* Mon Jan 17 2022 Zdenek Pytela <zpytela@redhat.com> - 35.10-1

- Allow login_userdomain watch systemd-machined PID directories
- Allow login_userdomain watch systemd-logind PID directories
- Allow login_userdomain watch accountsd lib directories
- Allow login_userdomain watch localization directories
- Allow login_userdomain watch various files and dirs
- Allow login_userdomain watch generic directories in /tmp
- Allow rhsm-service read/write its private memfd: objects
- Allow radiusd connect to the radacct port
- Allow systemd-io-bridge ioctl rpm_script_t
- Allow systemd-coredump userns capabilities and root mounton
- Allow systemd-coredump read and write usermodehelper state
- Allow login_userdomain create session_dbusd tmp socket files
- Allow gkeyringd_domain write to session_dbusd tmp socket files
- Allow systemd-logind delete session_dbusd tmp socket files
- Allow gdm-x-session write to session dbus tmp sock files
- Label /etc/cockpit/ws-certs.d with cert_t
- Allow kpropd get attributes of cgroup filesystems
- Allow administrative users the bpf capability
- Allow sysadm_t start and stop transient services
- Connect triggerin to pcre2 instead of pcre
This commit is contained in:
Zdenek Pytela 2022-01-17 18:17:56 +01:00
parent b15718470a
commit b8cfdb1921
2 changed files with 26 additions and 4 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 84dd4309ad6d644edea2c3cf448f516f4e008c04
%global commit b909895c58d7709343e59e24f115d5ede1f46944
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 35.9
Version: 35.10
Release: 1%{?dist}
License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -808,6 +808,28 @@ exit 0
%endif
%changelog
* Mon Jan 17 2022 Zdenek Pytela <zpytela@redhat.com> - 35.10-1
- Allow login_userdomain watch systemd-machined PID directories
- Allow login_userdomain watch systemd-logind PID directories
- Allow login_userdomain watch accountsd lib directories
- Allow login_userdomain watch localization directories
- Allow login_userdomain watch various files and dirs
- Allow login_userdomain watch generic directories in /tmp
- Allow rhsm-service read/write its private memfd: objects
- Allow radiusd connect to the radacct port
- Allow systemd-io-bridge ioctl rpm_script_t
- Allow systemd-coredump userns capabilities and root mounton
- Allow systemd-coredump read and write usermodehelper state
- Allow login_userdomain create session_dbusd tmp socket files
- Allow gkeyringd_domain write to session_dbusd tmp socket files
- Allow systemd-logind delete session_dbusd tmp socket files
- Allow gdm-x-session write to session dbus tmp sock files
- Label /etc/cockpit/ws-certs.d with cert_t
- Allow kpropd get attributes of cgroup filesystems
- Allow administrative users the bpf capability
- Allow sysadm_t start and stop transient services
- Connect triggerin to pcre2 instead of pcre
* Wed Jan 12 2022 Zdenek Pytela <zpytela@redhat.com> - 35.9-1
- Allow sshd read filesystem sysctl files
- Revert "Allow sshd read sysctl files"

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-84dd430.tar.gz) = 4ce18a6104ac28748f09bba2bb42e535a8a2a06e5e209cc076250acd47585f141428ffd7e82a407b93ce977275db21e9929beb96be1d9db9cbf2cd24f89092be
SHA512 (container-selinux.tgz) = 3427c9b46b93207f5be8dd6bc0d984b18940936fa0f23bb32a2f2fc7bba3146c67373d5217998643add7ff3731d27c346ee7378c52044487350e25db9af86e60
SHA512 (selinux-policy-b909895.tar.gz) = 5bc36dea11a47e30fa57d84297eda384cd0fdd017a2cf839b11a2966ee42abbf0df2b530620ba04a62c2ad57464eac77f8c430f1889758ae6b9580a6c84fda04
SHA512 (container-selinux.tgz) = c1a52aca95ea6a75d26bdcea4ceb0f3bfd326d5dab2d9ec334b02a0e1d24c0e9719ca335fd5b376c7a9dfc8be052df111506e0072f0f45b59c2409a45e7e0f2b
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4