* Thu Mar 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-6

- Allow polkit-agent-helper-1 read logind sessions files - Allow polkit-agent-helper read init state - Allow login_userdomain watch generic device dirs - Allow login_userdomain listen on bluetooth sockets - Allow user_t and staff_t bind netlink_generic_socket - Allow login_userdomain write inaccessible nodes - Allow transition from xdm domain to unconfined_t domain. - Add 'make validate' step to CI - Disallow user_t run su/sudo and staff_t run su - Fix typo in rsyncd.conf in rsync.if - Add an alias for nvme_device_t - Allow systemd watch and watch_reads unallocated ttys
2021-03-11 22:25:45 +01:00 · 2021-03-11 22:25:45 +01:00 · 77437ed12d
commit 77437ed12d
parent dd41f17526
2 changed files with 18 additions and 4 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit f465aac2379225d7afd6ac4a30cf0e23f92d492a
+%global commit e3da92314ccfcc7b263aa44d0c9f824703df197c
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.8
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -796,6 +796,20 @@ exit 0
 %endif

 %changelog
+* Thu Mar 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-6
+- Allow polkit-agent-helper-1 read logind sessions files
+- Allow polkit-agent-helper read init state
+- Allow login_userdomain watch generic device dirs
+- Allow login_userdomain listen on bluetooth sockets
+- Allow user_t and staff_t bind netlink_generic_socket
+- Allow login_userdomain write inaccessible nodes
+- Allow transition from xdm domain to unconfined_t domain.
+- Add 'make validate' step to CI
+- Disallow user_t run su/sudo and staff_t run su
+- Fix typo in rsyncd.conf in rsync.if
+- Add an alias for nvme_device_t
+- Allow systemd watch and watch_reads unallocated ttys
+
 * Wed Mar 03 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-5
 - Allow apmd watch generic device directories
 - Allow kdump load a new kernel
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-f465aac.tar.gz) = 8557af3db37496e35147e72f232aa6640205d4d526fe1c572720aa7626d92ebb6363cc98e11affce6eac99240250aefb76d83c5a927d9b16ab5727affe97ac18
+SHA512 (selinux-policy-e3da923.tar.gz) = d3963ff469fc1dd8d5fb525cc78276109a1220fe528839549c74a1d9676d0fe481926718a40c1bf0062b6823730200a2d69141c8ece3c07ed1f9e12d2b4a2fb7
+SHA512 (container-selinux.tgz) = 2256f3e211e3268c3912b22ab4754828fb7b58d1241c7b406e213dd9f79cf37fbd6b526101a5722c36a56b592bedcba4f3eda1cb5ac5a2b65804f527c8b7769e
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = f7ff24dfd854eaa19548715026c2ef8645403ca229fd0e2acc58b7e47ca544b47ae7070ab96c68a52f938c7d28d8198dfec3cdb8ff25c67fc83677b1689977bf