diff --git a/.gitignore b/.gitignore index 4da3240..9ef9ae4 100644 --- a/.gitignore +++ b/.gitignore @@ -325,3 +325,5 @@ serefpolicy* /selinux-policy-62d90da.tar.gz /selinux-policy-contrib-a01743f.tar.gz /selinux-policy-4cbc1ae.tar.gz +/selinux-policy-contrib-a0e3869.tar.gz +/selinux-policy-509e071.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 274426e..138d794 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 4cbc1ae7dbe8f08edee55b33d1031f0ee0c6ff4e +%global commit0 509e071fb3ded4e982bdf7fdcdc8bbc8f7779172 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 a01743f0cd8f3fd2aa99b32ff01697eeb0918b0c +%global commit1 a0e386916f8bbd64918c3ab98267431e8a78bfe9 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 13%{?dist} +Release: 14%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -709,6 +709,37 @@ exit 0 %endif %changelog +* Fri Dec 06 2018 Lukas Vrabec - 3.14.3-14 +- Remove all ganesha bits from gluster and rpc policy +- Label /usr/share/spamassassin/sa-update.cron as spamd_update_exec_t +- Add dac_override capability to ssad_t domains +- Allow pesign_t domain to read gnome home configs +- Label /usr/libexec/lm_sensors/sensord-service-wrapper as lsmd_exec_t +- Allow rngd_t domains read kernel state +- Allow certmonger_t domains to read bind cache +- Allow ypbind_t domain to stream connect to sssd +- Allow rngd_t domain to setsched +- Allow sanlock_t domain to read/write sysfs_t files +- Add dac_override capability to postfix_local_t domain +- Allow ypbind_t to search sssd_var_lib_t dirs +- Allow virt_qemu_ga_t domain to write to user_tmp_t files +- Allow systemd_logind_t to dbus chat with virt_qemu_ga_t +- Update sssd_manage_lib_files() interface to allow also mmap sssd_var_lib_t files +- Add new interface sssd_signal() +- Update xserver_filetrans_home_content() and xserver_filetrans_admin_home_content() unterfaces to allow caller domain to create .vnc dir in users homedir labeled as xdm_home_t +- Update logging_filetrans_named_content() to allow caller domains of this interface to create /var/log/journal/remote directory labeled as var_log_t +- Add sys_resource capability to the systemd_passwd_agent_t domain +- Allow ipsec_t domains to read bind cache +- kernel/files.fc: Label /run/motd as etc_t +- Allow systemd to stream connect to userdomain processes +- Label /var/lib/private/systemd/ as init_var_lib_t +- Allow initrc_t domain to create new socket labeled as init_T +- Allow audisp_remote_t domain remote logging client to read local audit events from relevant socket. +- Add tracefs_t type to mountpoint attribute +- Allow useradd_t and groupadd_t domains to send signals to sssd_t +- Allow systemd_logind_t domain to remove directories labeled as tmpfs_t BZ(1648636) +- Allow useradd_t and groupadd_t domains to access sssd files because of the new feature in shadow-utils + * Wed Nov 07 2018 Lukas Vrabec - 3.14.3-13 - Update pesign policy to allow pesign_t domain to read bind cache files/dirs - Add dac_override capability to mdadm_t domain diff --git a/sources b/sources index e52dc2e..814e5e9 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-a01743f.tar.gz) = 4f21db7f96599c85d4d16b275b693338f63c00083e0931e4658d93c23ee969f6670c7dcde67d54e3c55718577759bd14f7ee68c3e82896e0b6334077fbc98686 -SHA512 (selinux-policy-4cbc1ae.tar.gz) = 0d6a5f5df9dda62b72ad037f124eed91e06d7657d15c0d6155b6e5449b6fca034c6ac1759fb5cb42ab39ea9973a5149403267afc21f15f849e86bea1d6b61f62 -SHA512 (container-selinux.tgz) = d4cc25cfd87b9efd77424f3a799044a927488756e31bd157f59613acb0bb4da19013fc2e22ff9194b2ebfb6c57d33a98d7a1f76e9720f1ac8fa889b39807f0ac +SHA512 (selinux-policy-contrib-a0e3869.tar.gz) = ba019a31f71790b65f07fad44ffcab0d50d1b4a4086ea7f3b756d67895aac1b6e0d01514f192bc07c9ede1f35fe7b2ab28b7d3a159255e305d8c08e65d393427 +SHA512 (selinux-policy-509e071.tar.gz) = cd4c1411aa74c43491d4482d537aa25b3dd670afef72e6da927e515cdb7ed66515f6d700c9bd02167f03faec3034733b6f61a82e58ba0a8ec2a85e14d33be3e2 +SHA512 (container-selinux.tgz) = 1e5c84f12624082b371cf56228ea17a39c4ba55689ca65d85498b51e5762129fe34099061ef42d052577a64ae89d8abd60e15bc81878db251155438202ee0165