From 5cdd516855250a65750d22e99de01c0981eda02e Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Jun 04 2020 11:00:42 +0000 Subject: * Thu Jun 04 2020 Zdenek Pytela - 3.14.6-15 - Add fetchmail_uidl_cache_t type for /var/mail/.fetchmail.pid - Support multiple ways of tlp invocation - Allow qemu-kvm read and write /dev/mapper/control - Introduce logrotate_use_cifs boolean - Allow ptp4l_t sys_admin capability to run bpf programs - Allow to getattr files on an nsfs filesystem - httpd: Allow NoNewPriv transition from systemd - Allow rhsmd read process state of all domains and kernel threads - Allow rhsmd mmap /etc/passwd - Allow systemd-logind manage efivarfs files - Allow initrc_t tlp_filetrans_named_content() - Allow systemd_resolved_t to read efivarfs - Allow systemd_modules_load_t to read efivarfs - Introduce systemd_read_efivarfs_type attribute - Allow named transition for /run/tlp from a user shell - Allow ipsec_mgmt_t mmap ipsec_conf_file_t files - Add file context for /sys/kernel/tracing --- diff --git a/.gitignore b/.gitignore index 10f4823..2064ebb 100644 --- a/.gitignore +++ b/.gitignore @@ -462,3 +462,5 @@ serefpolicy* /selinux-policy-contrib-80860a3.tar.gz /selinux-policy-contrib-cafd506.tar.gz /selinux-policy-6d96694.tar.gz +/selinux-policy-contrib-22a7272.tar.gz +/selinux-policy-7dd92fd.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 62c20b0..e472cea 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 6d966941f05ea6148bd91886e7bf91d7ae59690c +%global commit0 7dd92fda6b04b5c90feb038aabefb728a8773750 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 cafd50640ad014d92e9efdc9aef3dbde638f1816 +%global commit1 22a72723552b1c4bc6dd42f7f55fd9dd42426c3c %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.6 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -774,6 +774,25 @@ exit 0 %endif %changelog +* Thu Jun 04 2020 Zdenek Pytela - 3.14.6-15 +- Add fetchmail_uidl_cache_t type for /var/mail/.fetchmail.pid +- Support multiple ways of tlp invocation +- Allow qemu-kvm read and write /dev/mapper/control +- Introduce logrotate_use_cifs boolean +- Allow ptp4l_t sys_admin capability to run bpf programs +- Allow to getattr files on an nsfs filesystem +- httpd: Allow NoNewPriv transition from systemd +- Allow rhsmd read process state of all domains and kernel threads +- Allow rhsmd mmap /etc/passwd +- Allow systemd-logind manage efivarfs files +- Allow initrc_t tlp_filetrans_named_content() +- Allow systemd_resolved_t to read efivarfs +- Allow systemd_modules_load_t to read efivarfs +- Introduce systemd_read_efivarfs_type attribute +- Allow named transition for /run/tlp from a user shell +- Allow ipsec_mgmt_t mmap ipsec_conf_file_t files +- Add file context for /sys/kernel/tracing + * Tue May 19 2020 Zdenek Pytela - 3.14.6-14 - Allow chronyc_t domain to use nsswitch - Allow nscd_socket_use() for domains in nscd_use() unconditionally diff --git a/sources b/sources index 76aade1..13a9611 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-cafd506.tar.gz) = 8ed7996e84c7c7671891601e68e6b894770458204a0bfb60cf737d4cdab9aaeef76000dd40b8dcc16b6ebf312a5bdf53133be366b0496cc1b38f73c7902bf923 -SHA512 (selinux-policy-6d96694.tar.gz) = 4c69446665068244363a80f13e6ccc4c10deb3f1b2fde7d1ee7f6ac5a3f626b111dbd70454f6176410547b8187355c1a45adcb12cf0ebfb5373d002a99bbef0c +SHA512 (selinux-policy-contrib-22a7272.tar.gz) = c379dbd32627dd0d04a98f95d7291a9e5ab24932ebaaf065f8b5ccc941b23e36235a3e5ae9b78ee96e0fda28f2fc26bdfead6645e0925dd94856b47b6b66e60b +SHA512 (selinux-policy-7dd92fd.tar.gz) = 4a61d12d6565d1722a04a16878e48b1f8b74dd43e2f52d66495557e4a77eb0a50cd882f619a6f0d8c038ff64d38219fba06bce7f883aca86bf308d8a89340549 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = f6863fbbd458f8415609c051ab0033e400413000d81e58a5b928c12ebf9eefa5603357760823ffe155623670a840fcee6a91a3adae9e6b7877ea5aca03610cd2 +SHA512 (container-selinux.tgz) = 521d0028bf2140be7586ab39f4ac99c136cf8559506f9b755beb3ac50bd4de474430848c322d0917c7f9a1230ecc4d93704e12fefb19a64b5089456fc047438c