From 93538d0a933a177963ff303e85a3f56edc988b3b Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Thu, 10 Oct 2024 21:51:44 +0200 Subject: [PATCH] * Thu Oct 10 2024 Zdenek Pytela - 35.1.46-1 - Label /run/modprobe.d with modules_conf_t Resolves: RHEL-61453 - Allow boothd connect to kernel over a unix socket Resolves: RHEL-57104 - Allow boothd connect to systemd-userdbd over a unix socket Resolves: RHEL-57104 - Additional updates stalld policy for bpf usage Resolves: RHEL-57075 - Update stalld policy for bpf usage Resolves: RHEL-57075 - Allow ptp4l the sys_admin capability Resolves: RHEL-55133 - Label /dev/hfi1_[0-9]+ devices Resolves: RHEL-54996 - Confine iio-sensor-proxy Resolves: RHEL-17346 --- modules-targeted-contrib.conf | 7 +++++++ selinux-policy.spec | 24 +++++++++++++++++++++--- sources | 4 ++-- 3 files changed, 30 insertions(+), 5 deletions(-) diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf index 9aa8fabd..85058b04 100644 --- a/modules-targeted-contrib.conf +++ b/modules-targeted-contrib.conf @@ -2747,3 +2747,10 @@ sap = module # bootupd - bootloader update daemon # bootupd = module + +# Layer: contrib +# Module: iiosensorproxy +# +# Policy for iio-sensor-proxy - IIO sensors to D-Bus proxy +# +iiosensorproxy = module diff --git a/selinux-policy.spec b/selinux-policy.spec index 3fdd1d03..38e61a43 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 0113b35519369e628e7fcd87af000cfcd4b1fa6c +%global commit fa8b167a5eae885c03ac48ecec4fc0b5a5358ecb %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,8 +23,8 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 38.1.45 -Release: 3%{?dist} +Version: 35.1.46 +Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -809,6 +809,24 @@ exit 0 %endif %changelog +* Thu Oct 10 2024 Zdenek Pytela - 35.1.46-1 +- Label /run/modprobe.d with modules_conf_t +Resolves: RHEL-61453 +- Allow boothd connect to kernel over a unix socket +Resolves: RHEL-57104 +- Allow boothd connect to systemd-userdbd over a unix socket +Resolves: RHEL-57104 +- Additional updates stalld policy for bpf usage +Resolves: RHEL-57075 +- Update stalld policy for bpf usage +Resolves: RHEL-57075 +- Allow ptp4l the sys_admin capability +Resolves: RHEL-55133 +- Label /dev/hfi1_[0-9]+ devices +Resolves: RHEL-54996 +- Confine iio-sensor-proxy +Resolves: RHEL-17346 + * Mon Sep 16 2024 Zdenek Pytela - 38.1.45-3 - Rebuild Resolves: RHEL-55414 diff --git a/sources b/sources index d771bf29..93d100af 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-0113b35.tar.gz) = ce85fe60a7f7b7b9882ca5346263f0df4fd583b16e5193881f836e368052b81dc59c1932b28802a96d0d8475befa87895ae6299afb33e6810cbbf175ef83f61e +SHA512 (selinux-policy-fa8b167.tar.gz) = 24ed3431be5603e7d115f4fbf66d94244a3f2b0abe5416e8c3f4e60a61c965a7b460d6c98a8dc1ee501bc077f783e08f26ebc1686e813b5cc6dff9e26edc500a +SHA512 (container-selinux.tgz) = 1800a0623feb0d3b6663f1707ee3d8ca6ec79fd2d51b748018798f452a9e4041d6c1f52c461b0e3d45cec2f97aac4f59e2b8cb7617da29b018157ec78a471cd5 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = c35b1d0956a2356143cf459aef1e73d83ebf9ba65397e38a1d6918f90e3ee0fdf647142a18fb947327a067d507fcfc3a236b24c437aa122dd6f690ccbd6ea7c7