From 0cd49f5328bce4e152a559810b3c6c4df61c0c60 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: May 30 2019 10:10:34 +0000 Subject: * Thu May 30 2019 Lukas Vrabec - 3.14.2-60 - Allow pcp_pmcd_t domain to domtrans to mdadm_t domain BZ(1714800) - Allow mongod_t domain to connect on https port BZ(1711922) - Dontaudit spamd_update_t domain to read all domains states BZ(1711799) - Allow pcp_pmie_t domain to use sys_ptrace usernamespace cap BZ(1705871) - Make boinc_var_lib_t mountpoint BZ(1711682) - All NetworkManager_ssh_t rules have to be in same optional block with ssh_basic_client_template(), fixing this bug in NetworkManager policy - Allow dbus chat between NetworkManager_t and NetworkManager_ssh_t domains. BZ(1677484) - Fix find commands in Makefiles - Allow systemd-timesyncd to read network state BZ(1694272) --- diff --git a/.gitignore b/.gitignore index f09c64b..5adb1a5 100644 --- a/.gitignore +++ b/.gitignore @@ -354,3 +354,5 @@ serefpolicy* /selinux-policy-contrib-14126bf.tar.gz /selinux-policy-4f000a2.tar.gz /selinux-policy-contrib-6bcaeb9.tar.gz +/selinux-policy-contrib-5229396.tar.gz +/selinux-policy-15c59a7.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 2663561..f2445b1 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 4f000a251f1a357297bb1b8502b78f1965189b5b +%global commit0 15c59a7a858f14044d847b81eb15660a9a893004 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 6bcaeb99fd142aa76f631e64f7acbbc72ed4c44b +%global commit1 5229396c151e06bb198b47aff6aa204b9a215aae %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 59%{?dist} +Release: 60%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -713,6 +713,17 @@ exit 0 %endif %changelog +* Thu May 30 2019 Lukas Vrabec - 3.14.2-60 +- Allow pcp_pmcd_t domain to domtrans to mdadm_t domain BZ(1714800) +- Allow mongod_t domain to connect on https port BZ(1711922) +- Dontaudit spamd_update_t domain to read all domains states BZ(1711799) +- Allow pcp_pmie_t domain to use sys_ptrace usernamespace cap BZ(1705871) +- Make boinc_var_lib_t mountpoint BZ(1711682) +- All NetworkManager_ssh_t rules have to be in same optional block with ssh_basic_client_template(), fixing this bug in NetworkManager policy +- Allow dbus chat between NetworkManager_t and NetworkManager_ssh_t domains. BZ(1677484) +- Fix find commands in Makefiles +- Allow systemd-timesyncd to read network state BZ(1694272) + * Fri May 17 2019 Lukas Vrabec - 3.14.2-59 - Allow NetworkManager_ssh_t domain to open communication channel with system dbus. BZ(1677484) diff --git a/sources b/sources index 6b6f935..96a107c 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-6bcaeb9.tar.gz) = 598ccc67dd1c7a086c1849e32292b7c8c6951bd72039cf31824b40f3ff3e96766df5e49c4689d017a3bf52f740b898db488a506942b460933eb26a8f0bc6e693 -SHA512 (selinux-policy-4f000a2.tar.gz) = 33f24fea82ec8f2e9ee209daad0e358043818beb822ca38856b0729d5b78339d5e4cf7f6ed61b1a656ca3094d75d5e281f53f9002eb5f310a8e378bb223890f2 -SHA512 (container-selinux.tgz) = c50151e044a0882481282099c5dd8437f6a75cb3c730a35fde90db9bec42350c64cb544522232095ea6769e6e205909d9beeb78df4067101222a333eed1d30c8 +SHA512 (selinux-policy-contrib-5229396.tar.gz) = 0f81e93228762b755ca581d6702f82499a871efc1d8d9ee7b9a908d5f932da3219f973c58524992ecbcffa31fe6488e0ed928027e4a53454720b4e55ab288777 +SHA512 (selinux-policy-15c59a7.tar.gz) = ef975a52782d84b264420d187e5e0fe7ffdfe69cd289337747d115e92e5830c115e654a1a3387fd7309767b6b444ed9437762001f56ce1fc607c437b3503e026 +SHA512 (container-selinux.tgz) = 0b2343abaaf357e7988861b5e6ef9ff6d1f615bb0c2d2cb9e5b60f21ce8ee6e078504f187bad0e4dfa49ccca4f7c971eb1b22d9c6515acaaa771556b027c3e9a