rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu Feb 15 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-136 

- Transition from sudodomains to crontab_t when executing crontab_exec_t
Resolves: RHEL-1388
- Fix label of pseudoterminals created from sudodomain
Resolves: RHEL-1388
- Allow login_userdomain to manage session_dbusd_tmp_t dirs/files
Resolves: RHEL-22500
- Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t
Resolves: RHEL-23442
- Allow admin user read/write on fixed_disk_device_t
Resolves: RHEL-23434
- Only allow confined user domains to login locally without unconfined_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_confined_admin_users interface
Resolves: RHEL-1628
- Only allow admindomain to execute shell via ssh with ssh_sysadm_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_admin_users interface
Resolves: RHEL-1628
- Move ssh dyntrans to unconfined inside unconfined_login tunable policy
Resolves: RHEL-1628
- Allow utempter_t use ptmx
Resolves: RHEL-25002
- Dontaudit subscription manager setfscreate and read file contexts
Resolves: RHEL-21639
- Don't audit crontab_domain write attempts to user home
Resolves: RHEL-1388
- Add crontab_domtrans interface
Resolves: RHEL-1388
- Add dbus_manage_session_tmp_files interface
Resolves: RHEL-22500
- Allow httpd read network sysctls
Resolves: RHEL-22748
- Allow keepalived_unconfined_script_t dbus chat with init
Resolves: RHEL-22843
This commit is contained in:
Zdenek Pytela 2024-02-15 18:25:24 +01:00
parent 8ab4e101e9
commit 72be2b6d57
3 changed files with 44 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -34,3 +34,5 @@ SOURCES/selinux-policy-contrib-c6da44c.tar.gz
/selinux-policy-contrib-61ad859.tar.gz
/selinux-policy-61dd8ba.tar.gz
/selinux-policy-contrib-de23cff.tar.gz
/selinux-policy-82ab8ed.tar.gz
/selinux-policy-contrib-6292557.tar.gz

42
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 61dd8ba370aedb16deafa02188ea920dd5378e6c
%global commit0 82ab8ed59e218529e7d4ed54c3d9a41fdf92a223
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 de23cffbbbbd97d50fa461217ef05e258f398c4b
%global commit1 6292557be1c849ca97bb2d6da2393e7ab02a6f0d
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.3
Release: 135%{?dist}
Release: 136%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -718,6 +718,42 @@ exit 0
%endif
%changelog
* Thu Feb 15 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-136
- Transition from sudodomains to crontab_t when executing crontab_exec_t
Resolves: RHEL-1388
- Fix label of pseudoterminals created from sudodomain
Resolves: RHEL-1388
- Allow login_userdomain to manage session_dbusd_tmp_t dirs/files
Resolves: RHEL-22500
- Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t
Resolves: RHEL-23442
- Allow admin user read/write on fixed_disk_device_t
Resolves: RHEL-23434
- Only allow confined user domains to login locally without unconfined_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_confined_admin_users interface
Resolves: RHEL-1628
- Only allow admindomain to execute shell via ssh with ssh_sysadm_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_admin_users interface
Resolves: RHEL-1628
- Move ssh dyntrans to unconfined inside unconfined_login tunable policy
Resolves: RHEL-1628
- Allow utempter_t use ptmx
Resolves: RHEL-25002
- Dontaudit subscription manager setfscreate and read file contexts
Resolves: RHEL-21639
- Don't audit crontab_domain write attempts to user home
Resolves: RHEL-1388
- Add crontab_domtrans interface
Resolves: RHEL-1388
- Add dbus_manage_session_tmp_files interface
Resolves: RHEL-22500
- Allow httpd read network sysctls
Resolves: RHEL-22748
- Allow keepalived_unconfined_script_t dbus chat with init
Resolves: RHEL-22843
* Fri Jan 26 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-135
- Label /tmp/libdnf.* with user_tmp_t
Resolves: RHEL-11249

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-61dd8ba.tar.gz) = 2caf963866ae326e11d21000f12dd6944e6257ca35dc767b363c74cd6bd1512ce398c0089a5e7f430e73b76aefa4759e8d4e4597e4d4fd311af46da2a4e5b07b
SHA512 (selinux-policy-contrib-de23cff.tar.gz) = 02c9bab8bd59b0c314a1e20e44a7e4e08d4976a1de8e5a9d0766ff37dd809bb44e958ff9e8db157e24981e73380142d9441e92a81397db1d363353e5b76b0be9
SHA512 (container-selinux.tgz) = c61cb7bb7f452d52ddf5be88ef266a40ff93190cb9c16a6cb255febf334bb8e1599db885503c036e9014903aa4191804b81f7b7e236011ca28ac7f3c0b156452
SHA512 (selinux-policy-82ab8ed.tar.gz) = 3ddb370e9c1d6c832368c26761987b073477ce1ae6d012d45a13ed8efede4ccbb9ce2de5b0ac4a0eae3c1d1d00161001de0803e57fe6e730532f1531879fe9c9
SHA512 (selinux-policy-contrib-6292557.tar.gz) = 38a4104b01b151859fb85c91705647462fd6bda89d4055911c689a6cf30a4a01e4e3dd7e2d40ffe1813e5aae41c495ecec8bb7711f473bc35ce6095028887b73
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = 4df29305bf3fb3c89a673547e8265461881b5bd764d2b34855ca2b1b64aa4acd842908ff4c8e35dd3d27dc935645c16b26872b29258cc48a606dbe3dcd7da3fe