* Mon Aug 03 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-23

- Revert "Add support for /sys/fs/kdbus and allow login_pgm domain to access it." - Revert "Add interface to allow types to associate with cgroup filesystems" - Revert "kdbusfs should not be accessible for now." - Revert "kdbusfs should not be accessible for now by default for shipped policies. It should be moved to kdbus.pp" - Revert "Add kdbus.pp policy to allow access /sys/fs/kdbus. It needs to go with own module because this is workaround for now to avoid SELinux in enforcing mode." - Remove the legacy kdbus module - Remove "kdbus = module" from modules-targeted-base.conf
2020-08-03 13:25:54 +02:00 · 2020-08-03 13:25:54 +02:00 · 01e3f0a70d
commit 01e3f0a70d
parent 8394f612f0
4 changed files with 14 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -475,3 +475,4 @@ serefpolicy*
 /selinux-policy-contrib-3e36d23.tar.gz
 /selinux-policy-contrib-72b3524.tar.gz
 /selinux-policy-3952201.tar.gz
+/selinux-policy-217d493.tar.gz
--- a/modules-targeted-base.conf
+++ b/modules-targeted-base.conf
@ -391,10 +391,3 @@ udev = module
 # The unconfined domain.
 # 
 unconfined = module
-
-# Layer: system
-# Module: kdbus
-#
-# Policy for kdbus.
-#
-kdbus = module
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 395220122fcd6b93956c758a2a5094487254a89e
+%global commit0 217d49334447021da909edf8b07007e319540ae3
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.6
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -784,6 +784,15 @@ exit 0
 %endif

 %changelog
+* Mon Aug 03 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-23
+- Revert "Add support for /sys/fs/kdbus and allow login_pgm domain to access it."
+- Revert "Add interface to allow types to associate with cgroup filesystems"
+- Revert "kdbusfs should not be accessible for now."
+- Revert "kdbusfs should not be accessible for now by default for shipped policies. It should be moved to kdbus.pp"
+- Revert "Add kdbus.pp policy to allow access /sys/fs/kdbus. It needs to go with own module because this is workaround for now to avoid SELinux in enforcing mode."
+- Remove the legacy kdbus module
+- Remove "kdbus = module" from modules-targeted-base.conf
+
 * Thu Jul 30 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-22
 - Allow virtlockd only getattr and lock block devices
 - Allow qemu-ga read all non security file types conditionally
--- a/4
+++ b/4
@ -1,4 +1,4 @@
 SHA512 (selinux-policy-contrib-72b3524.tar.gz) = cea10b427dd3163af8c41f42e8335725d922365829ea22b3cea86ed65db1428aea36543f2eb1e117dda47cc7281b5df29458ed7ce14353b9927646f6c7b01380
-SHA512 (selinux-policy-3952201.tar.gz) = bbbfe75befd7991a5daadfdea9077e72d9afd184cf942a692a5027874ff9f35b3111a9d6f6fc600db55846d05019d45003e1e2b38e2ede33569a35adaf72d1ea
-SHA512 (container-selinux.tgz) = 56ab458b50e755d586bfb4df82a6fab788124feb5b57a7947d5c38208468c76826c466e1515264fd3cbfed785b110251f2233125b3c8e61a67503437c12a92c3
+SHA512 (selinux-policy-217d493.tar.gz) = f22dcdbdab72eff7b677a25889b5c10d40cd8711229f89eaca8e89615690267d5db17966c4682771064abfa997edf42c2d4d4bd7f643348603defb705f9afebc
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (container-selinux.tgz) = b0e3d877927447b34b5323c9c3f283455a5476e312b7260fde781df5ef9f1058d6adeebf679f273d4de9414d058a995e5fd0fe9baef02f0c5c399f2114518931