-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-d0565faae7 2024-04-19 21:20:20.799615 -------------------------------------------------------------------------------- Name : selinux-policy Product : Fedora 40 Version : 40.16 Release : 1.fc40 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux core policy package. Originally based off of reference policy, the policy has been adjusted to provide support for Fedora. -------------------------------------------------------------------------------- Update Information: New F40 selinux-policy build New F40 selinux-policy build New F40 selinux-policy build -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 9 2024 Zdenek Pytela <zpytela@xxxxxxxxxx> - 40.16-1 - Allow keyutils-dns-resolver connect to the system log service - Allow qemu-ga read vm sysctls - postfix: allow qmgr to delete mails in bounce/ directory - policy: support pidfs - Confine selinux-autorelabel-generator.sh - Allow logwatch_mail_t read/write to init over a unix stream socket - Allow logwatch read logind sessions files - files_dontaudit_getattr_tmpfs_files allowed the access and didn't dontaudit it - files_dontaudit_mounton_modules_object allowed the access and didn't dontaudit it - Allow NetworkManager the sys_ptrace capability in user namespace - dontaudit execmem for modemmanager - Allow dhcpcd use unix_stream_socket - Allow dhcpc read /run/netns files * Fri Mar 15 2024 Zdenek Pytela <zpytela@xxxxxxxxxx> - 40.15-1 - Update mmap_rw_file_perms to include the lock permission - Allow plymouthd log during shutdown - Add logging_watch_all_log_dirs() and logging_watch_all_log_files() - Allow journalctl_t read filesystem sysctls - Allow cgred_t to get attributes of cgroup filesystems - Allow wdmd read hardware state information - Allow wdmd list the contents of the sysfs directories - Allow linuxptp configure phc2sys and chronyd over a unix domain socket - Allow sulogin relabel tty1 - Dontaudit sulogin the checkpoint_restore capability - Modify sudo_role_template() to allow getpgid - Remove incorrect "local" usage in varrun-convert.sh * Thu Mar 7 2024 Zdenek Pytela <zpytela@xxxxxxxxxx> - 40.14-2 - Update varrun-convert.sh script to check for existing duplicate entries * Mon Feb 26 2024 Zdenek Pytela <zpytela@xxxxxxxxxx> - 40.14-1 - Allow userdomain get attributes of files on an nsfs filesystem - Allow opafm create NFS files and directories - Allow virtqemud create and unlink files in /etc/libvirt/ - Allow virtqemud domain transition on swtpm execution - Add the swtpm.if interface file for interactions with other domains - Allow samba to have dac_override capability - systemd: allow sys_admin capability for systemd_notify_t - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets - Allow thumb_t to watch and watch_reads mount_var_run_t - Allow krb5kdc_t map krb5kdc_principal_t files - Allow unprivileged confined user dbus chat with setroubleshoot - Allow login_userdomain map files in /var - Allow wireguard work with firewall-cmd - Differentiate between staff and sysadm when executing crontab with sudo - Add crontab_admin_domtrans interface - Allow abrt_t nnp domain transition to abrt_handle_event_t - Allow xdm_t to watch and watch_reads mount_var_run_t - Dontaudit subscription manager setfscreate and read file contexts - Don't audit crontab_domain write attempts to user home - Transition from sudodomains to crontab_t when executing crontab_exec_t - Add crontab_domtrans interface - Fix label of pseudoterminals created from sudodomain - Allow utempter_t use ptmx - Dontaudit rpmdb attempts to connect to sssd over a unix stream socket - Allow admin user read/write on fixed_disk_device_t -------------------------------------------------------------------------------- References: [ 1 ] Bug #2256442 - avc: denied { read write } for pid=12364 comm="plymouthd" name="kmsg" dev="devtmpfs" ino=10 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:object_r:kmsg_device_t:s0 tclass=chr_file permissive=1 https://bugzilla.redhat.com/show_bug.cgi?id=2256442 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d0565faae7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue