* Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
- Allow lockdown confidentiality for domains using perf_event - define lockdown class and access - Add perfmon capability for all domains using perf_event - Allow ptp4l_t bpf capability to run bpf programs - Revert "Allow ptp4l_t sys_admin capability to run bpf programs" - access_vectors: Add new capabilities to cap2 - Allow systemd and systemd-resolved watch dbus pid objects - Add new watch interfaces in the base and userdomain policy - Add watch permissions for contrib packages - Allow xdm watch /usr directories - Allow getty watch its private runtime files - Add watch permissions for nscd and sssd - Add watch permissions for firewalld and NetworkManager - Add watch permissions for syslogd - Add watch permissions for systemd services - Allow restorecond watch /etc dirs - Add watch permissions for user domain types - Add watch permissions for init - Add basic watch interfaces for systemd - Add basic watch interfaces to the base module - Add additional watch object permissions sets and patterns - Allow init_t to watch localization symlinks - Allow init_t to watch mount directories - Allow init_t to watch cgroup files - Add basic watch patterns - Add new watch* permissions
This commit is contained in:
parent
c2d5ebb406
commit
c7e90bc196
@ -1,6 +1,6 @@
|
||||
# github repo with selinux-policy sources
|
||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit 46ba041ba302d1550c230f7359627701b99b1479
|
||||
%global commit fed45e38dd9e0cad60c130c633ba150530b35d9c
|
||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -24,7 +24,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.7
|
||||
Release: 17%{?dist}
|
||||
Release: 18%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||
Source1: modules-targeted-base.conf
|
||||
@ -792,6 +792,34 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
|
||||
- Allow lockdown confidentiality for domains using perf_event
|
||||
- define lockdown class and access
|
||||
- Add perfmon capability for all domains using perf_event
|
||||
- Allow ptp4l_t bpf capability to run bpf programs
|
||||
- Revert "Allow ptp4l_t sys_admin capability to run bpf programs"
|
||||
- access_vectors: Add new capabilities to cap2
|
||||
- Allow systemd and systemd-resolved watch dbus pid objects
|
||||
- Add new watch interfaces in the base and userdomain policy
|
||||
- Add watch permissions for contrib packages
|
||||
- Allow xdm watch /usr directories
|
||||
- Allow getty watch its private runtime files
|
||||
- Add watch permissions for nscd and sssd
|
||||
- Add watch permissions for firewalld and NetworkManager
|
||||
- Add watch permissions for syslogd
|
||||
- Add watch permissions for systemd services
|
||||
- Allow restorecond watch /etc dirs
|
||||
- Add watch permissions for user domain types
|
||||
- Add watch permissions for init
|
||||
- Add basic watch interfaces for systemd
|
||||
- Add basic watch interfaces to the base module
|
||||
- Add additional watch object permissions sets and patterns
|
||||
- Allow init_t to watch localization symlinks
|
||||
- Allow init_t to watch mount directories
|
||||
- Allow init_t to watch cgroup files
|
||||
- Add basic watch patterns
|
||||
- Add new watch* permissions
|
||||
|
||||
* Fri Feb 05 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-17
|
||||
- Update .copr/make-srpm.sh to use rawhide as DISTGIT_BRANCH
|
||||
- Dontaudit setsched for rndc
|
||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (selinux-policy-46ba041.tar.gz) = be0ba6d14bccf64b2526f723e51938bb3740563c0061364d7b8efc32152321172c0f0624ad79f3184da8623c969fa87b6611a019bcab04b0c85385beb4cdc1b1
|
||||
SHA512 (container-selinux.tgz) = 26df62a4220f699a7144a51c6ad5fc0dee9887842e5daeee41ad97eac1d7b8b20bbe124c8f12faafbea68b74c67283d524f35fb62f52fdb9258c034481f542b6
|
||||
SHA512 (selinux-policy-fed45e3.tar.gz) = d7c791c2d17dcc1bd2accf99d48ef49a1ad2535b6b22ed1468464139f0beb28e72fbdb2d7bc8defc5c3eb7684c9cf364e1fe1e5fc76e6646327461d0830e860a
|
||||
SHA512 (container-selinux.tgz) = c8965a63a06b03b2e3f8191bd044a98d60e7b3c3ea94b79f19554c81ed45dc0cb3e1c1211c6e8c1cd519640ec972c1707d380c26cab4da33d0d8d9fbdf6bce68
|
||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||
|
Loading…
Reference in New Issue
Block a user