* Wed Jan 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.10-1

- Allow chronyd-restricted read chronyd key files
- Allow conntrackd_t to use bpf capability2
- Allow systemd-networkd manage its runtime socket files
- Allow init_t nnp domain transition to colord_t
- Allow polkit status systemd services
- nova: Fix duplicate declarations
- Allow httpd work with PrivateTmp
- Add interfaces for watching and reading ifconfig_var_run_t
- Allow collectd read raw fixed disk device
- Allow collectd read udev pid files
- Set correct label on /etc/pki/pki-tomcat/kra
- Allow systemd domains watch system dbus pid socket files
- Allow certmonger read network sysctls
- Allow mdadm list stratisd data directories
- Allow syslog to run unconfined scripts conditionally
- Allow syslogd_t nnp_transition to syslogd_unconfined_script_t
- Allow qatlib set attributes of vfio device files
This commit is contained in:
Zdenek Pytela 2024-01-24 21:28:05 +01:00
parent 443b716de1
commit ac73b2b07b
2 changed files with 23 additions and 4 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 369ff9260dcf3c57165813d89b89f42462909123
%global commit 210bb812c1d727318cf8d977b5440437135f02a0
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 40.9
Version: 40.10
Release: 1%{?dist}
License: GPL-2.0-or-later
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -814,6 +814,25 @@ exit 0
%endif
%changelog
* Wed Jan 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.10-1
- Allow chronyd-restricted read chronyd key files
- Allow conntrackd_t to use bpf capability2
- Allow systemd-networkd manage its runtime socket files
- Allow init_t nnp domain transition to colord_t
- Allow polkit status systemd services
- nova: Fix duplicate declarations
- Allow httpd work with PrivateTmp
- Add interfaces for watching and reading ifconfig_var_run_t
- Allow collectd read raw fixed disk device
- Allow collectd read udev pid files
- Set correct label on /etc/pki/pki-tomcat/kra
- Allow systemd domains watch system dbus pid socket files
- Allow certmonger read network sysctls
- Allow mdadm list stratisd data directories
- Allow syslog to run unconfined scripts conditionally
- Allow syslogd_t nnp_transition to syslogd_unconfined_script_t
- Allow qatlib set attributes of vfio device files
* Tue Jan 09 2024 Zdenek Pytela <zpytela@redhat.com> - 40.9-1
- Allow systemd-sleep set attributes of efivarfs files
- Allow samba-dcerpcd read public files

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-369ff92.tar.gz) = 8174d35ecaecdeb138428c2d45203d6a59a7bdfa38b2b1bc15ec4c416b5c2bbf2b8131531977fcb219a3d6de7b52b92cc92d481f468b6080eadcdecaa4096733
SHA512 (selinux-policy-210bb81.tar.gz) = 90f56160f3e80279188843540b684bb33acf0e6ca9ba006378e2709f2cef49284c7cce69e7842ab14a89a07ddd130bbf89485ed6abbb4e9f81e07fe0f93203e7
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = 257dfb9dd963ff51462a27a890691287bec5658497573406d284c09119cb137757a604e70453fe0c59a2cc26a4a388e923684fbc55169f489d1412190e68f97e
SHA512 (container-selinux.tgz) = 2e5cbc50bd81ac51c35da8563a292c7c2dbbad4d82de2470d2db825e472ab33b5d86fb71714bbe53764ed705c1710f7f646789ad1a4a04dabfd99c33bf9cb4b7