diff --git a/.gitignore b/.gitignore index 076559d..89a2be8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-contrib-ab25857.tar.gz -SOURCES/selinux-policy-f69f5fb.tar.gz +SOURCES/selinux-policy-b04459e.tar.gz +SOURCES/selinux-policy-contrib-4905735.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index df2c38e..67c8ec2 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,3 +1,3 @@ -066551828329d6e9ef8d90c59c1189b349fcaac2 SOURCES/container-selinux.tgz -dd751906632af21c65978684ae2911c1e1bbdb18 SOURCES/selinux-policy-contrib-ab25857.tar.gz -f5117817ac06eb8eee7ed9f589166a89c4329ffd SOURCES/selinux-policy-f69f5fb.tar.gz +62dd406a45062fab41689908ab54f35130a63457 SOURCES/container-selinux.tgz +2b0d94fccabf9e9344870e6a70cdc6913b99b391 SOURCES/selinux-policy-b04459e.tar.gz +a35b419525db1eb8d7215d114528598a948489af SOURCES/selinux-policy-contrib-4905735.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 76dfa16..24a430c 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 f69f5fbff260b71fa7c116d3253ae4f1d218dad4 +%global commit0 b04459ea53bcc11159ed41f5a71c624da129b7b6 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 ab258574b9c3e3e3b0b4af6c5e50c2759b0daf3a +%global commit1 4905735f7b6c3afe79fb9bf52e81cec3bc67bc6a %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 111%{?dist} +Release: 112%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -717,6 +717,26 @@ exit 0 %endif %changelog +* Wed Nov 30 2022 Zdenek Pytela - 3.14.3-112 +- Allow ipsec_t only read tpm devices +Resolves: rhbz#2147380 +- Allow ipsec_t read/write tpm devices +Resolves: rhbz#2147380 +- Label udf tools with fsadm_exec_t +Resolves: rhbz#1972230 +- Allow the spamd_update_t domain get generic filesystem attributes +Resolves: rhbz#2144501 +- Allow cdcc mmap dcc-client-map files +Resolves: rhbz#2144505 +- Allow insights client communicate with cupsd, mysqld, openvswitch, redis +Resolves: rhbz#2143878 +- Allow insights client read raw memory devices +Resolves: rhbz#2143878 +- Allow winbind-rpcd get attributes of device and pty filesystems +Resolves: rhbz#2107106 +- Allow postfix/smtpd read kerberos key table +Resolves: rhbz#1983308 + * Fri Nov 11 2022 Zdenek Pytela - 3.14.3-111 - Add domain_unix_read_all_semaphores() interface Resolves: rhbz#2141311