From 0182f3d8ecb5e8bbc1bc128ae2b0b310dddfc5aa Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Aug 12 2021 16:41:44 +0000 Subject: * Thu Aug 12 2021 Zdenek Pytela - 34.16-1 - Allow systemd-timesyncd watch system dbus pid socket files - Allow firewalld drop capabilities - Allow rhsmcertd execute gpg - Allow lldpad send to kdump over a unix dgram socket - Allow systemd-gpt-auto-generator read udev pid files - Set default file context for /sys/firmware/efi/efivars - Allow tcpdump run as a systemd service - Allow nmap create and use netlink generic socket - Allow nscd watch system db files in /var/db - Allow cockpit_ws_t get attributes of fs_t filesystems - Allow sysadm acces to kernel module resources - Allow sysadm to read/write scsi files and manage shadow - Allow sysadm access to files_unconfined and bind rpc ports - Allow sysadm read and view kernel keyrings - Allow journal mmap and read var lib files - Allow tuned to read rhsmcertd config files - Allow bootloader to read tuned etc files - Label /usr/bin/qemu-storage-daemon with virtd_exec_t --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 8d79d3a..480c047 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 66323a2d3fef73b2a6aa8b32f8cf6d8d78fa0d3b +%global commit 14f55fbbd083aa0bee8dd76f8084221e9b813e79 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 34.15 +Version: 34.16 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -810,6 +810,26 @@ exit 0 %endif %changelog +* Thu Aug 12 2021 Zdenek Pytela - 34.16-1 +- Allow systemd-timesyncd watch system dbus pid socket files +- Allow firewalld drop capabilities +- Allow rhsmcertd execute gpg +- Allow lldpad send to kdump over a unix dgram socket +- Allow systemd-gpt-auto-generator read udev pid files +- Set default file context for /sys/firmware/efi/efivars +- Allow tcpdump run as a systemd service +- Allow nmap create and use netlink generic socket +- Allow nscd watch system db files in /var/db +- Allow cockpit_ws_t get attributes of fs_t filesystems +- Allow sysadm acces to kernel module resources +- Allow sysadm to read/write scsi files and manage shadow +- Allow sysadm access to files_unconfined and bind rpc ports +- Allow sysadm read and view kernel keyrings +- Allow journal mmap and read var lib files +- Allow tuned to read rhsmcertd config files +- Allow bootloader to read tuned etc files +- Label /usr/bin/qemu-storage-daemon with virtd_exec_t + * Fri Aug 06 2021 Zdenek Pytela - 34.15-1 - Disable seccomp on CI containers - Allow systemd-machined stop generic service units diff --git a/sources b/sources index c23b9fa..12e0a1e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-66323a2.tar.gz) = 441bbc9dd9460ce588913bf047b308beb962017df7185c36a79137431f9d49f4365bb6f64cc4f6f33c1f7efc079e650382807f00243330b4e33f2b32eb92cceb +SHA512 (selinux-policy-14f55fb.tar.gz) = 5b489a5758fc3c673facd4f1742e62901cd86992882f4ef84222cb96ed0af5bd8d1351b5c16602675c68a6068eb44cb17f0f124f8572cd39afc05cb31ed8a8eb +SHA512 (container-selinux.tgz) = 17a92fd6a3b2f5b98bda3b242eda39f841feb4c5e33ae30a8769697df33621804c89f9c1bb6442faf1b9f12af18265171003eaad4e99a70d09815b7acf37240c SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = e2c686071afcbe3a079e227ebaf3c533ec7d7f73901820f0391b61bad90630cc1048d06b81985182a6b2f4b9b9826a3138080de653c44c466217987f6e4bf8a8