rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Feb 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-3

Browse Source 
- Allow unconfined integrity lockdown permission
- Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined
- Allow systemd-machined manage systemd-userdbd runtime sockets
- Enable systemd-sysctl domtrans for udev
- Introduce kernel_load_unsigned_module interface and use it for couple domains
- Allow gpg watch user gpg secrets dirs
- Build also the container module in CI
- Remove duplicate code from kernel.te
- Allow restorecond to watch all non-auth directories
- Allow restorecond to watch its config file
This commit is contained in:
Zdenek Pytela 2021-02-16 22:47:33 +01:00
parent 15dc304d75
commit aa1f535cb2
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
selinux-policy.spec
View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources # github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy %global giturl https://github.com/fedora-selinux/selinux-policy
%global commit e82ad03883fec6968f07d229ce8720dd593ee72e %global commit e4ea1e13059ac475c3f012a3f58cbf0b0e554164
%global shortcommit %(c=%{commit}; echo ${c:0:7}) %global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -24,7 +24,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.8 Version: 3.14.8
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf Source1: modules-targeted-base.conf
@ -792,6 +792,18 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Feb 16 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-3
- Allow unconfined integrity lockdown permission
- Relocate confidentiality lockdown rule from unconfined_domain_type to unconfined
- Allow systemd-machined manage systemd-userdbd runtime sockets
- Enable systemd-sysctl domtrans for udev
- Introduce kernel_load_unsigned_module interface and use it for couple domains
- Allow gpg watch user gpg secrets dirs
- Build also the container module in CI
- Remove duplicate code from kernel.te
- Allow restorecond to watch all non-auth directories
- Allow restorecond to watch its config file
* Mon Feb 15 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-2 * Mon Feb 15 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.8-2
- Allow userdomain watch various filesystem objects - Allow userdomain watch various filesystem objects
- Allow systemd-logind and systemd-sleep integrity lockdown permission - Allow systemd-logind and systemd-sleep integrity lockdown permission

4
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-e82ad03.tar.gz) = d59dbb452e659f0b7eec45dfdd37c7adc9bd03efd8d179344aa8ef1b89d3b51df9c092cc28964db5724db8a23ee1736ba00be72178d9f4dc3fcbc61cbe3074d2 SHA512 (selinux-policy-e4ea1e1.tar.gz) = a672247aa1de8111062dac3e37ca5840e548175740eccb65ebe92bc6d3477227c0119981b3411491d100af601468c876f68de6ec02fbdfcb07ea7e276aa6cffb
SHA512 (container-selinux.tgz) = e6c8002a7c9be615f3352f85500b8855c9c1f8b611aef249f1e5eb1b67623ca77e77ed71cc59094b4a06ed328c7c68f0ad8b91846e1e4b6ea37807b49ebb8a9b SHA512 (container-selinux.tgz) = f8dc9a03dac5ac8efb775c61f4c8ac071a5fa2f33306a2ddad4ca6241e2241b9ff038e2ceb081c9d0785c3a1c7e0b8992f94bad3af11546597e2af1af4a979d5
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4