Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#942c59859e64bf268aaf0f161f26fe50d188dc4b
2021-02-12 06:32:55 +00:00 · 2021-02-12 06:32:55 +00:00 · ece0d0b7b5
parent eea0ee325a
commit ece0d0b7b5
3 changed files with 25 additions and 5 deletions
--- a/make-rhat-patches.sh
+++ b/make-rhat-patches.sh
@ -4,7 +4,7 @@ DISTGIT_PATH=$(pwd)

 FEDORA_VERSION=rawhide
 DOCKER_FEDORA_VERSION=master
-DISTGIT_BRANCH=rawhide
+DISTGIT_BRANCH=f34
 REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
 REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
 REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit fed45e38dd9e0cad60c130c633ba150530b35d9c
+%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.7
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -792,6 +792,26 @@ exit 0
 %endif

 %changelog
+* Fri Feb 12 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-19
+- Allow rtkit_daemon_t domain set process nice value in user namespaces
+Resolves: rhbz#1910507
+- Allow gpsd read and write ptp4l_t shared memory.
+Resolves: rhbz#1803845
+- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type
+Resolves: rhbz#1804626
+- Allow Certmonger to use opencryptoki services
+Resolves: rhbz#1894132
+- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm
+Resolves: rhbz#1815603
+- Allow rhsmcertd_t read kpatch lib files
+Resolves: rhbz#1895322
+- Allow ipsec_t connectto ipsec_mgmt_t
+Resolves: rhbz#1848355
+- Allow IPsec to use opencryptoki services
+Resolves: rhbz#1894132
+- Allow systemd-importd create /run/systemd/machines.lock file
+Resolves: rhbz#1788055
+
 * Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
 - Allow lockdown confidentiality for domains using perf_event
 - define lockdown class and access
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-fed45e3.tar.gz) = d7c791c2d17dcc1bd2accf99d48ef49a1ad2535b6b22ed1468464139f0beb28e72fbdb2d7bc8defc5c3eb7684c9cf364e1fe1e5fc76e6646327461d0830e860a
-SHA512 (container-selinux.tgz) = c8965a63a06b03b2e3f8191bd044a98d60e7b3c3ea94b79f19554c81ed45dc0cb3e1c1211c6e8c1cd519640ec972c1707d380c26cab4da33d0d8d9fbdf6bce68
+SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725
+SHA512 (container-selinux.tgz) = daf7e3b64ae56db29732e8ef08db2cfc6431fae946fc7e67c5b677067db7b23735756fd9ddc5d052c1baebd7ab8eeb6c742d09f2f6348d9b31a4e9070646882a
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4