From 742db0fd66c198e5da846e4f05af4cbdd7d5e95d Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Wed, 26 Jan 2022 19:28:39 +0100 Subject: [PATCH] * Wed Jan 26 2022 Zdenek Pytela - 35.12-1 - Fix badly indented used interfaces - Allow domain transition to sssd_t - Dontaudit sfcbd sys_ptrace cap_userns - Label /var/lib/plocate with locate_var_lib_t - Allow hostapd talk with unconfined user over unix domain dgram socket - Allow NetworkManager talk with unconfined user over unix domain dgram socket - Allow system_mail_t read inherited apache system content rw files - Add apache_read_inherited_sys_content_rw_files() interface - Allow rhsm-service execute its private memfd: objects - Allow dirsrv read configfs files and directories - Label /run/stratisd with stratisd_var_run_t - Allow tumblerd write to session_dbusd tmp socket files --- selinux-policy.spec | 18 ++++++++++++++++-- sources | 4 ++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 0050b0f4..027cdc3f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit a3b543d959064d8384e892b3c24e2f26016e1112 +%global commit d33ccb64dee2f105b69d6ff5dd0b9d448c5fdbe1 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 35.11 +Version: 35.12 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -808,6 +808,20 @@ exit 0 %endif %changelog +* Wed Jan 26 2022 Zdenek Pytela - 35.12-1 +- Fix badly indented used interfaces +- Allow domain transition to sssd_t +- Dontaudit sfcbd sys_ptrace cap_userns +- Label /var/lib/plocate with locate_var_lib_t +- Allow hostapd talk with unconfined user over unix domain dgram socket +- Allow NetworkManager talk with unconfined user over unix domain dgram socket +- Allow system_mail_t read inherited apache system content rw files +- Add apache_read_inherited_sys_content_rw_files() interface +- Allow rhsm-service execute its private memfd: objects +- Allow dirsrv read configfs files and directories +- Label /run/stratisd with stratisd_var_run_t +- Allow tumblerd write to session_dbusd tmp socket files + * Wed Jan 19 2022 Zdenek Pytela - 35.11-1 - Revert "Label /etc/cockpit/ws-certs.d with cert_t" - Allow login_userdomain write to session_dbusd tmp socket files diff --git a/sources b/sources index 898aa157..570cf2f0 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-a3b543d.tar.gz) = 239b5064076925a4a898375077ac928891ceea6e5baeab95d9b57e5767b8c4e5988d96fc084f50aec9e4096de47e0533165681641a25ad97b452c52116e76ec4 -SHA512 (container-selinux.tgz) = 4633ce09bea6765c5f26b04555cf6023bed1389b77db149de56cc1c85391de0831a4e88a8d8b07555407ee797ebefd10dbd7102c41c4ff52149a6ffb00b3229c +SHA512 (selinux-policy-d33ccb6.tar.gz) = 368a06a09c683a8d23d1fb84848870f440a2bd8a2a7de9cc0210ef6f0ef0bb8bb3a344a7f4cd5102247460a788c651076bacbae6fb15787b59a6eef6132b8fbf +SHA512 (container-selinux.tgz) = 2f56270bc138b95390b909ce2ad0aa2a1962c72233e939368a507664c57200ed53bf88fde699ae923ad4f64df266635e219aed646e027c3545966b224e6453ac SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4