diff --git a/.gitignore b/.gitignore index 974d901..7f29342 100644 --- a/.gitignore +++ b/.gitignore @@ -325,3 +325,5 @@ serefpolicy* /selinux-policy-d174bfc.tar.gz /selinux-policy-contrib-ba6970c.tar.gz /selinux-policy-d228891.tar.gz +/selinux-policy-contrib-4512d0d.tar.gz +/selinux-policy-366c17e.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index c3f9bd0..ccefcfc 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 d2288917405d8bd111f929d5dc2370fdd7763248 +%global commit0 366c17e0b94b74c4ba9f3ce143565d4d2170efee %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 ba6970cb30a01c0eb87e27ef1e89ff1d24cf1d14 +%global commit1 4512d0dece232af4fa7f1fbfb359c0e56a93d8e9 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 45%{?dist} +Release: 46%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -713,6 +713,27 @@ exit 0 %endif %changelog +* Fri Jan 11 2019 Lukas Vrabec - 3.14.2-46 +- Allow sensord_t to execute own binary files +- Allow pcp_pmlogger_t domain to getattr all filesystem BZ(1662432) +- Allow virtd_lxc_t domains use BPF BZ(1662613) +- Allow openvpn_t domain to read systemd state BZ(1661065) +- Dontaudit ptrace all domains for blueman_t BZ(1653671) +- Change label of /usr/libexec/lm_sensors/sensord-service-wrapper from lsmd_exec_t to sensord_exec_t BZ(1662922) +- Allow hddtemp_t domain to read nvme block devices BZ(1663579) +- Add dac_override capability to spamd_t domain BZ(1645667) +- Allow pcp_pmlogger_t to mount tracefs_t filesystem BZ(1662983) +- Allow pcp_pmlogger_t domain to read al sysctls BZ(1662441) +- Allow saslauthd_t domain to mmap own pid files BZ(1653024) +- Add dac_override capability for snapperd_t domain BZ(1619356) +- Allow staff_t domain to read read_binfmt_misc filesystem +- Add interface fs_read_binfmt_misc() +- Allow init_t domain to mmap init_var_lib_t files and dontaudit leaked fd. BZ(1651008) +- Make workin: systemd-run --system --pty bash BZ(1647162) +- Allow ipsec_t domain dbus chat with systemd_resolved_t BZ(1662443) +- Label /usr/lib/systemd/user as systemd_unit_file_t BZ(1652814) +- Add rules to allow systemd to mounton systemd_timedated_var_lib_t. + * Sun Dec 16 2018 Lukas Vrabec - 3.14.2-45 - Add macro-expander script to selinux-policy-devel package diff --git a/sources b/sources index 20d53bf..eb7b224 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-ba6970c.tar.gz) = 7351f6f8caaff571c12576f636f18e3227b4d6a7cfa40b8519bec2f9df3eede0458976e6be689d898fd296d01666c8e5b2c5f68a96aaa9a03df3104054ad37e3 -SHA512 (selinux-policy-d228891.tar.gz) = ecc1ec085fe55c332f247216e55a38ece74390574550ce71af1a836488bb335b75c81d8cf66d8910f0107b639b906fb27aa421775c387b54a22609f6bafcd919 -SHA512 (container-selinux.tgz) = 04bc8776800bac0501536032d6572e5588496112e0735518d889d4bbcdad602806d5dd63f0efa61df3d4f9cec5bf24f8bdf74a95dfa200dee37594d5b40400dd +SHA512 (selinux-policy-contrib-4512d0d.tar.gz) = 5f8c50eb32f9a71d4e62ddd9fdd6e19de2a2ac8e02a0417c78e666212a55ffcdd91e5ddc8502952dc6976c059bacc8e4887477cc8141c51d974204d4125f0cde +SHA512 (selinux-policy-366c17e.tar.gz) = f30120c79cee435afcbc8efe64dbeb47643b9c23c478984c481ca18f2c02f604dfcaf47d7a30a2aa0e3421b4147ede55f01b4ffe0a1d7d238217e533d793f36e +SHA512 (container-selinux.tgz) = 0dcea195dc2b5bfa4b31740e176067f5db4378d5631209d1bd975eaa2081a51871a0112ea0468981f866beb3ed6770c17f9eea6009c3f240a95d00f2d86ba99b