diff --git a/.gitignore b/.gitignore index ee75544..35dacb0 100644 --- a/.gitignore +++ b/.gitignore @@ -370,3 +370,5 @@ serefpolicy* /selinux-policy-11adb24.tar.gz /selinux-policy-contrib-4b6fbdf.tar.gz /selinux-policy-990073a.tar.gz +/selinux-policy-contrib-2aab124.tar.gz +/selinux-policy-0c321b9.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index fe04629..df58712 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 990073ab4a384934921c446b0b944f10031e8031 +%global commit0 0c321b9c02ea8637ac8f2bd8376ddcc2e06f921a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 4b6fbdf45e7a4b626b36daaecf17d6fee1718b5f +%global commit1 2aab124072718998b8605743c93a4efc74f341ca %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 36%{?dist} +Release: 37%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -714,6 +714,28 @@ exit 0 %endif %changelog +* Fri May 17 2019 Lukas Vrabec - 3.14.3-37 +- Fix typo in gpg SELinux module +- Update gpg policy to make ti working with confined users +- Add domain transition that systemd labeled as init_t can execute spamd_update_exec_t binary to run newly created process as spamd_update_t +- Remove allow rule for virt_qemu_ga_t to write/append user_tmp_t files +- Label /var/run/user/*/dbus-1 as session_dbusd_tmp_t +- Add dac_override capability to namespace_init_t domain +- Label /usr/sbin/corosync-qdevice as cluster_exec_t +- Allow NetworkManager_ssh_t domain to open communication channel with system dbus. BZ(1677484) +- Label /usr/libexec/dnf-utils as debuginfo_exec_t +- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on +- Allow nrpe_t domain to be dbus cliennt +- Add interface sssd_signull() +- Label /usr/bin/tshark as wireshark_exec_t +- Update userdomains to allow confined users to create gpg keys +- Allow associate all filesystem_types with fs_t +- Dontaudit syslogd_t using kill in unamespaces BZ(1711122) +- Allow init_t to manage session_dbusd_tmp_t dirs +- Allow systemd_gpt_generator_t to read/write to clearance +- Allow su_domain_type to getattr to /dev/gpmctl +- Update userdom_login_user_template() template to make working systemd user session for guest and xguest SELinux users + * Fri May 17 2019 Lukas Vrabec - 3.14.3-36 - Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on - Allow nrpe_t domain to be dbus cliennt diff --git a/sources b/sources index 8cd6d12..7e5e603 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-4b6fbdf.tar.gz) = 1afa7146e20d109ebb32cede6266a689a57990ff257a004698209fc6ec07e3a279b0fec40dc27eed069b953fc5526253d29311142fe6feae8374593ec70361a6 -SHA512 (selinux-policy-990073a.tar.gz) = 7ffa641b12ef4304ee2b1e7fe026ece24e8b2996c4de29967e868f5d736d02f32ab3569b6516d30174ab6325350e2ec093e1d5c051f64ae0f4cce77e342d5fa2 -SHA512 (container-selinux.tgz) = 14f7618414af9fea6aa50e488580df1c79640c0f3364c8880bc085e30f63df001e2b2c7c83cc03ba9c290ad4ef911c64c2ff9e2bd1c83f0f952efe91f15a2b50 +SHA512 (selinux-policy-contrib-2aab124.tar.gz) = b46ab2ea7c9a2e30ec012df11b0317a26e714ff2a3943cff3a4b91a98978ba98a1040e9f798fad8bd37d654f2cda68f170ce3f290c7942adc8313840330fddce +SHA512 (selinux-policy-0c321b9.tar.gz) = 6af70aef066bd4cf7261c41fb0002d0af20ff8dbba9e3cf06380d5cd8230ae6e625983dc482f5fbcfd7a2215bf1343f2c19473b37d4364c016f61a0964a2c21d SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2 +SHA512 (container-selinux.tgz) = 92a34b7a38db0975635bc9018f398a8a134a3ee8e3d83365b82a3cb1ab2d9fc25f4f32d9cf61a62dd41e3f58009e38905caceda9f6427fbd98ac8573c20afdc9