From fe7971a7a70689dce44947a6a83361ac960c2b52 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Wed, 14 Jul 2021 14:59:11 +0200 Subject: [PATCH] * Wed Jul 14 2021 Zdenek Pytela - 34.14-1 - Revert "update libs_filetrans_named_content() to have support for /usr/lib/debug directory" - Remove references to init_watch_path_type attribute - Remove all redundant watch permissions for systemd - Allow systemd watch non_security_file_type dirs, files, lnk_files - Removed adding to attribute unpriv_userdomain from userdom_unpriv_type template - Allow bacula get attributes of cgroup filesystems - Allow systemd-journal-upload watch logs and journal - Create a policy for systemd-journal-upload - Allow tcpdump and nmap get attributes of infiniband_device_t - Allow arpwatch get attributes of infiniband_device_t devices - Label /dev/wmi/dell-smbios as acpi_device_t --- selinux-policy.spec | 17 +++++++++++++++-- sources | 4 ++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 5f1e7e33..0d6bb6d4 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 85d254ceaa5c4ec8fbf658e9cbccbd996b7ba12f +%global commit 0fc68a1f54d3789a30461f76f3469b6190be95dd %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.13 +Version: 34.14 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -810,6 +810,19 @@ exit 0 %endif %changelog +* Wed Jul 14 2021 Zdenek Pytela - 34.14-1 +- Revert "update libs_filetrans_named_content() to have support for /usr/lib/debug directory" +- Remove references to init_watch_path_type attribute +- Remove all redundant watch permissions for systemd +- Allow systemd watch non_security_file_type dirs, files, lnk_files +- Removed adding to attribute unpriv_userdomain from userdom_unpriv_type template +- Allow bacula get attributes of cgroup filesystems +- Allow systemd-journal-upload watch logs and journal +- Create a policy for systemd-journal-upload +- Allow tcpdump and nmap get attributes of infiniband_device_t +- Allow arpwatch get attributes of infiniband_device_t devices +- Label /dev/wmi/dell-smbios as acpi_device_t + * Thu Jul 01 2021 Zdenek Pytela - 34.13-1 - Allow radius map its library files - Allow nftables read NetworkManager unnamed pipes diff --git a/sources b/sources index 241005ba..0333cda1 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-85d254c.tar.gz) = 81e0de529fdf099182c2f70e7c266665d5ab49771a71f7914290649eb30e6ee441f43e29a657a07627a89aa04ec897e043573bcc1558a96b001ad1381eb27ae2 +SHA512 (selinux-policy-0fc68a1.tar.gz) = 7a25368ba4d6635e93bf9f2f81a829ce9cb73d5043cbb7de96f7025bbc16c16209d0b832c9e91cc5ee6e3eb4708a1139e4dfe8c0921e23cd39e3e4f0d21b7271 +SHA512 (container-selinux.tgz) = 123edc2c719bfe2c95ee973e7bf02142c69d001a9324d99f2c5259a04a26e71772eafe0b962694a14cc539104d8d8b06ff75971e4bc722d643e16a76354b8d35 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 623417d92f2b529a5b419e5c769b649ba2efb310f5ea3b072172a05dc1ac6db1562c362be765e0e8b7997e274a58946afe6ee3e53a93cab6c7f454e2549a5822