From db469cf496a1d7ffd6eeebe846d154574135dedb Mon Sep 17 00:00:00 2001 From: Nikola Knazekova Date: Fri, 14 Apr 2023 19:02:00 +0200 Subject: [PATCH] * Fri Apr 14 2023 Nikola Knazekova - 38.1.12-1 - Allow cloud-init domain transition to insights-client domain Resolves: rhbz#2162663 - Allow chronyd send a message to cloud-init over a datagram socket Resolves: rhbz#2162663 - Allow dmidecode write to cloud-init tmp files Resolves: rhbz#2162663 - Allow login_pgm setcap permission Resolves: rhbz#2174331 - Allow tshark the setsched capability Resolves: rhbz#2165634 - Allow chronyc read network sysctls Resolves: rhbz#2173604 - Allow systemd-timedated watch init runtime dir Resolves: rhbz#2175137 - Add journalctl the sys_resource capability Resolves: rhbz#2153782 - Allow system_cronjob_t transition to rpm_script_t Resolves: rhbz#2173685 - Revert "Allow system_cronjob_t domtrans to rpm_script_t" Resolves: rhbz#2173685 - Allow insights-client tcp connect to all ports Resolves: rhbz#2183083 - Allow insights-client work with su and lpstat Resolves: rhbz#2183083 - Allow insights-client manage fsadm pid files Resolves: rhbz#2183083 - Allow insights-client read all sysctls Resolves: rhbz#2183083 - Allow rabbitmq to read network sysctls Resolves: rhbz#2184999 --- selinux-policy.spec | 38 +++++++++++++++++++++++++++++++++++--- sources | 4 ++-- 2 files changed, 37 insertions(+), 5 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 24a6154..bd4dcc7 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 1f00e9902fc460b1b1eedb5fbb182bdff6924e33 +%global commit 8e37504d1c611f9ab6ba12767dbad2fd8eaac343 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,8 +23,8 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 38.1.11 -Release: 2%{?dist} +Version: 38.1.12 +Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -809,6 +809,38 @@ exit 0 %endif %changelog +* Fri Apr 14 2023 Nikola Knazekova - 38.1.12-1 +- Allow cloud-init domain transition to insights-client domain +Resolves: rhbz#2162663 +- Allow chronyd send a message to cloud-init over a datagram socket +Resolves: rhbz#2162663 +- Allow dmidecode write to cloud-init tmp files +Resolves: rhbz#2162663 +- Allow login_pgm setcap permission +Resolves: rhbz#2174331 +- Allow tshark the setsched capability +Resolves: rhbz#2165634 +- Allow chronyc read network sysctls +Resolves: rhbz#2173604 +- Allow systemd-timedated watch init runtime dir +Resolves: rhbz#2175137 +- Add journalctl the sys_resource capability +Resolves: rhbz#2153782 +- Allow system_cronjob_t transition to rpm_script_t +Resolves: rhbz#2173685 +- Revert "Allow system_cronjob_t domtrans to rpm_script_t" +Resolves: rhbz#2173685 +- Allow insights-client tcp connect to all ports +Resolves: rhbz#2183083 +- Allow insights-client work with su and lpstat +Resolves: rhbz#2183083 +- Allow insights-client manage fsadm pid files +Resolves: rhbz#2183083 +- Allow insights-client read all sysctls +Resolves: rhbz#2183083 +- Allow rabbitmq to read network sysctls +Resolves: rhbz#2184999 + * Tue Mar 28 2023 Nikola Knazekova - 38.1.11-2 - rebuilt Resolves: rhbz#2172268 diff --git a/sources b/sources index 98e1e46..bfb642b 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-1f00e99.tar.gz) = 38717d8956d03e810bbe55aa58c38e90819cbe3cbc42e9095ced2dfee2381dc013db7c21df22e708d1802a031b565b675f2962d8834e95cbfad9e46a253c34e3 -SHA512 (container-selinux.tgz) = 9a6521e678d3efe3a8d94ec69edd7b8c4c39332e0c96c9f6bf57123ec926a807bac839ad5938abc7639ba454c8f6e80d6253ce11b9412320ba295128f6335ebd +SHA512 (selinux-policy-8e37504.tar.gz) = 0c0b39f2421ca964db7b9cbbabf00000c37b1c7110bcac47eb489ca0d8e49ecca0d6cb5587e7e8897deaa941a27a6abb371e0ae75a066f105d76d9801b52ef4e +SHA512 (container-selinux.tgz) = 994717d9350b71ab5cabc6cf08b11eec1832a7db0e6c5a78d0e36cb32f78438d84a1d0cda431d5a80e67fc1e8645f663eca65f30e023d6aca8697770556ba8b2 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4