Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/selinux-policy.git#8c7a9eaa8cb01c7fbadd4104c2e1cafb819f0a89
This commit is contained in:
DistroBaker 2021-03-15 19:41:15 +00:00
parent 4508ded93f
commit d69f76993a
2 changed files with 53 additions and 4 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 30654cfd4d8c2949d8c5c2c5b56655045ae3c7b7
%global commit e3da92314ccfcc7b263aa44d0c9f824703df197c
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -24,7 +24,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.7
Release: 22%{?dist}
Release: 25%{?dist}
License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf
@ -792,6 +792,55 @@ exit 0
%endif
%changelog
* Thu Mar 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-25
- Allow polkit-agent-helper-1 read logind sessions files
- Allow polkit-agent-helper read init state
- Allow login_userdomain watch generic device dirs
- Allow login_userdomain listen on bluetooth sockets
- Allow user_t and staff_t bind netlink_generic_socket
- Allow login_userdomain write inaccessible nodes
- Allow transition from xdm domain to unconfined_t domain.
- Add 'make validate' step to CI
- Disallow user_t run su/sudo and staff_t run su
- Fix typo in rsyncd.conf in rsync.if
- Add an alias for nvme_device_t
- Allow systemd watch and watch_reads unallocated ttys
* Tue Mar 02 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-24
- Allow apmd watch generic device directories
- Allow kdump load a new kernel
- Add confidentiality lockdown permission to kernel_read_core_if()
- Allow keepalived read nsfs files
- Allow local_login_t get attributes of filesystems with ext attributes
- Allow keepalived read/write its private memfd: objects
- Add missing declaration in rpm_named_filetrans()
- Change param description in cron interfaces to userdomain_prefix
* Tue Feb 23 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-23
- iptables.fc: Add missing legacy entries
- iptables.fc: Remove some duplicate entries
- iptables.fc: Remove duplicate file context entries
- Allow libvirtd to create generic netlink sockets
- Allow libvirtd the fsetid capability
- Allow libvirtd to read /run/utmp
- Dontaudit sys_ptrace capability when calling systemctl
- Allow udisksd to read /dev/random
- Allow udisksd to watch files under /run/mount
- Allow udisksd to watch /etc
- Allow crond to watch user_cron_spool_t directories
- Allow accountsd watch xdm config directories
- Label /etc/avahi with avahi_conf_t
- Allow sssd get cgroup filesystems attributes and search cgroup dirs
- Allow systemd-hostnamed read udev runtime data
- Remove dev_getattr_sysfs_fs() interface calls for particular domains
- Allow domain stat the /sys filesystem
- Dontaudit NetworkManager write to initrc_tmp_t pipes
- policykit.te: Clean up watch rule for policykit_auth_t
- Revert further unnecessary watch rules
- Revert "Allow getty watch its private runtime files"
- Allow systemd watch generic /var directories
- Allow init watch network config files and lnk_files
* Fri Feb 19 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-22
- Allow systemd-sleep get attributes of fixed disk device nodes
- Complete initial policy for systemd-coredump

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-30654cf.tar.gz) = 99d0f364ec6e047391b026b2e64b53b763a17ecb742fb75cb39bb3fffe65f3f834506e0c7a35f8e4fb664ee60bf23e769fd7284ba041a3dd887d3074e8bce6a3
SHA512 (container-selinux.tgz) = 0bdf939a5c4f5ab4b973f8f9b39c3dd3fcebd3dc660428904c055bd78fc3af1603514c8f44fc16579e1e254cae052f44dbd89c395c02a09cfbf0dc2f7356848e
SHA512 (selinux-policy-e3da923.tar.gz) = d3963ff469fc1dd8d5fb525cc78276109a1220fe528839549c74a1d9676d0fe481926718a40c1bf0062b6823730200a2d69141c8ece3c07ed1f9e12d2b4a2fb7
SHA512 (container-selinux.tgz) = 08ed5d509c792cb4228df34e1adc75e8720b65c73850cf4be7786384e7f6d752a2218f1a4c40eee9e8acbbd273a9e4ec2382e3830114619e6f58c322fa9f476b
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4