From cd58e5ef257ddd77cace694ef8572cbabd7dd62e Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Jan 24 2020 15:22:33 +0000 Subject: * Fri Jan 24 2020 Zdenek Pytela - 3.14.4-45 - Make stratisd_t domain unconfined for now. - stratisd_t policy updates. - Label /var/spool/plymouth/boot.log as plymouthd_var_log_t - Label /stratis as stratisd_data_t - Allow opafm_t to create and use netlink rdma sockets. - Allow stratisd_t domain to read/write fixed disk devices and removable devices. - Add dac_override capability to stratisd_t domain - Added macro for stratisd to chat over dbus - Allow init_t set the nice level of all domains BZ(1778088) - Allow userdomain to chat with stratisd over dbus. --- diff --git a/.gitignore b/.gitignore index ca9e4c0..dbdd84f 100644 --- a/.gitignore +++ b/.gitignore @@ -424,3 +424,5 @@ serefpolicy* /selinux-policy-contrib-b0a6a6c.tar.gz /selinux-policy-contrib-1bd9cb3.tar.gz /selinux-policy-cecd2a7.tar.gz +/selinux-policy-d33b7b6.tar.gz +/selinux-policy-contrib-1bfb9ee.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index c0d3109..17c2e39 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 cecd2a7d5d72f51eadf353477dd3ed8450648cca +%global commit0 d33b7b6cb2a2b9364ecf9fc23c7fce6fe0e97b0a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 1bd9cb3801d1d773fdb14dbb54e487e561302a2c +%global commit1 1bfb9ee334ca7b8bbbab1cf91a519c4b95a2e643 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 44%{?dist} +Release: 45%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,18 @@ exit 0 %endif %changelog +* Fri Jan 24 2020 Zdenek Pytela - 3.14.4-45 +- Make stratisd_t domain unconfined for now. +- stratisd_t policy updates. +- Label /var/spool/plymouth/boot.log as plymouthd_var_log_t +- Label /stratis as stratisd_data_t +- Allow opafm_t to create and use netlink rdma sockets. +- Allow stratisd_t domain to read/write fixed disk devices and removable devices. +- Add dac_override capability to stratisd_t domain +- Added macro for stratisd to chat over dbus +- Allow init_t set the nice level of all domains BZ(1778088) +- Allow userdomain to chat with stratisd over dbus. + * Mon Jan 13 2020 Lukas Vrabec - 3.14.4-44 - Fix typo in anaconda SELinux module - Allow rtkit_t domain to control scheduling for your install_t processes diff --git a/sources b/sources index c9b07fd..ae65a3e 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-1bd9cb3.tar.gz) = 1178f3df9f07897e8cdf512169889b9587ea1c58b108ec5b5e80a08f6c43606f34b01307026a25fb42e11e7193596368f272728fe817c9a3ca659d773bc78b5c -SHA512 (selinux-policy-cecd2a7.tar.gz) = 32dbf47d35dc1737e1f4d0a25b0ad51c33d8fa1cdbbbe9f6c7f5a4c8c07c6ceab93953f47a9f3a586c8d867ad129314675aee7bf4b3c1630501cf24dc681212b -SHA512 (container-selinux.tgz) = 9ce27b90e6bedb4ae03b4c0feaf804df6a5a47b0a6fd312fd7c64a52a6532214fcb75bbad6836dadac5dcf78adeb848858801ad647882e2003fc62b6742c6142 +SHA512 (selinux-policy-d33b7b6.tar.gz) = 077c05af756220a15fb4d7df4842dbc8c1f084ebc4a7c3d668c7d64d1672262ce69ea736e9952050b1bedb79524c643bf77c4e0a25dc871e1bb237d1decef611 +SHA512 (selinux-policy-contrib-1bfb9ee.tar.gz) = e3f40f7ba00afbc26ec5778afbe2fd9eeccb56f6ba417979cced05a39ff59991c935ca8365d5163f1b060645ffed6a4d9af96e8b1debf75cdc8e2871add37514 +SHA512 (container-selinux.tgz) = bfab7331afc8473bd4732f5da73be3eacbfd6dd7061325f293270992942b067b375166f0a9615321ed5d19fa9bad4e73c3318effce3f51a412d21d7c0b08db60 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4