import selinux-policy-40.13.12-1.el10

2 months ago · f7406ae4a4
parent e4fb15f834
commit f7406ae4a4
4 changed files with 76 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-3d165a6.tar.gz
+SOURCES/selinux-policy-e0e55ec.tar.gz
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@ -1,2 +1,2 @@
-cc56c4b39763b0c0eec6cc128dab6c1e3b428600 SOURCES/container-selinux.tgz
-a1dbf2c006b89e053e3cf6bb2aec1cda55756ad2 SOURCES/selinux-policy-3d165a6.tar.gz
+af636ad9e5dcfa4a0086e0bc91aa01749bba8493 SOURCES/container-selinux.tgz
+5e463dff1b417b36730f44922c51ff95a509e565 SOURCES/selinux-policy-e0e55ec.tar.gz
--- a/SOURCES/modules-targeted-contrib.conf
+++ b/SOURCES/modules-targeted-contrib.conf
@ -720,6 +720,13 @@ glusterd =  module
 # 
 gnome = module

+# Layer: apps
+# Module: gnome_remote_desktop
+#
+# gnome-remote-desktop
+#
+gnome_remote_desktop = module
+
 # Layer: apps
 # Module: gpg
 #
@ -2782,3 +2789,18 @@ coreos_installer = module
 # afterburn
 #
 afterburn = module
+
+# Layer: contrib
+# Module: iiosensorproxy
+#
+# Policy for iio-sensor-proxy - IIO sensors to D-Bus proxy
+#
+iiosensorproxy = module
+
+# Layer: contrib
+# Module: pcm
+#
+# Policy for pcm - Intel(r) Performance Counter Monitor
+#
+#
+pcm = module
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 3d165a6733390d9313d4360831f48379b7b13fc0
+%global commit e0e55ecfdebae28221324ff62a7784fe509617df
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 40.13.10
+Version: 40.13.12
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -860,9 +860,57 @@ exit 0
 %endif

 %changelog
-* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 40.13.10-1
+* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 40.13.12-1
 - Rebuilt for MSVSphere 10

+* Thu Oct 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.12-1
+- Dontaudit subscription manager setfscreate and read file contexts
+Resolves: RHEL-58009
+- Allow the sysadm user use the secretmem API
+Resolves: RHEL-40953
+- Allow sudodomain list files in /var
+Resolves: RHEL-58068
+- Allow gnome-remote-desktop watch /etc directory
+Resolves: RHEL-35877
+- Allow journalctl connect to systemd-userdbd over a unix socket
+Resolves: RHEL-58072
+- systemd: allow sys_admin capability for systemd_notify_t
+Resolves: RHEL-58072
+- Allow some confined users send to lldpad over a unix dgram socket
+Resolves: RHEL-61634
+- Allow lldpad send to sysadm_t over a unix dgram socket
+Resolves: RHEL-61634
+- Allow lldpd connect to systemd-machined over a unix socket
+Resolves: RHEL-61634
+
+* Wed Oct 23 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.11-1
+- Allow ping_t read network sysctls
+Resolves: RHEL-54299
+- Label /usr/lib/node_modules/npm/bin with bin_t
+Resolves: RHEL-56350
+- Label /run/sssd with sssd_var_run_t
+Resolves: RHEL-57065
+- Allow virtqemud read virtd_t files
+Resolves: RHEL-57713
+- Allow wdmd read hardware state information
+Resolves: RHEL-57982
+- Allow wdmd list the contents of the sysfs directories
+Resolves: RHEL-57982
+- Label /etc/sysctl.d and /run/sysctl.d with system_conf_t
+Resolves: RHEL-58380
+- Allow dirsrv read network sysctls
+Resolves: RHEL-58381
+- Allow lldpad create and use netlink_generic_socket
+Resolves: RHEL-61634
+- Allow unconfined_t execute kmod in the kmod domain
+Resolves: RHEL-61755
+- Confine the pcm service
+Resolves: RHEL-52838
+- Allow iio-sensor-proxy the bpf capability
+Resolves: RHEL-62355
+- Confine iio-sensor-proxy
+Resolves: RHEL-62355
+
 * Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1
 - Confine gnome-remote-desktop
 Resolves: RHEL-35877