From 38fd9a9006f250daddaf123aef4a7e7d75248d28 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Jun 15 2023 09:13:58 +0000 Subject: * Thu Jun 15 2023 Zdenek Pytela - 38.17-1 - Label /dev/userfaultfd with userfaultfd_t - Allow blueman send general signals to unprivileged user domains - Allow dkim-milter domain transition to sendmail - Label /usr/sbin/cifs.idmap with cifs_helper_exec_t - Allow cifs-helper read sssd kerberos configuration files - Allow rpm_t sys_admin capability - Allow dovecot_deliver_t create/map dovecot_spool_t dir/file - Allow collectd_t read proc_net link files - Allow insights-client getsession process permission - Allow insights-client work with pipe and socket tmp files - Allow insights-client map generic log files - Update cyrus_stream_connect() to use sockets in /run - Allow keyutils-dns-resolver read/view kernel key ring - Label /var/log/kdump.log with kdump_log_t --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 7e337fd..b29cf88 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 79f41b6c52b80920a70fe2ba8addead254579365 +%global commit 8f7ccc6e2f7fdc36666ae195e6c8a06bb611b862 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 38.16 +Version: 38.17 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -814,6 +814,22 @@ exit 0 %endif %changelog +* Thu Jun 15 2023 Zdenek Pytela - 38.17-1 +- Label /dev/userfaultfd with userfaultfd_t +- Allow blueman send general signals to unprivileged user domains +- Allow dkim-milter domain transition to sendmail +- Label /usr/sbin/cifs.idmap with cifs_helper_exec_t +- Allow cifs-helper read sssd kerberos configuration files +- Allow rpm_t sys_admin capability +- Allow dovecot_deliver_t create/map dovecot_spool_t dir/file +- Allow collectd_t read proc_net link files +- Allow insights-client getsession process permission +- Allow insights-client work with pipe and socket tmp files +- Allow insights-client map generic log files +- Update cyrus_stream_connect() to use sockets in /run +- Allow keyutils-dns-resolver read/view kernel key ring +- Label /var/log/kdump.log with kdump_log_t + * Fri Jun 09 2023 Zdenek Pytela - 38.16-1 - Add support for the systemd-pstore service - Allow kdumpctl_t to execmem diff --git a/sources b/sources index 1421d6a..bef65b2 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-79f41b6.tar.gz) = fe764e9d2209a3d91dfd53e1b38522a65726d1c8b454535b84ed8be2555f3b16bd640eeebf3d1b77aec3d124cec3b6fb3f06aba6e19316c05840a45a714488fb +SHA512 (selinux-policy-8f7ccc6.tar.gz) = 2234a484f93f5c1e7bb3af965f0df268bd6b71fc22283c05129a668b6b19274321ec2bc2a903c12fc9297700d95f6f39d1a6bd141880167dbb4740013d7d39ee SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = c1b2b2db5a61c93798e8efc3081f6b08fa7b845401764a95bd5a1e1a75b87b3f94334ff74fafe0aef620f2423adfd1ae7365e55cf0f3371fc1cafa77400ad2bc +SHA512 (container-selinux.tgz) = 621b83370c26f751fd99f09f4cca2efaa43f24941b267c58016f5c24d05e0c3db23a838e9055ad8560eb69e727612321f062d5374b569a759ed91d2db3c67ddc