Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#8c7a9eaa8cb01c7fbadd4104c2e1cafb819f0a89
This commit is contained in:
parent
4508ded93f
commit
d69f76993a
@ -1,6 +1,6 @@
|
||||
# github repo with selinux-policy sources
|
||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit 30654cfd4d8c2949d8c5c2c5b56655045ae3c7b7
|
||||
%global commit e3da92314ccfcc7b263aa44d0c9f824703df197c
|
||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -24,7 +24,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.7
|
||||
Release: 22%{?dist}
|
||||
Release: 25%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||
Source1: modules-targeted-base.conf
|
||||
@ -792,6 +792,55 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Mar 11 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-25
|
||||
- Allow polkit-agent-helper-1 read logind sessions files
|
||||
- Allow polkit-agent-helper read init state
|
||||
- Allow login_userdomain watch generic device dirs
|
||||
- Allow login_userdomain listen on bluetooth sockets
|
||||
- Allow user_t and staff_t bind netlink_generic_socket
|
||||
- Allow login_userdomain write inaccessible nodes
|
||||
- Allow transition from xdm domain to unconfined_t domain.
|
||||
- Add 'make validate' step to CI
|
||||
- Disallow user_t run su/sudo and staff_t run su
|
||||
- Fix typo in rsyncd.conf in rsync.if
|
||||
- Add an alias for nvme_device_t
|
||||
- Allow systemd watch and watch_reads unallocated ttys
|
||||
|
||||
* Tue Mar 02 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-24
|
||||
- Allow apmd watch generic device directories
|
||||
- Allow kdump load a new kernel
|
||||
- Add confidentiality lockdown permission to kernel_read_core_if()
|
||||
- Allow keepalived read nsfs files
|
||||
- Allow local_login_t get attributes of filesystems with ext attributes
|
||||
- Allow keepalived read/write its private memfd: objects
|
||||
- Add missing declaration in rpm_named_filetrans()
|
||||
- Change param description in cron interfaces to userdomain_prefix
|
||||
|
||||
* Tue Feb 23 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-23
|
||||
- iptables.fc: Add missing legacy entries
|
||||
- iptables.fc: Remove some duplicate entries
|
||||
- iptables.fc: Remove duplicate file context entries
|
||||
- Allow libvirtd to create generic netlink sockets
|
||||
- Allow libvirtd the fsetid capability
|
||||
- Allow libvirtd to read /run/utmp
|
||||
- Dontaudit sys_ptrace capability when calling systemctl
|
||||
- Allow udisksd to read /dev/random
|
||||
- Allow udisksd to watch files under /run/mount
|
||||
- Allow udisksd to watch /etc
|
||||
- Allow crond to watch user_cron_spool_t directories
|
||||
- Allow accountsd watch xdm config directories
|
||||
- Label /etc/avahi with avahi_conf_t
|
||||
- Allow sssd get cgroup filesystems attributes and search cgroup dirs
|
||||
- Allow systemd-hostnamed read udev runtime data
|
||||
- Remove dev_getattr_sysfs_fs() interface calls for particular domains
|
||||
- Allow domain stat the /sys filesystem
|
||||
- Dontaudit NetworkManager write to initrc_tmp_t pipes
|
||||
- policykit.te: Clean up watch rule for policykit_auth_t
|
||||
- Revert further unnecessary watch rules
|
||||
- Revert "Allow getty watch its private runtime files"
|
||||
- Allow systemd watch generic /var directories
|
||||
- Allow init watch network config files and lnk_files
|
||||
|
||||
* Fri Feb 19 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-22
|
||||
- Allow systemd-sleep get attributes of fixed disk device nodes
|
||||
- Complete initial policy for systemd-coredump
|
||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (selinux-policy-30654cf.tar.gz) = 99d0f364ec6e047391b026b2e64b53b763a17ecb742fb75cb39bb3fffe65f3f834506e0c7a35f8e4fb664ee60bf23e769fd7284ba041a3dd887d3074e8bce6a3
|
||||
SHA512 (container-selinux.tgz) = 0bdf939a5c4f5ab4b973f8f9b39c3dd3fcebd3dc660428904c055bd78fc3af1603514c8f44fc16579e1e254cae052f44dbd89c395c02a09cfbf0dc2f7356848e
|
||||
SHA512 (selinux-policy-e3da923.tar.gz) = d3963ff469fc1dd8d5fb525cc78276109a1220fe528839549c74a1d9676d0fe481926718a40c1bf0062b6823730200a2d69141c8ece3c07ed1f9e12d2b4a2fb7
|
||||
SHA512 (container-selinux.tgz) = 08ed5d509c792cb4228df34e1adc75e8720b65c73850cf4be7786384e7f6d752a2218f1a4c40eee9e8acbbd273a9e4ec2382e3830114619e6f58c322fa9f476b
|
||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||
|
Loading…
Reference in New Issue
Block a user