fifo files
|
||||||
|
Resolves: rhbz#2170495
|
||||||
|
- Allow certmonger dbus chat with the cron system domain
|
||||||
|
Resolves: rhbz#2173289
|
||||||
|
- Allow insights-client read all sysctls
|
||||||
|
Resolves: rhbz#2177607
|
||||||
|
|
||||||
* Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
|
* Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
|
||||||
- Fix opencryptoki file names in /dev/shm
|
- Fix opencryptoki file names in /dev/shm
|
||||||
|
Loading…
Reference in New Issue
Block a user