import selinux-policy-34.1.28-1.el9_0

2022-04-05 07:02:16 -04:00 · 2022-04-05 07:02:16 -04:00 · ac95e7125b
commit ac95e7125b
parent 842d9c9cdb
4 changed files with 38 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-0b21d4c.tar.gz
+SOURCES/selinux-policy-9dcf505.tar.gz
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@ -1,2 +1,2 @@
-a405401da19909415b7ee69e2b2cdfed0c0fb03d SOURCES/container-selinux.tgz
-b281e81483dc3f6b56caa221d3b42930ee0b7f37 SOURCES/selinux-policy-0b21d4c.tar.gz
+ff295d4c0bb4af2a3972c810f93a7fb2c17fbf27 SOURCES/container-selinux.tgz
+be1161ae8772afa2747bf1cf58d59828934ba05a SOURCES/selinux-policy-9dcf505.tar.gz
--- a/SOURCES/booleans-targeted.conf
+++ b/SOURCES/booleans-targeted.conf
@ -12,6 +12,7 @@ pppd_can_insmod = false
 privoxy_connect_any = true
 selinuxuser_direct_dri_enabled = true
 selinuxuser_execmem = true
+selinuxuser_execstack = true
 selinuxuser_rw_noexattrfile=true
 selinuxuser_ping = true
 squid_connect_any = true
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 0b21d4c0c4587cf2f8503a27109b729394bc68c1
+%global commit 9dcf505fec91d3cc2feae61d9b76726a98dd6b98
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -19,11 +19,11 @@
 %define BUILD_MLS 1
 %endif
 %define POLICYVER 33
-%define POLICYCOREUTILSVER 3.2
+%define POLICYCOREUTILSVER 3.3-5
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 34.1.26
+Version: 34.1.28
 Release: 1%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -268,6 +268,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/seusers.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \
 %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \
+%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \
 %nil

 %define relabel() \
@ -792,6 +793,36 @@ exit 0
 %endif

 %changelog
+* Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.28-1
+- Allow logrotate a domain transition to cluster administrative domain
+Resolves: rhbz#2061277
+- Change the selinuxuser_execstack boolean value to true
+Resolves: rhbz#2064274
+
+* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.27-1
+- Allow ModemManager connect to the unconfined user domain
+Resolves: rhbz#2000196
+- Label /dev/wwan.+ with modem_manager_t
+Resolves: rhbz#2000196
+- Allow systemd-coredump userns capabilities and root mounton
+Resolves: rhbz#2057435
+- Allow systemd-coredump read and write usermodehelper state
+Resolves: rhbz#2057435
+- Allow sysadm_passwd_t to relabel passwd and group files
+Resolves: rhbz#2053458
+- Allow systemd-sysctl read the security state information
+Resolves: rhbz#2056999
+- Remove unnecessary /etc file transitions for insights-client
+Resolves: rhbz#2055823
+- Label all content in /var/lib/insights with insights_client_var_lib_t
+Resolves: rhbz#2055823
+- Update insights-client policy
+Resolves: rhbz#2055823
+- Update insights-client: fc pattern, motd, writing to etc
+Resolves: rhbz#2055823
+- Update specfile to buildrequire policycoreutils-devel >= 3.3-5
+- Add modules_checksum to %files
+
 * Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 34.1.26-1
 - Remove permissive domain for insights_client_t
 Resolves: rhbz#2055823