From 77437ed12d00929fc09b1792c59474a4507d1365 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Thu, 11 Mar 2021 22:25:45 +0100 Subject: [PATCH] * Thu Mar 11 2021 Zdenek Pytela - 3.14.8-6 - Allow polkit-agent-helper-1 read logind sessions files - Allow polkit-agent-helper read init state - Allow login_userdomain watch generic device dirs - Allow login_userdomain listen on bluetooth sockets - Allow user_t and staff_t bind netlink_generic_socket - Allow login_userdomain write inaccessible nodes - Allow transition from xdm domain to unconfined_t domain. - Add 'make validate' step to CI - Disallow user_t run su/sudo and staff_t run su - Fix typo in rsyncd.conf in rsync.if - Add an alias for nvme_device_t - Allow systemd watch and watch_reads unallocated ttys --- selinux-policy.spec | 18 ++++++++++++++++-- sources | 4 ++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 6ecbbf4c..aba5e806 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit f465aac2379225d7afd6ac4a30cf0e23f92d492a +%global commit e3da92314ccfcc7b263aa44d0c9f824703df197c %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.8 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -796,6 +796,20 @@ exit 0 %endif %changelog +* Thu Mar 11 2021 Zdenek Pytela - 3.14.8-6 +- Allow polkit-agent-helper-1 read logind sessions files +- Allow polkit-agent-helper read init state +- Allow login_userdomain watch generic device dirs +- Allow login_userdomain listen on bluetooth sockets +- Allow user_t and staff_t bind netlink_generic_socket +- Allow login_userdomain write inaccessible nodes +- Allow transition from xdm domain to unconfined_t domain. +- Add 'make validate' step to CI +- Disallow user_t run su/sudo and staff_t run su +- Fix typo in rsyncd.conf in rsync.if +- Add an alias for nvme_device_t +- Allow systemd watch and watch_reads unallocated ttys + * Wed Mar 03 2021 Zdenek Pytela - 3.14.8-5 - Allow apmd watch generic device directories - Allow kdump load a new kernel diff --git a/sources b/sources index c6f40c63..2101f152 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-f465aac.tar.gz) = 8557af3db37496e35147e72f232aa6640205d4d526fe1c572720aa7626d92ebb6363cc98e11affce6eac99240250aefb76d83c5a927d9b16ab5727affe97ac18 +SHA512 (selinux-policy-e3da923.tar.gz) = d3963ff469fc1dd8d5fb525cc78276109a1220fe528839549c74a1d9676d0fe481926718a40c1bf0062b6823730200a2d69141c8ece3c07ed1f9e12d2b4a2fb7 +SHA512 (container-selinux.tgz) = 2256f3e211e3268c3912b22ab4754828fb7b58d1241c7b406e213dd9f79cf37fbd6b526101a5722c36a56b592bedcba4f3eda1cb5ac5a2b65804f527c8b7769e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = f7ff24dfd854eaa19548715026c2ef8645403ca229fd0e2acc58b7e47ca544b47ae7070ab96c68a52f938c7d28d8198dfec3cdb8ff25c67fc83677b1689977bf