import selinux-policy-3.14.3-107.el8

This commit is contained in:
CentOS Sources 2022-09-27 16:08:29 -04:00 committed by Stepan Oksanichenko
parent 6c178f644a
commit d39caaffc8
3 changed files with 229 additions and 9 deletions

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/container-selinux.tgz SOURCES/container-selinux.tgz
SOURCES/selinux-policy-642155b.tar.gz SOURCES/selinux-policy-9db72ed.tar.gz
SOURCES/selinux-policy-contrib-0e4a7a0.tar.gz SOURCES/selinux-policy-contrib-5e2c252.tar.gz

View File

@ -1,3 +1,3 @@
e531ed72bd4055f40cb0152b1f81842c96af37c5 SOURCES/container-selinux.tgz 37036a3f9ec27f942a2b186db25f3c0551784c4e SOURCES/container-selinux.tgz
26b6cee1e1baf47309bfc5055781869abb589a2d SOURCES/selinux-policy-642155b.tar.gz d9e66219a3c1a29e8af4da26ed471297d3281fcc SOURCES/selinux-policy-9db72ed.tar.gz
17a4e399dbf5dd7266a5bf3904aad633e3889351 SOURCES/selinux-policy-contrib-0e4a7a0.tar.gz dd2ac90c589a5a5110bf578b014754b69f2232c7 SOURCES/selinux-policy-contrib-5e2c252.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 642155b226a48d3edbdc1a13fb9a9fece74140f7 %global commit0 9db72ed4345b0f26e798cb301f306fb4ee303844
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 0e4a7a0e5879fd49a239fb71e000c4967fe98eca %global commit1 5e2c252146f379cd25df50de97816f6771d9d79b
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.3 Version: 3.14.3
Release: 93%{?dist} Release: 107%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -148,7 +148,7 @@ SELinux policy development and man page package
%{_usr}/share/selinux/devel/Makefile %{_usr}/share/selinux/devel/Makefile
%{_usr}/share/selinux/devel/example.* %{_usr}/share/selinux/devel/example.*
%{_usr}/share/selinux/devel/policy.* %{_usr}/share/selinux/devel/policy.*
%ghost %{_sharedstatedir}/sepolgen/interface_info %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/sepolgen/interface_info
%post devel %post devel
selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null
@ -717,6 +717,226 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107
- Label 319/udp port with ptp_event_port_t
Resolves: rhbz#2118628
- Allow unconfined and sysadm users transition for /root/.gnupg
Resolves: rhbz#2119507
- Add the kernel_read_proc_files() interface
Resolves: rhbz#2119507
- Add userdom_view_all_users_keys() interface
Resolves: rhbz#2119507
- Allow system_cronjob_t domtrans to rpm_script_t
Resolves: rhbz#2118362
- Allow smbd_t process noatsecure permission for winbind_rpcd_t
Resolves: rhbz#2117199
- Allow chronyd bind UDP sockets to ptp_event ports
Resolves: rhbz#2118628
- Allow samba-bgqd to read a printer list
Resolves: rhbz#2118958
- Add gpg_filetrans_admin_home_content() interface
Resolves: rhbz#2119507
- Update insights-client policy for additional commands execution
Resolves: rhbz#2119507
- Allow gpg read and write generic pty type
Resolves: rhbz#2119507
- Allow chronyc read and write generic pty type
Resolves: rhbz#2119507
- Disable rpm verification on interface_info
Resolves: rhbz#2119472
* Wed Aug 10 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-106
- Allow networkmanager to signal unconfined process
Resolves: rhbz#1918148
- Allow sa-update to get init status and start systemd files
Resolves: rhbz#2011239
- Allow samba-bgqd get a printer list
Resolves: rhbz#2114737
- Allow insights-client rpm named file transitions
Resolves: rhbz#2104913
- Add /var/tmp/insights-archive to insights_client_filetrans_named_content
Resolves: rhbz#2104913
- Use insights_client_filetrans_named_content
Resolves: rhbz#2104913
- Make default file context match with named transitions
Resolves: rhbz#2104913
- Allow rhsmcertd to read insights config files
Resolves: rhbz#2104913
- Label /etc/insights-client/machine-id
Resolves: rhbz#2104913
* Fri Jul 29 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-105
- Do not call systemd_userdbd_stream_connect() for winbind-rpcd
Resolves: rhbz#2108383
- Update winbind_rpcd_t
Resolves: rhbz#2108383
- Allow irqbalance file transition for pid sock_files and directories
Resolves: rhbz#2111916
- Update irqbalance runtime directory file context
Resolves: rhbz#2111916
* Tue Jun 28 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-104
- Update samba-dcerpcd policy for kerberos usage 2
Resolves: rhbz#2096825
* Mon Jun 27 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-103
- Allow domain read usermodehelper state information
Resolves: rhbz#2083504
- Remove all kernel_read_usermodehelper_state() interface calls
Resolves: rhbz#2083504
- Allow samba-dcerpcd work with sssd
Resolves: rhbz#2096825
- Allow winbind_rpcd_t connect to self over a unix_stream_socket
Resolves: rhbz#2096825
- Update samba-dcerpcd policy for kerberos usage
Resolves: rhbz#2096825
- Allow keepalived read the contents of the sysfs filesystem
Resolves: rhbz#2098189
- Update policy for samba-dcerpcd
Resolves: rhbz#2083504
- Remove all kernel_read_usermodehelper_state() interface calls 2/2
Resolves: rhbz#2083504
- Update insights_client_filetrans_named_content()
Resolves: rhbz#2091117
* Wed Jun 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-102
- Allow transition to insights_client named content
Resolves: rhbz#2091117
- Add the insights_client_filetrans_named_content() interface
Resolves: rhbz#2091117
- Update policy for insights-client to run additional commands 3
Resolves: rhbz#2091117
* Fri Jun 17 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-101
- Add the init_status_config_transient_files() interface
Resolves: rhbz#2091117
- Allow init_t to rw insights_client unnamed pipe
Resolves: rhbz#2091117
- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
Resolves: rhbz#2091117
- Allow insights-client get status of the systemd transient scripts
Resolves: rhbz#2091117
- Allow insights-client execute its private memfd: objects
Resolves: rhbz#2091117
- Update policy for insights-client to run additional commands 2
Resolves: rhbz#2091117
- Do not call systemd_userdbd_stream_connect() for insights-client
Resolves: rhbz#2091117
- Use insights_client_tmp_t instead of insights_client_var_tmp_t
Resolves: rhbz#2091117
- Change space indentation to tab in insights-client
Resolves: rhbz#2091117
- Use socket permissions sets in insights-client
Resolves: rhbz#2091117
- Update policy for insights-client to run additional commands
Resolves: rhbz#2091117
- Change rpm_setattr_db_files() to use a pattern
Resolves: rhbz#2091117
- Add rpm setattr db files macro
Resolves: rhbz#2091117
- Fix insights client
Resolves: rhbz#2091117
- Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
Resolves: rhbz#2091117
* Tue Jun 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-100
- Update logging_create_generic_logs() to use create_files_pattern()
Resolves: rhbz#2081907
- Add the auth_read_passwd_file() interface
Resolves: rhbz#2083504
- Allow auditd_t noatsecure for a transition to audisp_remote_t
Resolves: rhbz#2081907
- Add support for samba-dcerpcd
Resolves: rhbz#2083504
- Allow rhsmcertd create generic log files
Resolves: rhbz#1852086
- Allow ctdbd nlmsg_read on netlink_tcpdiag_socket
Resolves: rhbz#2090800
* Mon May 23 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-99
- Allow ifconfig_t domain to manage vmware logs
Resolves: rhbz#1721943
- Allow insights-client manage gpg admin home content
Resolves: rhbz#2060834
- Add the gpg_manage_admin_home_content() interface
Resolves: rhbz#2060834
- Label /var/cache/insights with insights_client_cache_t
Resolves: rhbz#2063195
- Allow insights-client search gconf homedir
Resolves: rhbz#2087069
- Allow insights-client create and use unix_dgram_socket
Resolves: rhbz#2087069
- Label more vdsm utils with virtd_exec_t
Resolves: rhbz#2063871
- Label /usr/libexec/vdsm/supervdsmd and vdsmd with virtd_exec_t
Resolves: rhbz#2063871
- Allow sblim-gatherd the kill capability
Resolves: rhbz#2082677
- Allow privoxy execmem
Resolves: rhbz#2083940
* Wed May 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-98
- Allow sysadm user execute init scripts with a transition
Resolves: rhbz#2039662
- Change invalid type redisd_t to redis_t in redis_stream_connect()
Resolves: rhbz#1897517
- Allow php-fpm write access to /var/run/redis/redis.sock
Resolves: rhbz#1897517
- Allow sssd read systemd-resolved runtime directory
Resolves: rhbz#2060721
- Allow postfix stream connect to cyrus through runtime socket
Resolves: rhbz#2066005
- Allow insights-client create_socket_perms for tcp/udp sockets
Resolves: rhbz#2073395
- Allow insights-client read rhnsd config files
Resolves: rhbz#2073395
- Allow sblim-sfcbd connect to sblim-reposd stream
Resolves: rhbz#2075810
- Allow rngd drop privileges via setuid/setgid/setcap
Resolves: rhbz#2076641
- Allow rngd_t domain to use nsswitch
Resolves: rhbz#2076641
* Fri Apr 22 2022 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-97
- Create macro corenet_icmp_bind_generic_node()
Resolves: rhbz#2070870
- Allow traceroute_t and ping_t to bind generic nodes.
Resolves: rhbz#2070870
- Allow administrative users the bpf capability
Resolves: rhbz#2070983
- Allow insights-client search rhnsd configuration directory
Resolves: rhbz#2073395
- Allow ntlm_auth read the network state information
Resolves: rhbz#2073349
- Allow keepalived setsched and sys_nice
Resolves: rhbz#2008033
- Revert "Allow administrative users the bpf capability"
Resolves: rhbz#2070983
* Thu Apr 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-96
- Add interface rpc_manage_exports
Resolves: rhbz#2062183
- Allow sshd read filesystem sysctl files
Resolves: rhbz#2061403
- Update targetd nfs & lvm
Resolves: rhbz#2062183
- Allow dhcpd_t domain to read network sysctls.
Resolves: rhbz#2059509
- Allow chronyd talk with unconfined user over unix domain dgram socket
Resolves: rhbz#2065313
- Allow fenced read kerberos key tables
Resolves: rhbz#1964839
* Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95
- Allow hostapd talk with unconfined user over unix domain dgram socket
Resolves: rhbz#2068007
* Thu Mar 10 2022 Nikola Knazekova nknazeko@redhat.com - 3.14.3-94
- Allow chronyd send a message to sosreport over datagram socket
- Allow systemd-logind dbus chat with sosreport
Resolves: rhbz#2062607
* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93 * Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93
- Allow systemd-networkd dbus chat with sosreport - Allow systemd-networkd dbus chat with sosreport
Resolves: rhbz#1949493 Resolves: rhbz#1949493