From b8cfdb19219950edc49ed070a652c393c346f1b5 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Mon, 17 Jan 2022 18:17:56 +0100 Subject: [PATCH] * Mon Jan 17 2022 Zdenek Pytela - 35.10-1 - Allow login_userdomain watch systemd-machined PID directories - Allow login_userdomain watch systemd-logind PID directories - Allow login_userdomain watch accountsd lib directories - Allow login_userdomain watch localization directories - Allow login_userdomain watch various files and dirs - Allow login_userdomain watch generic directories in /tmp - Allow rhsm-service read/write its private memfd: objects - Allow radiusd connect to the radacct port - Allow systemd-io-bridge ioctl rpm_script_t - Allow systemd-coredump userns capabilities and root mounton - Allow systemd-coredump read and write usermodehelper state - Allow login_userdomain create session_dbusd tmp socket files - Allow gkeyringd_domain write to session_dbusd tmp socket files - Allow systemd-logind delete session_dbusd tmp socket files - Allow gdm-x-session write to session dbus tmp sock files - Label /etc/cockpit/ws-certs.d with cert_t - Allow kpropd get attributes of cgroup filesystems - Allow administrative users the bpf capability - Allow sysadm_t start and stop transient services - Connect triggerin to pcre2 instead of pcre --- selinux-policy.spec | 26 ++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 16f42d36..d7ca8179 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 84dd4309ad6d644edea2c3cf448f516f4e008c04 +%global commit b909895c58d7709343e59e24f115d5ede1f46944 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 35.9 +Version: 35.10 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -808,6 +808,28 @@ exit 0 %endif %changelog +* Mon Jan 17 2022 Zdenek Pytela - 35.10-1 +- Allow login_userdomain watch systemd-machined PID directories +- Allow login_userdomain watch systemd-logind PID directories +- Allow login_userdomain watch accountsd lib directories +- Allow login_userdomain watch localization directories +- Allow login_userdomain watch various files and dirs +- Allow login_userdomain watch generic directories in /tmp +- Allow rhsm-service read/write its private memfd: objects +- Allow radiusd connect to the radacct port +- Allow systemd-io-bridge ioctl rpm_script_t +- Allow systemd-coredump userns capabilities and root mounton +- Allow systemd-coredump read and write usermodehelper state +- Allow login_userdomain create session_dbusd tmp socket files +- Allow gkeyringd_domain write to session_dbusd tmp socket files +- Allow systemd-logind delete session_dbusd tmp socket files +- Allow gdm-x-session write to session dbus tmp sock files +- Label /etc/cockpit/ws-certs.d with cert_t +- Allow kpropd get attributes of cgroup filesystems +- Allow administrative users the bpf capability +- Allow sysadm_t start and stop transient services +- Connect triggerin to pcre2 instead of pcre + * Wed Jan 12 2022 Zdenek Pytela - 35.9-1 - Allow sshd read filesystem sysctl files - Revert "Allow sshd read sysctl files" diff --git a/sources b/sources index 7e2b6865..284fa9b0 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-84dd430.tar.gz) = 4ce18a6104ac28748f09bba2bb42e535a8a2a06e5e209cc076250acd47585f141428ffd7e82a407b93ce977275db21e9929beb96be1d9db9cbf2cd24f89092be -SHA512 (container-selinux.tgz) = 3427c9b46b93207f5be8dd6bc0d984b18940936fa0f23bb32a2f2fc7bba3146c67373d5217998643add7ff3731d27c346ee7378c52044487350e25db9af86e60 +SHA512 (selinux-policy-b909895.tar.gz) = 5bc36dea11a47e30fa57d84297eda384cd0fdd017a2cf839b11a2966ee42abbf0df2b530620ba04a62c2ad57464eac77f8c430f1889758ae6b9580a6c84fda04 +SHA512 (container-selinux.tgz) = c1a52aca95ea6a75d26bdcea4ceb0f3bfd326d5dab2d9ec334b02a0e1d24c0e9719ca335fd5b376c7a9dfc8be052df111506e0072f0f45b59c2409a45e7e0f2b SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4