PR#346: * Thu Jun 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.17-1 - rpms/selinux-policy

rpms / selinux-policy

#346 * Thu Jun 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.17-1

Merged a year ago by zpytela. Opened a year ago by zpytela.

rpms/ zpytela/selinux-policy f38 into f38

* Thu Jun 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.17-1

Zdenek Pytela • a year ago

24d0c6e

Exclude container-selinux manpage from selinux-policy-doc

Zdenek Pytela • a year ago

3527a0b

selinux-policy.spec

file modified

+37 -2

		`@@ -1,6 +1,6 @@`
		`# github repo with selinux-policy sources`
		`%global giturl https://github.com/fedora-selinux/selinux-policy`
		`- %global commit 1c095937163faff5822b673b6771b700002ad3a6`
		`+ %global commit 8f7ccc6e2f7fdc36666ae195e6c8a06bb611b862`
		`%global shortcommit %(c=%{commit}; echo ${c:0:7})`

		`%define distro redhat`
		`@@ -23,7 +23,7 @@`
		`%define CHECKPOLICYVER 3.2`
		`Summary: SELinux policy configuration`
		`Name: selinux-policy`
		`- Version: 38.15`
		`+ Version: 38.17`
		`Release: 1%{?dist}`
		`License: GPL-2.0-or-later`
		`Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz`
		`@@ -168,6 +168,7 @@`
		`%files doc`
		`%{_mandir}/man/`
		`%{_mandir}/ru//`
		`+ %exclude %{_mandir}/man8/container_selinux.8.gz`
		`%doc %{_datadir}/doc/%{name}`

		`%define common_params DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024`
		`@@ -813,6 +814,40 @@`
		`%endif`

		`%changelog`
		`+ * Thu Jun 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.17-1`
		`+ - Label /dev/userfaultfd with userfaultfd_t`
		`+ - Allow blueman send general signals to unprivileged user domains`
		`+ - Allow dkim-milter domain transition to sendmail`
		`+ - Label /usr/sbin/cifs.idmap with cifs_helper_exec_t`
		`+ - Allow cifs-helper read sssd kerberos configuration files`
		`+ - Allow rpm_t sys_admin capability`
		`+ - Allow dovecot_deliver_t create/map dovecot_spool_t dir/file`
		`+ - Allow collectd_t read proc_net link files`
		`+ - Allow insights-client getsession process permission`
		`+ - Allow insights-client work with pipe and socket tmp files`
		`+ - Allow insights-client map generic log files`
		`+ - Update cyrus_stream_connect() to use sockets in /run`
		`+ - Allow keyutils-dns-resolver read/view kernel key ring`
		`+ - Label /var/log/kdump.log with kdump_log_t`
		`+`
		`+ * Fri Jun 09 2023 Zdenek Pytela <zpytela@redhat.com> - 38.16-1`
		`+ - Add support for the systemd-pstore service`
		`+ - Allow kdumpctl_t to execmem`
		`+ - Update sendmail policy module for opensmtpd`
		`+ - Allow nagios-mail-plugin exec postfix master`
		`+ - Allow subscription-manager execute ip`
		`+ - Allow ssh client connect with a user dbus instance`
		`+ - Add support for ksshaskpass`
		`+ - Allow rhsmcertd file transition in /run also for socket files`
		`+ - Allow keyutils_dns_resolver_t execute keyutils_dns_resolver_exec_t`
		`+ - Allow plymouthd read/write X server miscellaneous devices`
		`+ - Allow systemd-sleep read udev pid files`
		`+ - Allow exim read network sysctls`
		`+ - Allow sendmail request load module`
		`+ - Allow named map its conf files`
		`+ - Allow squid map its cache files`
		`+ - Allow NetworkManager_dispatcher_dhclient_t to execute shells without a domain transition`
		`+`
		`* Tue May 30 2023 Zdenek Pytela <zpytela@redhat.com> - 38.15-1`
		`- Update policy for systemd-sleep`
		`- Remove permissive domain for rshim_t`

sources

file modified

+2 -2

		`@@ -1,3 +1,3 @@`
		`- SHA512 (selinux-policy-1c09593.tar.gz) = 3017973aa40f6df483365ce5f8eeaa879d52baac16a9c356ca9d3c430760ea80745a8a3f3a59a980689fd7b84f4ce96c29a5479345bc9a1a550d58a22a66f1fd`
		`- SHA512 (container-selinux.tgz) = d874558cbfee991147211b357a4defa6c1dc8d03e6fac82a56a92b3ebde66430634b0daf24d708733a24df9db1f31b7a5992e204e560de4da64fc0daa6463bab`
		`+ SHA512 (selinux-policy-8f7ccc6.tar.gz) = 2234a484f93f5c1e7bb3af965f0df268bd6b71fc22283c05129a668b6b19274321ec2bc2a903c12fc9297700d95f6f39d1a6bd141880167dbb4740013d7d39ee`
		`SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4`
		`+ SHA512 (container-selinux.tgz) = f93aa409b515ee588e3116bf115a19314845dc56b3b49bb929cf9e2118e1a90d53500b7f4598baa06ad118d771c86074165d63f1378c173e5ac816e884535e2c`

zpytela commented a year ago

Label /dev/userfaultfd with userfaultfd_t
- Allow blueman send general signals to unprivileged user domains
- Allow dkim-milter domain transition to sendmail
- Label /usr/sbin/cifs.idmap with cifs_helper_exec_t
- Allow cifs-helper read sssd kerberos configuration files
- Allow rpm_t sys_admin capability
- Allow dovecot_deliver_t create/map dovecot_spool_t dir/file
- Allow collectd_t read proc_net link files
- Allow insights-client getsession process permission
- Allow insights-client work with pipe and socket tmp files
- Allow insights-client map generic log files
- Update cyrus_stream_connect() to use sockets in /run
- Allow keyutils-dns-resolver read/view kernel key ring
- Label /var/log/kdump.log with kdump_log_t