- Update to version 20240812:

* Update libvirt policy * Add port 80/udp and 443/udp to http_port_t definition * Additional updates stalld policy for bpf usage * Label systemd-pcrextend and systemd-pcrlock properly * Allow coreos_installer_t work with partitions * Revert "Allow coreos-installer-generator work with partitions" * Add policy for systemd-pcrextend * Update policy for systemd-getty-generator * Allow ip command write to ipsec's logs * Allow virt_driver_domain read virtd-lxc files in /proc * Revert "Allow svirt read virtqemud fifo files" * Update virtqemud policy for libguestfs usage * Allow virtproxyd create and use its private tmp files * Allow virtproxyd read network state * Allow virt_driver_domain create and use log files in /var/log * Allow samba-dcerpcd work with ctdb cluster * Allow NetworkManager_dispatcher_t send SIGKILL to plugins * Allow setroubleshootd execute sendmail with a domain transition * Allow key.dns_resolve set attributes on the kernel key ring * Update qatlib policy for v24.02 with new features * Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t * Allow tlp status power services * Allow virtqemud domain transition on passt execution * Allow virt_driver_domain connect to systemd-userdbd over a unix socket * Allow boothd connect to systemd-userdbd over a unix socket * Update policy for awstats scripts * Allow bitlbee execute generic programs in system bin directories * Allow login_userdomain read aliases file * Allow login_userdomain read ipsec config files * Allow login_userdomain read all pid files * Allow rsyslog read systemd-logind session files * Allow libvirt-dbus stream connect to virtlxcd OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=251
2024-08-12 15:39:19 +00:00 · 2024-08-12 15:39:19 +00:00 · 83d1f9398e
commit 83d1f9398e
parent 2254b47412
5 changed files with 42 additions and 5 deletions
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param name="changesrevision">02657ab47aa16a1ed9638b511b4ed12298f2352b</param></service><service name="tar_scm">
+              <param name="changesrevision">c44072485dc8fdbfc6f3ae14cc61382b43ad43fa</param></service><service name="tar_scm">
                <param name="url">https://github.com/containers/container-selinux.git</param>
              <param name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service><service name="tar_scm">
                <param name="url">https://gitlab.suse.de/jsegitz/selinux-policy.git</param>
--- a/selinux-policy-20240809.tar.xz
+++ b/selinux-policy-20240809.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9b1e7b4c6306f438081643f4189bf856c4eaa90e1c97ca508a5a3f6bff9a6fb7
 size 773308
--- a/selinux-policy-20240812.tar.xz
+++ b/selinux-policy-20240812.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:bafc5d6f473a062c09f2c83f74a78fa5cfb82e1197eb1de115eb152b95fd5d72
 size 773868
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,40 @@
 -------------------------------------------------------------------
 Mon Aug 12 15:30:47 UTC 2024 - cathy.hu@suse.com
 - Update to version 20240812:
  * Update libvirt policy
  * Add port 80/udp and 443/udp to http_port_t definition
  * Additional updates stalld policy for bpf usage
  * Label systemd-pcrextend and systemd-pcrlock properly
  * Allow coreos_installer_t work with partitions
  * Revert "Allow coreos-installer-generator work with partitions"
  * Add policy for systemd-pcrextend
  * Update policy for systemd-getty-generator
  * Allow ip command write to ipsec's logs
  * Allow virt_driver_domain read virtd-lxc files in /proc
  * Revert "Allow svirt read virtqemud fifo files"
  * Update virtqemud policy for libguestfs usage
  * Allow virtproxyd create and use its private tmp files
  * Allow virtproxyd read network state
  * Allow virt_driver_domain create and use log files in /var/log
  * Allow samba-dcerpcd work with ctdb cluster
  * Allow NetworkManager_dispatcher_t send SIGKILL to plugins
  * Allow setroubleshootd execute sendmail with a domain transition
  * Allow key.dns_resolve set attributes on the kernel key ring
  * Update qatlib policy for v24.02 with new features
  * Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t
  * Allow tlp status power services
  * Allow virtqemud domain transition on passt execution
  * Allow virt_driver_domain connect to systemd-userdbd over a unix socket
  * Allow boothd connect to systemd-userdbd over a unix socket
  * Update policy for awstats scripts
  * Allow bitlbee execute generic programs in system bin directories
  * Allow login_userdomain read aliases file
  * Allow login_userdomain read ipsec config files
  * Allow login_userdomain read all pid files
  * Allow rsyslog read systemd-logind session files
  * Allow libvirt-dbus stream connect to virtlxcd
 -------------------------------------------------------------------
 Fri Aug 09 12:35:40 UTC 2024 - cathy.hu@suse.com
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -33,7 +33,7 @@ Summary:        SELinux policy configuration
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20240809
+Version:        20240812
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc