* Fri Jan 8 18:41:06 CET 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-14

- Allow domain read usermodehelper state information - Remove all kernel_read_usermodehelper_state() interface calls - .copr: improve timestamp format - Allow wireshark create and use rdma socket - Allow domain stat /proc filesystem - Remove all kernel_getattr_proc() interface calls - Revert "Allow passwd to get attributes in proc_t" - Revert "Allow dovecot_auth_t stat /proc filesystem" - Revert "Allow sssd, unix_chkpwd, groupadd stat /proc filesystem" - Allow sssd read /run/systemd directory - Label /dev/vhost-vdpa-[0-9]+ as vhost_device_t
2021-01-08 18:44:14 +01:00 · 2021-01-08 18:44:14 +01:00 · d76e0b4040
commit d76e0b4040
parent d5b79a1cb7
2 changed files with 17 additions and 4 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 5b841a63b80fc0fbf22fe54eaf8ff3af80dadb53
+%global commit c23c6a5242560e8a9946db5bf4440adc0f39febc
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.7
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -792,6 +792,19 @@ exit 0
 %endif

 %changelog
+* Fri Jan  8 18:41:06 CET 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-14
+- Allow domain read usermodehelper state information
+- Remove all kernel_read_usermodehelper_state() interface calls
+- .copr: improve timestamp format
+- Allow wireshark create and use rdma socket
+- Allow domain stat /proc filesystem
+- Remove all kernel_getattr_proc() interface calls
+- Revert "Allow passwd to get attributes in proc_t"
+- Revert "Allow dovecot_auth_t stat /proc filesystem"
+- Revert "Allow sssd, unix_chkpwd, groupadd stat /proc filesystem"
+- Allow sssd read /run/systemd directory
+- Label /dev/vhost-vdpa-[0-9]+ as vhost_device_t
+
 * Thu Dec 17 20:07:23 CET 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-13
 - Label /dev/isst_interface as cpu_device_t
 - Dontaudit firewalld dac_override capability
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-5b841a6.tar.gz) = ee120c604364b9a33d9aa48c0f94511a046f60825fa4c9051149160c6723deda77187ce373bea22c7904f6c8a87d7ff157dbe950d82c461809cbfa4d52bc880d
-SHA512 (container-selinux.tgz) = f2a6db821b2fe6cadcb6092703b0b897be2786b4d5f6a17b435a5d905d1dd65f2aba6f94d47e80a9c83001f2fec5c6f99f4e80642092085b8de05cb253a23952
+SHA512 (selinux-policy-c23c6a5.tar.gz) = adbec861963b05b68c140f702bf68db8007d9facaa5e295b717ed7bd7e3549a06f92b57ca03322f033f65f59ec783f2231df0720eb80c5a48eebae587daf9c9a
+SHA512 (container-selinux.tgz) = 63d1448a8291ed9869c28205d015c567b09cf91e8235fdc27a7e1c3fa8bb03dc824558860c5f494b1ed734e38670bf3b9cc5bfca02d93d34cf7e4c597655a12c
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4