* Wed Sep 14 2022 Zdenek Pytela <zpytela@redhat.com> - 37.11-1
- Allow tor get filesystem attributes - Allow utempter append to login_userdomain stream - Allow login_userdomain accept a stream connection to XDM - Allow login_userdomain write to boltd named pipes - Allow staff_u and user_u users write to bolt pipe - Allow login_userdomain watch various directories - Update rhcd policy for executing additional commands 5 - Update rhcd policy for executing additional commands 4 - Allow rhcd create rpm hawkey logs with correct label - Allow systemd-gpt-auto-generator to check for empty dirs - Update rhcd policy for executing additional commands 3 - Allow journalctl read rhcd fifo files - Update insights-client policy for additional commands execution 5 - Allow init remount all file_type filesystems - Confine insights-client systemd unit - Update insights-client policy for additional commands execution 4 - Allow pcp pmcd search tracefs and acct_data dirs - Allow httpd read network sysctls - Dontaudit domain map permission on directories - Revert "Allow X userdomains to mmap user_fonts_cache_t dirs" - Revert "Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)" - Update insights-client policy for additional commands execution 3 - Allow systemd permissions needed for sandboxed services - Add rhcd module - Make dependency on rpm-plugin-selinux unordered
This commit is contained in:
Zdenek Pytela
parent
2a4b303a6b
commit
d02146ba68
@ -2691,3 +2691,10 @@ insights_client = module
|
||||
# stalld
|
||||
#
|
||||
stalld = module
|
||||
|
||||
# Layer: contrib
|
||||
# Module: rhcd
|
||||
#
|
||||
# rhcd
|
||||
#
|
||||
rhcd = module
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# github repo with selinux-policy sources
|
||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit c19e4cb9a3f23f2b14c31c978627f9c486a369f4
|
||||
%global commit e485345b572121f09778da9c146cf1bcd22ae0cf
|
||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -23,7 +23,7 @@
|
||||
%define CHECKPOLICYVER 3.2
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 37.10
|
||||
Version: 37.11
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||
@ -816,6 +816,33 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Sep 14 2022 Zdenek Pytela <zpytela@redhat.com> - 37.11-1
|
||||
- Allow tor get filesystem attributes
|
||||
- Allow utempter append to login_userdomain stream
|
||||
- Allow login_userdomain accept a stream connection to XDM
|
||||
- Allow login_userdomain write to boltd named pipes
|
||||
- Allow staff_u and user_u users write to bolt pipe
|
||||
- Allow login_userdomain watch various directories
|
||||
- Update rhcd policy for executing additional commands 5
|
||||
- Update rhcd policy for executing additional commands 4
|
||||
- Allow rhcd create rpm hawkey logs with correct label
|
||||
- Allow systemd-gpt-auto-generator to check for empty dirs
|
||||
- Update rhcd policy for executing additional commands 3
|
||||
- Allow journalctl read rhcd fifo files
|
||||
- Update insights-client policy for additional commands execution 5
|
||||
- Allow init remount all file_type filesystems
|
||||
- Confine insights-client systemd unit
|
||||
- Update insights-client policy for additional commands execution 4
|
||||
- Allow pcp pmcd search tracefs and acct_data dirs
|
||||
- Allow httpd read network sysctls
|
||||
- Dontaudit domain map permission on directories
|
||||
- Revert "Allow X userdomains to mmap user_fonts_cache_t dirs"
|
||||
- Revert "Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)"
|
||||
- Update insights-client policy for additional commands execution 3
|
||||
- Allow systemd permissions needed for sandboxed services
|
||||
- Add rhcd module
|
||||
- Make dependency on rpm-plugin-selinux unordered
|
||||
|
||||
* Fri Sep 02 2022 Zdenek Pytela <zpytela@redhat.com> - 37.10-1
|
||||
- Allow ipsec_t read/write tpm devices
|
||||
- Allow rhcd execute all executables
|
||||
|
||||
4
sources
4
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (selinux-policy-c19e4cb.tar.gz) = c94cce85023394a8825169dbdad94b91617c2b0ec83f2c27c42e3a97eedec6d574868c696288b84ee2754c2ae7d56fcb94eaf13bb7f69680351ab04b1236dabb
|
||||
SHA512 (container-selinux.tgz) = 59ea54cc84bc74b45a9318d027ae36b3a0d49e1d0ca2ff740f63ab155e0382a095a213a36d50f6cf4d7aae916c2d86841eca4633a3675097b5bee6980f47251f
|
||||
SHA512 (selinux-policy-e485345.tar.gz) = 9c25f7efa8d3f497f40bf5aeb180d588c794661b40b636a9adbf9d68d20a45dea0126f9b19eb0597e80c4486f9c13f882dc2733e34d5b81e0f5a575ce841f974
|
||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||
SHA512 (container-selinux.tgz) = 8a837e3865b5a56530ce34e36c829f6ddd6ab02ab0a4e16f1b73ee7345efd19f5bee90846dc0ee5acf8c0173b99b1ae961726c7069c20fb8fc69f2dbbac49481
|
||||
|
||||
Loading…
Reference in New Issue
Block a user