* Fri Feb 11 2022 Zdenek Pytela <zpytela@redhat.com> - 36.2-1

- Allow sysadm_passwd_t to relabel passwd and group files - Allow confined sysadmin to use tool vipw - Allow login_userdomain map /var/lib/directories - Allow login_userdomain watch library and fonts dirs - Allow login_userdomain watch system configuration dirs - Allow login_userdomain read systemd runtime files - Allow ctdb create cluster logs - Allow alsa bind mixer controls to led triggers - New policy for insight-client - Add mctp_socket security class and access vectors - Fix koji repo URL pattern - Update chronyd_pid_filetrans() to allow create dirs - Update NetworkManager-dispatcher policy - Allow unconfined to run virtd bpf - Allow nm-privhelper setsched permission and send system logs - Add the map permission to common_anon_inode_perm permission set - Rename userfaultfd_anon_inode_perms to common_inode_perms - Allow confined users to use kinit,klist and etc. - Allow rhsmcertd create rpm hawkey logs with correct label
2022-02-11 12:26:34 +01:00 · 2022-02-11 12:26:34 +01:00 · 652ddc6c42
commit 652ddc6c42
parent a2b5a0667a
2 changed files with 25 additions and 4 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit d94a645307b0e9de23bf9dd560b30e30dd72ec65
+%global commit 369f900039cff9443e86fdf7254ba8b11dc6adb5
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 36.1
+Version: 36.2
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -808,6 +808,27 @@ exit 0
 %endif

 %changelog
+* Fri Feb 11 2022 Zdenek Pytela <zpytela@redhat.com> - 36.2-1
+- Allow sysadm_passwd_t to relabel passwd and group files
+- Allow confined sysadmin to use tool vipw
+- Allow login_userdomain map /var/lib/directories
+- Allow login_userdomain watch library and fonts dirs
+- Allow login_userdomain watch system configuration dirs
+- Allow login_userdomain read systemd runtime files
+- Allow ctdb create cluster logs
+- Allow alsa bind mixer controls to led triggers
+- New policy for insight-client
+- Add mctp_socket security class and access vectors
+- Fix koji repo URL pattern
+- Update chronyd_pid_filetrans() to allow create dirs
+- Update NetworkManager-dispatcher policy
+- Allow unconfined to run virtd bpf
+- Allow nm-privhelper setsched permission and send system logs
+- Add the map permission to common_anon_inode_perm permission set
+- Rename userfaultfd_anon_inode_perms to common_inode_perms
+- Allow confined users to use kinit,klist and etc.
+- Allow rhsmcertd create rpm hawkey logs with correct label
+
 * Thu Feb 03 2022 Zdenek Pytela <zpytela@redhat.com> - 36.1-1
 - Label exFAT utilities at /usr/sbin
 - policy/modules/contrib: Support /usr/lib/sysimage/rpm as the rpmdb path
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-d94a645.tar.gz) = c181903e0686c3f417013ed74eeea49bce62bf85be7c0f94d5430b33c2915612961747b17644c3048bf9279222ee7aa751108ed05e1c02f24d5b7dde9ae5e0cc
-SHA512 (container-selinux.tgz) = 01e57d978ecb20d8edcc35512bf2f57294c614fe784d61af3c6574b1fe1293e81e0701dd7a1f7795c6d57811d82091893c7826e27515dfd49aabbece280e2726
+SHA512 (selinux-policy-369f900.tar.gz) = a69bb7af266f013325de204e66877a4a8bb5345cf8e332efe1cb3c0993da312e0bd3bef687e366064bfe940854fe9ed24605afa08cdadfcdbbab238a9b255572
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (container-selinux.tgz) = a9d05e8d035f7eef322d87fdcae842bb7675379dd2b7015a60363f8ede35c1c43ca43026a9944c79b456de8616da6255d8552a8e838535a33a14a7ea17229d97