diff --git a/.gitignore b/.gitignore index 7a65950..5a0be69 100644 --- a/.gitignore +++ b/.gitignore @@ -475,3 +475,4 @@ serefpolicy* /selinux-policy-contrib-3e36d23.tar.gz /selinux-policy-contrib-72b3524.tar.gz /selinux-policy-3952201.tar.gz +/selinux-policy-217d493.tar.gz diff --git a/modules-targeted-base.conf b/modules-targeted-base.conf index a8775db..e7456ef 100644 --- a/modules-targeted-base.conf +++ b/modules-targeted-base.conf @@ -391,10 +391,3 @@ udev = module # The unconfined domain. # unconfined = module - -# Layer: system -# Module: kdbus -# -# Policy for kdbus. -# -kdbus = module diff --git a/selinux-policy.spec b/selinux-policy.spec index bcde1de..f9a7358 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 395220122fcd6b93956c758a2a5094487254a89e +%global commit0 217d49334447021da909edf8b07007e319540ae3 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.6 -Release: 22%{?dist} +Release: 23%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -784,6 +784,15 @@ exit 0 %endif %changelog +* Mon Aug 03 2020 Zdenek Pytela - 3.14.6-23 +- Revert "Add support for /sys/fs/kdbus and allow login_pgm domain to access it." +- Revert "Add interface to allow types to associate with cgroup filesystems" +- Revert "kdbusfs should not be accessible for now." +- Revert "kdbusfs should not be accessible for now by default for shipped policies. It should be moved to kdbus.pp" +- Revert "Add kdbus.pp policy to allow access /sys/fs/kdbus. It needs to go with own module because this is workaround for now to avoid SELinux in enforcing mode." +- Remove the legacy kdbus module +- Remove "kdbus = module" from modules-targeted-base.conf + * Thu Jul 30 2020 Zdenek Pytela - 3.14.6-22 - Allow virtlockd only getattr and lock block devices - Allow qemu-ga read all non security file types conditionally diff --git a/sources b/sources index 7c1be60..a6a585a 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ SHA512 (selinux-policy-contrib-72b3524.tar.gz) = cea10b427dd3163af8c41f42e8335725d922365829ea22b3cea86ed65db1428aea36543f2eb1e117dda47cc7281b5df29458ed7ce14353b9927646f6c7b01380 -SHA512 (selinux-policy-3952201.tar.gz) = bbbfe75befd7991a5daadfdea9077e72d9afd184cf942a692a5027874ff9f35b3111a9d6f6fc600db55846d05019d45003e1e2b38e2ede33569a35adaf72d1ea -SHA512 (container-selinux.tgz) = 56ab458b50e755d586bfb4df82a6fab788124feb5b57a7947d5c38208468c76826c466e1515264fd3cbfed785b110251f2233125b3c8e61a67503437c12a92c3 +SHA512 (selinux-policy-217d493.tar.gz) = f22dcdbdab72eff7b677a25889b5c10d40cd8711229f89eaca8e89615690267d5db17966c4682771064abfa997edf42c2d4d4bd7f643348603defb705f9afebc SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = b0e3d877927447b34b5323c9c3f283455a5476e312b7260fde781df5ef9f1058d6adeebf679f273d4de9414d058a995e5fd0fe9baef02f0c5c399f2114518931