diff --git a/.gitignore b/.gitignore index 1de501a..ac2f000 100644 --- a/.gitignore +++ b/.gitignore @@ -319,3 +319,5 @@ serefpolicy* /selinux-policy-contrib-f9b7466.tar.gz /selinux-policy-contrib-d255e50.tar.gz /selinux-policy-004021c.tar.gz +/selinux-policy-contrib-eeb3d73.tar.gz +/selinux-policy-d018594.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index a369455..85206c2 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 004021c7803c138cada8d7f97d96fcd03d7650e3 +%global commit0 d018594abb590671562b5155a1cc5eab9a00a683 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 d255e5020f6930f679f037d3b65bd2166e4fb622 +%global commit1 eeb3d73c3cfa283d7c49f5f24bb6699b2b1c46c3 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 41%{?dist} +Release: 42%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -710,6 +710,16 @@ exit 0 %changelog * Sun Nov 04 2018 Lukas Vrabec - 3.14.2-41 +- Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672) +- Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766) +- Add dac_override capability to postgrey_t domain BZ(1638954) +- Allow thumb_t domain to execute own tmpfs files BZ(1643698) +- Allow xdm_t domain to manage dosfs_t files BZ(1645770) +- Label systemd-timesyncd binary as systemd_timedated_exec_t to make it run in systemd_timedated_t domain BZ(1640801) +- Improve fs_manage_ecryptfs_files to allow caller domain also mmap ecryptfs_t files BZ(1630675) +- Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313) + +* Sun Nov 04 2018 Lukas Vrabec - 3.14.2-41 - Add nnp transition rule for vnstatd_t domain using NoNewPrivileges systemd feature BZ(1643063) - Allow l2tpd_t domain to mmap /etc/passwd file BZ(1638948) - Add dac_override capability to ftpd_t domain diff --git a/sources b/sources index 715fab5..b220e54 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-d255e50.tar.gz) = a511208fa03ebe1efa5970eb933de32151ef38d90c91ec4a70e86735534dfa7f58d26c506530c6b1ca17585701e6f410ea8b88a4aa7c169b835253b611bbb42d -SHA512 (selinux-policy-004021c.tar.gz) = 62a3b9e06b19e808fa1a1df2078445a5f8042398317ca35e3337094429f5e403f704a317a81abcd11617b6cea987f1b679c409aa4a94a0d02b4229e1f9fdd09c -SHA512 (container-selinux.tgz) = 0d42a252bdf308c50305ddd576547f1d5b8ec419b346c5b5462761c871a52c9a1878b4bcdea67e8761ab937ac1e3a62ceabc777b84097f0baa5a342e9fbf07a6 +SHA512 (selinux-policy-contrib-eeb3d73.tar.gz) = 36837d4733f64dfc5809726b185c9902c9b4e4618f74a27626830963246014ae4e8806084124a86ef015bd9810ec3c570cf0bd24563e451e8ca01e359c8e09ac +SHA512 (selinux-policy-d018594.tar.gz) = 87bab57fdb50cda76adb43acbcd8ba002a3e83f9f76f260ffb56631731e643f79716377c66b43033b6d11073280220c7487a4fbfcf8b513b66b0a855fbb3240c +SHA512 (container-selinux.tgz) = a7c01f217d6a7eda96840af12d4bdf7fb7a1b754de3938e4bc3d361e7b27d3f91adc65ff66a170f57add3c2fac02439e50543e22a7ceb713b04ec53bc88128af