* Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1

- Allow hypervkvp_t write access to NetworkManager_etc_rw_t
- Add interface for write-only access to NetworkManager rw conf
- Allow systemd-sleep send a message to syslog over a unix dgram socket
- Allow init create and use netlink netfilter socket
- Allow qatlib load kernel modules
- Allow qatlib run lspci
- Allow qatlib manage its private runtime socket files
- Allow qatlib read/write vfio devices
- Label /etc/redis.conf with redis_conf_t
- Remove the lockdown-class rules from the policy
- Allow init read all non-security socket files
- Replace redundant dnsmasq pattern macros
- Remove unneeded symlink perms in dnsmasq.if
- Add additions to dnsmasq interface
- Allow nvme_stas_t create and use netlink kobject uevent socket
- Allow collectd connect to statsd port
- Allow keepalived_t to use sys_ptrace of cap_userns
- Allow dovecot_auth_t connect to postgresql using UNIX socket
This commit is contained in:
Zdenek Pytela 2023-12-21 17:03:58 +01:00
parent 701a31705c
commit 68923ff3dd
2 changed files with 24 additions and 4 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources # github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy %global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 21648f766d2f09a86df8eaede5bb3262db488b92 %global commit 48593ca48ec2df52a28d65cc3d87d95f393578fc
%global shortcommit %(c=%{commit}; echo ${c:0:7}) %global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2 %define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 40.7 Version: 40.8
Release: 1%{?dist} Release: 1%{?dist}
License: GPL-2.0-or-later License: GPL-2.0-or-later
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -814,6 +814,26 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1
- Allow hypervkvp_t write access to NetworkManager_etc_rw_t
- Add interface for write-only access to NetworkManager rw conf
- Allow systemd-sleep send a message to syslog over a unix dgram socket
- Allow init create and use netlink netfilter socket
- Allow qatlib load kernel modules
- Allow qatlib run lspci
- Allow qatlib manage its private runtime socket files
- Allow qatlib read/write vfio devices
- Label /etc/redis.conf with redis_conf_t
- Remove the lockdown-class rules from the policy
- Allow init read all non-security socket files
- Replace redundant dnsmasq pattern macros
- Remove unneeded symlink perms in dnsmasq.if
- Add additions to dnsmasq interface
- Allow nvme_stas_t create and use netlink kobject uevent socket
- Allow collectd connect to statsd port
- Allow keepalived_t to use sys_ptrace of cap_userns
- Allow dovecot_auth_t connect to postgresql using UNIX socket
* Wed Dec 13 2023 Zdenek Pytela <zpytela@redhat.com> - 40.7-1 * Wed Dec 13 2023 Zdenek Pytela <zpytela@redhat.com> - 40.7-1
- Make named_zone_t and named_var_run_t a part of the mountpoint attribute - Make named_zone_t and named_var_run_t a part of the mountpoint attribute
- Allow sysadm execute traceroute in sysadm_t domain using sudo - Allow sysadm execute traceroute in sysadm_t domain using sudo

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-21648f7.tar.gz) = ff074e7ed686960fdcc048e76327da80d46170c89e9a4dba61b5fa3e43fc4e413195c7caaa44ceec58e36e25b8643ff724052a16e1d6d0be6cf8616afd1ad92e SHA512 (selinux-policy-48593ca.tar.gz) = c585a55a4e2660102f13e9b17fd92e978eba791ca576b3354d429119eaaef2782d8944958d2ce762386088187c91f3670cf1f7fed6745cb1adccb26a93f267c5
SHA512 (container-selinux.tgz) = e8ea7b7b6a21cc2525c90c1729b187361c17044c314f0262369aeeb8029e8a0b842a9d9b268aae6324a5786308d18dd1665f87a3cb2837d52e9fab00973e3a7e
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = 341d49519d093b6370f90f757f4c3c580cb644a427d003625e8b591e7923be72d842f497116f6d7dc4523323b8cebff671fab1d4b3bf38b0451a4479f84a5bb3