From a99bd017ea15dca4e11687a2909b30326cf96f89 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Fri, 12 Jan 2024 16:52:31 +0100 Subject: [PATCH] * Fri Jan 12 2024 Zdenek Pytela - 3.14.3-134 - Allow syslog to run unconfined scripts conditionally Resolves: RHEL-10087 - Allow syslogd_t nnp_transition to syslogd_unconfined_script_t Resolves: RHEL-10087 - Allow collectd connect to statsd port Resolves: RHEL-19482 - Allow collectd_t read network state symlinks Resolves: RHEL-19482 - Allow collectd_t domain to create netlink_generic_socket sockets Resolves: RHEL-19482 - Allow opafm search nfs directories Resolves: RHEL-19426 - Allow mdadm list stratisd data directories Resolves: RHEL-21374 --- .gitignore | 2 ++ selinux-policy.spec | 22 +++++++++++++++++++--- sources | 6 +++--- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index cb18bd05..74bffd1b 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,5 @@ SOURCES/selinux-policy-contrib-c6da44c.tar.gz /selinux-policy-contrib-5b3c7b8.tar.gz /selinux-policy-fc55894.tar.gz /selinux-policy-contrib-98baf55.tar.gz +/selinux-policy-621d818.tar.gz +/selinux-policy-contrib-61ad859.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 3a6b0512..1a81949d 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 53d5c585c535c91819f0c1218e57678427e4be60 +%global commit0 621d818f129565750683eff2f7fb6100bdb3cff9 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 98baf5555ab09962c55e8ed9e0099650205806c6 +%global commit1 61ad8597a9c27cabaf8a75ad1afc5ee0853a9833 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 133%{?dist} +Release: 134%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -718,6 +718,22 @@ exit 0 %endif %changelog +* Fri Jan 12 2024 Zdenek Pytela - 3.14.3-134 +- Allow syslog to run unconfined scripts conditionally +Resolves: RHEL-10087 +- Allow syslogd_t nnp_transition to syslogd_unconfined_script_t +Resolves: RHEL-10087 +- Allow collectd connect to statsd port +Resolves: RHEL-19482 +- Allow collectd_t read network state symlinks +Resolves: RHEL-19482 +- Allow collectd_t domain to create netlink_generic_socket sockets +Resolves: RHEL-19482 +- Allow opafm search nfs directories +Resolves: RHEL-19426 +- Allow mdadm list stratisd data directories +Resolves: RHEL-21374 + * Wed Dec 13 2023 Zdenek Pytela - 3.14.3-133 - Label /dev/acpi_thermal_rel char device with acpi_device_t Resolves: RHEL-18027 diff --git a/sources b/sources index a8828de8..3ebabc00 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-53d5c58.tar.gz) = 05607b7aa77557e30e41a2365ee769e754cccc4fc0400d99004e2b5c1cf0d844e9072e0e0ce5d873020d74d427842520e11fd9b54c9c7c4d00127ce9bb9d9e47 -SHA512 (selinux-policy-contrib-98baf55.tar.gz) = 667d0e2cd3c94def1e84ec5ff33c8e97fc81f7714a7c9a3200beeffc7035f48fae49868f98561578ec70810649776f8ac2fb995318cd000993165b8321572be4 -SHA512 (container-selinux.tgz) = c99f8c50431efca6adb2473adcea5bd74e3c4837371ec9d6eadd8c648410e4b4e22e4cfe2c2acf46ee723020220211945770cd7d1878b5aa24cc347ffc81da22 +SHA512 (selinux-policy-621d818.tar.gz) = b9da31e760230b885d77b63015c81f5cebac8b6992e6ea5d47a7582e8e1b1d596768ac51ae73574c4f9fefa65e209569ec70cb9e2ae60b7100780c5170ed6288 +SHA512 (selinux-policy-contrib-61ad859.tar.gz) = d65cfa52e3566e0b6cb1d11d420f2e940ea154a815aaf26fcc36aff937906207b75e23061b255e40218e5b46a35621bf4f8c7dd700b89c7fa587ddfabc250cf2 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = 01fb849a4078fbbf4799354d81be52482502f549428c4db67b69685714834bb5282f353524f73cdbc4d5da2957bc4455989ae9c89b775fe05b332cfd295b04c0