From f521412d05ea1d959c29720e7ee4978c2473e13f Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Sat, 13 Feb 2021 00:52:48 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#ad33d7979e1d6eb8cb76a1176222778f981b4c4e --- selinux-policy.spec | 46 ++++++++++++++++++++++++++------------------- sources | 4 ++-- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 9989e26a..84ecfd7e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 17c7cdc19d47f1da9d712d4d42521e146f775117 +%global commit e82ad03883fec6968f07d229ce8720dd593ee72e %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 19%{?dist} +Release: 20%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -792,25 +792,33 @@ exit 0 %endif %changelog +* Fri Feb 12 2021 Zdenek Pytela - 3.14.7-20 +- Allow userdomain watch various filesystem objects +- Allow systemd-logind and systemd-sleep integrity lockdown permission +- Allow unconfined_t and kprop_t to create krb5_0.rcache2 with the right context +- Allow pulseaudio watch devices and systemd-logind session dirs +- Allow abrt-dump-journal-* watch generic log dirs and /run/log/journal dir +- Remove duplicate files_mounton_etc(init_t) call +- Add watch permissions to manage_* object permissions sets +- Allow journalctl watch generic log dirs and /run/log/journal dir +- Label /etc/resolv.conf as net_conf_t even when it's a symlink +- Allow SSSD to watch /var/run/NetworkManager +- Allow dnsmasq_t to watch /etc +- Remove unnecessary lines from the new watch interfaces +- Fix docstring for init_watch_dir() +- Allow xdm watch its private lib dirs, /etc, /usr + * Fri Feb 12 2021 Zdenek Pytela - 3.14.7-19 -- Allow rtkit_daemon_t domain set process nice value in user namespaces -Resolves: rhbz#1910507 -- Allow gpsd read and write ptp4l_t shared memory. -Resolves: rhbz#1803845 -- Label /var/run/pcsd-ruby.socket socket with cluster_var_run_t type -Resolves: rhbz#1804626 -- Allow Certmonger to use opencryptoki services -Resolves: rhbz#1894132 -- Dontaudit vhostmd to write in /var/lib/rpm/ dir and allow signull rpm -Resolves: rhbz#1815603 -- Allow rhsmcertd_t read kpatch lib files -Resolves: rhbz#1895322 -- Allow ipsec_t connectto ipsec_mgmt_t -Resolves: rhbz#1848355 -- Allow IPsec to use opencryptoki services -Resolves: rhbz#1894132 +- Bump version as Fedora 34 has been branched off rawhide +- Allow xdm watch its private lib dirs, /etc, /usr - Allow systemd-importd create /run/systemd/machines.lock file -Resolves: rhbz#1788055 +- Allow rhsmcertd_t read kpatch lib files +- Add integrity lockdown permission into dev_read_raw_memory() +- Add confidentiality lockdown permission into fs_rw_tracefs_files() +- Allow gpsd read and write ptp4l_t shared memory. +- Allow colord watch its private lib files and /usr +- Allow init watch_reads mount PID files +- Allow IPsec and Certmonger to use opencryptoki services * Sun Feb 07 2021 Zdenek Pytela - 3.14.7-18 - Allow lockdown confidentiality for domains using perf_event diff --git a/sources b/sources index 8b8b3d60..90468f8a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-17c7cdc.tar.gz) = 21815c41813a22349f28cd2ff9bbd221f8e19039d67e766bc811a3566e75a8b58d4036b8da2b609eb1e37213694325f222972e16ad00d3b6154c255550f6f725 -SHA512 (container-selinux.tgz) = daf7e3b64ae56db29732e8ef08db2cfc6431fae946fc7e67c5b677067db7b23735756fd9ddc5d052c1baebd7ab8eeb6c742d09f2f6348d9b31a4e9070646882a +SHA512 (container-selinux.tgz) = 3ef4ed4f154c1fa815e2f9fc3bcd68224b75cabbcb822c604ab5e13406315599ef30e63104dc732230e17a4dec72829de4827ad9cba0f2198b3852f151e6eea8 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (selinux-policy-e82ad03.tar.gz) = d59dbb452e659f0b7eec45dfdd37c7adc9bd03efd8d179344aa8ef1b89d3b51df9c092cc28964db5724db8a23ee1736ba00be72178d9f4dc3fcbc61cbe3074d2