* Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
- Allow lockdown confidentiality for domains using perf_event - define lockdown class and access - Add perfmon capability for all domains using perf_event - Allow ptp4l_t bpf capability to run bpf programs - Revert "Allow ptp4l_t sys_admin capability to run bpf programs" - access_vectors: Add new capabilities to cap2 - Allow systemd and systemd-resolved watch dbus pid objects - Add new watch interfaces in the base and userdomain policy - Add watch permissions for contrib packages - Allow xdm watch /usr directories - Allow getty watch its private runtime files - Add watch permissions for nscd and sssd - Add watch permissions for firewalld and NetworkManager - Add watch permissions for syslogd - Add watch permissions for systemd services - Allow restorecond watch /etc dirs - Add watch permissions for user domain types - Add watch permissions for init - Add basic watch interfaces for systemd - Add basic watch interfaces to the base module - Add additional watch object permissions sets and patterns - Allow init_t to watch localization symlinks - Allow init_t to watch mount directories - Allow init_t to watch cgroup files - Add basic watch patterns - Add new watch* permissions
This commit is contained in:
Zdenek Pytela
parent
c2d5ebb406
commit
c7e90bc196
@ -1,6 +1,6 @@
|
|||||||
# github repo with selinux-policy sources
|
# github repo with selinux-policy sources
|
||||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit 46ba041ba302d1550c230f7359627701b99b1479
|
%global commit fed45e38dd9e0cad60c130c633ba150530b35d9c
|
||||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -24,7 +24,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.7
|
Version: 3.14.7
|
||||||
Release: 17%{?dist}
|
Release: 18%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
Source1: modules-targeted-base.conf
|
Source1: modules-targeted-base.conf
|
||||||
@ -792,6 +792,34 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
|
||||||
|
- Allow lockdown confidentiality for domains using perf_event
|
||||||
|
- define lockdown class and access
|
||||||
|
- Add perfmon capability for all domains using perf_event
|
||||||
|
- Allow ptp4l_t bpf capability to run bpf programs
|
||||||
|
- Revert "Allow ptp4l_t sys_admin capability to run bpf programs"
|
||||||
|
- access_vectors: Add new capabilities to cap2
|
||||||
|
- Allow systemd and systemd-resolved watch dbus pid objects
|
||||||
|
- Add new watch interfaces in the base and userdomain policy
|
||||||
|
- Add watch permissions for contrib packages
|
||||||
|
- Allow xdm watch /usr directories
|
||||||
|
- Allow getty watch its private runtime files
|
||||||
|
- Add watch permissions for nscd and sssd
|
||||||
|
- Add watch permissions for firewalld and NetworkManager
|
||||||
|
- Add watch permissions for syslogd
|
||||||
|
- Add watch permissions for systemd services
|
||||||
|
- Allow restorecond watch /etc dirs
|
||||||
|
- Add watch permissions for user domain types
|
||||||
|
- Add watch permissions for init
|
||||||
|
- Add basic watch interfaces for systemd
|
||||||
|
- Add basic watch interfaces to the base module
|
||||||
|
- Add additional watch object permissions sets and patterns
|
||||||
|
- Allow init_t to watch localization symlinks
|
||||||
|
- Allow init_t to watch mount directories
|
||||||
|
- Allow init_t to watch cgroup files
|
||||||
|
- Add basic watch patterns
|
||||||
|
- Add new watch* permissions
|
||||||
|
|
||||||
* Fri Feb 05 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-17
|
* Fri Feb 05 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-17
|
||||||
- Update .copr/make-srpm.sh to use rawhide as DISTGIT_BRANCH
|
- Update .copr/make-srpm.sh to use rawhide as DISTGIT_BRANCH
|
||||||
- Dontaudit setsched for rndc
|
- Dontaudit setsched for rndc
|
||||||
|
|||||||
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-46ba041.tar.gz) = be0ba6d14bccf64b2526f723e51938bb3740563c0061364d7b8efc32152321172c0f0624ad79f3184da8623c969fa87b6611a019bcab04b0c85385beb4cdc1b1
|
SHA512 (selinux-policy-fed45e3.tar.gz) = d7c791c2d17dcc1bd2accf99d48ef49a1ad2535b6b22ed1468464139f0beb28e72fbdb2d7bc8defc5c3eb7684c9cf364e1fe1e5fc76e6646327461d0830e860a
|
||||||
SHA512 (container-selinux.tgz) = 26df62a4220f699a7144a51c6ad5fc0dee9887842e5daeee41ad97eac1d7b8b20bbe124c8f12faafbea68b74c67283d524f35fb62f52fdb9258c034481f542b6
|
SHA512 (container-selinux.tgz) = c8965a63a06b03b2e3f8191bd044a98d60e7b3c3ea94b79f19554c81ed45dc0cb3e1c1211c6e8c1cd519640ec972c1707d380c26cab4da33d0d8d9fbdf6bce68
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user