From 2809c70adb3fc1ace982dd3ab470ceceea30453f Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Apr 08 2019 13:54:57 +0000 Subject: * Mon Apr 08 2019 Lukas Vrabec - 3.14.4-9 - Merge #18 `Add check for config file consistency` - Allow tlp_t domain also write to nvme_devices block devices BZ(1696943) - Fix typo in rhsmcertd SELinux module - Allow dnsmasq_t domain to manage NetworkManager_var_lib_t files - Allow rhsmcertd_t domain to read yum.log file labeled as rpm_log_t - Allow unconfined users to use vsock unlabeled sockets - Add interface kernel_rw_unlabeled_vsock_socket() - Allow unconfined users to use smc unlabeled sockets - Add interface kernel_rw_unlabeled_smc_socket - Allow systemd_resolved_t domain to read system network state BZ(1697039) - Allow systemd to mounton kernel sysctls BZ(1696201) - Add interface kernel_mounton_kernel_sysctl() BZ(1696201) - Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201 --- diff --git a/.gitignore b/.gitignore index 14c71e5..484d2ed 100644 --- a/.gitignore +++ b/.gitignore @@ -357,3 +357,5 @@ serefpolicy* /selinux-policy-contrib-7010ac2.tar.gz /selinux-policy-50cc590.tar.gz /selinux-policy-f1590bb.tar.gz +/selinux-policy-contrib-8659df1.tar.gz +/selinux-policy-f8a2347.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index db3d2b1..3e1c9e9 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 f1590bba44512c226c35927e8afaa33b31bba36d +%global commit0 f8a234739cc2409b70ebeca3147856f026482aff %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 7010ac2d758cea65ee6aad1a9a8814c52e1ae89b +%global commit1 8659df15169ae04f8e92992709feb826fb22016b %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,21 @@ exit 0 %endif %changelog +* Mon Apr 08 2019 Lukas Vrabec - 3.14.4-9 +- Merge #18 `Add check for config file consistency` +- Allow tlp_t domain also write to nvme_devices block devices BZ(1696943) +- Fix typo in rhsmcertd SELinux module +- Allow dnsmasq_t domain to manage NetworkManager_var_lib_t files +- Allow rhsmcertd_t domain to read yum.log file labeled as rpm_log_t +- Allow unconfined users to use vsock unlabeled sockets +- Add interface kernel_rw_unlabeled_vsock_socket() +- Allow unconfined users to use smc unlabeled sockets +- Add interface kernel_rw_unlabeled_smc_socket +- Allow systemd_resolved_t domain to read system network state BZ(1697039) +- Allow systemd to mounton kernel sysctls BZ(1696201) +- Add interface kernel_mounton_kernel_sysctl() BZ(1696201) +- Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201 + * Fri Apr 05 2019 Lukas Vrabec - 3.14.4-8 - Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201 diff --git a/sources b/sources index 2983a7a..066ad6c 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-7010ac2.tar.gz) = 641ae2d0d978fe14146a64aa6f8b46ef8aa5e62ac98fb634655584cc956d886ca47fc97b2050322d336f76db3bae638c32e7a680593399a114749eb01156ab07 -SHA512 (selinux-policy-f1590bb.tar.gz) = 128c445f44c9cb77caef881da7845ea6d109008619ee88eb4300d3ce4644d9b543068d13ce518a38c5aa94d82665b392de6d0421d7b257ac95ac79a3c3aac6df +SHA512 (selinux-policy-contrib-8659df1.tar.gz) = 3b153d7b5190452561e1b6253dcdebac1e8cf20d071734b44f38f0e74b3106a5158a1fbcd004d2b29befaed98cda30a937bc4f38a60be13f2943c57b61296cac +SHA512 (selinux-policy-f8a2347.tar.gz) = 7c6434f09f02e8b93ae494e7567a45ad99e14f5fbc00f1d846a6cacad46de1c605dd8255764fd240010a0b5c8c532cee00f6d8f7b29b6751fde2ff94d6afb23d +SHA512 (container-selinux.tgz) = d50466ecfc34645df7f40532688afe720dd51ae7a9e56dbc735278be0e12b076780128ab59aee7534bfe9f91eb36780c7920ad422c936289a2c90f9c8d283d0c SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2 -SHA512 (container-selinux.tgz) = 85a093c9be8c24a26ce4dbc8cd0ed31d4aec37d68867f4f84b5ad75896ce3c08cebafad5d18af4d3aeaa8c3418a4657841a33089214806b33c272822bcc76516