Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/selinux-policy.git#ad33d7979e1d6eb8cb76a1176222778f981b4c4e
This commit is contained in:
DistroBaker 2021-02-13 00:52:48 +00:00
parent ece0d0b7b5
commit f521412d05
2 changed files with 29 additions and 21 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117
%global commit e82ad03883fec6968f07d229ce8720dd593ee72e
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -24,7 +24,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.7
Release: 19%{?dist}
Release: 20%{?dist}
License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf
@ -792,25 +792,33 @@ exit 0
%endif
%changelog
* Fri Feb 12 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-20
- Allow userdomain watch various filesystem objects
- Allow systemd-logind and systemd-sleep integrity lockdown permission
- Allow unconfined_t and kprop_t to create krb5_0.rcache2 with the right context
- Allow pulseaudio watch devices and systemd-logind session dirs
- Allow abrt-dump-journal-* watch generic log dirs and /run/log/journal dir
- Remove duplicate files_mounton_etc(init_t) call
- Add watch permissions to manage_* object permissions sets
- Allow journalctl watch generic log dirs and /run/log/journal dir
- Label /etc/resolv.conf as net_conf_t even when it's a symlink
- Allow SSSD to watch /var/run/NetworkManager
- Allow dnsmasq_t to watch /etc
- Remove unnecessary lines from the new watch interfaces
- Fix docstring for init_watch_dir()
- Allow xdm watch its private lib dirs, /etc, /usr
* Fri Feb 12 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-19
- Allow rtkit_daemon_t domain set process nice value in user namespaces
Resolves: rhbz#1910507
- Allow gpsd read and write ptp4l_t shared memory.
Resolves: rhbz#1803845
- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type
Resolves: rhbz#1804626
- Allow Certmonger to use opencryptoki services
Resolves: rhbz#1894132
- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm
Resolves: rhbz#1815603
- Allow rhsmcertd_t read kpatch lib files
Resolves: rhbz#1895322
- Allow ipsec_t connectto ipsec_mgmt_t
Resolves: rhbz#1848355
- Allow IPsec to use opencryptoki services
Resolves: rhbz#1894132
- Bump version as Fedora 34 has been branched off rawhide
- Allow xdm watch its private lib dirs, /etc, /usr
- Allow systemd-importd create /run/systemd/machines.lock file
Resolves: rhbz#1788055
- Allow rhsmcertd_t read kpatch lib files
- Add integrity lockdown permission into dev_read_raw_memory()
- Add confidentiality lockdown permission into fs_rw_tracefs_files()
- Allow gpsd read and write ptp4l_t shared memory.
- Allow colord watch its private lib files and /usr
- Allow init watch_reads mount PID files
- Allow IPsec and Certmonger to use opencryptoki services
* Sun Feb 07 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
- Allow lockdown confidentiality for domains using perf_event

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725
SHA512 (container-selinux.tgz) = daf7e3b64ae56db29732e8ef08db2cfc6431fae946fc7e67c5b677067db7b23735756fd9ddc5d052c1baebd7ab8eeb6c742d09f2f6348d9b31a4e9070646882a
SHA512 (container-selinux.tgz) = 3ef4ed4f154c1fa815e2f9fc3bcd68224b75cabbcb822c604ab5e13406315599ef30e63104dc732230e17a4dec72829de4827ad9cba0f2198b3852f151e6eea8
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (selinux-policy-e82ad03.tar.gz) = d59dbb452e659f0b7eec45dfdd37c7adc9bd03efd8d179344aa8ef1b89d3b51df9c092cc28964db5724db8a23ee1736ba00be72178d9f4dc3fcbc61cbe3074d2