* Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1
- Allow hypervkvp_t write access to NetworkManager_etc_rw_t - Add interface for write-only access to NetworkManager rw conf - Allow systemd-sleep send a message to syslog over a unix dgram socket - Allow init create and use netlink netfilter socket - Allow qatlib load kernel modules - Allow qatlib run lspci - Allow qatlib manage its private runtime socket files - Allow qatlib read/write vfio devices - Label /etc/redis.conf with redis_conf_t - Remove the lockdown-class rules from the policy - Allow init read all non-security socket files - Replace redundant dnsmasq pattern macros - Remove unneeded symlink perms in dnsmasq.if - Add additions to dnsmasq interface - Allow nvme_stas_t create and use netlink kobject uevent socket - Allow collectd connect to statsd port - Allow keepalived_t to use sys_ptrace of cap_userns - Allow dovecot_auth_t connect to postgresql using UNIX socket
This commit is contained in:
parent
701a31705c
commit
68923ff3dd
@ -1,6 +1,6 @@
|
|||||||
# github repo with selinux-policy sources
|
# github repo with selinux-policy sources
|
||||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit 21648f766d2f09a86df8eaede5bb3262db488b92
|
%global commit 48593ca48ec2df52a28d65cc3d87d95f393578fc
|
||||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -23,7 +23,7 @@
|
|||||||
%define CHECKPOLICYVER 3.2
|
%define CHECKPOLICYVER 3.2
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 40.7
|
Version: 40.8
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
@ -814,6 +814,26 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1
|
||||||
|
- Allow hypervkvp_t write access to NetworkManager_etc_rw_t
|
||||||
|
- Add interface for write-only access to NetworkManager rw conf
|
||||||
|
- Allow systemd-sleep send a message to syslog over a unix dgram socket
|
||||||
|
- Allow init create and use netlink netfilter socket
|
||||||
|
- Allow qatlib load kernel modules
|
||||||
|
- Allow qatlib run lspci
|
||||||
|
- Allow qatlib manage its private runtime socket files
|
||||||
|
- Allow qatlib read/write vfio devices
|
||||||
|
- Label /etc/redis.conf with redis_conf_t
|
||||||
|
- Remove the lockdown-class rules from the policy
|
||||||
|
- Allow init read all non-security socket files
|
||||||
|
- Replace redundant dnsmasq pattern macros
|
||||||
|
- Remove unneeded symlink perms in dnsmasq.if
|
||||||
|
- Add additions to dnsmasq interface
|
||||||
|
- Allow nvme_stas_t create and use netlink kobject uevent socket
|
||||||
|
- Allow collectd connect to statsd port
|
||||||
|
- Allow keepalived_t to use sys_ptrace of cap_userns
|
||||||
|
- Allow dovecot_auth_t connect to postgresql using UNIX socket
|
||||||
|
|
||||||
* Wed Dec 13 2023 Zdenek Pytela <zpytela@redhat.com> - 40.7-1
|
* Wed Dec 13 2023 Zdenek Pytela <zpytela@redhat.com> - 40.7-1
|
||||||
- Make named_zone_t and named_var_run_t a part of the mountpoint attribute
|
- Make named_zone_t and named_var_run_t a part of the mountpoint attribute
|
||||||
- Allow sysadm execute traceroute in sysadm_t domain using sudo
|
- Allow sysadm execute traceroute in sysadm_t domain using sudo
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-21648f7.tar.gz) = ff074e7ed686960fdcc048e76327da80d46170c89e9a4dba61b5fa3e43fc4e413195c7caaa44ceec58e36e25b8643ff724052a16e1d6d0be6cf8616afd1ad92e
|
SHA512 (selinux-policy-48593ca.tar.gz) = c585a55a4e2660102f13e9b17fd92e978eba791ca576b3354d429119eaaef2782d8944958d2ce762386088187c91f3670cf1f7fed6745cb1adccb26a93f267c5
|
||||||
SHA512 (container-selinux.tgz) = e8ea7b7b6a21cc2525c90c1729b187361c17044c314f0262369aeeb8029e8a0b842a9d9b268aae6324a5786308d18dd1665f87a3cb2837d52e9fab00973e3a7e
|
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
|
SHA512 (container-selinux.tgz) = 341d49519d093b6370f90f757f4c3c580cb644a427d003625e8b591e7923be72d842f497116f6d7dc4523323b8cebff671fab1d4b3bf38b0451a4479f84a5bb3
|
||||||
|
Loading…
Reference in New Issue
Block a user