diff --git a/.gitignore b/.gitignore index 91fd92e..4fb3391 100644 --- a/.gitignore +++ b/.gitignore @@ -241,3 +241,5 @@ serefpolicy* /selinux-policy-contrib-68a780b.tar.gz /selinux-policy-0087f3e.tar.gz /selinux-policy-contrib-93c9a53.tar.gz +/selinux-policy-747f4e6.tar.gz +/selinux-policy-contrib-4fe9943.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index c6d2cd9..4b2eebc 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 0087f3e102d17ccd709e91873493ad4367a4604e +%global commit0 747f4e6775d773ab74efae5aa37f3e5e7f0d4aca %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 93c9a53f55dfee388e5b7e945fc19b4283fe9b3a +%global commit1 4fe994375eb873a2fb7a1205180df832d1f32079 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -719,6 +719,22 @@ exit 0 %endif %changelog +* Tue Jan 30 2018 Lukas Vrabec - 3.14.1-4 +- rpm: Label /usr/share/rpm usr_t (ostree/Atomic systems) +- Update dbus_role_template() BZ(1536218) +- Allow lldpad_t domain to mmap own tmpfs files BZ(1534119) +- Allow blueman_t dbus chat with policykit_t BZ(1470501) +- Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t BZ(1507110) +- Allow postfix_master_t and postfix_local_t to connect to system dbus. BZ(1530275) +- Allow system_munin_plugin_t domain to read sssd public files and allow stream connect to ssd daemon BZ(1528471) +- Allow rkt_t domain to bind on rkt_port_t tcp BZ(1534636) +- Allow jetty_t domain to mmap own temp files BZ(1534628) +- Allow sslh_t domain to read sssd public files and stream connect to sssd. BZ(1534624) +- Consistently label usr_t for kernel/initrd in /usr +- kernel/files.fc: Label /usr/lib/sysimage as usr_t +- Allow iptables sysctl load list support with SELinux enforced +- Label HOME_DIR/.config/systemd/user/* user unit files as systemd_unit_file_t BZ(1531864) + * Fri Jan 19 2018 Lukas Vrabec - 3.14.1-3 - Merge pull request #45 from jlebon/pr/rot-sd-dbus-rawhide - Allow virt_domains to acces infiniband pkeys. diff --git a/sources b/sources index bdb8535..e44231d 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-0087f3e.tar.gz) = fed487abb21eb46d80ddae7686fabdaf107163d0b372d757ea7f60e4d5bb32e635ea46bf81ba602fff46281f230e4a273d3d5abaf7107bf4d5c72a845ca7cec9 -SHA512 (selinux-policy-contrib-93c9a53.tar.gz) = b2e3b29d30e418a766a9a4eeb1833c9bb6ab3e9ad599bfa88694978ca3e32e3ec97e9317095e08b97d92a0705536e423ac6e6f7d726d7150d341bcd9122afc58 -SHA512 (container-selinux.tgz) = 2e026f683942fd5dc73a107fd3a143b843e0af70abe939a2859dfcc28bad2e283094b2a13dafa0f7ae1a0fd65d3fda3cff33fbaade6097c9b6781e25da8ee582 +SHA512 (selinux-policy-747f4e6.tar.gz) = e0caa773814d47f8e803d92540d9a0f94c9842fc0c9f970692734d257e8cab74b912da024ee7b1fb0a354d15d87d1c2cedf11e71fd4a5b7e57d9f6a1ca9f6585 +SHA512 (selinux-policy-contrib-4fe9943.tar.gz) = a8f8db61c7a7a1ea0eef723c11d733014a893edb41ec3b8383dc2f482eb1d80001fcacae226b95461439dae8d592332739c634fb83d137722326ad0d1385940f +SHA512 (container-selinux.tgz) = e45c6e1d9fa8df43a7950e3d1bae6e274ccd094fc8e859db9f90c284b463530d79f141b8aabc85b8ce109811b11022df20ec47df4514b65e5bc4088f2cb973af