Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2024-02-09 23:51:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy" Fri Feb 9 23:51:35 2024 rev:57 rq:1145097 version:20240205 Changes: -------- --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2024-01-16 21:36:57.610232752 +0100 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1815/selinux-policy.changes 2024-02-09 23:51:39.049517287 +0100 @@ -1,0 +2,97 @@ +Mon Feb 05 15:48:02 UTC 2024 - [email protected] + +- Update to version 20240205: + * Allow gpg manage rpm cache + * Allow login_userdomain name_bind to howl and xmsg udp ports + * Allow rules for confined users logged in plasma + * Label /dev/iommu with iommu_device_t + * Remove duplicate file context entries in /run + * Dontaudit getty and plymouth the checkpoint_restore capability + * Allow su domains write login records + * Revert "Allow su domains write login records" + * Allow login_userdomain delete session dbusd tmp socket files + * Allow unix dgram sendto between exim processes + * Allow su domains write login records + * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on + * Allow chronyd-restricted read chronyd key files + * Allow conntrackd_t to use bpf capability2 + * Allow systemd-networkd manage its runtime socket files + * Allow init_t nnp domain transition to colord_t + * Allow polkit status systemd services + * nova: Fix duplicate declarations + * Allow httpd work with PrivateTmp + * Add interfaces for watching and reading ifconfig_var_run_t + * Allow collectd read raw fixed disk device + * Allow collectd read udev pid files + * Set correct label on /etc/pki/pki-tomcat/kra + * Allow systemd domains watch system dbus pid socket files + * Allow certmonger read network sysctls + * Allow mdadm list stratisd data directories + * Allow syslog to run unconfined scripts conditionally + * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t + * Allow qatlib set attributes of vfio device files + * Allow systemd-sleep set attributes of efivarfs files + * Allow samba-dcerpcd read public files + * Allow spamd_update_t the sys_ptrace capability in user namespace + * Allow bluetooth devices work with alsa + * Allow alsa get attributes filesystems with extended attributes + * Allow hypervkvp_t write access to NetworkManager_etc_rw_t + * Add interface for write-only access to NetworkManager rw conf + * Allow systemd-sleep send a message to syslog over a unix dgram socket + * Allow init create and use netlink netfilter socket + * Allow qatlib load kernel modules + * Allow qatlib run lspci + * Allow qatlib manage its private runtime socket files + * Allow qatlib read/write vfio devices + * Label /etc/redis.conf with redis_conf_t + * Remove the lockdown-class rules from the policy + * Allow init read all non-security socket files + * Replace redundant dnsmasq pattern macros + * Remove unneeded symlink perms in dnsmasq.if + * Add additions to dnsmasq interface + * Allow nvme_stas_t create and use netlink kobject uevent socket + * Allow collectd connect to statsd port + * Allow keepalived_t to use sys_ptrace of cap_userns + * Allow dovecot_auth_t connect to postgresql using UNIX socket + * Make named_zone_t and named_var_run_t a part of the mountpoint attribute + * Allow sysadm execute traceroute in sysadm_t domain using sudo + * Allow sysadm execute tcpdump in sysadm_t domain using sudo + * Allow opafm search nfs directories + * Add support for syslogd unconfined scripts + * Allow gpsd use /dev/gnss devices + * Allow gpg read rpm cache + * Allow virtqemud additional permissions + * Allow virtqemud manage its private lock files + * Allow virtqemud use the io_uring api + * Allow ddclient send e-mail notifications + * Allow postfix_master_t map postfix data files + * Allow init create and use vsock sockets + * Allow thumb_t append to init unix domain stream sockets + * Label /dev/vas with vas_device_t + * Create interface selinux_watch_config and add it to SELinux users + * Update cifs interfaces to include fs_search_auto_mountpoints() + * Allow sudodomain read var auth files + * Allow spamd_update_t read hardware state information + * Allow virtnetworkd domain transition on tc command execution + * Allow sendmail MTA connect to sendmail LDA + * Allow auditd read all domains process state + * Allow rsync read network sysctls + * Add dhcpcd bpf capability to run bpf programs + * Dontaudit systemd-hwdb dac_override capability + * Allow systemd-sleep create efivarfs files + * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on + * Allow graphical applications work in Wayland + * Allow kdump work with PrivateTmp + * Allow dovecot-auth work with PrivateTmp + * Allow nfsd get attributes of all filesystems + * Allow unconfined_domain_type use io_uring cmd on domain + * ci: Only run Rawhide revdeps tests on the rawhide branch + * Label /var/run/auditd.state as auditd_var_run_t + * Allow fido-device-onboard (FDO) read the crack database + * Allow ip an explicit domain transition to other domains + * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t + * Allow winbind_rpcd_t processes access when samba_export_all_* is on + * Enable NetworkManager and dhclient to use initramfs-configured DHCP connection + * Allow ntp to bind and connect to ntske port. + +------------------------------------------------------------------- Old: ---- selinux-policy-20240116.tar.xz New: ---- selinux-policy-20240205.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ selinux-policy.spec ++++++ --- /var/tmp/diff_new_pack.jAQQtP/_old 2024-02-09 23:51:39.901547990 +0100 +++ /var/tmp/diff_new_pack.jAQQtP/_new 2024-02-09 23:51:39.905548133 +0100 @@ -33,7 +33,7 @@ License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20240116 +Version: 20240205 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: container.fc ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.jAQQtP/_old 2024-02-09 23:51:39.965550296 +0100 +++ /var/tmp/diff_new_pack.jAQQtP/_new 2024-02-09 23:51:39.969550440 +0100 @@ -1,7 +1,7 @@ <servicedata> <service name="tar_scm"> <param name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param> - <param name="changesrevision">a4fccbf76d237e1ce279bbef49392676af5c4334</param></service><service name="tar_scm"> + <param name="changesrevision">e17843ad685ede6b0ba9a2571bf3199e56408f83</param></service><service name="tar_scm"> <param name="url">https://github.com/containers/container-selinux.git</param> <param name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service><service name="tar_scm"> <param name="url">https://gitlab.suse.de/jsegitz/selinux-policy.git</param> ++++++ selinux-policy-20240116.tar.xz -> selinux-policy-20240205.tar.xz ++++++ ++++ 1708 lines of diff (skipped)
