From becfaa4a865fc40dc93b8c913dcf28bbe326f83a Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 20 Dec 2024 13:47:02 +0300 Subject: [PATCH] import selinux-policy-40.13.19-1.el10 --- .gitignore | 2 +- .selinux-policy.metadata | 4 +-- SPECS/selinux-policy.spec | 70 +++++++++++++++++++++++++++++++++++++-- 3 files changed, 71 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index c6393c0..88dc889 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-3f0002a.tar.gz +SOURCES/selinux-policy-14ba8a3.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index 12d2957..f6450f3 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,2 +1,2 @@ -a93d442e55a089e898204de344ea212302d626d2 SOURCES/container-selinux.tgz -444104bed47e1d4da78a6e09764a5e42c4f757af SOURCES/selinux-policy-3f0002a.tar.gz +4e860788a4fe3bb771ba2f0d0f7a4b934d1d7eee SOURCES/container-selinux.tgz +e9156e9d0c01a68682e7a0f87772d6d3bba80a15 SOURCES/selinux-policy-14ba8a3.tar.gz diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index f4a109d..1d2e386 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -10,7 +10,7 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 3f0002adb63d7da7f8dcb203925b9ba6d10301c3 +%global commit 14ba8a3b89d9bc28b698d366b52d747f477d9ca9 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -22,7 +22,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.13.16 +Version: 40.13.19 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -760,6 +760,72 @@ exit 0 %changelog ## START: Generated by rpmautospec +* Wed Dec 18 2024 Zdenek Pytela - 40.13.19-1 +- Allow systemd-journald getattr nsfs files +Resolves: RHEL-71803 +- Allow systemd-related domains getattr nsfs files +Resolves: RHEL-71803 + +* Fri Dec 13 2024 Zdenek Pytela - 40.13.18-1 +- Sync dist/targeted/modules.conf with Fedora 42 +Resolves: RHEL-70850 +- Add support for sap +Resolves: RHEL-70850 +- Allow sssd_selinux_manager_t the setcap process permission +Resolves: RHEL-70822 +- Allow virtqemud open svirt_devpts_t char files +Resolves: RHEL-43446 +- Fix the cups_read_pid_files() interface to use read_files_pattern +Resolves: RHEL-69512 + +* Thu Dec 12 2024 Zdenek Pytela - 40.13.17-1 +- Update samba-bgqd policy +Resolves: RHEL-69512 +- Allow samba-bgqd read cups config files +Resolves: RHEL-69512 +- Allow virtqemud additional permissions for tmpfs_t blk devices +Resolves: RHEL-61235 +- Allow virtqemud rw access to svirt_image_t chr files +Resolves: RHEL-61235 +- Allow virtqemud rw and setattr access to fixed block devices +Resolves: RHEL-61235 +- Label /etc/mdevctl.d/scripts.d with bin_t +Resolves: RHEL-39893 +- Fix the /etc/mdevctl\.d(/.*)? regexp +Resolves: RHEL-39893 +- Allow virtnodedev watch mdevctl config dirs +Resolves: RHEL-39893 +- Make mdevctl_conf_t member of the file_type attribute +Resolves: RHEL-39893 +- Label /etc/mdevctl.d with mdevctl_conf_t +Resolves: RHEL-39893 +- Allow virtqemud relabelfrom virt_log_t files +Resolves: RHEL-48236 +- Allow virtqemud_t relabel virtqemud_var_run_t sock_files +Resolves: RHEL-48236 +- Allow virtqemud relabelfrom virtqemud_var_run_t dirs +Resolves: RHEL-48236 +- Allow svirt_tcg_t read virtqemud_t fifo_files +Resolves: RHEL-48236 +- Allow virtqemud rw and setattr access to sev devices +Resolves: RHEL-69128 +- Allow virtqemud directly read and write to a fixed disk +Resolves: RHEL-61235 +- Allow svirt_t the sys_rawio capability +Resolves: RHEL-61235 +- Allow svirt_t the sys_rawio capability +Resolves: RHEL-61235 +- Allow virtqemud connect to sanlock over a unix stream socket +Resolves: RHEL-44352 +- allow gdm and iiosensorproxy talk to each other via D-bus +Resolves: RHEL-70850 +- Allow sendmail to map mail server configuration files +Related: RHEL-54014 +- Allow procmail to read mail aliases +Resolves: RHEL-54014 +- Grant rhsmcertd chown capability & userdb access +Resolves: RHEL-68481 + * Fri Nov 29 2024 Zdenek Pytela - 40.13.16-1 - Fix the file type for /run/systemd/generator Resolves: RHEL-68313