From f60c51e1349aa50f133932c1b5c94eefa6a1dc1c Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Thu, 24 Feb 2022 12:24:53 +0100 Subject: [PATCH] * Thu Feb 24 2022 Zdenek Pytela - 34.1.27-1 - Allow ModemManager connect to the unconfined user domain Resolves: rhbz#2000196 - Label /dev/wwan.+ with modem_manager_t Resolves: rhbz#2000196 - Allow systemd-coredump userns capabilities and root mounton Resolves: rhbz#2057435 - Allow systemd-coredump read and write usermodehelper state Resolves: rhbz#2057435 - Allow sysadm_passwd_t to relabel passwd and group files Resolves: rhbz#2053458 - Allow systemd-sysctl read the security state information Resolves: rhbz#2056999 - Remove unnecessary /etc file transitions for insights-client Resolves: rhbz#2055823 - Label all content in /var/lib/insights with insights_client_var_lib_t Resolves: rhbz#2055823 - Update insights-client policy Resolves: rhbz#2055823 - Update insights-client: fc pattern, motd, writing to etc Resolves: rhbz#2055823 - Update specfile to buildrequire policycoreutils-devel >= 3.3-5 - Add modules_checksum to %files --- selinux-policy.spec | 31 ++++++++++++++++++++++++++++--- sources | 4 ++-- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index c5f39f4c..3043bc48 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 0b21d4c0c4587cf2f8503a27109b729394bc68c1 +%global commit 4f11279dde0016b29017c44862fac2e12ddc55f6 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -19,11 +19,11 @@ %define BUILD_MLS 1 %endif %define POLICYVER 33 -%define POLICYCOREUTILSVER 3.2 +%define POLICYCOREUTILSVER 3.3-5 %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.1.26 +Version: 34.1.27 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -268,6 +268,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \ %ghost %{_sharedstatedir}/selinux/%1/active/seusers.linked \ %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \ %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \ +%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \ %nil %define relabel() \ @@ -792,6 +793,30 @@ exit 0 %endif %changelog +* Thu Feb 24 2022 Zdenek Pytela - 34.1.27-1 +- Allow ModemManager connect to the unconfined user domain +Resolves: rhbz#2000196 +- Label /dev/wwan.+ with modem_manager_t +Resolves: rhbz#2000196 +- Allow systemd-coredump userns capabilities and root mounton +Resolves: rhbz#2057435 +- Allow systemd-coredump read and write usermodehelper state +Resolves: rhbz#2057435 +- Allow sysadm_passwd_t to relabel passwd and group files +Resolves: rhbz#2053458 +- Allow systemd-sysctl read the security state information +Resolves: rhbz#2056999 +- Remove unnecessary /etc file transitions for insights-client +Resolves: rhbz#2055823 +- Label all content in /var/lib/insights with insights_client_var_lib_t +Resolves: rhbz#2055823 +- Update insights-client policy +Resolves: rhbz#2055823 +- Update insights-client: fc pattern, motd, writing to etc +Resolves: rhbz#2055823 +- Update specfile to buildrequire policycoreutils-devel >= 3.3-5 +- Add modules_checksum to %files + * Thu Feb 17 2022 Zdenek Pytela - 34.1.26-1 - Remove permissive domain for insights_client_t Resolves: rhbz#2055823 diff --git a/sources b/sources index d7a8cb06..9d88e232 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-0b21d4c.tar.gz) = 76c7f8ada11fcaaf91ff988e4f620fdcfb308b2d44a55c581de0273cce45a5882c7545b7ff2afdfe06dc829197cf2e9569251002bda6a1948d5b48409dec0e85 -SHA512 (container-selinux.tgz) = 7d34c2fd477cfebc34c740cad8260c7afb51e34fb0f726dd465d3136fe89d32b5683f6d8eafcaa7dac309efe39e39e6a3f06793d7d021018240cf703353b5d79 +SHA512 (selinux-policy-4f11279.tar.gz) = afb17e1cfccfb037e95d71a0804c4f2723690e65d4e06a7f2e2aaee2f1b68acb81e276b7cda139768456cd656770d3c08cc99d68b1bbca409c2cc3d5ab89b661 +SHA512 (container-selinux.tgz) = 23ec118ae5d33a536e528440f2a19c12bdbc453ba8676c5f8842e48e40f20138375437b71e6c0896e12813aca75a693806867fc08d6a710ffc560ea82b3aab65 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4