Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2024-02-09 23:51:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy"
Fri Feb 9 23:51:35 2024 rev:57 rq:1145097 version:20240205
Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2024-01-16 21:36:57.610232752 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1815/selinux-policy.changes
2024-02-09 23:51:39.049517287 +0100
@@ -1,0 +2,97 @@
+Mon Feb 05 15:48:02 UTC 2024 - cathy...@suse.com
+
+- Update to version 20240205:
+ * Allow gpg manage rpm cache
+ * Allow login_userdomain name_bind to howl and xmsg udp ports
+ * Allow rules for confined users logged in plasma
+ * Label /dev/iommu with iommu_device_t
+ * Remove duplicate file context entries in /run
+ * Dontaudit getty and plymouth the checkpoint_restore capability
+ * Allow su domains write login records
+ * Revert "Allow su domains write login records"
+ * Allow login_userdomain delete session dbusd tmp socket files
+ * Allow unix dgram sendto between exim processes
+ * Allow su domains write login records
+ * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on
+ * Allow chronyd-restricted read chronyd key files
+ * Allow conntrackd_t to use bpf capability2
+ * Allow systemd-networkd manage its runtime socket files
+ * Allow init_t nnp domain transition to colord_t
+ * Allow polkit status systemd services
+ * nova: Fix duplicate declarations
+ * Allow httpd work with PrivateTmp
+ * Add interfaces for watching and reading ifconfig_var_run_t
+ * Allow collectd read raw fixed disk device
+ * Allow collectd read udev pid files
+ * Set correct label on /etc/pki/pki-tomcat/kra
+ * Allow systemd domains watch system dbus pid socket files
+ * Allow certmonger read network sysctls
+ * Allow mdadm list stratisd data directories
+ * Allow syslog to run unconfined scripts conditionally
+ * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t
+ * Allow qatlib set attributes of vfio device files
+ * Allow systemd-sleep set attributes of efivarfs files
+ * Allow samba-dcerpcd read public files
+ * Allow spamd_update_t the sys_ptrace capability in user namespace
+ * Allow bluetooth devices work with alsa
+ * Allow alsa get attributes filesystems with extended attributes
+ * Allow hypervkvp_t write access to NetworkManager_etc_rw_t
+ * Add interface for write-only access to NetworkManager rw conf
+ * Allow systemd-sleep send a message to syslog over a unix dgram socket
+ * Allow init create and use netlink netfilter socket
+ * Allow qatlib load kernel modules
+ * Allow qatlib run lspci
+ * Allow qatlib manage its private runtime socket files
+ * Allow qatlib read/write vfio devices
+ * Label /etc/redis.conf with redis_conf_t
+ * Remove the lockdown-class rules from the policy
+ * Allow init read all non-security socket files
+ * Replace redundant dnsmasq pattern macros
+ * Remove unneeded symlink perms in dnsmasq.if
+ * Add additions to dnsmasq interface
+ * Allow nvme_stas_t create and use netlink kobject uevent socket
+ * Allow collectd connect to statsd port
+ * Allow keepalived_t to use sys_ptrace of cap_userns
+ * Allow dovecot_auth_t connect to postgresql using UNIX socket
+ * Make named_zone_t and named_var_run_t a part of the mountpoint attribute
+ * Allow sysadm execute traceroute in sysadm_t domain using sudo
+ * Allow sysadm execute tcpdump in sysadm_t domain using sudo
+ * Allow opafm search nfs directories
+ * Add support for syslogd unconfined scripts
+ * Allow gpsd use /dev/gnss devices
+ * Allow gpg read rpm cache
+ * Allow virtqemud additional permissions
+ * Allow virtqemud manage its private lock files
+ * Allow virtqemud use the io_uring api
+ * Allow ddclient send e-mail notifications
+ * Allow postfix_master_t map postfix data files
+ * Allow init create and use vsock sockets
+ * Allow thumb_t append to init unix domain stream sockets
+ * Label /dev/vas with vas_device_t
+ * Create interface selinux_watch_config and add it to SELinux users
+ * Update cifs interfaces to include fs_search_auto_mountpoints()
+ * Allow sudodomain read var auth files
+ * Allow spamd_update_t read hardware state information
+ * Allow virtnetworkd domain transition on tc command execution
+ * Allow sendmail MTA connect to sendmail LDA
+ * Allow auditd read all domains process state
+ * Allow rsync read network sysctls
+ * Add dhcpcd bpf capability to run bpf programs
+ * Dontaudit systemd-hwdb dac_override capability
+ * Allow systemd-sleep create efivarfs files
+ * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on
+ * Allow graphical applications work in Wayland
+ * Allow kdump work with PrivateTmp
+ * Allow dovecot-auth work with PrivateTmp
+ * Allow nfsd get attributes of all filesystems
+ * Allow unconfined_domain_type use io_uring cmd on domain
+ * ci: Only run Rawhide revdeps tests on the rawhide branch
+ * Label /var/run/auditd.state as auditd_var_run_t
+ * Allow fido-device-onboard (FDO) read the crack database
+ * Allow ip an explicit domain transition to other domains
+ * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t
+ * Allow winbind_rpcd_t processes access when samba_export_all_* is on
+ * Enable NetworkManager and dhclient to use initramfs-configured DHCP
connection
+ * Allow ntp to bind and connect to ntske port.
+
+-------------------------------------------------------------------
Old:
----
selinux-policy-20240116.tar.xz
New:
----
selinux-policy-20240205.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.jAQQtP/_old 2024-02-09 23:51:39.901547990 +0100
+++ /var/tmp/diff_new_pack.jAQQtP/_new 2024-02-09 23:51:39.905548133 +0100
@@ -33,7 +33,7 @@
License: GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version: 20240116
+Version: 20240205
Release: 0
Source0: %{name}-%{version}.tar.xz
Source1: container.fc
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.jAQQtP/_old 2024-02-09 23:51:39.965550296 +0100
+++ /var/tmp/diff_new_pack.jAQQtP/_new 2024-02-09 23:51:39.969550440 +0100
@@ -1,7 +1,7 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
- <param
name="changesrevision">a4fccbf76d237e1ce279bbef49392676af5c4334</param></service><service
name="tar_scm">
+ <param
name="changesrevision">e17843ad685ede6b0ba9a2571bf3199e56408f83</param></service><service
name="tar_scm">
<param
name="url">https://github.com/containers/container-selinux.git</param>
<param
name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service><service
name="tar_scm">
<param
name="url">https://gitlab.suse.de/jsegitz/selinux-policy.git</param>
++++++ selinux-policy-20240116.tar.xz -> selinux-policy-20240205.tar.xz ++++++
++++ 1708 lines of diff (skipped)
