From f64670faa34ca769798636e218c44a0664e67d49 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Wed, 8 Jan 2025 16:49:28 +0100 Subject: [PATCH] * Wed Jan 08 2025 Zdenek Pytela - 40.13.21-1 - Allow init create vsock socket for sshd Resolves: RHEL-72549 - Support ssh connections via systemd-ssh-generator Resolves: RHEL-72549 - Allow ssh generator work with systemd unit files Resolves: RHEL-72549 - Confine systemd system-ssh-generator Resolves: RHEL-72549 - Allow login_userdomain getattr nsfs files Resolves: RHEL-72549 - Allow virtqemud send a generic signal to the ssh client domain Resolves: RHEL-53972 - Add the auth_dontaudit_read_passwd_file() interface Resolves: RHEL-71490 - Dontaudit request-key read /etc/passwd Resolves: RHEL-71490 --- changelog | 18 ++++++++++++++++++ selinux-policy.spec | 4 ++-- sources | 4 ++-- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/changelog b/changelog index 335e82f7..e86bddb4 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,21 @@ +* Wed Jan 08 2025 Zdenek Pytela - 40.13.21-1 +- Allow init create vsock socket for sshd +Resolves: RHEL-72549 +- Support ssh connections via systemd-ssh-generator +Resolves: RHEL-72549 +- Allow ssh generator work with systemd unit files +Resolves: RHEL-72549 +- Confine systemd system-ssh-generator +Resolves: RHEL-72549 +- Allow login_userdomain getattr nsfs files +Resolves: RHEL-72549 +- Allow virtqemud send a generic signal to the ssh client domain +Resolves: RHEL-53972 +- Add the auth_dontaudit_read_passwd_file() interface +Resolves: RHEL-71490 +- Dontaudit request-key read /etc/passwd +Resolves: RHEL-71490 + * Fri Jan 03 2025 Zdenek Pytela - 40.13.20-1 - Allow virtqemud domain transition on numad execution Resolves: RHEL-65789 diff --git a/selinux-policy.spec b/selinux-policy.spec index 67c2c92f..83d77cad 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -5,7 +5,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit c4b8bc4bbacc1304b42bdad98728a015a89ffa2e +%global commit 9e20ff3dfd8b57bab412414b748ef1bac237b73b %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -17,7 +17,7 @@ %define CHECKPOLICYVER 3.8 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.13.20 +Version: 40.13.21 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz diff --git a/sources b/sources index b1e58cc8..ffc5e65f 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-c4b8bc4.tar.gz) = 5bf48c9ae3cb1d0bffc8bc407cdb6103d0419acf840ef3f893c7b8910a7e77f3c55518cb0b28dfec708cb351360b97075059d1e6101134cd898dd8ccafca37d5 +SHA512 (selinux-policy-9e20ff3.tar.gz) = 53ce5243472ee22aea0fdca36019035ed5c93b4ccf97f7ce5cb12faf2ff1ede575f72b09d328131c58c2875e69c6ae2943e239061be96a65f62789f536afcd74 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 70b61bf9979946b476a0b4468d612cb0183b1a788c0508655e80dfa411193fb76e53ce6dbf21ec1b699d9ae75bec9c54b504cd8351bb5c61a6ad56eff145cbf8 +SHA512 (container-selinux.tgz) = 2c214386e2f382d7b237f81b1ccdcbbfb111115868f9e9219a454984233907138df69e52b82ebbbce3c2209c4d5e56e558d8790a8e8a2744203bd13c7ec69001