diff --git a/.gitignore b/.gitignore index 101d38d..f02605b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/container-selinux.tgz -SOURCES/selinux-policy-3d165a6.tar.gz +SOURCES/selinux-policy-e0e55ec.tar.gz diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata index d3f91a5..e543373 100644 --- a/.selinux-policy.metadata +++ b/.selinux-policy.metadata @@ -1,2 +1,2 @@ -cc56c4b39763b0c0eec6cc128dab6c1e3b428600 SOURCES/container-selinux.tgz -a1dbf2c006b89e053e3cf6bb2aec1cda55756ad2 SOURCES/selinux-policy-3d165a6.tar.gz +af636ad9e5dcfa4a0086e0bc91aa01749bba8493 SOURCES/container-selinux.tgz +5e463dff1b417b36730f44922c51ff95a509e565 SOURCES/selinux-policy-e0e55ec.tar.gz diff --git a/SOURCES/modules-targeted-contrib.conf b/SOURCES/modules-targeted-contrib.conf index f5bb906..10bd9b8 100644 --- a/SOURCES/modules-targeted-contrib.conf +++ b/SOURCES/modules-targeted-contrib.conf @@ -720,6 +720,13 @@ glusterd = module # gnome = module +# Layer: apps +# Module: gnome_remote_desktop +# +# gnome-remote-desktop +# +gnome_remote_desktop = module + # Layer: apps # Module: gpg # @@ -2782,3 +2789,18 @@ coreos_installer = module # afterburn # afterburn = module + +# Layer: contrib +# Module: iiosensorproxy +# +# Policy for iio-sensor-proxy - IIO sensors to D-Bus proxy +# +iiosensorproxy = module + +# Layer: contrib +# Module: pcm +# +# Policy for pcm - Intel(r) Performance Counter Monitor +# +# +pcm = module diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index 3b50b04..1aa4252 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 3d165a6733390d9313d4360831f48379b7b13fc0 +%global commit e0e55ecfdebae28221324ff62a7784fe509617df %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.13.10 +Version: 40.13.12 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -860,6 +860,54 @@ exit 0 %endif %changelog +* Thu Oct 24 2024 Zdenek Pytela - 40.13.12-1 +- Dontaudit subscription manager setfscreate and read file contexts +Resolves: RHEL-58009 +- Allow the sysadm user use the secretmem API +Resolves: RHEL-40953 +- Allow sudodomain list files in /var +Resolves: RHEL-58068 +- Allow gnome-remote-desktop watch /etc directory +Resolves: RHEL-35877 +- Allow journalctl connect to systemd-userdbd over a unix socket +Resolves: RHEL-58072 +- systemd: allow sys_admin capability for systemd_notify_t +Resolves: RHEL-58072 +- Allow some confined users send to lldpad over a unix dgram socket +Resolves: RHEL-61634 +- Allow lldpad send to sysadm_t over a unix dgram socket +Resolves: RHEL-61634 +- Allow lldpd connect to systemd-machined over a unix socket +Resolves: RHEL-61634 + +* Wed Oct 23 2024 Zdenek Pytela - 40.13.11-1 +- Allow ping_t read network sysctls +Resolves: RHEL-54299 +- Label /usr/lib/node_modules/npm/bin with bin_t +Resolves: RHEL-56350 +- Label /run/sssd with sssd_var_run_t +Resolves: RHEL-57065 +- Allow virtqemud read virtd_t files +Resolves: RHEL-57713 +- Allow wdmd read hardware state information +Resolves: RHEL-57982 +- Allow wdmd list the contents of the sysfs directories +Resolves: RHEL-57982 +- Label /etc/sysctl.d and /run/sysctl.d with system_conf_t +Resolves: RHEL-58380 +- Allow dirsrv read network sysctls +Resolves: RHEL-58381 +- Allow lldpad create and use netlink_generic_socket +Resolves: RHEL-61634 +- Allow unconfined_t execute kmod in the kmod domain +Resolves: RHEL-61755 +- Confine the pcm service +Resolves: RHEL-52838 +- Allow iio-sensor-proxy the bpf capability +Resolves: RHEL-62355 +- Confine iio-sensor-proxy +Resolves: RHEL-62355 + * Wed Oct 16 2024 Zdenek Pytela - 40.13.10-1 - Confine gnome-remote-desktop Resolves: RHEL-35877