diff --git a/selinux-policy.spec b/selinux-policy.spec index 9989e26a..84ecfd7e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117 +%global commit e82ad03883fec6968f07d229ce8720dd593ee72e %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 19%{?dist} +Release: 20%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,25 +792,33 @@ exit 0 %endif %changelog +* Fri Feb 12 2021 Zdenek Pytela - 3.14.7-20 +- Allow userdomain watch various filesystem objects +- Allow systemd-logind and systemd-sleep integrity lockdown permission +- Allow unconfined_t and kprop_t to create krb5_0.rcache2 with the right context +- Allow pulseaudio watch devices and systemd-logind session dirs +- Allow abrt-dump-journal-* watch generic log dirs and /run/log/journal dir +- Remove duplicate files_mounton_etc(init_t) call +- Add watch permissions to manage_* object permissions sets +- Allow journalctl watch generic log dirs and /run/log/journal dir +- Label /etc/resolv.conf as net_conf_t even when it's a symlink +- Allow SSSD to watch /var/run/NetworkManager +- Allow dnsmasq_t to watch /etc +- Remove unnecessary lines from the new watch interfaces +- Fix docstring for init_watch_dir() +- Allow xdm watch its private lib dirs, /etc, /usr + * Fri Feb 12 2021 Zdenek Pytela - 3.14.7-19 -- Allow rtkit_daemon_t domain set process nice value in user namespaces -Resolves: rhbz#1910507 -- Allow gpsd read and write ptp4l_t shared memory. -Resolves: rhbz#1803845 -- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type -Resolves: rhbz#1804626 -- Allow Certmonger to use opencryptoki services -Resolves: rhbz#1894132 -- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm -Resolves: rhbz#1815603 -- Allow rhsmcertd_t read kpatch lib files -Resolves: rhbz#1895322 -- Allow ipsec_t connectto ipsec_mgmt_t -Resolves: rhbz#1848355 -- Allow IPsec to use opencryptoki services -Resolves: rhbz#1894132 +- Bump version as Fedora 34 has been branched off rawhide +- Allow xdm watch its private lib dirs, /etc, /usr - Allow systemd-importd create /run/systemd/machines.lock file -Resolves: rhbz#1788055 +- Allow rhsmcertd_t read kpatch lib files +- Add integrity lockdown permission into dev_read_raw_memory() +- Add confidentiality lockdown permission into fs_rw_tracefs_files() +- Allow gpsd read and write ptp4l_t shared memory. +- Allow colord watch its private lib files and /usr +- Allow init watch_reads mount PID files +- Allow IPsec and Certmonger to use opencryptoki services * Sun Feb 07 2021 Zdenek Pytela - 3.14.7-18 - Allow lockdown confidentiality for domains using perf_event diff --git a/sources b/sources index 8b8b3d60..90468f8a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725 -SHA512 (container-selinux.tgz) = daf7e3b64ae56db29732e8ef08db2cfc6431fae946fc7e67c5b677067db7b23735756fd9ddc5d052c1baebd7ab8eeb6c742d09f2f6348d9b31a4e9070646882a +SHA512 (container-selinux.tgz) = 3ef4ed4f154c1fa815e2f9fc3bcd68224b75cabbcb822c604ab5e13406315599ef30e63104dc732230e17a4dec72829de4827ad9cba0f2198b3852f151e6eea8 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (selinux-policy-e82ad03.tar.gz) = d59dbb452e659f0b7eec45dfdd37c7adc9bd03efd8d179344aa8ef1b89d3b51df9c092cc28964db5724db8a23ee1736ba00be72178d9f4dc3fcbc61cbe3074d2