From eea0ee325a71c8c805367f24a8b09ebb4485b3e3 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Tue, 9 Feb 2021 04:48:56 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#c7e90bc1966a5ae10e5353dcd8f6ce95b89a4074 --- selinux-policy.spec | 32 ++++++++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 0f24f450..334e570f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 46ba041ba302d1550c230f7359627701b99b1479 +%global commit fed45e38dd9e0cad60c130c633ba150530b35d9c %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,6 +792,34 @@ exit 0 %endif %changelog +* Sun Feb 07 2021 Zdenek Pytela - 3.14.7-18 +- Allow lockdown confidentiality for domains using perf_event +- define lockdown class and access +- Add perfmon capability for all domains using perf_event +- Allow ptp4l_t bpf capability to run bpf programs +- Revert "Allow ptp4l_t sys_admin capability to run bpf programs" +- access_vectors: Add new capabilities to cap2 +- Allow systemd and systemd-resolved watch dbus pid objects +- Add new watch interfaces in the base and userdomain policy +- Add watch permissions for contrib packages +- Allow xdm watch /usr directories +- Allow getty watch its private runtime files +- Add watch permissions for nscd and sssd +- Add watch permissions for firewalld and NetworkManager +- Add watch permissions for syslogd +- Add watch permissions for systemd services +- Allow restorecond watch /etc dirs +- Add watch permissions for user domain types +- Add watch permissions for init +- Add basic watch interfaces for systemd +- Add basic watch interfaces to the base module +- Add additional watch object permissions sets and patterns +- Allow init_t to watch localization symlinks +- Allow init_t to watch mount directories +- Allow init_t to watch cgroup files +- Add basic watch patterns +- Add new watch* permissions + * Fri Feb 05 2021 Zdenek Pytela - 3.14.7-17 - Update .copr/make-srpm.sh to use rawhide as DISTGIT_BRANCH - Dontaudit setsched for rndc diff --git a/sources b/sources index 256deff0..3e5215b7 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-46ba041.tar.gz) = be0ba6d14bccf64b2526f723e51938bb3740563c0061364d7b8efc32152321172c0f0624ad79f3184da8623c969fa87b6611a019bcab04b0c85385beb4cdc1b1 -SHA512 (container-selinux.tgz) = 26df62a4220f699a7144a51c6ad5fc0dee9887842e5daeee41ad97eac1d7b8b20bbe124c8f12faafbea68b74c67283d524f35fb62f52fdb9258c034481f542b6 +SHA512 (selinux-policy-fed45e3.tar.gz) = d7c791c2d17dcc1bd2accf99d48ef49a1ad2535b6b22ed1468464139f0beb28e72fbdb2d7bc8defc5c3eb7684c9cf364e1fe1e5fc76e6646327461d0830e860a +SHA512 (container-selinux.tgz) = c8965a63a06b03b2e3f8191bd044a98d60e7b3c3ea94b79f19554c81ed45dc0cb3e1c1211c6e8c1cd519640ec972c1707d380c26cab4da33d0d8d9fbdf6bce68 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4