From 995481ca8012cefeb6191a582db8b8efd701292f Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Tue, 3 Oct 2023 21:48:58 +0200 Subject: [PATCH] * Tue Oct 03 2023 Zdenek Pytela - 40.1-1 - Allow named and ndc use the io_uring api - Deprecate common_anon_inode_perms usage - Improve default file context(None) of /var/lib/authselect/backups - Allow udev_t to search all directories with a filesystem type - Implement proper anon_inode support - Allow targetd write to the syslog pid sock_file - Add ipa_pki_retrieve_key_exec() interface - Allow kdumpctl_t to list all directories with a filesystem type - Allow udev additional permissions - Allow udev load kernel module - Allow sysadm_t to mmap modules_object_t files - Add the unconfined_read_files() and unconfined_list_dirs() interfaces - Set default file context of HOME_DIR/tmp/.* to <> - Allow kernel_generic_helper_t to execute mount(1) --- selinux-policy.spec | 20 ++++++++++++++++++-- sources | 4 ++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index f65a47f3..dd87609d 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 260611282c2559f73ea337224b2d093b506664f0 +%global commit 74fd8bbaf2d8d668831c3965287cdbb9b1a04763 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 38.29 +Version: 40.1 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -814,6 +814,22 @@ exit 0 %endif %changelog +* Tue Oct 03 2023 Zdenek Pytela - 40.1-1 +- Allow named and ndc use the io_uring api +- Deprecate common_anon_inode_perms usage +- Improve default file context(None) of /var/lib/authselect/backups +- Allow udev_t to search all directories with a filesystem type +- Implement proper anon_inode support +- Allow targetd write to the syslog pid sock_file +- Add ipa_pki_retrieve_key_exec() interface +- Allow kdumpctl_t to list all directories with a filesystem type +- Allow udev additional permissions +- Allow udev load kernel module +- Allow sysadm_t to mmap modules_object_t files +- Add the unconfined_read_files() and unconfined_list_dirs() interfaces +- Set default file context of HOME_DIR/tmp/.* to <> +- Allow kernel_generic_helper_t to execute mount(1) + * Fri Sep 29 2023 Zdenek Pytela - 38.29-1 - Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t - Allow systemd-localed create Xserver config dirs diff --git a/sources b/sources index c9acd95a..05d3d558 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-2606112.tar.gz) = 026641d1b8cd215ef72bc0bca2b05d9d23151bd5d91a0cf8885774388329fcae8852c63c0ff417c88c741153d4dde0cd5fd294c95800c79734002c199d0a254c -SHA512 (container-selinux.tgz) = f567275a9bb33f6cea97e9909cbf0b363a16e43a3e0b5513cf3bb09bdb67b4aa5b753bcd0a26a7f398ec0f9b9b60e56872583a94992676e310cdf9b99e58cf03 +SHA512 (selinux-policy-74fd8bb.tar.gz) = 9c13897da2ef95daf0b7855bb47429bea388beca4da7edb9f8e305a42d15b787eba10b79a7259c87b7c89433000ba7247f7b58fb155bfe258193b72713d112e8 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = 19fc6d2e18981fde9bbdadb89d110ce79c384d8a121ff27a802519ba59ff11c801cd70a03752f612cdc2d0b29b6cc44e171762bfd8633992a51b599d4560aad0