From 8692ea4c0d8d65a374d52f4c8c291f7ccee7d846 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Nov 28 2019 15:26:38 +0000 Subject: [PATCH 1/2] * Thu Nov 28 2019 Zdenek Pytela - 3.14.4-43 - Fix nonexisting types in rtas_errd_rw_lock interface - Allow snmpd_t domain to trace processes in user namespace - Allow zebra_t domain to execute zebra binaries - Allow ksmtuned_t domain to trace processes in user namespace - Allow systemd to read symlinks in /var/lib - Update dev_mounton_all_device_nodes() interface - Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro. - Allow strongswan start using swanctl method BZ(1773381) - Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976) --- diff --git a/.gitignore b/.gitignore index bc985ef..8c58217 100644 --- a/.gitignore +++ b/.gitignore @@ -420,3 +420,5 @@ serefpolicy* /selinux-policy-contrib-749bb89.tar.gz /selinux-policy-90c58ad.tar.gz /selinux-policy-contrib-701f8a8.tar.gz +/selinux-policy-7f14f01.tar.gz +/selinux-policy-contrib-b0a6a6c.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index d5bf5bc..032d74f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 90c58ad4a4f59cf579c3c5087dfd02430ac0aa2b +%global commit0 7f14f01caa135d9f9deb97ec10c02563f3991a50 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 701f8a8ce06c027e78976377e771765b6d0b066f +%global commit1 b0a6a6c7ed13bf07aeb8a5ebf5fa6701f1e91d73 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 42%{?dist} +Release: 43%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,17 @@ exit 0 %endif %changelog +* Thu Nov 28 2019 Zdenek Pytela - 3.14.4-43 +- Fix nonexisting types in rtas_errd_rw_lock interface +- Allow snmpd_t domain to trace processes in user namespace +- Allow zebra_t domain to execute zebra binaries +- Allow ksmtuned_t domain to trace processes in user namespace +- Allow systemd to read symlinks in /var/lib +- Update dev_mounton_all_device_nodes() interface +- Add the miscfiles_map_generic_certs macro to the sysnet_dns_name_resolve macro. +- Allow strongswan start using swanctl method BZ(1773381) +- Dontaudit systemd_tmpfiles_t getattr of all file types BZ(1772976) + * Fri Nov 22 2019 Zdenek Pytela - 3.14.4-42 - Allow NetworkManager_t manage dhcpc_state_t BZ(1770698) - Label tcp ports 24816,24817 as pulp_port_t diff --git a/sources b/sources index d36bbe0..eb0822d 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-90c58ad.tar.gz) = c0cf6cf01096dd9f6364fcb43c9ac4f1d0b276a18b9a920c753da4985c94d975ddef9597540d2a99f1299ea617b1e0f4b66c5f144f14c0e430969eee3a7a2c7a -SHA512 (selinux-policy-contrib-701f8a8.tar.gz) = 491578147e4661965a0398d335fcf88a1c4e6c2758600ad20603809082701a97242454465205ee0547ccee34634a62ee5af22748e1461bd47e715d7963cd14f7 -SHA512 (container-selinux.tgz) = 1ef6282dc8c827dc4e8724cff1a6ffe3eff7481cc8296768466d01b0327a2fb058789e1f30213aacec1f9b9ec75c38ec16e53fefc2ce2ca397866e4760bcb7dc +SHA512 (selinux-policy-7f14f01.tar.gz) = 854d8921900ea64555161ba5b5883a316b74b626fa922b1e593af3dd0058ac1966d4d50711edf2dfc1bc227fa79aba6a535b2ec9a176b5343381117bc7b99589 +SHA512 (selinux-policy-contrib-b0a6a6c.tar.gz) = 66c9fb700ec1c0edb035b1a742f9f5461cbb0ced92cf49ecce2e4a709a86870de47a831772e204e59c26a694706594c32967d7d0beb7941d92a9a2f35a09c619 +SHA512 (container-selinux.tgz) = fef9117270ac5c259727a593ef9612f54d80646aacd4e012c4af6ca01275057f76acf22469192f803dd2f299cf40a607ea8abf3377b7bad8e18d1ed2d1668c7f SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 From 5df6a89117fff3e0de7964852e16a15c522fa6f3 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Dec 02 2019 12:08:19 +0000 Subject: [PATCH 2/2] Rebuild the package --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 032d74f..6256a44 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 43%{?dist} +Release: 43%{?dist}.1 License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,9 @@ exit 0 %endif %changelog +* Mon Dec 02 2019 Zdenek Pytela - 3.14.4-43.1 +- rebuilt + * Thu Nov 28 2019 Zdenek Pytela - 3.14.4-43 - Fix nonexisting types in rtas_errd_rw_lock interface - Allow snmpd_t domain to trace processes in user namespace