Compare commits

...

No commits in common. "c8" and "c8-beta-135" have entirely different histories.

3 changed files with 9 additions and 75 deletions

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/container-selinux.tgz SOURCES/container-selinux.tgz
SOURCES/selinux-policy-contrib-aadacd8.tar.gz SOURCES/selinux-policy-61dd8ba.tar.gz
SOURCES/selinux-policy-fa87f85.tar.gz SOURCES/selinux-policy-contrib-de23cff.tar.gz

View File

@ -1,3 +1,3 @@
34a078fbec0190b407d64c1664aaa0887204ba2e SOURCES/container-selinux.tgz bbb12996896e2ee34641583ae64503c3e3c186e0 SOURCES/container-selinux.tgz
470eeffd45f8dd003edb6ddbff4104e573b6c08d SOURCES/selinux-policy-contrib-aadacd8.tar.gz 28b3d418be6422cbc97283bf4295e6b81cd3e58d SOURCES/selinux-policy-61dd8ba.tar.gz
91c17cd38073aba5562898449fe3b4f2bbffac8e SOURCES/selinux-policy-fa87f85.tar.gz 2a054f0b9270940e30817ae8b66d5f07721fb5c4 SOURCES/selinux-policy-contrib-de23cff.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 fa87f8551f38f3977209b9c633766f28c8fda086 %global commit0 61dd8ba370aedb16deafa02188ea920dd5378e6c
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 aadacd8e54ad79d73aca5b869cbd0c135d3a6f4d %global commit1 de23cffbbbbd97d50fa461217ef05e258f398c4b
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.3 Version: 3.14.3
Release: 139%{?dist}.1 Release: 135%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -443,7 +443,7 @@ mv %{buildroot}%{_usr}/share/man/man8/style.css %{buildroot}%{_usr}/share/selinu
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
sed -i 's/SELINUXPOLICYVERSION/%{version}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy sed -i 's/SELINUXPOLICYVERSION/%{version}-%{release}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
@ -718,72 +718,6 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Oct 25 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-139.1
- Allow setsebool_t relabel selinux data files
Resolves: RHEL-55432
- Allow dirsrv-snmp map dirsv_tmpfs_t files
Resolves: RHEL-32441
- Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files
Resolves: RHEL-32441
* Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-139
- Allow wdmd read hardware state information
Resolves: RHEL-27507
* Fri Mar 08 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-138
- Allow wdmd list the contents of the sysfs directories
Resolves: RHEL-27507
- Allow linuxptp configure phc2sys and chronyd over a unix domain socket
Resolves: RHEL-27394
* Thu Feb 22 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-137
- Differentiate between staff and sysadm when executing crontab with sudo
Resolves: RHEL-1388
- Allow su domains write login records
Resolves: RHEL-2606
- Revert "Allow su domains write login records"
Resolves: RHEL-2606
- Add crontab_admin_domtrans interface
Resolves: RHEL-1388
- Allow gpg manage rpm cache
Resolves: RHEL-11249
* Thu Feb 15 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-136
- Transition from sudodomains to crontab_t when executing crontab_exec_t
Resolves: RHEL-1388
- Fix label of pseudoterminals created from sudodomain
Resolves: RHEL-1388
- Allow login_userdomain to manage session_dbusd_tmp_t dirs/files
Resolves: RHEL-22500
- Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t
Resolves: RHEL-23442
- Allow admin user read/write on fixed_disk_device_t
Resolves: RHEL-23434
- Only allow confined user domains to login locally without unconfined_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_confined_admin_users interface
Resolves: RHEL-1628
- Only allow admindomain to execute shell via ssh with ssh_sysadm_login
Resolves: RHEL-1628
- Add userdom_spec_domtrans_admin_users interface
Resolves: RHEL-1628
- Move ssh dyntrans to unconfined inside unconfined_login tunable policy
Resolves: RHEL-1628
- Allow utempter_t use ptmx
Resolves: RHEL-25002
- Dontaudit subscription manager setfscreate and read file contexts
Resolves: RHEL-21639
- Don't audit crontab_domain write attempts to user home
Resolves: RHEL-1388
- Add crontab_domtrans interface
Resolves: RHEL-1388
- Add dbus_manage_session_tmp_files interface
Resolves: RHEL-22500
- Allow httpd read network sysctls
Resolves: RHEL-22748
- Allow keepalived_unconfined_script_t dbus chat with init
Resolves: RHEL-22843
* Fri Jan 26 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-135 * Fri Jan 26 2024 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-135
- Label /tmp/libdnf.* with user_tmp_t - Label /tmp/libdnf.* with user_tmp_t
Resolves: RHEL-11249 Resolves: RHEL-11249