From f32fe382079e79deb866e950a5f00975acc316d1 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Nov 27 2019 19:26:39 +0000 Subject: * Wed Nov 27 2019 Lukas Vrabec - 3.14.5-17 - Fix nonexisting types in rtas_errd_rw_lock interface - Allow snmpd_t domain to trace processes in user namespace - Allow timedatex_t domain to read relatime clock and adjtime_t files - Allow zebra_t domain to execute zebra binaries - Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t - Allow ksmtuned_t domain to trace processes in user namespace - Allow systemd to read symlinks in /var/lib - Update dev_mounton_all_device_nodes() interface - Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro. - Allow systemd_domain to map files in /usr. - Allow strongswan start using swanctl method BZ(1773381) - Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976) --- diff --git a/.gitignore b/.gitignore index ab9d1a3..9a03436 100644 --- a/.gitignore +++ b/.gitignore @@ -422,3 +422,5 @@ serefpolicy* /selinux-policy-4253587.tar.gz /selinux-policy-contrib-5041702.tar.gz /selinux-policy-a9839a5.tar.gz +/selinux-policy-contrib-35568c7.tar.gz +/selinux-policy-90b3284.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 2ebbebd..83e8199 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 a9839a5cc8e1f2cefd1dba7c2fcdf39529e905fb +%global commit0 90b328406aea1168714563924a291d4673be58c0 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 50417020c0ed7ed1e521eb12f58dd91372063caf +%global commit1 35568c715194d6f4f408996f0060b6b554147ddf %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.5 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,20 @@ exit 0 %endif %changelog +* Wed Nov 27 2019 Lukas Vrabec - 3.14.5-17 +- Fix nonexisting types in rtas_errd_rw_lock interface +- Allow snmpd_t domain to trace processes in user namespace +- Allow timedatex_t domain to read relatime clock and adjtime_t files +- Allow zebra_t domain to execute zebra binaries +- Label /usr/lib/NetworkManager/dispatcher as NetworkManager_initrc_exec_t +- Allow ksmtuned_t domain to trace processes in user namespace +- Allow systemd to read symlinks in /var/lib +- Update dev_mounton_all_device_nodes() interface +- Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro. +- Allow systemd_domain to map files in /usr. +- Allow strongswan start using swanctl method BZ(1773381) +- Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976) + * Thu Nov 21 2019 Zdenek Pytela - 3.14.5-16 - Allow timedatex_t domain dbus chat with both confined and unconfined users - Allow timedatex_t domain dbus chat with unconfined users diff --git a/sources b/sources index 50e0a1a..0c6d394 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-5041702.tar.gz) = 446f8410f3ae4e02b817c2a276dba952def50e63e424b4ac6effb74a767f77bc8b39cbbf6b016655415dd60a9f98825e380c9018e487b7e42429d55d84595b2e -SHA512 (selinux-policy-a9839a5.tar.gz) = f24c72b570dcfb13f028a587c6d35cb15b3ad0a2a703191f7ff61981b9369736f35be70814de69cc521aefacffeed5ca4f199be551773db7cd548501644f71b5 -SHA512 (container-selinux.tgz) = ff705ac90392582372e5e80dcb54d151de6f627a31d8afc510c4ba565612fcde83bfe2861c8bcbbffd027761294b4f87954da48afaaef2e960b1f64378c07a2c +SHA512 (selinux-policy-contrib-35568c7.tar.gz) = 979ea145ba88f38910735a7a7d8625878adf76c5736d125348fc5ff3b85b86d9adaf2a3ac227381ef073e69b66ccb92a22bf105d3e8fd48e3c993ac5aa86f1c8 +SHA512 (selinux-policy-90b3284.tar.gz) = 44bd6ca31e082104a7a158fd3d4e19b3e97351a371f22e29d72f8be623edb511192e5aaf1c355e90e0cd8e5a548de0e86028ede170b60b6dc52a48afcc9955a3 +SHA512 (container-selinux.tgz) = b02cdc3ff37eec2925c4df1d9f8ec285ce175a906646128069440a1f9add956742ff3f3fff7479fdb22867073cf9b017c959920d29500b2c0f6375b5855c772e SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4