* Fri Sep 02 2022 Zdenek Pytela <zpytela@redhat.com> - 37.10-1

- Allow ipsec_t read/write tpm devices
- Allow rhcd execute all executables
- Update rhcd policy for executing additional commands 2
- Update insights-client policy for additional commands execution 2
- Allow sysadm_t read raw memory devices
- Allow chronyd send and receive chronyd/ntp client packets
- Allow ssh client read kerberos homedir config files
- Label /var/log/rhc-worker-playbook with rhcd_var_log_t
- Update insights-client policy (auditctl, gpg, journal)
- Allow system_cronjob_t domtrans to rpm_script_t
- Allow smbd_t process noatsecure permission for winbind_rpcd_t
- Update tor_bind_all_unreserved_ports interface
- Allow chronyd bind UDP sockets to ptp_event ports.
- Allow unconfined and sysadm users transition for /root/.gnupg
- Add gpg_filetrans_admin_home_content() interface
- Update rhcd policy for executing additional commands
- Update insights-client policy for additional commands execution
- Add userdom_view_all_users_keys() interface
- Allow gpg read and write generic pty type
- Allow chronyc read and write generic pty type
- Allow system_dbusd ioctl kernel with a unix stream sockets
- Allow samba-bgqd to read a printer list
- Allow stalld get and set scheduling policy of all domains.
- Allow unconfined_t transition to targetclid_home_t
This commit is contained in:
Zdenek Pytela 2022-09-02 14:10:03 +02:00
parent 5ac843b27b
commit 9a58e62d76
2 changed files with 30 additions and 4 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 74a82f55c34a26e138d8ba4577a349e302ee0a1e
%global commit c19e4cb9a3f23f2b14c31c978627f9c486a369f4
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 37.9
Version: 37.10
Release: 1%{?dist}
License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -816,6 +816,32 @@ exit 0
%endif
%changelog
* Fri Sep 02 2022 Zdenek Pytela <zpytela@redhat.com> - 37.10-1
- Allow ipsec_t read/write tpm devices
- Allow rhcd execute all executables
- Update rhcd policy for executing additional commands 2
- Update insights-client policy for additional commands execution 2
- Allow sysadm_t read raw memory devices
- Allow chronyd send and receive chronyd/ntp client packets
- Allow ssh client read kerberos homedir config files
- Label /var/log/rhc-worker-playbook with rhcd_var_log_t
- Update insights-client policy (auditctl, gpg, journal)
- Allow system_cronjob_t domtrans to rpm_script_t
- Allow smbd_t process noatsecure permission for winbind_rpcd_t
- Update tor_bind_all_unreserved_ports interface
- Allow chronyd bind UDP sockets to ptp_event ports.
- Allow unconfined and sysadm users transition for /root/.gnupg
- Add gpg_filetrans_admin_home_content() interface
- Update rhcd policy for executing additional commands
- Update insights-client policy for additional commands execution
- Add userdom_view_all_users_keys() interface
- Allow gpg read and write generic pty type
- Allow chronyc read and write generic pty type
- Allow system_dbusd ioctl kernel with a unix stream sockets
- Allow samba-bgqd to read a printer list
- Allow stalld get and set scheduling policy of all domains.
- Allow unconfined_t transition to targetclid_home_t
* Thu Aug 11 2022 Zdenek Pytela <zpytela@redhat.com> - 37.9-1
- Allow nm-dispatcher custom plugin dbus chat with nm
- Allow nm-dispatcher sendmail plugin get status of systemd services

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-74a82f5.tar.gz) = cea477b6796fa51c9613714027f2d3be1eb863c7c8fc1e5d9fecf11a6f5ac814b9ad9a98ccce6808cbd0c205896c482d8f3520f7172d9486a25c069f3790ce15
SHA512 (container-selinux.tgz) = 5811b508b20f9999568f84a12077caf0e0c5d21902bbd43962eb6f35bc7c4f0a46900c06b243e8357e42d1fa367c93da1bd1828132f88dbceb63857699f900b8
SHA512 (selinux-policy-c19e4cb.tar.gz) = c94cce85023394a8825169dbdad94b91617c2b0ec83f2c27c42e3a97eedec6d574868c696288b84ee2754c2ae7d56fcb94eaf13bb7f69680351ab04b1236dabb
SHA512 (container-selinux.tgz) = 59ea54cc84bc74b45a9318d027ae36b3a0d49e1d0ca2ff740f63ab155e0382a095a213a36d50f6cf4d7aae916c2d86841eca4633a3675097b5bee6980f47251f
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4