* Thu Aug 12 2021 Zdenek Pytela <zpytela@redhat.com> - 34.16-1

- Allow systemd-timesyncd watch system dbus pid socket files - Allow firewalld drop capabilities - Allow rhsmcertd execute gpg - Allow lldpad send to kdump over a unix dgram socket - Allow systemd-gpt-auto-generator read udev pid files - Set default file context for /sys/firmware/efi/efivars - Allow tcpdump run as a systemd service - Allow nmap create and use netlink generic socket - Allow nscd watch system db files in /var/db - Allow cockpit_ws_t get attributes of fs_t filesystems - Allow sysadm acces to kernel module resources - Allow sysadm to read/write scsi files and manage shadow - Allow sysadm access to files_unconfined and bind rpc ports - Allow sysadm read and view kernel keyrings - Allow journal mmap and read var lib files - Allow tuned to read rhsmcertd config files - Allow bootloader to read tuned etc files - Label /usr/bin/qemu-storage-daemon with virtd_exec_t
2021-08-12 18:39:36 +02:00 · 2021-08-12 18:39:36 +02:00 · 757d64d9d6
commit 757d64d9d6
parent 58dbb0353c
2 changed files with 24 additions and 4 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 66323a2d3fef73b2a6aa8b32f8cf6d8d78fa0d3b
+%global commit 14f55fbbd083aa0bee8dd76f8084221e9b813e79
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.15
+Version: 34.16
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -810,6 +810,26 @@ exit 0
 %endif

 %changelog
+* Thu Aug 12 2021 Zdenek Pytela <zpytela@redhat.com> - 34.16-1
+- Allow systemd-timesyncd watch system dbus pid socket files
+- Allow firewalld drop capabilities
+- Allow rhsmcertd execute gpg
+- Allow lldpad send to kdump over a unix dgram socket
+- Allow systemd-gpt-auto-generator read udev pid files
+- Set default file context for /sys/firmware/efi/efivars
+- Allow tcpdump run as a systemd service
+- Allow nmap create and use netlink generic socket
+- Allow nscd watch system db files in /var/db
+- Allow cockpit_ws_t get attributes of fs_t filesystems
+- Allow sysadm acces to kernel module resources
+- Allow sysadm to read/write scsi files and manage shadow
+- Allow sysadm access to files_unconfined and bind rpc ports
+- Allow sysadm read and view kernel keyrings
+- Allow journal mmap and read var lib files
+- Allow tuned to read rhsmcertd config files
+- Allow bootloader to read tuned etc files
+- Label /usr/bin/qemu-storage-daemon with virtd_exec_t
+
 * Fri Aug 06 2021 Zdenek Pytela <zpytela@redhat.com> - 34.15-1
 - Disable seccomp on CI containers
 - Allow systemd-machined stop generic service units
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-66323a2.tar.gz) = 441bbc9dd9460ce588913bf047b308beb962017df7185c36a79137431f9d49f4365bb6f64cc4f6f33c1f7efc079e650382807f00243330b4e33f2b32eb92cceb
+SHA512 (selinux-policy-14f55fb.tar.gz) = 5b489a5758fc3c673facd4f1742e62901cd86992882f4ef84222cb96ed0af5bd8d1351b5c16602675c68a6068eb44cb17f0f124f8572cd39afc05cb31ed8a8eb
+SHA512 (container-selinux.tgz) = 73fe355b37ec70f66e08c02e03c5f25e30a57f8506277af025e6e51c12bb670d929c915d22467e47c66b782d7275c7dac7d3d28c43342dc9dbfe0ee92be9359e
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 65d39fedde3c43b4dce4d021772a1ec178e93a687a23595c76701d3efa84eac19a1d469a55d7b9a4a07da1682264432fca04c9a937c71e87fcc1082789d3709a