* Fri Jan 03 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.20-1

- Allow virtqemud domain transition on numad execution Resolves: RHEL-65789 - Support virt live migration using ssh Resolves: RHEL-53972 - Allow ssh_t read systemd config files Resolves: RHEL-53972 - Allow virtqemud permissions needed for live migration Resolves: RHEL-43217 - Allow virtqemud the getpgid process permission Resolves: RHEL-46357 - Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on Resolves: RHEL-71068 - Allow virtqemud relabelfrom virt_log_t files Resolves: RHEL-48236 - Allow virtqemud relabel tun_socket Resolves: RHEL-71394 - Allow gnome-remote-desktop dbus chat with policykit Resolves: RHEL-35877 - Update ktlsh policy Resolves: RHEL-42672 - Confine the ktls service Resolves: RHEL-42672 - Allow request-key to read /etc/passwd Resolves: RHEL-71490 - Allow request-key to manage all domains' keys Resolves: RHEL-71490
2025-01-03 16:59:30 +01:00 · 2025-01-03 16:59:30 +01:00 · e863f070bd
commit e863f070bd
parent 046dc6f583
3 changed files with 33 additions and 5 deletions
--- a/28
+++ b/28
@ -1,3 +1,31 @@
+* Fri Jan 03 2025 Zdenek Pytela <zpytela@redhat.com> - 40.13.20-1
+- Allow virtqemud domain transition on numad execution
+Resolves: RHEL-65789
+- Support virt live migration using ssh
+Resolves: RHEL-53972
+- Allow ssh_t read systemd config files
+Resolves: RHEL-53972
+- Allow virtqemud permissions needed for live migration
+Resolves: RHEL-43217
+- Allow virtqemud the getpgid process permission
+Resolves: RHEL-46357
+- Allow virtqemud manage nfs dirs when virt_use_nfs boolean is on
+Resolves: RHEL-71068
+- Allow virtqemud relabelfrom virt_log_t files
+Resolves: RHEL-48236
+- Allow virtqemud relabel tun_socket
+Resolves: RHEL-71394
+- Allow gnome-remote-desktop dbus chat with policykit
+Resolves: RHEL-35877
+- Update ktlsh policy
+Resolves: RHEL-42672
+- Confine the ktls service
+Resolves: RHEL-42672
+- Allow request-key to read /etc/passwd
+Resolves: RHEL-71490
+- Allow request-key to manage all domains' keys
+Resolves: RHEL-71490
+
 * Fri Dec 20 2024 Petr Lautrbach <lautrbach@redhat.com> - 40.13.19-2
 - Rebuild with SELinux Userspace 3.8

--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -5,7 +5,7 @@

 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 14ba8a3b89d9bc28b698d366b52d747f477d9ca9
+%global commit c4b8bc4bbacc1304b42bdad98728a015a89ffa2e
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -17,8 +17,8 @@
 %define CHECKPOLICYVER 3.8
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 40.13.19
-Release: 2%{?dist}
+Version: 40.13.20
+Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: Makefile.devel
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-14ba8a3.tar.gz) = 96810d7c027846b2954d849e205758c96236e13000408d4e58fe9c4f68daf69e1eee72f2c15efaacd64f9279f9bc95d79a745e8cfd45531fcf59643c992e2cee
+SHA512 (selinux-policy-c4b8bc4.tar.gz) = 5bf48c9ae3cb1d0bffc8bc407cdb6103d0419acf840ef3f893c7b8910a7e77f3c55518cb0b28dfec708cb351360b97075059d1e6101134cd898dd8ccafca37d5
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = aab511b28245317f38a8ad35d200bd9b2aafe64979d69c36870550400306dee23a9b47217b4fe7f2b60128b2263f1ef2abec7beca22e588c0ec203cc8093fe8c
+SHA512 (container-selinux.tgz) = 70b61bf9979946b476a0b4468d612cb0183b1a788c0508655e80dfa411193fb76e53ce6dbf21ec1b699d9ae75bec9c54b504cd8351bb5c61a6ad56eff145cbf8