From bbc61bc528296f79bc8da05368508639e509adfd Mon Sep 17 00:00:00 2001 From: James Antill Date: Tue, 31 May 2022 15:00:30 -0400 Subject: [PATCH] Auto sync2gitlab import of selinux-policy-3.14.3-98.el8.src.rpm --- .gitignore | 2 ++ selinux-policy.spec | 63 +++++++++++++++++++++++++++++++++++++++++---- sources | 6 ++--- 3 files changed, 63 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 95ac2668..807e96d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ /container-selinux.tgz /selinux-policy-ab10edf.tar.gz /selinux-policy-contrib-191fa35.tar.gz +/selinux-policy-b92822d.tar.gz +/selinux-policy-contrib-cb79cd7.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index e9882209..bf65675b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 ab10edf9d09f671f038fbc4446ddc7d8ceb1a266 +%global commit0 b92822db985551bd39933aaf416ec81990eb1c22 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 191fa35ac243f8f3f1db0a9e95c77b6e308a16e9 +%global commit1 cb79cd74e8079563ff13f8e7c0f8d82247a9cb65 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 95%{?dist} +Release: 98%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -717,14 +717,67 @@ exit 0 %endif %changelog +* Wed May 04 2022 Zdenek Pytela - 3.14.3-98 +- Allow sysadm user execute init scripts with a transition +Resolves: rhbz#2039662 +- Change invalid type redisd_t to redis_t in redis_stream_connect() +Resolves: rhbz#1897517 +- Allow php-fpm write access to /var/run/redis/redis.sock +Resolves: rhbz#1897517 +- Allow sssd read systemd-resolved runtime directory +Resolves: rhbz#2060721 +- Allow postfix stream connect to cyrus through runtime socket +Resolves: rhbz#2066005 +- Allow insights-client create_socket_perms for tcp/udp sockets +Resolves: rhbz#2073395 +- Allow insights-client read rhnsd config files +Resolves: rhbz#2073395 +- Allow sblim-sfcbd connect to sblim-reposd stream +Resolves: rhbz#2075810 +- Allow rngd drop privileges via setuid/setgid/setcap +Resolves: rhbz#2076641 +- Allow rngd_t domain to use nsswitch +Resolves: rhbz#2076641 + +* Fri Apr 22 2022 Nikola Knazekova - 3.14.3-97 +- Create macro corenet_icmp_bind_generic_node() +Resolves: rhbz#2070870 +- Allow traceroute_t and ping_t to bind generic nodes. +Resolves: rhbz#2070870 +- Allow administrative users the bpf capability +Resolves: rhbz#2070983 +- Allow insights-client search rhnsd configuration directory +Resolves: rhbz#2073395 +- Allow ntlm_auth read the network state information +Resolves: rhbz#2073349 +- Allow keepalived setsched and sys_nice +Resolves: rhbz#2008033 +- Revert "Allow administrative users the bpf capability" +Resolves: rhbz#2070983 + + +* Thu Apr 07 2022 Zdenek Pytela - 3.14.3-96 +- Add interface rpc_manage_exports +Resolves: rhbz#2062183 +- Allow sshd read filesystem sysctl files +Resolves: rhbz#2061403 +- Update targetd nfs & lvm +Resolves: rhbz#2062183 +- Allow dhcpd_t domain to read network sysctls. +Resolves: rhbz#2059509 +- Allow chronyd talk with unconfined user over unix domain dgram socket +Resolves: rhbz#2065313 +- Allow fenced read kerberos key tables +Resolves: rhbz#1964839 + * Thu Mar 24 2022 Zdenek Pytela - 3.14.3-95 - Allow hostapd talk with unconfined user over unix domain dgram socket -Resolves: rhbz#2064284 +Resolves: rhbz#2068007 * Thu Mar 10 2022 Nikola Knazekova nknazeko@redhat.com - 3.14.3-94 - Allow chronyd send a message to sosreport over datagram socket - Allow systemd-logind dbus chat with sosreport -Resolves: rhbz#1949493 +Resolves: rhbz#2062607 * Thu Feb 24 2022 Zdenek Pytela - 3.14.3-93 - Allow systemd-networkd dbus chat with sosreport diff --git a/sources b/sources index f0b25292..5f27348f 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (container-selinux.tgz) = c803143036f3488bea9e0641baa25aef70ee1f2b652ce708797596e6bd19d6e99dee012c9b5bf2ae7f1200d69ee717dac6037381407c90b808a0aa7b15a876c4 -SHA512 (selinux-policy-ab10edf.tar.gz) = c80f64e78c26e7cc40ea85b451eb5d7cf67b226ce5f7ead3de5012804edb672493712867dd00db2ee567592b76c13fc398662547db51be8f4f334b48c38f0ce7 -SHA512 (selinux-policy-contrib-191fa35.tar.gz) = c14a20ab078e046df449a0107fc20329c0a579908eca15e2188d8681ddf365f3493f49ee44ef37b46c5e7a99efd2127d0f9e325289ca4f2321179ab0813cddb8 +SHA512 (container-selinux.tgz) = 15af25d4a8d7bad32ee72fc52751b9143eeb653cb7dc3556f7f6c51236df7d881e7a575223b51ff1e4e71bd8adae0db62b108f98a37f229137a9b144c5e8009f +SHA512 (selinux-policy-b92822d.tar.gz) = 368ce690d85514d4226aa1c011b4f8ad472a4b176c5451a2d814f3ae2a83ce10830643b2a61f5ee3674129a460cbdef6a4dba9385dd92b6b4d3215dc8e2f8871 +SHA512 (selinux-policy-contrib-cb79cd7.tar.gz) = 9dad84b61af1dc2c6b691398cc4dd949aac3a06e0b15b65d07fbdaa99cda991332a75e5b076d4c09b854db804a26eeedcdc8bbc4460cef4c035243b3f4387dae