diff --git a/selinux-policy.spec b/selinux-policy.spec index 0f24f450..334e570f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 46ba041ba302d1550c230f7359627701b99b1479 +%global commit fed45e38dd9e0cad60c130c633ba150530b35d9c %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,6 +792,34 @@ exit 0 %endif %changelog +* Sun Feb 07 2021 Zdenek Pytela - 3.14.7-18 +- Allow lockdown confidentiality for domains using perf_event +- define lockdown class and access +- Add perfmon capability for all domains using perf_event +- Allow ptp4l_t bpf capability to run bpf programs +- Revert "Allow ptp4l_t sys_admin capability to run bpf programs" +- access_vectors: Add new capabilities to cap2 +- Allow systemd and systemd-resolved watch dbus pid objects +- Add new watch interfaces in the base and userdomain policy +- Add watch permissions for contrib packages +- Allow xdm watch /usr directories +- Allow getty watch its private runtime files +- Add watch permissions for nscd and sssd +- Add watch permissions for firewalld and NetworkManager +- Add watch permissions for syslogd +- Add watch permissions for systemd services +- Allow restorecond watch /etc dirs +- Add watch permissions for user domain types +- Add watch permissions for init +- Add basic watch interfaces for systemd +- Add basic watch interfaces to the base module +- Add additional watch object permissions sets and patterns +- Allow init_t to watch localization symlinks +- Allow init_t to watch mount directories +- Allow init_t to watch cgroup files +- Add basic watch patterns +- Add new watch* permissions + * Fri Feb 05 2021 Zdenek Pytela - 3.14.7-17 - Update .copr/make-srpm.sh to use rawhide as DISTGIT_BRANCH - Dontaudit setsched for rndc diff --git a/sources b/sources index 256deff0..3e5215b7 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-46ba041.tar.gz) = be0ba6d14bccf64b2526f723e51938bb3740563c0061364d7b8efc32152321172c0f0624ad79f3184da8623c969fa87b6611a019bcab04b0c85385beb4cdc1b1 -SHA512 (container-selinux.tgz) = 26df62a4220f699a7144a51c6ad5fc0dee9887842e5daeee41ad97eac1d7b8b20bbe124c8f12faafbea68b74c67283d524f35fb62f52fdb9258c034481f542b6 +SHA512 (selinux-policy-fed45e3.tar.gz) = d7c791c2d17dcc1bd2accf99d48ef49a1ad2535b6b22ed1468464139f0beb28e72fbdb2d7bc8defc5c3eb7684c9cf364e1fe1e5fc76e6646327461d0830e860a +SHA512 (container-selinux.tgz) = c8965a63a06b03b2e3f8191bd044a98d60e7b3c3ea94b79f19554c81ed45dc0cb3e1c1211c6e8c1cd519640ec972c1707d380c26cab4da33d0d8d9fbdf6bce68 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4