From d246bfd93931d25c9de014133464fc0d8ae55c5e Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Thu, 28 Nov 2024 22:16:34 +0100 Subject: [PATCH] * Thu Nov 28 2024 Zdenek Pytela - 40.13.15-1 - Allow qatlib search the content of the kernel debugging filesystem Resolves: RHEL-66334 - Allow qatlib connect to systemd-machined over a unix socket Resolves: RHEL-66334 - Update policy for samba-bgqd Resolves: RHEL-64908 - Allow httpd get attributes of dirsrv unit files Resolves: RHEL-62706 - Allow virtstoraged read vm sysctls Resolves: RHEL-61742 - Allow virtstoraged execute mount programs in the mount domain Resolves: RHEL-61742 - Update policy for rpc-virtstorage Resolves: RHEL-61742 - Allow virtstoraged get attributes of configfs dirs Resolves: RHEL-61742 - Allow virt_driver_domain read virtd-lxc files in /proc Resolves: RHEL-61742 - Allow virtstoraged manage files with virt_content_t type Resolves: RHEL-61742 - Allow virtstoraged use the io_uring API Resolves: RHEL-61742 - Allow virtstoraged execute lvm programs in the lvm domain Resolves: RHEL-61742 - Allow svirt_t connect to unconfined_t over a unix domain socket Resolves: RHEL-61246 - Label /usr/lib/node_modules_22/npm/bin with bin_t Resolves: RHEL-56350 - Allow bacula execute container in the container domain Resolves: RHEL-39529 - Label /run/systemd/generator with systemd_unit_file_t Resolves: RHEL-68313 --- changelog | 34 ++++++++++++++++++++++++++++++++++ selinux-policy.spec | 5 +++-- sources | 4 ++-- 3 files changed, 39 insertions(+), 4 deletions(-) diff --git a/changelog b/changelog index da2ba784..57ab4acc 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,37 @@ +* Thu Nov 28 2024 Zdenek Pytela - 40.13.15-1 +- Allow qatlib search the content of the kernel debugging filesystem +Resolves: RHEL-66334 +- Allow qatlib connect to systemd-machined over a unix socket +Resolves: RHEL-66334 +- Update policy for samba-bgqd +Resolves: RHEL-64908 +- Allow httpd get attributes of dirsrv unit files +Resolves: RHEL-62706 +- Allow virtstoraged read vm sysctls +Resolves: RHEL-61742 +- Allow virtstoraged execute mount programs in the mount domain +Resolves: RHEL-61742 +- Update policy for rpc-virtstorage +Resolves: RHEL-61742 +- Allow virtstoraged get attributes of configfs dirs +Resolves: RHEL-61742 +- Allow virt_driver_domain read virtd-lxc files in /proc +Resolves: RHEL-61742 +- Allow virtstoraged manage files with virt_content_t type +Resolves: RHEL-61742 +- Allow virtstoraged use the io_uring API +Resolves: RHEL-61742 +- Allow virtstoraged execute lvm programs in the lvm domain +Resolves: RHEL-61742 +- Allow svirt_t connect to unconfined_t over a unix domain socket +Resolves: RHEL-61246 +- Label /usr/lib/node_modules_22/npm/bin with bin_t +Resolves: RHEL-56350 +- Allow bacula execute container in the container domain +Resolves: RHEL-39529 +- Label /run/systemd/generator with systemd_unit_file_t +Resolves: RHEL-68313 + * Tue Nov 19 2024 Zdenek Pytela - 40.13.14-1 - mls/modules.conf - fix typo - Use dist/targeted/modules.conf in build workflow diff --git a/selinux-policy.spec b/selinux-policy.spec index 8b8fcac5..fb78edb2 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -5,7 +5,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 8f272d64932678c349fa638810913a81beacbc45 +%global commit dffbecdca84d8974cd375e29bd86050eb6bd35f3 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -17,7 +17,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.13.14 +Version: 40.13.15 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -754,4 +754,5 @@ exit 0 %endif %changelog + %autochangelog diff --git a/sources b/sources index 2af34d46..13289192 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-8f272d6.tar.gz) = 1da1879629b0954f446482d71313369e13d7bd91a7266bd751f646c2f9ba0441da8017185b662417978fb588213c3c4c9eccf2e7fe62a5ebb6165f190cb08f79 -SHA512 (container-selinux.tgz) = fb707c44b330075299e9d7fb307279c652bdd90331bc0ad70af6e44ec4830ec99f95c8c8396d7c7cc1da8b484e1433120560dacc6462caebcf9db5726414fa5c +SHA512 (selinux-policy-dffbecd.tar.gz) = 7a9f2441cc598709816453b2f9b5ce8ab5e365238c85b1b183b3b7d982e61df0662cba3e62ce29332c38aaee3d4c50e2f81fd89534aeba3214c0b987b837a93e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = bf84e6e2b53721924ace6b0c1c8f6268f6f8ba205d0359de922be40af044f1882bff9a322f528032599e08ab38acb9965179a1a6e1f55f4da1bee5243b33af6d