diff --git a/.gitignore b/.gitignore index 470a50e..48f8c2e 100644 --- a/.gitignore +++ b/.gitignore @@ -412,3 +412,5 @@ serefpolicy* /selinux-policy-contrib-84cf0f5.tar.gz /selinux-policy-contrib-7c1c105.tar.gz /selinux-policy-contrib-070f96c.tar.gz +/selinux-policy-contrib-7adf788.tar.gz +/selinux-policy-c95997f.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index bbc53a1..e44d97b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 aa4c0707e6664ede25e49f57d3c9b4d267650ca1 +%global commit0 c95997f82617ebaf9b87845b3a2b5c721b99b212 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 070f96cf0f59735f1d01cb7f9427292b7f112fd3 +%global commit1 7adf7883d0fdd9349f09ceb121e68a63d25503cd %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.5 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,19 @@ exit 0 %endif %changelog +* Tue Oct 22 2019 Lukas Vrabec - 3.14.5-10 +- Update timedatex policy to add macros, more detail below +- Allow nagios_script_t domain list files labled sysfs_t. +- Allow jetty_t domain search and read cgroup_t files. +- Allow Gluster mount client to mount files_type +- Dontaudit and disallow sys_admin capability for keepalived_t domain +- Update numad policy to allow signull, kill, nice and trace processes +- Allow ipmievd_t to RW watchdog devices +- Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files +- Allow user domains to manage user session services +- Allow staff and user users to get status of user systemd session +- Update sudo_role_template() to allow caller domain to read syslog pid files + * Fri Oct 11 2019 Lukas Vrabec - 3.14.5-9 - Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226) diff --git a/sources b/sources index 7ec2ca5..5ac1c31 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-070f96c.tar.gz) = f08779b54b9e90ffb6ef5c7f7e490387aa1182a6eb3e7773106d683333455c07c076fa47e864457a818e0339dce049de3ed1e9493e9d1312235c7d289022851f -SHA512 (selinux-policy-aa4c070.tar.gz) = d8ac4aa13531b2ddd30a3f1eddad3e77cdd5f955d0960b7d40e52e7bbd667428c2dd13be1b4b3559dcd6c36eec7e05d349b5de7141910f44e16233fba7a9ddb2 -SHA512 (container-selinux.tgz) = a7a91d81967702fcbff61f8c066887cf033dfbc1671b4d35f273fb137a3400b121efa1d166e99cc741b8a06e65458a86290f43cda333fa9f80168d9e24f4ab12 +SHA512 (selinux-policy-contrib-7adf788.tar.gz) = 3757c701cca46d858cae1128db3e05b373de3e7e1d56ad4eef137e46047ecfe06e811a1e24c96da9156ebed9e38d7053f0940743de65e866680a693ad47ac2e2 +SHA512 (selinux-policy-c95997f.tar.gz) = 50b2fc0cf928f6408c85bb805cf6bb5b1369a125937db897acbcf69ef24b988427723b313c4d1032bc4313c036a720c017b771c3df53410c1514c6c97acc9ac0 +SHA512 (container-selinux.tgz) = 1d271ad131ddde8eaf08304d9bb9b86e01588a513d3ebdf0bc8fcd4249132a060bf5c5d2e8311badba4a0428ab700c1a27b5d0b9f11e93d78e0ef15acc987aa4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4