rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import selinux-policy-34.1.26-1.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-03-01 08:15:03 -05:00 committed by Stepan Oksanichenko
parent aa60c4739e
commit 842d9c9cdb
5 changed files with 100 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/container-selinux.tgz SOURCES/container-selinux.tgz
SOURCES/selinux-policy-141c3fd.tar.gz SOURCES/selinux-policy-0b21d4c.tar.gz

4
.selinux-policy.metadata
View File

@ -1,2 +1,2 @@
76b98420bd78a14b2421e1f14680b6bfe60fcfdf SOURCES/container-selinux.tgz a405401da19909415b7ee69e2b2cdfed0c0fb03d SOURCES/container-selinux.tgz
fc88dd3c49d79e37c37b32014241fa85b457daa4 SOURCES/selinux-policy-141c3fd.tar.gz b281e81483dc3f6b56caa221d3b42930ee0b7f37 SOURCES/selinux-policy-0b21d4c.tar.gz

2
SOURCES/booleans-targeted.conf
View File

@ -12,8 +12,6 @@ pppd_can_insmod = false
privoxy_connect_any = true privoxy_connect_any = true
selinuxuser_direct_dri_enabled = true selinuxuser_direct_dri_enabled = true
selinuxuser_execmem = true selinuxuser_execmem = true
selinuxuser_execmod = true
selinuxuser_execstack = true
selinuxuser_rw_noexattrfile=true selinuxuser_rw_noexattrfile=true
selinuxuser_ping = true selinuxuser_ping = true
squid_connect_any = true squid_connect_any = true

7
SOURCES/modules-targeted-contrib.conf
View File

@ -2663,3 +2663,10 @@ stratisd = module
# ica # ica
# #
ica = module ica = module
# Layer: contrib
# Module: insights_client
#
# insights_client
#
insights_client = module

92
SPECS/selinux-policy.spec
View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources # github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy %global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 141c3fde08c02097e0b6fa179a33cc17371e9a22 %global commit 0b21d4c0c4587cf2f8503a27109b729394bc68c1
%global shortcommit %(c=%{commit}; echo ${c:0:7}) %global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2 %define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 34.1.22 Version: 34.1.26
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -792,6 +792,94 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.26-1
- Remove permissive domain for insights_client_t
Resolves: rhbz#2055823
- New policy for insight-client
Resolves: rhbz#2055823
- Allow confined sysadmin to use tool vipw
Resolves: rhbz#2053458
- Allow chage domtrans to sssd
Resolves: rhbz#2054657
- Remove label for /usr/sbin/bgpd
Resolves: rhbz#2055578
- Dontaudit pkcsslotd sys_admin capability
Resolves: rhbz#2055639
- Do not change selinuxuser_execmod and selinuxuser_execstack
Resolves: rhbz#2055822
- Allow tuned to read rhsmcertd config files
Resolves: rhbz#2055823
* Mon Feb 14 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.25-1
- Allow systemd watch unallocated ttys
Resolves: rhbz#2054150
- Allow alsa bind mixer controls to led triggers
Resolves: rhbz#2049732
- Allow alsactl set group Process ID of a process
Resolves: rhbz#2049732
- Allow unconfined to run virtd bpf
Resolves: rhbz#2033504
* Fri Feb 04 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.24-1
- Allow tumblerd write to session_dbusd tmp socket files
Resolves: rhbz#2000039
- Allow login_userdomain write to session_dbusd tmp socket files
Resolves: rhbz#2000039
- Allow login_userdomain create session_dbusd tmp socket files
Resolves: rhbz#2000039
- Allow gkeyringd_domain write to session_dbusd tmp socket files
Resolves: rhbz#2000039
- Allow systemd-logind delete session_dbusd tmp socket files
Resolves: rhbz#2000039
- Allow gdm-x-session write to session dbus tmp sock files
Resolves: rhbz#2000039
- Allow sysadm_t nnp_domtrans to systemd_tmpfiles_t
Resolves: rhbz#2039453
- Label exFAT utilities at /usr/sbin
Resolves: rhbz#1972225
* Wed Feb 02 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.23-1
- Allow systemd nnp_transition to login_userdomain
Resolves: rhbz#2039453
- Label /var/run/user/%{USERID}/dbus with session_dbusd_tmp_t
Resolves: rhbz#2000039
- Change /run/user/[0-9]+ to /run/user/%{USERID} for proper labeling
Resolves: rhbz#2000039
- Allow scripts to enter LUKS password
Resolves: rhbz#2048521
- Allow system_mail_t read inherited apache system content rw files
Resolves: rhbz#2049372
- Add apache_read_inherited_sys_content_rw_files() interface
Related: rhbz#2049372
- Allow sanlock get attributes of filesystems with extended attributes
Resolves: rhbz#2047811
- Associate stratisd_data_t with device filesystem
Resolves: rhbz#2039974
- Allow init read stratis data symlinks
Resolves: rhbz#2039974
- Label /run/stratisd with stratisd_var_run_t
Resolves: rhbz#2039974
- Allow domtrans to sssd_t and role access to sssd
Resolves: rhbz#2039757
- Creating interface sssd_run_sssd()
Resolves: rhbz#2039757
- Fix badly indented used interfaces
Resolves: rhbz#2039757
- Allow domain transition to sssd_t
Resolves: rhbz#2039757
- Label /dev/nvme-fabrics with fixed_disk_device_t
Resolves: rhbz#2039759
- Allow local_login_t nnp_transition to login_userdomain
Resolves: rhbz#2039453
- Allow xdm_t nnp_transition to login_userdomain
Resolves: rhbz#2039453
- Make cupsd_lpd_t a daemon
Resolves: rhbz#2039449
- Label utilities for exFAT filesystems with fsadm_exec_t
Resolves: rhbz#1972225
- Dontaudit sfcbd sys_ptrace cap_userns
Resolves: rhbz#2040311
* Tue Jan 11 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.22-1 * Tue Jan 11 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.22-1
- Allow sshd read filesystem sysctl files - Allow sshd read filesystem sysctl files
Resolves: rhbz#2036585 Resolves: rhbz#2036585