From edd3ad31f7c5442a5c3e440361eb5eb9308e9561 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Thu, 20 Jul 2023 17:52:48 +0200 Subject: [PATCH] * Thu Jul 20 2023 Zdenek Pytela - 3.14.3-124 - Add the files_getattr_non_auth_dirs() interface Resolves: rhbz#2076937 - Update policy for the sblim-sfcb service Resolves: rhbz#2076937 - Dontaudit sfcbd sys_ptrace cap_userns Resolves: rhbz#2076937 - Label /usr/sbin/sos with sosreport_exec_t Resolves: rhbz#2167731 - Allow sa-update manage spamc home files Resolves: rhbz#2222200 - Allow sa-update connect to systemlog services Resolves: rhbz#2222200 - Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t Resolves: rhbz#2222200 --- .gitignore | 2 ++ selinux-policy.spec | 22 +++++++++++++++++++--- sources | 6 +++--- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index c20a1457..2bb1fc62 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,5 @@ SOURCES/selinux-policy-contrib-c6da44c.tar.gz /selinux-policy-contrib-15580d9.tar.gz /selinux-policy-contrib-00f671d.tar.gz /selinux-policy-contrib-595dfde.tar.gz +/selinux-policy-c6ff36f.tar.gz +/selinux-policy-contrib-8dc6e4c.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index b64c4a09..cf01258d 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 7bf027bb89f2445187e0e6cfbe3737e7bf293839 +%global commit0 c6ff36ffd9294bfdc2a77b9a010dd9a6d09bf473 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 595dfdeeb39115f7d68511cc5012b0f6896a3548 +%global commit1 8dc6e4cecd052fa44fc1c5f0b4fb52139300526d %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 123%{?dist} +Release: 124%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -718,6 +718,22 @@ exit 0 %endif %changelog +* Thu Jul 20 2023 Zdenek Pytela - 3.14.3-124 +- Add the files_getattr_non_auth_dirs() interface +Resolves: rhbz#2076937 +- Update policy for the sblim-sfcb service +Resolves: rhbz#2076937 +- Dontaudit sfcbd sys_ptrace cap_userns +Resolves: rhbz#2076937 +- Label /usr/sbin/sos with sosreport_exec_t +Resolves: rhbz#2167731 +- Allow sa-update manage spamc home files +Resolves: rhbz#2222200 +- Allow sa-update connect to systemlog services +Resolves: rhbz#2222200 +- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t +Resolves: rhbz#2222200 + * Thu Jun 29 2023 Zdenek Pytela - 3.14.3-123 - Label only /usr/sbin/ripd and ripngd with zebra_exec_t Resolves: rhbz#2213606 diff --git a/sources b/sources index 231d42d7..7b942cea 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-7bf027b.tar.gz) = b900b92cb478c8760066a92b940c3a7805b9e027f45b3f95db11c0f21e4bcc53b9aa2789c8ef27419bebc88e1241f83b754bf86df6d7080ed8d6177d8220dd99 -SHA512 (selinux-policy-contrib-595dfde.tar.gz) = 3f5575e209652243b0e2e4f7962132a9d076923ecf777581143f1794ddf72b69fdf7781aad0acb64b22b015aa3d45034e0e345bd10263e80e09e6ca8d6281d02 -SHA512 (container-selinux.tgz) = 33e8ff2478a5024df1cb227b1eb4b9b95c616cd81957ab968a082619f05ea149d63bce5b5ae3b4d2de5ead6d6371d49ef00c4ae7a8048e435342b9c8bca549ce +SHA512 (selinux-policy-c6ff36f.tar.gz) = 15826aee744a35ef888bdf9407b0f0b99ead0d81c9c84981a30ddcf20f980f3afaeee18a4c82e74066f1ea6f18b41eaf2672f940b005fadca03dd3c6d902b8a9 +SHA512 (selinux-policy-contrib-8dc6e4c.tar.gz) = 05fd6fd7456275a55674569fca8e637ea2f804dd1e0b71ca33a2bfb6354d3643dba6c7096659e4a77920c15de7d2b8dacb084ab88aebedd47def1a5f08686c1c SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = f6964fbc509c1c52486689b4ba02f07c0e5a173afa7ea20135ffef97cc01344e52de948dc6b6122776b1d0228fc396bb8e8cacfede5c02a0f4972090c330880c