diff --git a/.gitignore b/.gitignore index b395e96..abb3d32 100644 --- a/.gitignore +++ b/.gitignore @@ -394,3 +394,5 @@ serefpolicy* /selinux-policy-contrib-b7144a2.tar.gz /selinux-policy-cd63aff.tar.gz /selinux-policy-contrib-e563a8d.tar.gz +/selinux-policy-contrib-4396848.tar.gz +/selinux-policy-b313a79.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 92982bd..3f1a807 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 cd63aff25446f708713cd6f9f65001e2b35b3427 +%global commit0 b313a79dbfd2fba545e00f31aa53d29c6f2b2722 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 e563a8d1d64f11841d6e5f7cca6ecddbdb9a0123 +%global commit1 43968483ee1c505dea7ec17dd1789cc1b6fcb831 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 29%{?dist} +Release: 30%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,25 @@ exit 0 %endif %changelog +* Tue Aug 13 2019 Lukas Vrabec - 3.14.4-30 +- cockpit: Allow cockpit-session to read cockpit-tls state +- Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983) +- Allow named_t domain to read/write samba_var_t files BZ(1738794) +- Dontaudit abrt_t domain to read root_t files +- Allow ipa_dnskey_t domain to read kerberos keytab +- Allow mongod_t domain to read cgroup_t files BZ(1739357) +- Update ibacm_t policy +- Allow systemd to relabel all files on system. +- Revert "Add new boolean systemd_can_relabel" +- Allow xdm_t domain to read kernel sysctl BZ(1740385) +- Add sys_admin capability for xdm_t in user namespace. BZ(1740386) +- Allow dbus communications with resolved for DNS lookups +- Add new boolean systemd_can_relabel +- Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp +- Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t +- Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs +- Run lvmdbusd service as lvm_t + * Wed Aug 07 2019 Lukas Vrabec - 3.14.4-29 - Allow dlm_controld_t domain setgid capability - Fix SELinux modules not installing in chroots. diff --git a/sources b/sources index 24c56cf..83607d8 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-cd63aff.tar.gz) = a6b92f5800371c1726f0c8f386f3352f564c52c9ed4a5ecde09a6141fabc657ca44020c34a13c9cd592ec3411c462ced80d74ad77a8403dcad08eec3cdc02136 -SHA512 (selinux-policy-contrib-e563a8d.tar.gz) = 5eb6bdc884b13e94a7a0b91a8e496ffa1a731a87e1362ff571e748129d95f9abd8ed39ff9d1453e062a2a7e78ee36978ce0734fd3e58155b8147e7048ff4107e +SHA512 (selinux-policy-contrib-4396848.tar.gz) = 97d5d9f9e59bf607e9170a2ff12b9d33ea8892178be4ea1a202a08fcedb7e1df5d78443cd79e4b544a8f6a67f5783e516f2c85de9f4e56f93753cfe21887639e +SHA512 (selinux-policy-b313a79.tar.gz) = eadcceeb207448aa38a3826e3dc444602abfc42c67543ae5a58c2379f78b209fe578bd50101e628d99a02282ba9d473dee3126462f172b68b2c39b889dd8062c +SHA512 (container-selinux.tgz) = 3d4989bcf7a96d7efc64eed149b259d0ad17d405c5aa0c553b04d5de5c956aa290b87b32846a629017528dcb10223e3de1e0f51f810b3d1199356d1b245cabc7 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = b7c4030cc1d3f07c6cfe9ab6cf1b50c571301531866a7e1d44061cff777230acf9bfadbe11929baf4f8a7da74a0ad0f46139fcb0d6039cf1435915f4aab59592