From 83d1f9398e96eb6e5681b949dbfc8dee17b44633639ba371e8e359c293e2e756 Mon Sep 17 00:00:00 2001 From: Hu Date: Mon, 12 Aug 2024 15:39:19 +0000 Subject: [PATCH] - Update to version 20240812: * Update libvirt policy * Add port 80/udp and 443/udp to http_port_t definition * Additional updates stalld policy for bpf usage * Label systemd-pcrextend and systemd-pcrlock properly * Allow coreos_installer_t work with partitions * Revert "Allow coreos-installer-generator work with partitions" * Add policy for systemd-pcrextend * Update policy for systemd-getty-generator * Allow ip command write to ipsec's logs * Allow virt_driver_domain read virtd-lxc files in /proc * Revert "Allow svirt read virtqemud fifo files" * Update virtqemud policy for libguestfs usage * Allow virtproxyd create and use its private tmp files * Allow virtproxyd read network state * Allow virt_driver_domain create and use log files in /var/log * Allow samba-dcerpcd work with ctdb cluster * Allow NetworkManager_dispatcher_t send SIGKILL to plugins * Allow setroubleshootd execute sendmail with a domain transition * Allow key.dns_resolve set attributes on the kernel key ring * Update qatlib policy for v24.02 with new features * Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t * Allow tlp status power services * Allow virtqemud domain transition on passt execution * Allow virt_driver_domain connect to systemd-userdbd over a unix socket * Allow boothd connect to systemd-userdbd over a unix socket * Update policy for awstats scripts * Allow bitlbee execute generic programs in system bin directories * Allow login_userdomain read aliases file * Allow login_userdomain read ipsec config files * Allow login_userdomain read all pid files * Allow rsyslog read systemd-logind session files * Allow libvirt-dbus stream connect to virtlxcd OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=251 --- _servicedata | 2 +- selinux-policy-20240809.tar.xz | 3 --- selinux-policy-20240812.tar.xz | 3 +++ selinux-policy.changes | 37 ++++++++++++++++++++++++++++++++++ selinux-policy.spec | 2 +- 5 files changed, 42 insertions(+), 5 deletions(-) delete mode 100644 selinux-policy-20240809.tar.xz create mode 100644 selinux-policy-20240812.tar.xz diff --git a/_servicedata b/_servicedata index 55b47b1..4f3dc20 100644 --- a/_servicedata +++ b/_servicedata @@ -1,7 +1,7 @@ https://gitlab.suse.de/selinux/selinux-policy.git - 02657ab47aa16a1ed9638b511b4ed12298f2352b + c44072485dc8fdbfc6f3ae14cc61382b43ad43fa https://github.com/containers/container-selinux.git 07b3034f6d9625ab84508a2f46515d8ff79b4204 https://gitlab.suse.de/jsegitz/selinux-policy.git diff --git a/selinux-policy-20240809.tar.xz b/selinux-policy-20240809.tar.xz deleted file mode 100644 index 9357509..0000000 --- a/selinux-policy-20240809.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9b1e7b4c6306f438081643f4189bf856c4eaa90e1c97ca508a5a3f6bff9a6fb7 -size 773308 diff --git a/selinux-policy-20240812.tar.xz b/selinux-policy-20240812.tar.xz new file mode 100644 index 0000000..ac142e1 --- /dev/null +++ b/selinux-policy-20240812.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bafc5d6f473a062c09f2c83f74a78fa5cfb82e1197eb1de115eb152b95fd5d72 +size 773868 diff --git a/selinux-policy.changes b/selinux-policy.changes index a16c602..1191cd2 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Mon Aug 12 15:30:47 UTC 2024 - cathy.hu@suse.com + +- Update to version 20240812: + * Update libvirt policy + * Add port 80/udp and 443/udp to http_port_t definition + * Additional updates stalld policy for bpf usage + * Label systemd-pcrextend and systemd-pcrlock properly + * Allow coreos_installer_t work with partitions + * Revert "Allow coreos-installer-generator work with partitions" + * Add policy for systemd-pcrextend + * Update policy for systemd-getty-generator + * Allow ip command write to ipsec's logs + * Allow virt_driver_domain read virtd-lxc files in /proc + * Revert "Allow svirt read virtqemud fifo files" + * Update virtqemud policy for libguestfs usage + * Allow virtproxyd create and use its private tmp files + * Allow virtproxyd read network state + * Allow virt_driver_domain create and use log files in /var/log + * Allow samba-dcerpcd work with ctdb cluster + * Allow NetworkManager_dispatcher_t send SIGKILL to plugins + * Allow setroubleshootd execute sendmail with a domain transition + * Allow key.dns_resolve set attributes on the kernel key ring + * Update qatlib policy for v24.02 with new features + * Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t + * Allow tlp status power services + * Allow virtqemud domain transition on passt execution + * Allow virt_driver_domain connect to systemd-userdbd over a unix socket + * Allow boothd connect to systemd-userdbd over a unix socket + * Update policy for awstats scripts + * Allow bitlbee execute generic programs in system bin directories + * Allow login_userdomain read aliases file + * Allow login_userdomain read ipsec config files + * Allow login_userdomain read all pid files + * Allow rsyslog read systemd-logind session files + * Allow libvirt-dbus stream connect to virtlxcd + ------------------------------------------------------------------- Fri Aug 09 12:35:40 UTC 2024 - cathy.hu@suse.com diff --git a/selinux-policy.spec b/selinux-policy.spec index 0a08cad..4db403c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -33,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20240809 +Version: 20240812 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: container.fc