* Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 36.3-1
- Update NetworkManager-dispatcher policy to use scripts - Allow init mounton kernel messages device - Revert "Make dbus-broker service working on s390x arch" - Remove permissive domain for insights_client_t - Allow userdomain read symlinks in /var/lib - Allow iptables list cgroup directories - Dontaudit mdadm list dirsrv tmpfs dirs - Dontaudit dirsrv search filesystem sysctl directories - Allow chage domtrans to sssd - Allow postfix_domain read dovecot certificates - Allow systemd-networkd create and use netlink netfilter socket - Allow nm-dispatcher read nm-dispatcher-script symlinks - filesystem.te: add genfscon rule for ntfs3 filesystem - Allow rhsmcertd get attributes of cgroup filesystems - Allow sandbox_web_client_t watch various dirs - Exclude container.if from policy devel files - Run restorecon on /usr/lib/sysimage/rpm instead of /var/lib/rpm
This commit is contained in:
parent
652ddc6c42
commit
b1087928cf
@ -1,6 +1,6 @@
|
|||||||
# github repo with selinux-policy sources
|
# github repo with selinux-policy sources
|
||||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit 369f900039cff9443e86fdf7254ba8b11dc6adb5
|
%global commit e0c5ad17b8fc9547912085b142476a5eee6109cb
|
||||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -23,7 +23,7 @@
|
|||||||
%define CHECKPOLICYVER 3.2
|
%define CHECKPOLICYVER 3.2
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 36.2
|
Version: 36.3
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
@ -143,6 +143,7 @@ and some additional files.
|
|||||||
%dir %{_datadir}/selinux/devel
|
%dir %{_datadir}/selinux/devel
|
||||||
%dir %{_datadir}/selinux/devel/include
|
%dir %{_datadir}/selinux/devel/include
|
||||||
%{_datadir}/selinux/devel/include/*
|
%{_datadir}/selinux/devel/include/*
|
||||||
|
%exclude %{_datadir}/selinux/devel/include/container.if
|
||||||
%dir %{_datadir}/selinux/devel/html
|
%dir %{_datadir}/selinux/devel/html
|
||||||
%{_datadir}/selinux/devel/html/*html
|
%{_datadir}/selinux/devel/html/*html
|
||||||
%{_datadir}/selinux/devel/html/*css
|
%{_datadir}/selinux/devel/html/*css
|
||||||
@ -286,7 +287,7 @@ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.p
|
|||||||
rm -f ${FILE_CONTEXT}.pre; \
|
rm -f ${FILE_CONTEXT}.pre; \
|
||||||
fi; \
|
fi; \
|
||||||
# rebuilding the rpm database still can sometimes result in an incorrect context \
|
# rebuilding the rpm database still can sometimes result in an incorrect context \
|
||||||
%{_sbindir}/restorecon -R /var/lib/rpm \
|
%{_sbindir}/restorecon -R /usr/lib/sysimage/rpm \
|
||||||
if %{_sbindir}/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then \
|
if %{_sbindir}/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then \
|
||||||
continue; \
|
continue; \
|
||||||
fi;
|
fi;
|
||||||
@ -808,6 +809,25 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 17 2022 Zdenek Pytela <zpytela@redhat.com> - 36.3-1
|
||||||
|
- Update NetworkManager-dispatcher policy to use scripts
|
||||||
|
- Allow init mounton kernel messages device
|
||||||
|
- Revert "Make dbus-broker service working on s390x arch"
|
||||||
|
- Remove permissive domain for insights_client_t
|
||||||
|
- Allow userdomain read symlinks in /var/lib
|
||||||
|
- Allow iptables list cgroup directories
|
||||||
|
- Dontaudit mdadm list dirsrv tmpfs dirs
|
||||||
|
- Dontaudit dirsrv search filesystem sysctl directories
|
||||||
|
- Allow chage domtrans to sssd
|
||||||
|
- Allow postfix_domain read dovecot certificates
|
||||||
|
- Allow systemd-networkd create and use netlink netfilter socket
|
||||||
|
- Allow nm-dispatcher read nm-dispatcher-script symlinks
|
||||||
|
- filesystem.te: add genfscon rule for ntfs3 filesystem
|
||||||
|
- Allow rhsmcertd get attributes of cgroup filesystems
|
||||||
|
- Allow sandbox_web_client_t watch various dirs
|
||||||
|
- Exclude container.if from policy devel files
|
||||||
|
- Run restorecon on /usr/lib/sysimage/rpm instead of /var/lib/rpm
|
||||||
|
|
||||||
* Fri Feb 11 2022 Zdenek Pytela <zpytela@redhat.com> - 36.2-1
|
* Fri Feb 11 2022 Zdenek Pytela <zpytela@redhat.com> - 36.2-1
|
||||||
- Allow sysadm_passwd_t to relabel passwd and group files
|
- Allow sysadm_passwd_t to relabel passwd and group files
|
||||||
- Allow confined sysadmin to use tool vipw
|
- Allow confined sysadmin to use tool vipw
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-369f900.tar.gz) = a69bb7af266f013325de204e66877a4a8bb5345cf8e332efe1cb3c0993da312e0bd3bef687e366064bfe940854fe9ed24605afa08cdadfcdbbab238a9b255572
|
SHA512 (selinux-policy-e0c5ad1.tar.gz) = 22de0b261754fdcf478a4b88a9f166752adf7b7dd80e88cb1b40d6b13104eafe854a9cca372e7d9433dc55c24c4e73e535b3f8a1a59748c8fcb99817691bb078
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
SHA512 (container-selinux.tgz) = a9d05e8d035f7eef322d87fdcae842bb7675379dd2b7015a60363f8ede35c1c43ca43026a9944c79b456de8616da6255d8552a8e838535a33a14a7ea17229d97
|
SHA512 (container-selinux.tgz) = bd68a2fa40597ae4a5f303094aca4c10691abe66c763246e902687aa6e06b7f007590215e360bb6fcba2d2dc781d92c94f5c575c9cbb4724adec2ec139de5b54
|
||||||
|
Loading…
Reference in New Issue
Block a user