Update Changelog and VERSION for release 2.20210908.

Signed-off-by: Chris PeBenito <[email protected]>

Changelog

@@ -1,3 +1,150 @@
+* Wed Sep 08 2021 Chris PeBenito <[email protected]> - 2.20210908
+Andreas Freimuth (2):
+ Prefer user_fonts_config_t over xdg_config_t
+ Set user_fonts_config_t for conf.d
+
+Chris PeBenito (76):
+ rpc: Move lines.
+ selinux: Add a secure_mode_setbool Boolean.
+ Remove additional unused modules
+ Rules.modular/Rules.monolithic: Fix intdented labeling statement moves.
+ selinux: Change generic Boolean type to boolean_t.
+ selinux: Set regular file for labeled Booleans genfscons.
+ selinux: Add dontaudits when secure mode Booleans are enabled.
+ kernel: Add dontaudits when secure_mode_insmod is enabled.
+ authlogin: Add tunable for allowing shadow access on non-PAM systems.
+ authlogin: Remove redundant rule in auth_domtrans_chk_passwd().
+ Create stale.yml
+ stale.yml: Fix labels with spaces.
+ authlogin: Deprecate auth_domtrans_chk_passwd().
+ init: Add support for systemd StandardInputText.
+ .gitignore: Ignore vscode data dir.
+ .gitignore: Remove duplicate lines.
+ Revert "systemd.if minor fix"
+ systemd: Drop second parameter in systemd_tmpfilesd_managed().
+ staff, sysadm, unprivuser: Move lines.
+ xserver: Move fc lines.
+ radvd: Whitespace fix.
+ virt: Move lines.
+ Bump module versions for release.
+
+Christian Göttsche (1):
+ Use correct interface or template declaration
+
+Dave Sugar (2):
+ systemd.if minor fix
+ Resolve when building monolithic on RHEL7
+
+Fabrice Fontaine (5):
+ policy/modules/services/minidlna.te: make xdg optional
+ policy/modules/services/ftp.te: make ssh optional
+ policy/modules/services/cvs.te: make inetd optional
+ policy/modules/services/ifplugd.te: make netutils optional
+ policy/modules/apps/wireshark.te: make xdg optional
+
+Jonathan Davies (13):
+ staff.te: Allow staff access to the virt stream, needed for when the
+ sockets are access remotely over SSH.
+ logging.if: Added interfaces for watching all and audit logs.
+ roles: Added log watching permissions to secadm and sysadm.
+ irc.te: Allow irc_t access to unix_dgram_socket sendto to allow clients to
+ connect to a SOCKS proxy.
+ screen.if: Added interface to allow executing sock file.
+ irc.te: Allowed client access to screen runtime sock file.
+ dmesg.te: Added files_read_etc_files() as some distros store terminfo
+ files in /etc/.
+ devices.fc: Added missing Xen character files.
+ sysadm.te: Allow sysadm_t to read/write Xen character devices so userspace
+ tooling works.
+ sysnetwork: dhcpc_t: Added corenet_sendrecv_icmp_packets()
+ radvd.te: Added corenet_sendrecv_icmp_packets().
+ dhcp.te: Added corenet_sendrecv_icmp_packets().
+ virt: Defined a virt_common_runtime_t type for the new common/system.token
+ file and added permissions to virtd_t and virtlogd_t.
+
+Kenton Groombridge (36):
+ dovecot, postfix: add missing accesses
+ various: systemd user fixes and additional support
+ systemd, fail2ban: allow fail2ban to watch journal
+ fail2ban: allow reading vm overcommit sysctl
+ usbguard: various fixes
+ redis: allow reading certs
+ rngd: allow reading sysfs
+ getty: various fixes
+ modutils: allow kmod to read src_t symlinks
+ devices, userdomain: dontaudit userdomain setattr on null device nodes
+ spamassassin: allow rspamd to read network sysctls
+ redis: allow reading net and vm overcommit sysctls
+ devices, userdomain: dontaudit userdomain setattr on null device nodes
+ files, init, systemd: various fixes
+ ssh: allow ssh_keygen_t to read localization
+ devicekit: allow devicekit_disk_t to setsched
+ udev: various fixes
+ init: modify interface to allow reading all pipes
+ iptables: allow reading initrc pipes
+ wireguard: allow running iptables
+ bootloader, filesystem: various fixes for grub
+ mount: allow getattr on dos filesystems
+ init, mount: allow systemd to watch utab
+ init, systemd: allow logind to watch utmp
+ logging: allow auditd to use nsswitch
+ logging: allow auditd to getattr on audisp-remote binary
+ systemd: allow systemd-resolved to manage its own sock files
+ systemd: add policy for systemd-sysctl
+ init, udev: various fixes for systemd
+ udev: allow systemd-vconsole-setup to sys_tty_config
+ various: several dontaudits
+ sysadm, systemd: various fixes
+ authlogin: add new type for pwd.lock and others
+ init: allow systemd to rw shadow lock files
+ filesystem, init: allow systemd to create pstore dirs
+ bootloader, devices: dontaudit grub writing on legacy efi variables
+
+Krzysztof Nowicki (15):
+ Fix interface naming convention (plural predicates)
+ Allow systemd to relabel startup-important directories
+ Allow execution of shell-scripted systemd generators
+ Also grant directory permissions in sysnet_manage_config
+ Allow use of systemd UNIX sockets created at initrd execution
+ Fix systemd-journal-flush service
+ Allow systemd-tmpfilesd populating of /var/lib/dbus
+ When using systemd_tmpfilesd_managed also grant directory permissions
+ Enable factory directory support in systemd-tmpfilesd
+ Allow systemd-tmpfilesd to relabel generic files inside /etc
+ Allow systemd-tmpfilesd to set attributes of /var/lock
+ Mark lvm_lock_t as systemd_tmpfilesd-managed
+ Allow systemd-tmpfilesd handle faillog directory
+ Fix setting-up sandbox environment for systemd-networkd
+ Allow systemd-tmpfilesd to access nsswitch information
+
+Markus Linnala (13):
+ policy: init: there is no enabled_mls, it is enable_mls
+ policy: files: files_spool_filetrans: doc: change param from file to
+ file_type
+ policy devices: dev_filetrans: doc: change param from file to file_type
+ policy gnome: gnome_dbus_chat_gconfd: doc: does not have 1st param of
+ role_prefix
+ policy chromium: chromium_tmp_filetrans: doc: add missing 2nd param
+ documentation
+ policy gpg: doc: add documents for all *filterans parameters
+ policy seunshare: seunshare_role: parameters usage partially mixed
+ policy kismet: kismer_role: parameter order mixed in kismet_run
+ policy: interfaces: doc: indent param blocks consistently
+ policy avahi: avahi_filetrans_pid: doc: add missing params
+ policy: xserver: xserver_dbus_chat: fix require
+ policy:ssh: ssh_server_template: fix require
+ policy: files: files_get_etc_unit_status/files_{start,stop}_etc_service:
+ fix require
+
+Russell Coker (1):
+ blkmapd
+
+Xiongwei Song (1):
+ Add ubifs to filesystem policy
+
+Yi Zhao (1):
+ roles: move dbus_role_template to userdom_common_user_template
+
 * Wed Feb 03 2021 Chris PeBenito <[email protected]> - 2.20210203
 (GalaxyMaster) (1):
  added policy for systemd-socket-proxyd

VERSION

@@ -1 +1 @@
-2.20210203
+2.20210908