From 9359be591bbebf3170f420a2cb61e0b8255d9165 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Sat, 18 May 2024 00:46:09 +0200 Subject: [PATCH] * Fri May 17 2024 Zdenek Pytela - 40.19-1 - Allow postfix smtpd map aliases file - Ensure dbus communication is allowed bidirectionally - Label systemd configuration files with systemd_conf_t - Label /run/systemd/machine with systemd_machined_var_run_t - Allow systemd-hostnamed read the vsock device - Allow sysadm execute dmidecode using sudo - Allow sudodomain list files in /var - Allow setroubleshootd get attributes of all sysctls - Allow various services read and write z90crypt device - Allow nfsidmap connect to systemd-homed - Allow sandbox_x_client_t dbus chat with accountsd - Allow system_cronjob_t dbus chat with avahi_t - Allow staff_t the io_uring sqpoll permission - Allow staff_t use the io_uring API - Add support for secretmem anon inode - Backport /var/run change related improvements --- selinux-policy.spec | 26 ++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 856fa68d..50f6288c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455 +%global commit 750db5ab9d7e074156b1daf8e2a8ecd5facc3d9b %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.13 +Version: 40.13.1 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -860,6 +860,28 @@ exit 0 %endif %changelog +* Fri May 17 2024 Zdenek Pytela - 40.13.1-1 +- Allow logwatch read logind sessions files +Resolves: RHEL-30441 +- Allow sulogin relabel tty1 +Resolves: RHEL-30440 +- Dontaudit sulogin the checkpoint_restore capability +Resolves: RHEL-30440 +- Allow postfix smtpd map aliases file +Resolves: RHEL-35544 +- Ensure dbus communication is allowed bidirectionally +Resolves: RHEL-35783 +- Allow various services read and write z90crypt device +Resolves: RHEL-28539 +- Allow dhcpcd use unix_stream_socket +Resolves: RHEL-33081 +- Allow xdm_t to watch and watch_reads mount_var_run_t +Resolves: RHEL-36073 +- Allow plymouthd log during shutdown +Resolves: RHEL-30455 +- Update rpm configuration for the /var/run equivalency change +Resolves: RHEL-36094 + * Mon Feb 12 2024 Zdenek Pytela - 40.13-1 - Only allow confined user domains to login locally without unconfined_login - Add userdom_spec_domtrans_confined_admin_users interface diff --git a/sources b/sources index e07859a0..f5b9dd12 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-d9f4a2b.tar.gz) = 6abfcb82e7187b0c7c4052d6230a25717e6eb783ecc49c07314422bee138a820f3ff21e8993102f4f954fdb238c28fb94c466c1f275993de1c26db271d910a13 +SHA512 (selinux-policy-750db5a.tar.gz) = f6d0711b2789380c5daa05007f4408eff8e03f21b56791bd54228e14841a7898ff5836502d36743b754452409434fab6ce051f134b9b5fbaf777fc794c081ee0 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 6a33208ad6b3b55d254b98775ed4d1486efb5f09c144b695a852f14f28277a6ebf1de9aa6e9c579677c738cc1b0d7cff4dbdb8d38fc0602433cdf7ce551a00ed +SHA512 (container-selinux.tgz) = bc713e3461d31f85f3fe8ad8ca9813ce1742b0bf0f0eb8712633558140f65bd765c3ce744646234925c34b4c1413f555e66f5f38636ad5b5b7cc5f1967ab4488