From e53105b3ae6871e128ea77faee962be0174485c0 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Feb 11 2022 18:17:12 +0000 Subject: * Fri Feb 11 2022 Zdenek Pytela - 35.14-1 - Allow sysadm_passwd_t to relabel passwd and group files - Allow confined sysadmin to use tool vipw - Allow login_userdomain map /var/lib/directories - Allow login_userdomain watch library and fonts dirs - Allow login_userdomain watch system configuration dirs - Allow login_userdomain read systemd runtime files - Fix koji repo URL pattern - Allow alsa bind mixer controls to led triggers - Add the map permission to common_anon_inode_perm permission set - Rename userfaultfd_anon_inode_perms to common_inode_perms - Allow sanlock get attributes of filesystems with extended attributes - Associate stratisd_data_t with device filesystem - Allow init read stratis data symlinks --- diff --git a/selinux-policy.spec b/selinux-policy.spec index b9c86ea..bc90fd8 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 569208d534e1a53d75b187ec44ecda856ee6139c +%global commit 369f900039cff9443e86fdf7254ba8b11dc6adb5 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 35.13 +Version: 35.14 Release: 1%{?dist} License: GPLv2+ Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -808,6 +808,21 @@ exit 0 %endif %changelog +* Fri Feb 11 2022 Zdenek Pytela - 35.14-1 +- Allow sysadm_passwd_t to relabel passwd and group files +- Allow confined sysadmin to use tool vipw +- Allow login_userdomain map /var/lib/directories +- Allow login_userdomain watch library and fonts dirs +- Allow login_userdomain watch system configuration dirs +- Allow login_userdomain read systemd runtime files +- Fix koji repo URL pattern +- Allow alsa bind mixer controls to led triggers +- Add the map permission to common_anon_inode_perm permission set +- Rename userfaultfd_anon_inode_perms to common_inode_perms +- Allow sanlock get attributes of filesystems with extended attributes +- Associate stratisd_data_t with device filesystem +- Allow init read stratis data symlinks + * Wed Feb 02 2022 Patrik Koncity - 35.13-1 - Allow systemd services watch dbusd pid directory and its parents - Allow ModemManager connect to the unconfined user domain diff --git a/sources b/sources index cb6c3c5..472e306 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-569208d.tar.gz) = 395c23468251a23fc88c1b82af4e56482ec4cba9f147816210d703c92b406fe19f46d9bc874fd96c7276881588e1852042e7a42af440b7cc99ed6509907060a7 -SHA512 (container-selinux.tgz) = bdf0a7e0866bc21bee01bf5cc089bcfc5fdbdad98c3be2010d46d7a4f39ee3382916462fba8edcf4abf38bcdc37d4a6af2defc3798325040fc9b0e25df82a8dd +SHA512 (selinux-policy-369f900.tar.gz) = a69bb7af266f013325de204e66877a4a8bb5345cf8e332efe1cb3c0993da312e0bd3bef687e366064bfe940854fe9ed24605afa08cdadfcdbbab238a9b255572 +SHA512 (container-selinux.tgz) = eafa145d6e9175f52dd1d56af7b890f983bbc9995e728920756f44185f3ffdb16fb0d049121e262a644c37537a6951224d42861a643ca80b86af8be530a13802 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4