From ed2eb342889700a864851058021d35590a2186a5 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Mon, 21 Jun 2021 15:07:20 +0200 Subject: [PATCH] * Mon Jun 21 2021 Zdenek Pytela - 34.12-1 - Label /dev/dma_heap/* char devices with dma_device_t - Revert "Label /dev/dma_heap/* char devices with dma_device_t" - Revert "Label /dev/dma_heap with dma_device_dir_t" - Revert "Associate dma_device_dir_t with device filesystem" - Add the lockdown integrity permission to dev_map_userio_dev() - Allow systemd-modules-load read/write tracefs files - Allow sssd watch /run/systemd - Label /usr/bin/arping plain file with netutils_exec_t - Label /run/fsck with fsadm_var_run_t - Label /usr/bin/Xwayland with xserver_exec_t - Allow systemd-timesyncd watch dbus runtime dir - Allow asterisk watch localization files - Allow iscsid read all process stat - iptables.fc: Add missing legacy-restore and legacy-save entries - Label /run/libvirt/common with virt_common_var_run_t - Label /.k5identity file allow read of this file to rpc.gssd - Make usbmuxd_t a daemon --- selinux-policy.spec | 23 +++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index da49fb10..4a73b72d 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit b358de719df0b724d3164240a430cc4e02be15d0 +%global commit 85f35a10d97af810016aa668dc24f8e5bbc36596 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.11 +Version: 34.12 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -792,6 +792,25 @@ exit 0 %endif %changelog +* Mon Jun 21 2021 Zdenek Pytela - 34.12-1 +- Label /dev/dma_heap/* char devices with dma_device_t +- Revert "Label /dev/dma_heap/* char devices with dma_device_t" +- Revert "Label /dev/dma_heap with dma_device_dir_t" +- Revert "Associate dma_device_dir_t with device filesystem" +- Add the lockdown integrity permission to dev_map_userio_dev() +- Allow systemd-modules-load read/write tracefs files +- Allow sssd watch /run/systemd +- Label /usr/bin/arping plain file with netutils_exec_t +- Label /run/fsck with fsadm_var_run_t +- Label /usr/bin/Xwayland with xserver_exec_t +- Allow systemd-timesyncd watch dbus runtime dir +- Allow asterisk watch localization files +- Allow iscsid read all process stat +- iptables.fc: Add missing legacy-restore and legacy-save entries +- Label /run/libvirt/common with virt_common_var_run_t +- Label /.k5identity file allow read of this file to rpc.gssd +- Make usbmuxd_t a daemon + * Wed Jun 09 2021 Zdenek Pytela - 34.11-1 - Allow sanlock get attributes of cgroup filesystems - Associate dma_device_dir_t with device filesystem diff --git a/sources b/sources index 2dc5bff2..0e6ea201 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-b358de7.tar.gz) = 54dbd93123e2086d01bea4ee0cf1c7f379e09224ca9e88f029fb9a430aa0d63343f0578facd52ae03781b140d893d2bd7ef795d8b36c47aeef4d62dab98f7170 +SHA512 (selinux-policy-85f35a1.tar.gz) = aafb4ef00018011b62de0bf70562da4456087661bbda971fc9b63704cd41df01a26e7838fd8de19c4ac164d73f247e6939fe68b0d2e1a4b83057f1c7c005530a +SHA512 (container-selinux.tgz) = 82949a11f5d946928422d096ce6dfb23f9fdab317b95c9209e72919840b2e9f12121302ee7772412bbf456fe295a231ee7a5599f0a2f45c1a3d03bf950c5175b SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = d2d56e4990cbd8815b744a921ab034eba94a2ec08cf5c66ca64d448daf7ef8d3d7d30c97d02411cc83773ac3af38a23295b70ec49cb5162bb1f110c25e1e0d15