From c74c6d28683d4cfed1e3fbcaeec1dd8747ff803f Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Sun, 7 Jul 2024 20:02:06 +0200 Subject: [PATCH] * Sun Jul 07 2024 Zdenek Pytela - 38.1.41-1 - Differentiate between staff and sysadm when executing crontab with sudo Resolves: RHEL-31888 - Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t Resolves: RHEL-25724 - Allow unconfined_service_t transition to passwd_t Resolves: RHEL-17404 - Allow sbd to trace processes in user namespace Resolves: RHEL-44680 - Allow systemd-coredumpd sys_admin and sys_resource capabilities Resolves: RHEL-45245 - Label /usr/lib/node_modules/npm/bin with bin_t Resolves: RHEL-36587 - Support /var is empty Resolves: RHEL-29331 - Allow timemaster write to sysfs files Resolves: RHEL-28777 - Don't audit crontab_domain write attempts to user home Resolves: RHEL-31888 - Transition from sudodomains to crontab_t when executing crontab_exec_t Resolves: RHEL-31888 - Fix label of pseudoterminals created from sudodomain Resolves: RHEL-31888 --- selinux-policy.spec | 28 ++++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 57b24611..97c0c907 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit aa5fe22578d5a895ea05cb385bdecca73ea7f7a9 +%global commit a22468c51f2eb5fbeff06cef9840b577382fd2c0 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 38.1.40 +Version: 38.1.41 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -809,6 +809,30 @@ exit 0 %endif %changelog +* Sun Jul 07 2024 Zdenek Pytela - 38.1.41-1 +- Differentiate between staff and sysadm when executing crontab with sudo +Resolves: RHEL-31888 +- Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t +Resolves: RHEL-25724 +- Allow unconfined_service_t transition to passwd_t +Resolves: RHEL-17404 +- Allow sbd to trace processes in user namespace +Resolves: RHEL-44680 +- Allow systemd-coredumpd sys_admin and sys_resource capabilities +Resolves: RHEL-45245 +- Label /usr/lib/node_modules/npm/bin with bin_t +Resolves: RHEL-36587 +- Support /var is empty +Resolves: RHEL-29331 +- Allow timemaster write to sysfs files +Resolves: RHEL-28777 +- Don't audit crontab_domain write attempts to user home +Resolves: RHEL-31888 +- Transition from sudodomains to crontab_t when executing crontab_exec_t +Resolves: RHEL-31888 +- Fix label of pseudoterminals created from sudodomain +Resolves: RHEL-31888 + * Tue Jun 18 2024 Zdenek Pytela - 38.1.40-1 - Allow systemd-coredump read nsfs files Resolves: RHEL-39937 diff --git a/sources b/sources index 7aa755cc..7f821760 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-aa5fe22.tar.gz) = bf467609e0e833ba6475658fc462977a25e0d6147800319fce5ec086745307af171a336d601cffa6639c444329b78d248ccd3b47768e51a66f20c4ca007a1b8c +SHA512 (selinux-policy-a22468c.tar.gz) = 476e1a300c3f2c8a65003988b1000f40a74922807edcf7d139f5641323923700c6146d3c28888406191bebc1623c5b4a714826259825036530970ab6f44ff99b SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 540d236736fdd392336bb60676a5b58c3220840007e6da21e6c0eb87b191d875be5e8417a04fdbae254634c4eb7fae1ac0194aafbab0baf0246e52e74a3564e2 +SHA512 (container-selinux.tgz) = 166b2cf5d76f1ff8380ec3600ebd728536da046ab1c39879ac8371e575bb9754991ca6414e5b88b2af5ef70a904a209c99955870f8134c485da7f8df8872b045