import selinux-policy-34.1.26-1.el9
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
aa60c4739e
commit
842d9c9cdb
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/container-selinux.tgz
|
||||
SOURCES/selinux-policy-141c3fd.tar.gz
|
||||
SOURCES/selinux-policy-0b21d4c.tar.gz
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
76b98420bd78a14b2421e1f14680b6bfe60fcfdf SOURCES/container-selinux.tgz
|
||||
fc88dd3c49d79e37c37b32014241fa85b457daa4 SOURCES/selinux-policy-141c3fd.tar.gz
|
||||
a405401da19909415b7ee69e2b2cdfed0c0fb03d SOURCES/container-selinux.tgz
|
||||
b281e81483dc3f6b56caa221d3b42930ee0b7f37 SOURCES/selinux-policy-0b21d4c.tar.gz
|
||||
|
||||
@ -12,8 +12,6 @@ pppd_can_insmod = false
|
||||
privoxy_connect_any = true
|
||||
selinuxuser_direct_dri_enabled = true
|
||||
selinuxuser_execmem = true
|
||||
selinuxuser_execmod = true
|
||||
selinuxuser_execstack = true
|
||||
selinuxuser_rw_noexattrfile=true
|
||||
selinuxuser_ping = true
|
||||
squid_connect_any = true
|
||||
|
||||
@ -2663,3 +2663,10 @@ stratisd = module
|
||||
# ica
|
||||
#
|
||||
ica = module
|
||||
|
||||
# Layer: contrib
|
||||
# Module: insights_client
|
||||
#
|
||||
# insights_client
|
||||
#
|
||||
insights_client = module
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# github repo with selinux-policy sources
|
||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit 141c3fde08c02097e0b6fa179a33cc17371e9a22
|
||||
%global commit 0b21d4c0c4587cf2f8503a27109b729394bc68c1
|
||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -23,7 +23,7 @@
|
||||
%define CHECKPOLICYVER 3.2
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 34.1.22
|
||||
Version: 34.1.26
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||
@ -792,6 +792,94 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.26-1
|
||||
- Remove permissive domain for insights_client_t
|
||||
Resolves: rhbz#2055823
|
||||
- New policy for insight-client
|
||||
Resolves: rhbz#2055823
|
||||
- Allow confined sysadmin to use tool vipw
|
||||
Resolves: rhbz#2053458
|
||||
- Allow chage domtrans to sssd
|
||||
Resolves: rhbz#2054657
|
||||
- Remove label for /usr/sbin/bgpd
|
||||
Resolves: rhbz#2055578
|
||||
- Dontaudit pkcsslotd sys_admin capability
|
||||
Resolves: rhbz#2055639
|
||||
- Do not change selinuxuser_execmod and selinuxuser_execstack
|
||||
Resolves: rhbz#2055822
|
||||
- Allow tuned to read rhsmcertd config files
|
||||
Resolves: rhbz#2055823
|
||||
|
||||
* Mon Feb 14 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.25-1
|
||||
- Allow systemd watch unallocated ttys
|
||||
Resolves: rhbz#2054150
|
||||
- Allow alsa bind mixer controls to led triggers
|
||||
Resolves: rhbz#2049732
|
||||
- Allow alsactl set group Process ID of a process
|
||||
Resolves: rhbz#2049732
|
||||
- Allow unconfined to run virtd bpf
|
||||
Resolves: rhbz#2033504
|
||||
|
||||
* Fri Feb 04 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.24-1
|
||||
- Allow tumblerd write to session_dbusd tmp socket files
|
||||
Resolves: rhbz#2000039
|
||||
- Allow login_userdomain write to session_dbusd tmp socket files
|
||||
Resolves: rhbz#2000039
|
||||
- Allow login_userdomain create session_dbusd tmp socket files
|
||||
Resolves: rhbz#2000039
|
||||
- Allow gkeyringd_domain write to session_dbusd tmp socket files
|
||||
Resolves: rhbz#2000039
|
||||
- Allow systemd-logind delete session_dbusd tmp socket files
|
||||
Resolves: rhbz#2000039
|
||||
- Allow gdm-x-session write to session dbus tmp sock files
|
||||
Resolves: rhbz#2000039
|
||||
- Allow sysadm_t nnp_domtrans to systemd_tmpfiles_t
|
||||
Resolves: rhbz#2039453
|
||||
- Label exFAT utilities at /usr/sbin
|
||||
Resolves: rhbz#1972225
|
||||
|
||||
* Wed Feb 02 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.23-1
|
||||
- Allow systemd nnp_transition to login_userdomain
|
||||
Resolves: rhbz#2039453
|
||||
- Label /var/run/user/%{USERID}/dbus with session_dbusd_tmp_t
|
||||
Resolves: rhbz#2000039
|
||||
- Change /run/user/[0-9]+ to /run/user/%{USERID} for proper labeling
|
||||
Resolves: rhbz#2000039
|
||||
- Allow scripts to enter LUKS password
|
||||
Resolves: rhbz#2048521
|
||||
- Allow system_mail_t read inherited apache system content rw files
|
||||
Resolves: rhbz#2049372
|
||||
- Add apache_read_inherited_sys_content_rw_files() interface
|
||||
Related: rhbz#2049372
|
||||
- Allow sanlock get attributes of filesystems with extended attributes
|
||||
Resolves: rhbz#2047811
|
||||
- Associate stratisd_data_t with device filesystem
|
||||
Resolves: rhbz#2039974
|
||||
- Allow init read stratis data symlinks
|
||||
Resolves: rhbz#2039974
|
||||
- Label /run/stratisd with stratisd_var_run_t
|
||||
Resolves: rhbz#2039974
|
||||
- Allow domtrans to sssd_t and role access to sssd
|
||||
Resolves: rhbz#2039757
|
||||
- Creating interface sssd_run_sssd()
|
||||
Resolves: rhbz#2039757
|
||||
- Fix badly indented used interfaces
|
||||
Resolves: rhbz#2039757
|
||||
- Allow domain transition to sssd_t
|
||||
Resolves: rhbz#2039757
|
||||
- Label /dev/nvme-fabrics with fixed_disk_device_t
|
||||
Resolves: rhbz#2039759
|
||||
- Allow local_login_t nnp_transition to login_userdomain
|
||||
Resolves: rhbz#2039453
|
||||
- Allow xdm_t nnp_transition to login_userdomain
|
||||
Resolves: rhbz#2039453
|
||||
- Make cupsd_lpd_t a daemon
|
||||
Resolves: rhbz#2039449
|
||||
- Label utilities for exFAT filesystems with fsadm_exec_t
|
||||
Resolves: rhbz#1972225
|
||||
- Dontaudit sfcbd sys_ptrace cap_userns
|
||||
Resolves: rhbz#2040311
|
||||
|
||||
* Tue Jan 11 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.22-1
|
||||
- Allow sshd read filesystem sysctl files
|
||||
Resolves: rhbz#2036585
|
||||
|
||||
Loading…
Reference in New Issue
Block a user