From a789dba85b4cd876fcbe4d2d6ad2ed27e97c3fa7 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Thu, 12 Dec 2024 21:18:45 +0100 Subject: [PATCH] * Thu Dec 12 2024 Zdenek Pytela - 40.13.17-1 - Update samba-bgqd policy Resolves: RHEL-69512 - Allow samba-bgqd read cups config files Resolves: RHEL-69512 - Allow virtqemud additional permissions for tmpfs_t blk devices Resolves: RHEL-61235 - Allow virtqemud rw access to svirt_image_t chr files Resolves: RHEL-61235 - Allow virtqemud rw and setattr access to fixed block devices Resolves: RHEL-61235 - Label /etc/mdevctl.d/scripts.d with bin_t Resolves: RHEL-39893 - Fix the /etc/mdevctl\.d(/.*)? regexp Resolves: RHEL-39893 - Allow virtnodedev watch mdevctl config dirs Resolves: RHEL-39893 - Make mdevctl_conf_t member of the file_type attribute Resolves: RHEL-39893 - Label /etc/mdevctl.d with mdevctl_conf_t Resolves: RHEL-39893 - Allow virtqemud relabelfrom virt_log_t files Resolves: RHEL-48236 - Allow virtqemud_t relabel virtqemud_var_run_t sock_files Resolves: RHEL-48236 - Allow virtqemud relabelfrom virtqemud_var_run_t dirs Resolves: RHEL-48236 - Allow svirt_tcg_t read virtqemud_t fifo_files Resolves: RHEL-48236 - Allow virtqemud rw and setattr access to sev devices Resolves: RHEL-69128 - Allow virtqemud directly read and write to a fixed disk Resolves: RHEL-61235 - Allow svirt_t the sys_rawio capability Resolves: RHEL-61235 - Allow svirt_t the sys_rawio capability Resolves: RHEL-61235 - Allow virtqemud connect to sanlock over a unix stream socket Resolves: RHEL-44352 - allow gdm and iiosensorproxy talk to each other via D-bus Resolves: RHEL-70850 - Allow sendmail to map mail server configuration files Related: RHEL-54014 - Allow procmail to read mail aliases Resolves: RHEL-54014 - Grant rhsmcertd chown capability & userdb access Resolves: RHEL-68481 --- changelog | 48 +++++++++++++++++++++++++++++++++++++++++++++ selinux-policy.spec | 4 ++-- sources | 4 ++-- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/changelog b/changelog index b69c1c87..06e4282c 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,51 @@ +* Thu Dec 12 2024 Zdenek Pytela - 40.13.17-1 +- Update samba-bgqd policy +Resolves: RHEL-69512 +- Allow samba-bgqd read cups config files +Resolves: RHEL-69512 +- Allow virtqemud additional permissions for tmpfs_t blk devices +Resolves: RHEL-61235 +- Allow virtqemud rw access to svirt_image_t chr files +Resolves: RHEL-61235 +- Allow virtqemud rw and setattr access to fixed block devices +Resolves: RHEL-61235 +- Label /etc/mdevctl.d/scripts.d with bin_t +Resolves: RHEL-39893 +- Fix the /etc/mdevctl\.d(/.*)? regexp +Resolves: RHEL-39893 +- Allow virtnodedev watch mdevctl config dirs +Resolves: RHEL-39893 +- Make mdevctl_conf_t member of the file_type attribute +Resolves: RHEL-39893 +- Label /etc/mdevctl.d with mdevctl_conf_t +Resolves: RHEL-39893 +- Allow virtqemud relabelfrom virt_log_t files +Resolves: RHEL-48236 +- Allow virtqemud_t relabel virtqemud_var_run_t sock_files +Resolves: RHEL-48236 +- Allow virtqemud relabelfrom virtqemud_var_run_t dirs +Resolves: RHEL-48236 +- Allow svirt_tcg_t read virtqemud_t fifo_files +Resolves: RHEL-48236 +- Allow virtqemud rw and setattr access to sev devices +Resolves: RHEL-69128 +- Allow virtqemud directly read and write to a fixed disk +Resolves: RHEL-61235 +- Allow svirt_t the sys_rawio capability +Resolves: RHEL-61235 +- Allow svirt_t the sys_rawio capability +Resolves: RHEL-61235 +- Allow virtqemud connect to sanlock over a unix stream socket +Resolves: RHEL-44352 +- allow gdm and iiosensorproxy talk to each other via D-bus +Resolves: RHEL-70850 +- Allow sendmail to map mail server configuration files +Related: RHEL-54014 +- Allow procmail to read mail aliases +Resolves: RHEL-54014 +- Grant rhsmcertd chown capability & userdb access +Resolves: RHEL-68481 + * Fri Nov 29 2024 Zdenek Pytela - 40.13.16-1 - Fix the file type for /run/systemd/generator Resolves: RHEL-68313 diff --git a/selinux-policy.spec b/selinux-policy.spec index 11cccef6..076b630f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -5,7 +5,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 3f0002adb63d7da7f8dcb203925b9ba6d10301c3 +%global commit 78847c4bcc0b30d4f89ac04004934a95c57bcd35 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -17,7 +17,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.13.16 +Version: 40.13.17 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz diff --git a/sources b/sources index ad28ce63..91e34f7a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-3f0002a.tar.gz) = 51b525de3f63b3a9e2a2394826fd7bad0e32b22fc8a0b2cdd53d7580d2f07382732e20f4e8a0535acafb777f41b473fb9ed04f7927c11e25273f3861baf6d6a9 +SHA512 (selinux-policy-78847c4.tar.gz) = 76d87a323225bf68a212801f3ceba8a70070080793144006dbc7b3e88eae46a9a9b63c3f0e2a9fe823be6fc5fc8bcf6b996f5e21242a2b46747471ccca317ab1 +SHA512 (container-selinux.tgz) = af2b1c6e9aa6762e6dd388d1ca5568f067f715514335c8b70400fc1282979f2a377c6797c9d43ceaccf17caa45a52b9d39e9d3a425286209f0be250bcaf71ae9 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 1211d3b8da0d12e15d3757d40a256ccd1fb786c895d051cd91d5f4725b1ea30bbdaa20e8a5fd2c8130b9cd1711f9784670b05e0883840e297755841f5a309903