-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-eaebcb91e7 2023-03-09 22:53:04.243091 -------------------------------------------------------------------------------- Name : selinux-policy Product : Fedora 38 Version : 38.8 Release : 2.fc38 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux core policy package. Originally based off of reference policy, the policy has been adjusted to provide support for Fedora. -------------------------------------------------------------------------------- Update Information: New F37 selinux-policy build -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 3 2023 Zdenek Pytela <zpytela@xxxxxxxxxx> - 38.8-2 - Update make-rhat-patches.sh file to use the f38 dist-git branch in F38 * Fri Mar 3 2023 Zdenek Pytela <zpytela@xxxxxxxxxx> - 38.8-1 - Confine gnome-initial-setup - Allow qemu-guest-agent create and use vsock socket - Allow login_pgm setcap permission - Allow chronyc read network sysctls - Enhancement of the /usr/sbin/request-key helper policy - Fix opencryptoki file names in /dev/shm - Allow system_cronjob_t transition to rpm_script_t - Revert "Allow system_cronjob_t domtrans to rpm_script_t" - Add tunable to allow squid bind snmp port - Allow staff_t getattr init pid chr & blk files and read krb5 - Allow firewalld to rw z90crypt device - Allow httpd work with tokens in /dev/shm - Allow svirt to map svirt_image_t char files - Allow sysadm_t run initrc_t script and sysadm_r role access - Allow insights-client manage fsadm pid files * Wed Feb 8 2023 Zdenek Pytela <zpytela@xxxxxxxxxx> - 38.7-1 - Allowing snapper to create snapshots of /home/ subvolume/partition - Add boolean qemu-ga to run unconfined script - Label systemd-journald feature LogNamespace - Add none file context for polyinstantiated tmp dirs - Allow certmonger read the contents of the sysfs filesystem - Add journalctl the sys_resource capability - Allow nm-dispatcher plugins read generic files in /proc - Add initial policy for the /usr/sbin/request-key helper - Additional support for rpmdb_migrate - Add the keyutils module -------------------------------------------------------------------------------- References: [ 1 ] Bug #2132728 - selinux blocks usage of qemu-guest-agent over vsock https://bugzilla.redhat.com/show_bug.cgi?id=2132728 [ 2 ] Bug #2159230 - gnome-initial-setup hangs if you try to set up an online account (due to SELinux denial) https://bugzilla.redhat.com/show_bug.cgi?id=2159230 [ 3 ] Bug #2164752 - SELinux is preventing rpmdb_migrate from 'map' accesses on the file /usr/bin/bash (rpmdb-migrate service fails on upgrade to F38) https://bugzilla.redhat.com/show_bug.cgi?id=2164752 [ 4 ] Bug #2166228 - SELinux prevents the kernel generic helper from running the /sbin/request-key program https://bugzilla.redhat.com/show_bug.cgi?id=2166228 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-eaebcb91e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue