rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon May 22 2023 Zdenek Pytela <zpytela@redhat.com> - 38.13-1

Browse Source 
- Add initial policy for cifs-helper
- Label key.dns_resolver with keyutils_dns_resolver_exec_t
- Allow unconfined_service_t to create .gnupg labeled as gpg_secret_t
- Allow some systemd services write to cgroup files
- Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files
- Allow systemd resolved to bind to arbitrary nodes
- Allow plymouthd_t bpf capability to run bpf programs
- Allow cupsd to create samba_var_t files
- Allow rhsmcert request the kernel to load a module
- Allow virsh name_connect virt_port_t
- Allow certmonger manage cluster library files
- Allow plymouthd read init process state
- Add chromium_sandbox_t setcap capability
- Allow snmpd read raw disk data
- Allow samba-rpcd work with passwords
- Allow unconfined service inherit signal state from init
- Allow cloud-init manage gpg admin home content
- Allow cluster_t dbus chat with various services
- Allow nfsidmapd work with systemd-userdbd and sssd
- Allow unconfined_domain_type use IORING_OP_URING_CMD on all device nodes
- Allow plymouthd map dri and framebuffer devices
- Allow rpmdb_migrate execute rpmdb
- Allow logrotate dbus chat with systemd-hostnamed
- Allow icecast connect to kernel using a unix stream socket
- Allow lldpad connect to systemd-userdbd over a unix socket
- Allow journalctl open user domain ptys and ttys
- Allow keepalived to manage its tmp files
- Allow ftpd read network sysctls
- Label /run/bgpd with zebra_var_run_t
- Allow gssproxy read network sysctls
- Add the cifsutils module
This commit is contained in:
Zdenek Pytela 2023-05-22 09:00:23 +02:00
parent 9619eb8fb1
commit dfde7d3e7a
3 changed files with 44 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules-targeted-contrib.conf
View File

@ -2712,3 +2712,10 @@ rshim = module
# keyutils
#
keyutils = module
# Layer: contrib
# Module: cifsutils
#
# cifsutils - Utilities for managing CIFS mounts
#
cifsutils = module

37
selinux-policy.spec
View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 61c90a7ada38cbbeaaef3b299b784721fe3c60c2
%global commit 6b599716fa1b29325fd2f2cf9af3fc25dfe9336e
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -23,7 +23,7 @@
%define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 38.12
Version: 38.13
Release: 1%{?dist}
License: GPL-2.0-or-later
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -813,6 +813,39 @@ exit 0
%endif
%changelog
* Mon May 22 2023 Zdenek Pytela <zpytela@redhat.com> - 38.13-1
- Add initial policy for cifs-helper
- Label key.dns_resolver with keyutils_dns_resolver_exec_t
- Allow unconfined_service_t to create .gnupg labeled as gpg_secret_t
- Allow some systemd services write to cgroup files
- Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files
- Allow systemd resolved to bind to arbitrary nodes
- Allow plymouthd_t bpf capability to run bpf programs
- Allow cupsd to create samba_var_t files
- Allow rhsmcert request the kernel to load a module
- Allow virsh name_connect virt_port_t
- Allow certmonger manage cluster library files
- Allow plymouthd read init process state
- Add chromium_sandbox_t setcap capability
- Allow snmpd read raw disk data
- Allow samba-rpcd work with passwords
- Allow unconfined service inherit signal state from init
- Allow cloud-init manage gpg admin home content
- Allow cluster_t dbus chat with various services
- Allow nfsidmapd work with systemd-userdbd and sssd
- Allow unconfined_domain_type use IORING_OP_URING_CMD on all device nodes
- Allow plymouthd map dri and framebuffer devices
- Allow rpmdb_migrate execute rpmdb
- Allow logrotate dbus chat with systemd-hostnamed
- Allow icecast connect to kernel using a unix stream socket
- Allow lldpad connect to systemd-userdbd over a unix socket
- Allow journalctl open user domain ptys and ttys
- Allow keepalived to manage its tmp files
- Allow ftpd read network sysctls
- Label /run/bgpd with zebra_var_run_t
- Allow gssproxy read network sysctls
- Add the cifsutils module
* Tue Apr 25 2023 Zdenek Pytela <zpytela@redhat.com> - 38.12-1
- Allow telnetd read network sysctls
- Allow munin system plugin read generic SSL certificates

4
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-61c90a7.tar.gz) = 084c2da710551f31d0e04cbd3c013f5896da657d6af20a3c0d81cc4a083e5de04bc168ba3539c347c77750dc8c0c40326e14839f33577133182eb7848daf471a
SHA512 (selinux-policy-6b59971.tar.gz) = c51022f6e34123de157513441a1f55aef1bedc0bb3df084d8788fb1a1b76eac2bb1d1b76356927effb52ed61b48cd6a9fd1fe7013b001aa8b7f96c8126e71ee5
SHA512 (container-selinux.tgz) = 511a3ba18b57f0bf7a496f8d5796e0d6ccf08485be13f65e5d84919aaebc9f56b24372867d56f3fd87e0d9cfb4fdb918d2453912bf289f487d5c290e20da4d8a
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = 3b16723e4505d1a7e42e86e0c14d8b672ddef139064f485d5ae0327566a0edf75c91746f934d27e81d0cdbcc005b468966a203b1d5d6933d0665d9035199ac4d