diff --git a/make-rhat-patches.sh b/make-rhat-patches.sh index 615a6d6c..6f662209 100755 --- a/make-rhat-patches.sh +++ b/make-rhat-patches.sh @@ -4,7 +4,7 @@ DISTGIT_PATH=$(pwd) FEDORA_VERSION=rawhide DOCKER_FEDORA_VERSION=master -DISTGIT_BRANCH=rawhide +DISTGIT_BRANCH=f34 REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy} REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION} REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux} diff --git a/selinux-policy.spec b/selinux-policy.spec index 334e570f..9989e26a 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit fed45e38dd9e0cad60c130c633ba150530b35d9c +%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 18%{?dist} +Release: 19%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,6 +792,26 @@ exit 0 %endif %changelog +* Fri Feb 12 2021 Zdenek Pytela - 3.14.7-19 +- Allow rtkit_daemon_t domain set process nice value in user namespaces +Resolves: rhbz#1910507 +- Allow gpsd read and write ptp4l_t shared memory. +Resolves: rhbz#1803845 +- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type +Resolves: rhbz#1804626 +- Allow Certmonger to use opencryptoki services +Resolves: rhbz#1894132 +- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm +Resolves: rhbz#1815603 +- Allow rhsmcertd_t read kpatch lib files +Resolves: rhbz#1895322 +- Allow ipsec_t connectto ipsec_mgmt_t +Resolves: rhbz#1848355 +- Allow IPsec to use opencryptoki services +Resolves: rhbz#1894132 +- Allow systemd-importd create /run/systemd/machines.lock file +Resolves: rhbz#1788055 + * Sun Feb 07 2021 Zdenek Pytela - 3.14.7-18 - Allow lockdown confidentiality for domains using perf_event - define lockdown class and access diff --git a/sources b/sources index 3e5215b7..8b8b3d60 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-fed45e3.tar.gz) = d7c791c2d17dcc1bd2accf99d48ef49a1ad2535b6b22ed1468464139f0beb28e72fbdb2d7bc8defc5c3eb7684c9cf364e1fe1e5fc76e6646327461d0830e860a -SHA512 (container-selinux.tgz) = c8965a63a06b03b2e3f8191bd044a98d60e7b3c3ea94b79f19554c81ed45dc0cb3e1c1211c6e8c1cd519640ec972c1707d380c26cab4da33d0d8d9fbdf6bce68 +SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725 +SHA512 (container-selinux.tgz) = daf7e3b64ae56db29732e8ef08db2cfc6431fae946fc7e67c5b677067db7b23735756fd9ddc5d052c1baebd7ab8eeb6c742d09f2f6348d9b31a4e9070646882a SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4