From d620ca1705c1d21b468e5a062076530157271336 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Fri, 26 Jan 2024 17:47:29 +0100 Subject: [PATCH] * Fri Jan 26 2024 Zdenek Pytela - 3.14.3-135 - Label /tmp/libdnf.* with user_tmp_t Resolves: RHEL-11249 - Allow su domains write login records Resolves: RHEL-2606 - Allow gpg read rpm cache Resolves: RHEL-11249 - Allow unix dgram sendto between exim processes Resolves: RHEL-21903 - Allow hypervkvp_t write access to NetworkManager_etc_rw_t Resolves: RHEL-17687 - Add interface for write-only access to NetworkManager rw conf Resolves: RHEL-17687 - Allow conntrackd_t to use sys_admin capability Resolves: RHEL-22276 --- .gitignore | 2 ++ selinux-policy.spec | 22 +++++++++++++++++++--- sources | 6 +++--- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 74bffd1b..503bdaab 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,5 @@ SOURCES/selinux-policy-contrib-c6da44c.tar.gz /selinux-policy-contrib-98baf55.tar.gz /selinux-policy-621d818.tar.gz /selinux-policy-contrib-61ad859.tar.gz +/selinux-policy-61dd8ba.tar.gz +/selinux-policy-contrib-de23cff.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 1a81949d..c9648983 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 621d818f129565750683eff2f7fb6100bdb3cff9 +%global commit0 61dd8ba370aedb16deafa02188ea920dd5378e6c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 61ad8597a9c27cabaf8a75ad1afc5ee0853a9833 +%global commit1 de23cffbbbbd97d50fa461217ef05e258f398c4b %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 134%{?dist} +Release: 135%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -718,6 +718,22 @@ exit 0 %endif %changelog +* Fri Jan 26 2024 Zdenek Pytela - 3.14.3-135 +- Label /tmp/libdnf.* with user_tmp_t +Resolves: RHEL-11249 +- Allow su domains write login records +Resolves: RHEL-2606 +- Allow gpg read rpm cache +Resolves: RHEL-11249 +- Allow unix dgram sendto between exim processes +Resolves: RHEL-21903 +- Allow hypervkvp_t write access to NetworkManager_etc_rw_t +Resolves: RHEL-17687 +- Add interface for write-only access to NetworkManager rw conf +Resolves: RHEL-17687 +- Allow conntrackd_t to use sys_admin capability +Resolves: RHEL-22276 + * Fri Jan 12 2024 Zdenek Pytela - 3.14.3-134 - Allow syslog to run unconfined scripts conditionally Resolves: RHEL-10087 diff --git a/sources b/sources index 3ebabc00..663da77b 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-621d818.tar.gz) = b9da31e760230b885d77b63015c81f5cebac8b6992e6ea5d47a7582e8e1b1d596768ac51ae73574c4f9fefa65e209569ec70cb9e2ae60b7100780c5170ed6288 -SHA512 (selinux-policy-contrib-61ad859.tar.gz) = d65cfa52e3566e0b6cb1d11d420f2e940ea154a815aaf26fcc36aff937906207b75e23061b255e40218e5b46a35621bf4f8c7dd700b89c7fa587ddfabc250cf2 +SHA512 (selinux-policy-61dd8ba.tar.gz) = 2caf963866ae326e11d21000f12dd6944e6257ca35dc767b363c74cd6bd1512ce398c0089a5e7f430e73b76aefa4759e8d4e4597e4d4fd311af46da2a4e5b07b +SHA512 (selinux-policy-contrib-de23cff.tar.gz) = 02c9bab8bd59b0c314a1e20e44a7e4e08d4976a1de8e5a9d0766ff37dd809bb44e958ff9e8db157e24981e73380142d9441e92a81397db1d363353e5b76b0be9 +SHA512 (container-selinux.tgz) = c61cb7bb7f452d52ddf5be88ef266a40ff93190cb9c16a6cb255febf334bb8e1599db885503c036e9014903aa4191804b81f7b7e236011ca28ac7f3c0b156452 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 01fb849a4078fbbf4799354d81be52482502f549428c4db67b69685714834bb5282f353524f73cdbc4d5da2957bc4455989ae9c89b775fe05b332cfd295b04c0