From d1c34727971343c62150d3d0061d961d98e2095b Mon Sep 17 00:00:00 2001 From: Nikola Knazekova Date: Thu, 25 Aug 2022 18:10:43 +0200 Subject: [PATCH] * Thu Aug 25 2022 Nikola Knazekova - 34.1.41-1 - Allow unconfined domains to bpf all other domains Resolves: RHBZ#2112014 - Allow stalld get and set scheduling policy of all domains. Resolves: rhbz#2105038 - Allow unconfined_t transition to targetclid_home_t Resolves: RHBZ#2106360 - Allow samba-bgqd to read a printer list Resolves: rhbz#2118977 - Allow system_dbusd ioctl kernel with a unix stream sockets Resolves: rhbz#2085392 - Allow chronyd bind UDP sockets to ptp_event ports. Resolves: RHBZ#2118631 - Update tor_bind_all_unreserved_ports interface Resolves: RHBZ#2089486 - Remove permissive domain for rhcd_t Resolves: rhbz#2119351 - Allow unconfined and sysadm users transition for /root/.gnupg Resolves: rhbz#2121125 - Add gpg_filetrans_admin_home_content() interface Resolves: rhbz#2121125 - Update rhcd policy for executing additional commands Resolves: rhbz#2119351 - Update insights-client policy for additional commands execution Resolves: rhbz#2119507 - Add rpm setattr db files macro Resolves: rhbz#2119507 - Add userdom_view_all_users_keys() interface Resolves: rhbz#2119507 - Allow gpg read and write generic pty type Resolves: rhbz#2119507 - Allow chronyc read and write generic pty type Resolves: rhbz#2119507 --- selinux-policy.spec | 38 ++++++++++++++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index afeb79ec..928364b1 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 2d2bbcf8445d343f9fcd0081270bbbfa7c44f423 +%global commit 63e80c0f2e0d58ce6c28201dab17927594c4b5db %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.1.40 +Version: 34.1.41 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -794,6 +794,40 @@ exit 0 %endif %changelog +* Thu Aug 25 2022 Nikola Knazekova - 34.1.41-1 +- Allow unconfined domains to bpf all other domains +Resolves: RHBZ#2112014 +- Allow stalld get and set scheduling policy of all domains. +Resolves: rhbz#2105038 +- Allow unconfined_t transition to targetclid_home_t +Resolves: RHBZ#2106360 +- Allow samba-bgqd to read a printer list +Resolves: rhbz#2118977 +- Allow system_dbusd ioctl kernel with a unix stream sockets +Resolves: rhbz#2085392 +- Allow chronyd bind UDP sockets to ptp_event ports. +Resolves: RHBZ#2118631 +- Update tor_bind_all_unreserved_ports interface +Resolves: RHBZ#2089486 +- Remove permissive domain for rhcd_t +Resolves: rhbz#2119351 +- Allow unconfined and sysadm users transition for /root/.gnupg +Resolves: rhbz#2121125 +- Add gpg_filetrans_admin_home_content() interface +Resolves: rhbz#2121125 +- Update rhcd policy for executing additional commands +Resolves: rhbz#2119351 +- Update insights-client policy for additional commands execution +Resolves: rhbz#2119507 +- Add rpm setattr db files macro +Resolves: rhbz#2119507 +- Add userdom_view_all_users_keys() interface +Resolves: rhbz#2119507 +- Allow gpg read and write generic pty type +Resolves: rhbz#2119507 +- Allow chronyc read and write generic pty type +Resolves: rhbz#2119507 + * Wed Aug 10 2022 Nikola Knazekova - 34.1.40-1 - Allow systemd-modules-load write to /dev/kmsg and send a message to syslogd Resolves: RHBZ#2088257 diff --git a/sources b/sources index 7361daec..7d179ed4 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-2d2bbcf.tar.gz) = cc5d42384ad82daec0935f8043bf1654a434b6eeccd5e90771482dea57b646cf75eca89a300d225a323cac47e10ac69dee8d72425ca88a50184d74b0f8acc35f -SHA512 (container-selinux.tgz) = 98a66f4f765492d233bc457170dbc79d8daff8d6c599265e9f08484919e69f25dd4b726290fa1e610a3be6e52a26df47feab542c13421e373b28bbfac10da9e4 +SHA512 (selinux-policy-63e80c0.tar.gz) = ecbff7034d6a9fa5ff8aad1b2a8191fb5557adca45fbc9b12074557cce3084bc18686782bd6cf97c2d08cee6507662793e97e99c1c096f49bd9bb0c4eb57f89f +SHA512 (container-selinux.tgz) = 6b17b7931dd7f32df0c81dfd70f452d5f442c49763ab37bd5abcba22d36dde1fb5e2125de513d8933780f45847f0a66c483c88bbbe80e86c8cbb4dbb1c07bada SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4