diff --git a/container-selinux.tgz b/container-selinux.tgz index bd2f5f8287d12b33dd3a0451fc065f656cd532c2..bd56e38017867387f66d5baaf4290d8723aca49c 100644 Binary files a/container-selinux.tgz and b/container-selinux.tgz differ diff --git a/dist b/dist index 9c0e36ec42a2d9bfefacb21ac6354c9ddd910533..535c6900412d365bb0ff6de8d1f27110833b3ae3 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8 +an8_7 diff --git a/download b/download index 2d64500363f26d6295b0fdd5de805a73cd1cbc33..6540b2991a19a17e88d8dd638f66ba0b28f05940 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -77a7214de69b0740599b63750c634857 selinux-policy-76d3f46.tar.gz -0a174c1c07ff635153825a43de1071b0 selinux-policy-contrib-f71a764.tar.gz +5ffa675067c5ae91f2a48a2b98258208 selinux-policy-8a7c84e.tar.gz +229bead97433cafbe2e8699597fdb683 selinux-policy-contrib-3fdedc8.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 4bf1e8afb922048b46e376e940d775655390821d..c4f8d9a2604f31b00617af8ecb9d059e83915e18 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,12 +1,12 @@ %define anolis_release .0.1 # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 76d3f46c6576aa301aef3702c1c30739f506691f +%global commit0 8a7c84e9d530d1ef4bea7895c18095254ed0cb2b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 f71a76424ebaf8e8af3896bc758cfe10b9102892 +%global commit1 3fdedc8e457a69925e40d245785d132185c27fb3 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -30,7 +30,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 108%{anolis_release}%{?dist} +Release: 108%{anolis_release}%{?dist}.2 License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -718,9 +718,63 @@ exit 0 %endif %changelog -* Tue Dec 27 2022 Weitao Zhou - 3.14.3-108.0.1 +* Thu Apr 20 2023 Weitao Zhou - 3.14.3-108.0.1.2 - Disable selinux by default +* Tue Feb 21 2023 Zdenek Pytela - 3.14.3-108.2 +- Add domain_unix_read_all_semaphores() interface +Resolves: rhbz#2170510 +- Add interfaces in domain, files, and unconfined modules +Resolves: rhbz#2170510 +- Allow insights-client manage fsadm pid files +Resolves: rhbz#2170510 +- Allow insights-client work with su and lpstat +Resolves: rhbz#2170510 +- Allow insights-client read nvme devices +Resolves: rhbz#2170510 +- Allow insights-client tcp connect to all ports +Resolves: rhbz#2170510 +- Add insights additional capabilities +Resolves: rhbz#2170510 +- Allow insights client work with gluster and pcp +Resolves: rhbz#2170510 +- Allow insights-client tcp connect to various ports +Resolves: rhbz#2170510 +- Allow insights-client work with pcp and manage user config files +Resolves: rhbz#2170510 +- Allow insights-client dbus chat with various services +Resolves: rhbz#2170510 +- Allow insights-client dbus chat with abrt +Resolves: rhbz#2170510 +- Allow insights client communicate with cupsd, mysqld, openvswitch, redis +Resolves: rhbz#2170510 +- Allow insights client read raw memory devices +Resolves: rhbz#2170510 +- Allow insights-client domain transition on semanage execution +Resolves: rhbz#2170510 +- Allow insights-client create gluster log dir with a transition +Resolves: rhbz#2170510 +- Allow insights-client manage generic locks +Resolves: rhbz#2170510 +- Allow insights-client unix_read all domain semaphores +Resolves: rhbz#2170510 + +* Fri Nov 04 2022 Zdenek Pytela - 3.14.3-108.1 +- Add the files_map_read_etc_files() interface +Resolves: rhbz#2136762 +- Allow insights-client manage samba var dirs +Resolves: rhbz#2136762 +- Allow insights-client send null signal to rpm and system cronjob +Resolves: rhbz#2136762 +- Update rhcd policy for executing additional commands 4 +Resolves: rhbz#2136762 +- Allow insights-client connect to postgresql with a unix socket +Resolves: rhbz#2136762 +- Allow insights-client domtrans on unix_chkpwd execution +Resolves: rhbz#2136762 +- Add file context entries for insights-client and rhc +Resolves: rhbz#2136762 + * Thu Sep 08 2022 Zdenek Pytela - 3.14.3-108 - Allow unconfined_service_t insights client content filetrans Resolves: rhbz#2119507