From aa60c4739e4ce2d3980bf079bcea95451dfd8115 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 1 Feb 2022 13:18:34 -0500 Subject: [PATCH] import selinux-policy-34.1.22-1.el9 --- .gitignore | 2 +- .selinux-policy.metadata | 4 ++-- SPECS/selinux-policy.spec | 42 +++++++++++++++++++++++++++++++++++++-- 3 files changed, 43 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index cc5a5520..99a0d942 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-0b4c1a7.tar.gz +SOURCES/selinux-policy-141c3fd.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index d5e6e69a..72cb13ee 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,2 +1,2 @@ -223e05c2904e656cd85ad50bf98f2a4294f5e361 SOURCES/container-selinux.tgz -c6ce6f465910d0376926a7fa36a54b50dd193619 SOURCES/selinux-policy-0b4c1a7.tar.gz +76b98420bd78a14b2421e1f14680b6bfe60fcfdf SOURCES/container-selinux.tgz +fc88dd3c49d79e37c37b32014241fa85b457daa4 SOURCES/selinux-policy-141c3fd.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 023e3e36..07e9de0d 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 0b4c1a7aa0be1129efd7e7749100734416a3a10d +%global commit 141c3fde08c02097e0b6fa179a33cc17371e9a22 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.1.20 +Version: 34.1.22 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -792,6 +792,44 @@ exit 0 %endif %changelog +* Tue Jan 11 2022 Zdenek Pytela - 34.1.22-1 +- Allow sshd read filesystem sysctl files +Resolves: rhbz#2036585 +- Revert "Allow sshd read sysctl files" +Resolves: rhbz#2036585 + +* Mon Jan 10 2022 Zdenek Pytela - 34.1.21-1 +- Remove the lockdown class from the policy +Resolves: rhbz#2017848 +- Revert "define lockdown class and access" +Resolves: rhbz#2017848 +- Allow gssproxy access to various system files. +Resolves: rhbz#2026974 +- Allow gssproxy read, write, and map ica tmpfs files +Resolves: rhbz#2026974 +- Allow gssproxy read and write z90crypt device +Resolves: rhbz#2026974 +- Allow sssd_kcm read and write z90crypt device +Resolves: rhbz#2026974 +- Allow abrt_domain read and write z90crypt device +Resolves: rhbz#2026974 +- Allow NetworkManager read and write z90crypt device +Resolves: rhbz#2026974 +- Allow smbcontrol read the network state information +Resolves: rhbz#2038157 +- Allow virt_domain map vhost devices +Resolves: rhbz#2035702 +- Allow fcoemon request the kernel to load a module +Resolves: rhbz#2034463 +- Allow lldpd connect to snmpd with a unix domain stream socket +Resolves: rhbz#2033315 +- Allow ModemManager create a qipcrtr socket +Resolves: rhbz#2036582 +- Allow ModemManager request to load a kernel module +Resolves: rhbz#2036582 +- Allow sshd read sysctl files +Resolves: rhbz#2036585 + * Wed Dec 15 2021 Zdenek Pytela - 34.1.20-1 - Allow dnsmasq watch /etc/dnsmasq.d directories Resolves: rhbz#2029866