diff --git a/.gitignore b/.gitignore index bc471d2..1a73155 100644 --- a/.gitignore +++ b/.gitignore @@ -418,3 +418,5 @@ serefpolicy* /selinux-policy-7b7648b.tar.gz /selinux-policy-contrib-dee19b8.tar.gz /selinux-policy-40f6bcc.tar.gz +/selinux-policy-contrib-6c531fb.tar.gz +/selinux-policy-4253587.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index dcbf4d7..3a75732 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 40f6bccc38526717eb8ff2032d3c915bc77ad3d1 +%global commit0 425358721b94b80f2597a9fb1fd269051b92e1aa %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 dee19b8b41fcf9ca57e9e019b30b112a7546c030 +%global commit1 6c531fbe9839ed089245918743948f844a8f58da %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.5 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,25 @@ exit 0 %endif %changelog +* Wed Nov 13 2019 Lukas Vrabec - 3.14.5-13 +- Fix typo bugs in rtas_errd_read_lock() interface +- cockpit: Drop cockpit-cert-session +- Allow timedatex_t domain to systemctl chronyd domains +- Allow ipa_helper_t to read kr5_keytab_t files +- cockpit: Allow cockpit-session to read cockpit-tls state directory +- Allow stratisd_t domain to read nvme and fixed disk devices +- Update lldpad_t policy module +- Dontaudit tmpreaper_t getting attributes from sysctl_type files +- cockpit: Support https instance factory +- Added macro for timedatex to chat over dbus. +- Fix typo in dev_filetrans_all_named_dev() +- Update files_manage_etc_runtime_files() interface to allow manage also dirs +- Fix typo in cachefiles device +- Dontaudit sys_admin capability for auditd_t domains +- Allow x_userdomain to read adjtime_t files +- Allow users using template userdom_unpriv_user_template() to run bpf tool +- Allow x_userdomain to dbus_chat with timedatex. + * Sun Nov 03 2019 Lukas Vrabec - 3.14.5-12 - Label /var/cache/nginx as httpd_cache_t - Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald diff --git a/sources b/sources index f6df1e8..4bc0c85 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-dee19b8.tar.gz) = dc7f4e9f11b00548505f698d4993dcd66229b60afdd7c558aef391bb9ff90a4a9ae6fa8a62c9f565e2cc131e0dc6e8341998af3b9728d360de59c68737eb5183 -SHA512 (selinux-policy-40f6bcc.tar.gz) = b82310184959b36cd2a6de960913994b1ebf63c36d95a7b2de14f3cdf6feb2df1f215900925957b6a47a5be2f7ff9dc41fff4e9b6db3a82c683eca8e73f9c322 +SHA512 (selinux-policy-contrib-6c531fb.tar.gz) = a6b2212d8d6684905d05a75bda64933abb8f4d68cf5e8cc8b982a6eb071dfdf382c4b07cd15eb5594f2092f53bec25f37b15a43920c0ef856aa5dfcf41c5bb4b +SHA512 (selinux-policy-4253587.tar.gz) = 4577ef3bd26f52cb7865475599192a38c19faf0d090169af8f3696aede177561dd74e830e50bff88cb9e253721043a4bf8ee6bc8fa2287f7b9cf40a9611f50a1 +SHA512 (container-selinux.tgz) = 1ed85817b06b92efe5b09f449a47e46730c650d04c70b8e28ab80009be851885a232edb84a075dd37eb3c1b4291204abeeacd62bb31394bf481dfd5afb65cfb6 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 7a0d3e5c47fd1c856b63ed5aa9eba1f553fcd4afa941cf66a61876032dbb53d4dcfd58fff105251b2d8c34e6e47c086815b4bd31f363b1eaa73192c1c5f3dab9