import selinux-policy-3.14.3-107.el8
This commit is contained in:
parent
6c178f644a
commit
d39caaffc8
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,3 +1,3 @@
|
|||||||
SOURCES/container-selinux.tgz
|
SOURCES/container-selinux.tgz
|
||||||
SOURCES/selinux-policy-642155b.tar.gz
|
SOURCES/selinux-policy-9db72ed.tar.gz
|
||||||
SOURCES/selinux-policy-contrib-0e4a7a0.tar.gz
|
SOURCES/selinux-policy-contrib-5e2c252.tar.gz
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
e531ed72bd4055f40cb0152b1f81842c96af37c5 SOURCES/container-selinux.tgz
|
37036a3f9ec27f942a2b186db25f3c0551784c4e SOURCES/container-selinux.tgz
|
||||||
26b6cee1e1baf47309bfc5055781869abb589a2d SOURCES/selinux-policy-642155b.tar.gz
|
d9e66219a3c1a29e8af4da26ed471297d3281fcc SOURCES/selinux-policy-9db72ed.tar.gz
|
||||||
17a4e399dbf5dd7266a5bf3904aad633e3889351 SOURCES/selinux-policy-contrib-0e4a7a0.tar.gz
|
dd2ac90c589a5a5110bf578b014754b69f2232c7 SOURCES/selinux-policy-contrib-5e2c252.tar.gz
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 642155b226a48d3edbdc1a13fb9a9fece74140f7
|
%global commit0 9db72ed4345b0f26e798cb301f306fb4ee303844
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 0e4a7a0e5879fd49a239fb71e000c4967fe98eca
|
%global commit1 5e2c252146f379cd25df50de97816f6771d9d79b
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -29,7 +29,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.3
|
Version: 3.14.3
|
||||||
Release: 93%{?dist}
|
Release: 107%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||||
@ -148,7 +148,7 @@ SELinux policy development and man page package
|
|||||||
%{_usr}/share/selinux/devel/Makefile
|
%{_usr}/share/selinux/devel/Makefile
|
||||||
%{_usr}/share/selinux/devel/example.*
|
%{_usr}/share/selinux/devel/example.*
|
||||||
%{_usr}/share/selinux/devel/policy.*
|
%{_usr}/share/selinux/devel/policy.*
|
||||||
%ghost %{_sharedstatedir}/sepolgen/interface_info
|
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/sepolgen/interface_info
|
||||||
|
|
||||||
%post devel
|
%post devel
|
||||||
selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null
|
selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null
|
||||||
@ -717,6 +717,226 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 25 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-107
|
||||||
|
- Label 319/udp port with ptp_event_port_t
|
||||||
|
Resolves: rhbz#2118628
|
||||||
|
- Allow unconfined and sysadm users transition for /root/.gnupg
|
||||||
|
Resolves: rhbz#2119507
|
||||||
|
- Add the kernel_read_proc_files() interface
|
||||||
|
Resolves: rhbz#2119507
|
||||||
|
- Add userdom_view_all_users_keys() interface
|
||||||
|
Resolves: rhbz#2119507
|
||||||
|
- Allow system_cronjob_t domtrans to rpm_script_t
|
||||||
|
Resolves: rhbz#2118362
|
||||||
|
- Allow smbd_t process noatsecure permission for winbind_rpcd_t
|
||||||
|
Resolves: rhbz#2117199
|
||||||
|
- Allow chronyd bind UDP sockets to ptp_event ports
|
||||||
|
Resolves: rhbz#2118628
|
||||||
|
- Allow samba-bgqd to read a printer list
|
||||||
|
Resolves: rhbz#2118958
|
||||||
|
- Add gpg_filetrans_admin_home_content() interface
|
||||||
|
Resolves: rhbz#2119507
|
||||||
|
- Update insights-client policy for additional commands execution
|
||||||
|
Resolves: rhbz#2119507
|
||||||
|
- Allow gpg read and write generic pty type
|
||||||
|
Resolves: rhbz#2119507
|
||||||
|
- Allow chronyc read and write generic pty type
|
||||||
|
Resolves: rhbz#2119507
|
||||||
|
- Disable rpm verification on interface_info
|
||||||
|
Resolves: rhbz#2119472
|
||||||
|
|
||||||
|
* Wed Aug 10 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-106
|
||||||
|
- Allow networkmanager to signal unconfined process
|
||||||
|
Resolves: rhbz#1918148
|
||||||
|
- Allow sa-update to get init status and start systemd files
|
||||||
|
Resolves: rhbz#2011239
|
||||||
|
- Allow samba-bgqd get a printer list
|
||||||
|
Resolves: rhbz#2114737
|
||||||
|
- Allow insights-client rpm named file transitions
|
||||||
|
Resolves: rhbz#2104913
|
||||||
|
- Add /var/tmp/insights-archive to insights_client_filetrans_named_content
|
||||||
|
Resolves: rhbz#2104913
|
||||||
|
- Use insights_client_filetrans_named_content
|
||||||
|
Resolves: rhbz#2104913
|
||||||
|
- Make default file context match with named transitions
|
||||||
|
Resolves: rhbz#2104913
|
||||||
|
- Allow rhsmcertd to read insights config files
|
||||||
|
Resolves: rhbz#2104913
|
||||||
|
- Label /etc/insights-client/machine-id
|
||||||
|
Resolves: rhbz#2104913
|
||||||
|
|
||||||
|
* Fri Jul 29 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-105
|
||||||
|
- Do not call systemd_userdbd_stream_connect() for winbind-rpcd
|
||||||
|
Resolves: rhbz#2108383
|
||||||
|
- Update winbind_rpcd_t
|
||||||
|
Resolves: rhbz#2108383
|
||||||
|
- Allow irqbalance file transition for pid sock_files and directories
|
||||||
|
Resolves: rhbz#2111916
|
||||||
|
- Update irqbalance runtime directory file context
|
||||||
|
Resolves: rhbz#2111916
|
||||||
|
|
||||||
|
* Tue Jun 28 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-104
|
||||||
|
- Update samba-dcerpcd policy for kerberos usage 2
|
||||||
|
Resolves: rhbz#2096825
|
||||||
|
|
||||||
|
* Mon Jun 27 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-103
|
||||||
|
- Allow domain read usermodehelper state information
|
||||||
|
Resolves: rhbz#2083504
|
||||||
|
- Remove all kernel_read_usermodehelper_state() interface calls
|
||||||
|
Resolves: rhbz#2083504
|
||||||
|
- Allow samba-dcerpcd work with sssd
|
||||||
|
Resolves: rhbz#2096825
|
||||||
|
- Allow winbind_rpcd_t connect to self over a unix_stream_socket
|
||||||
|
Resolves: rhbz#2096825
|
||||||
|
- Update samba-dcerpcd policy for kerberos usage
|
||||||
|
Resolves: rhbz#2096825
|
||||||
|
- Allow keepalived read the contents of the sysfs filesystem
|
||||||
|
Resolves: rhbz#2098189
|
||||||
|
- Update policy for samba-dcerpcd
|
||||||
|
Resolves: rhbz#2083504
|
||||||
|
- Remove all kernel_read_usermodehelper_state() interface calls 2/2
|
||||||
|
Resolves: rhbz#2083504
|
||||||
|
- Update insights_client_filetrans_named_content()
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
|
||||||
|
* Wed Jun 22 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-102
|
||||||
|
- Allow transition to insights_client named content
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Add the insights_client_filetrans_named_content() interface
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Update policy for insights-client to run additional commands 3
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
|
||||||
|
* Fri Jun 17 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-101
|
||||||
|
- Add the init_status_config_transient_files() interface
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Allow init_t to rw insights_client unnamed pipe
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Allow insights-client get status of the systemd transient scripts
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Allow insights-client execute its private memfd: objects
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Update policy for insights-client to run additional commands 2
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Do not call systemd_userdbd_stream_connect() for insights-client
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Use insights_client_tmp_t instead of insights_client_var_tmp_t
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Change space indentation to tab in insights-client
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Use socket permissions sets in insights-client
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Update policy for insights-client to run additional commands
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Change rpm_setattr_db_files() to use a pattern
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Add rpm setattr db files macro
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Fix insights client
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
- Do not let system_cronjob_t create redhat-access-insights.log with var_log_t
|
||||||
|
Resolves: rhbz#2091117
|
||||||
|
|
||||||
|
* Tue Jun 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-100
|
||||||
|
- Update logging_create_generic_logs() to use create_files_pattern()
|
||||||
|
Resolves: rhbz#2081907
|
||||||
|
- Add the auth_read_passwd_file() interface
|
||||||
|
Resolves: rhbz#2083504
|
||||||
|
- Allow auditd_t noatsecure for a transition to audisp_remote_t
|
||||||
|
Resolves: rhbz#2081907
|
||||||
|
- Add support for samba-dcerpcd
|
||||||
|
Resolves: rhbz#2083504
|
||||||
|
- Allow rhsmcertd create generic log files
|
||||||
|
Resolves: rhbz#1852086
|
||||||
|
- Allow ctdbd nlmsg_read on netlink_tcpdiag_socket
|
||||||
|
Resolves: rhbz#2090800
|
||||||
|
|
||||||
|
* Mon May 23 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-99
|
||||||
|
- Allow ifconfig_t domain to manage vmware logs
|
||||||
|
Resolves: rhbz#1721943
|
||||||
|
- Allow insights-client manage gpg admin home content
|
||||||
|
Resolves: rhbz#2060834
|
||||||
|
- Add the gpg_manage_admin_home_content() interface
|
||||||
|
Resolves: rhbz#2060834
|
||||||
|
- Label /var/cache/insights with insights_client_cache_t
|
||||||
|
Resolves: rhbz#2063195
|
||||||
|
- Allow insights-client search gconf homedir
|
||||||
|
Resolves: rhbz#2087069
|
||||||
|
- Allow insights-client create and use unix_dgram_socket
|
||||||
|
Resolves: rhbz#2087069
|
||||||
|
- Label more vdsm utils with virtd_exec_t
|
||||||
|
Resolves: rhbz#2063871
|
||||||
|
- Label /usr/libexec/vdsm/supervdsmd and vdsmd with virtd_exec_t
|
||||||
|
Resolves: rhbz#2063871
|
||||||
|
- Allow sblim-gatherd the kill capability
|
||||||
|
Resolves: rhbz#2082677
|
||||||
|
- Allow privoxy execmem
|
||||||
|
Resolves: rhbz#2083940
|
||||||
|
|
||||||
|
* Wed May 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-98
|
||||||
|
- Allow sysadm user execute init scripts with a transition
|
||||||
|
Resolves: rhbz#2039662
|
||||||
|
- Change invalid type redisd_t to redis_t in redis_stream_connect()
|
||||||
|
Resolves: rhbz#1897517
|
||||||
|
- Allow php-fpm write access to /var/run/redis/redis.sock
|
||||||
|
Resolves: rhbz#1897517
|
||||||
|
- Allow sssd read systemd-resolved runtime directory
|
||||||
|
Resolves: rhbz#2060721
|
||||||
|
- Allow postfix stream connect to cyrus through runtime socket
|
||||||
|
Resolves: rhbz#2066005
|
||||||
|
- Allow insights-client create_socket_perms for tcp/udp sockets
|
||||||
|
Resolves: rhbz#2073395
|
||||||
|
- Allow insights-client read rhnsd config files
|
||||||
|
Resolves: rhbz#2073395
|
||||||
|
- Allow sblim-sfcbd connect to sblim-reposd stream
|
||||||
|
Resolves: rhbz#2075810
|
||||||
|
- Allow rngd drop privileges via setuid/setgid/setcap
|
||||||
|
Resolves: rhbz#2076641
|
||||||
|
- Allow rngd_t domain to use nsswitch
|
||||||
|
Resolves: rhbz#2076641
|
||||||
|
|
||||||
|
* Fri Apr 22 2022 Nikola Knazekova <nknazeko@redhat.com> - 3.14.3-97
|
||||||
|
- Create macro corenet_icmp_bind_generic_node()
|
||||||
|
Resolves: rhbz#2070870
|
||||||
|
- Allow traceroute_t and ping_t to bind generic nodes.
|
||||||
|
Resolves: rhbz#2070870
|
||||||
|
- Allow administrative users the bpf capability
|
||||||
|
Resolves: rhbz#2070983
|
||||||
|
- Allow insights-client search rhnsd configuration directory
|
||||||
|
Resolves: rhbz#2073395
|
||||||
|
- Allow ntlm_auth read the network state information
|
||||||
|
Resolves: rhbz#2073349
|
||||||
|
- Allow keepalived setsched and sys_nice
|
||||||
|
Resolves: rhbz#2008033
|
||||||
|
- Revert "Allow administrative users the bpf capability"
|
||||||
|
Resolves: rhbz#2070983
|
||||||
|
|
||||||
|
|
||||||
|
* Thu Apr 07 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-96
|
||||||
|
- Add interface rpc_manage_exports
|
||||||
|
Resolves: rhbz#2062183
|
||||||
|
- Allow sshd read filesystem sysctl files
|
||||||
|
Resolves: rhbz#2061403
|
||||||
|
- Update targetd nfs & lvm
|
||||||
|
Resolves: rhbz#2062183
|
||||||
|
- Allow dhcpd_t domain to read network sysctls.
|
||||||
|
Resolves: rhbz#2059509
|
||||||
|
- Allow chronyd talk with unconfined user over unix domain dgram socket
|
||||||
|
Resolves: rhbz#2065313
|
||||||
|
- Allow fenced read kerberos key tables
|
||||||
|
Resolves: rhbz#1964839
|
||||||
|
|
||||||
|
* Thu Mar 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-95
|
||||||
|
- Allow hostapd talk with unconfined user over unix domain dgram socket
|
||||||
|
Resolves: rhbz#2068007
|
||||||
|
|
||||||
|
* Thu Mar 10 2022 Nikola Knazekova nknazeko@redhat.com - 3.14.3-94
|
||||||
|
- Allow chronyd send a message to sosreport over datagram socket
|
||||||
|
- Allow systemd-logind dbus chat with sosreport
|
||||||
|
Resolves: rhbz#2062607
|
||||||
|
|
||||||
* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93
|
* Thu Feb 24 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-93
|
||||||
- Allow systemd-networkd dbus chat with sosreport
|
- Allow systemd-networkd dbus chat with sosreport
|
||||||
Resolves: rhbz#1949493
|
Resolves: rhbz#1949493
|
||||||
|
Loading…
Reference in New Issue
Block a user