import selinux-policy-3.14.3-117.el8

This commit is contained in:
CentOS Sources 2023-03-28 09:06:52 +00:00 committed by Stepan Oksanichenko
parent d39caaffc8
commit 822017147e
3 changed files with 211 additions and 8 deletions

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/container-selinux.tgz SOURCES/container-selinux.tgz
SOURCES/selinux-policy-9db72ed.tar.gz SOURCES/selinux-policy-426c028.tar.gz
SOURCES/selinux-policy-contrib-5e2c252.tar.gz SOURCES/selinux-policy-contrib-c6da44c.tar.gz

View File

@ -1,3 +1,3 @@
37036a3f9ec27f942a2b186db25f3c0551784c4e SOURCES/container-selinux.tgz bbb33f1d3ec06ac961c111b66a324496cbe9768f SOURCES/container-selinux.tgz
d9e66219a3c1a29e8af4da26ed471297d3281fcc SOURCES/selinux-policy-9db72ed.tar.gz 8f77181d801751fdd49e7a537b291af8b455ed51 SOURCES/selinux-policy-426c028.tar.gz
dd2ac90c589a5a5110bf578b014754b69f2232c7 SOURCES/selinux-policy-contrib-5e2c252.tar.gz 84a66625f87ed784dc752c76eca051d058abfa8d SOURCES/selinux-policy-contrib-c6da44c.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 9db72ed4345b0f26e798cb301f306fb4ee303844 %global commit0 426c028e3d055a6ae74f8bf7cc92107f3e43a5ea
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 5e2c252146f379cd25df50de97816f6771d9d79b %global commit1 c6da44cc670eb76341a756f7d338e60cfa7cd8ac
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.3 Version: 3.14.3
Release: 107%{?dist} Release: 117%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -717,6 +717,209 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
- Fix opencryptoki file names in /dev/shm
Resolves: rhbz#2028637
- Allow system_cronjob_t transition to rpm_script_t
Resolves: rhbz#2154242
- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
Resolves: rhbz#2154242
- Allow httpd work with tokens in /dev/shm
Resolves: rhbz#2028637
- Allow keepalived to set resource limits
Resolves: rhbz#2168638
- Allow insights-client manage fsadm pid files
* Thu Feb 09 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-116
- Allow sysadm_t run initrc_t script and sysadm_r role access
Resolves: rhbz#2039662
- Allow insights-client manage fsadm pid files
Resolves: rhbz#2166802
- Add journalctl the sys_resource capability
Resolves: rhbz#2136189
* Thu Jan 26 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-115
- Fix syntax problem in redis.te
Resolves: rhbz#2112228
- Allow unconfined user filetransition for sudo log files
Resolves: rhbz#2164047
- Allow winbind-rpcd make a TCP connection to the ldap port
Resolves: rhbz#2152642
- Allow winbind-rpcd manage samba_share_t files and dirs
Resolves: rhbz#2152642
- Allow insights-client work with su and lpstat
Resolves: rhbz#2134125
- Allow insights-client read nvme devices
Resolves: rhbz#2143878
- Allow insights-client tcp connect to all ports
Resolves: rhbz#2143878
- Allow redis-sentinel execute a notification script
Resolves: rhbz#2112228
* Thu Jan 12 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-114
- Add interfaces in domain, files, and unconfined modules
Resolves: rhbz#2141311
- Allow sysadm_t read/write ipmi devices
Resolves: rhbz#2148561
- Allow sudodomain use sudo.log as a logfile
Resolves: rhbz#2143762
- Add insights additional capabilities
Resolves: rhbz#2158779
- Allow insights client work with gluster and pcp
Resolves: rhbz#2141311
- Allow prosody manage its runtime socket files
Resolves: rhbz#2157902
- Allow system mail service read inherited certmonger runtime files
Resolves: rhbz#2143337
- Add lpr_roles to system_r roles
Resolves: rhbz#2151111
* Thu Dec 15 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-113
- Allow systemd-socket-proxyd get attributes of cgroup filesystems
Resolves: rhbz#2088441
- Allow systemd-socket-proxyd get filesystems attributes
Resolves: rhbz#2088441
- Allow sysadm read ipmi devices
Resolves: rhbz#2148561
- Allow system mail service read inherited certmonger runtime files
Resolves: rhbz#2143337
- Add lpr_roles to system_r roles
Resolves: rhbz#2151111
- Allow insights-client tcp connect to various ports
Resolves: rhbz#2151111
- Allow insights-client work with pcp and manage user config files
Resolves: rhbz#2151111
- Allow insights-client dbus chat with various services
Resolves: rhbz#2152867
- Allow insights-client dbus chat with abrt
Resolves: rhbz#2152867
- Allow redis get user names
Resolves: rhbz#2112228
- Add winbind-rpcd to samba_enable_home_dirs boolean
Resolves: rhbz#2143696
* Wed Nov 30 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-112
- Allow ipsec_t only read tpm devices
Resolves: rhbz#2147380
- Allow ipsec_t read/write tpm devices
Resolves: rhbz#2147380
- Label udf tools with fsadm_exec_t
Resolves: rhbz#1972230
- Allow the spamd_update_t domain get generic filesystem attributes
Resolves: rhbz#2144501
- Allow cdcc mmap dcc-client-map files
Resolves: rhbz#2144505
- Allow insights client communicate with cupsd, mysqld, openvswitch, redis
Resolves: rhbz#2143878
- Allow insights client read raw memory devices
Resolves: rhbz#2143878
- Allow winbind-rpcd get attributes of device and pty filesystems
Resolves: rhbz#2107106
- Allow postfix/smtpd read kerberos key table
Resolves: rhbz#1983308
* Fri Nov 11 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-111
- Add domain_unix_read_all_semaphores() interface
Resolves: rhbz#2141311
- Allow iptables list cgroup directories
Resolves: rhbz#2134820
- Allow systemd-hostnamed dbus chat with init scripts
Resolves: rhbz#2111632
- Allow systemd to read symlinks in /var/lib
Resolves: rhbz#2118784
- Allow insights-client domain transition on semanage execution
Resolves: rhbz#2141311
- Allow insights-client create gluster log dir with a transition
Resolves: rhbz#2141311
- Allow insights-client manage generic locks
Resolves: rhbz#2141311
- Allow insights-client unix_read all domain semaphores
Resolves: rhbz#2141311
- Allow winbind-rpcd use the terminal multiplexor
Resolves: rhbz#2107106
- Allow mrtg send mails
Resolves: rhbz#2103675
- Allow sssd dbus chat with system cronjobs
Resolves: rhbz#2132922
- Allow postfix/smtp and postfix/virtual read kerberos key table
Resolves: rhbz#1983308
* Thu Oct 20 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-110
- Add the systemd_connectto_socket_proxyd_unix_sockets() interface
Resolves: rhbz#208441
- Add the dev_map_vhost() interface
Resolves: rhbz#2122920
- Allow init remount all file_type filesystems
Resolves: rhbz#2122239
- added policy for systemd-socket-proxyd
Resolves: rhbz#2088441
- Allow virt_domain map vhost devices
Resolves: rhbz#2122920
- Allow virt domains to access xserver devices
Resolves: rhbz#2122920
- Allow rotatelogs read httpd_log_t symlinks
Resolves: rhbz#2030633
- Allow vlock search the contents of the /dev/pts directory
Resolves: rhbz#2122838
- Allow system cronjobs dbus chat with setroubleshoot
Resolves: rhbz#2125008
- Allow ptp4l_t name_bind ptp_event_port_t
Resolves: rhbz#2130168
- Allow pcp_domain execute its private memfd: objects
Resolves: rhbz#2090711
- Allow samba-dcerpcd use NSCD services over a unix stream socket
Resolves: rhbz#2121709
- Allow insights-client manage samba var dirs
Resolves: rhbz#2132230
* Wed Oct 12 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-109
- Add the files_map_read_etc_files() interface
Resolves: rhbz#2132230
- Allow insights-client manage samba var dirs
Resolves: rhbz#2132230
- Allow insights-client send null signal to rpm and system cronjob
Resolves: rhbz#2132230
- Update rhcd policy for executing additional commands 4
Resolves: rhbz#2132230
- Allow insights-client connect to postgresql with a unix socket
Resolves: rhbz#2132230
- Allow insights-client domtrans on unix_chkpwd execution
Resolves: rhbz#2132230
- Add file context entries for insights-client and rhc
Resolves: rhbz#2132230
- Allow snmpd_t domain to trace processes in user namespace
Resolves: rhbz#2121084
- Allow sbd the sys_ptrace capability
Resolves: rhbz#2124552
- Allow pulseaudio create gnome content (~/.config)
Resolves: rhbz#2124387
* Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
- Allow unconfined_service_t insights client content filetrans
Resolves: rhbz#2119507
- Allow nsswitch_domain to connect to systemd-machined using a unix socket
Resolves: rhbz#2119507
- Add init_status_all_script_files() interface
Resolves: rhbz#2119507
- Add dev_dontaudit_write_raw_memory() and dev_read_vsock() interfaces
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 5
Resolves: rhbz#2119507
- Confine insights-client systemd unit
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 4
Resolves: rhbz#2119507
- Change rhsmcertd_t to insights_client_t in insights-client policy
Resolves: rhbz#2119507
- Allow insights-client send signull to unconfined_service_t
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 3
Resolves: rhbz#2119507
- Allow journalctl read init state
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution 2
Resolves: rhbz#2119507
* Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107 * Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107
- Label 319/udp port with ptp_event_port_t - Label 319/udp port with ptp_event_port_t
Resolves: rhbz#2118628 Resolves: rhbz#2118628