- Update timedatex policy to add macros, more detail below

- Allow nagios_script_t domain list files labled sysfs_t.
- Allow jetty_t domain search and read cgroup_t files.
- Allow Gluster mount client to mount files_type
- Dontaudit and disallow sys_admin capability for keepalived_t domain
- Update numad policy to allow signull, kill, nice and trace processes
- Allow ipmievd_t to RW watchdog devices
- Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
- Allow user domains to manage user session services
- Allow staff and user users to get status of user systemd session
- Update sudo_role_template() to allow caller domain to read syslog pid files
This commit is contained in:
Lukas Vrabec 2019-10-22 15:43:26 +02:00
parent 4a9509e8a2
commit 03b04ae77e
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 21 additions and 6 deletions

2
.gitignore vendored
View File

@ -412,3 +412,5 @@ serefpolicy*
/selinux-policy-contrib-84cf0f5.tar.gz /selinux-policy-contrib-84cf0f5.tar.gz
/selinux-policy-contrib-7c1c105.tar.gz /selinux-policy-contrib-7c1c105.tar.gz
/selinux-policy-contrib-070f96c.tar.gz /selinux-policy-contrib-070f96c.tar.gz
/selinux-policy-contrib-7adf788.tar.gz
/selinux-policy-c95997f.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 aa4c0707e6664ede25e49f57d3c9b4d267650ca1 %global commit0 c95997f82617ebaf9b87845b3a2b5c721b99b212
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 070f96cf0f59735f1d01cb7f9427292b7f112fd3 %global commit1 7adf7883d0fdd9349f09ceb121e68a63d25503cd
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.5 Version: 3.14.5
Release: 9%{?dist} Release: 10%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,19 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Oct 22 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-10
- Update timedatex policy to add macros, more detail below
- Allow nagios_script_t domain list files labled sysfs_t.
- Allow jetty_t domain search and read cgroup_t files.
- Allow Gluster mount client to mount files_type
- Dontaudit and disallow sys_admin capability for keepalived_t domain
- Update numad policy to allow signull, kill, nice and trace processes
- Allow ipmievd_t to RW watchdog devices
- Allow ldconfig_t domain to manage initrc_tmp_t link files Allow netutils_t domain to write to initrc_tmp_t fifo files
- Allow user domains to manage user session services
- Allow staff and user users to get status of user systemd session
- Update sudo_role_template() to allow caller domain to read syslog pid files
* Fri Oct 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-9 * Fri Oct 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-9
- Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226) - Allow networkmanager_t domain domain transition to chronyc_t domain BZ(1760226)

View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-070f96c.tar.gz) = f08779b54b9e90ffb6ef5c7f7e490387aa1182a6eb3e7773106d683333455c07c076fa47e864457a818e0339dce049de3ed1e9493e9d1312235c7d289022851f SHA512 (selinux-policy-contrib-7adf788.tar.gz) = 3757c701cca46d858cae1128db3e05b373de3e7e1d56ad4eef137e46047ecfe06e811a1e24c96da9156ebed9e38d7053f0940743de65e866680a693ad47ac2e2
SHA512 (selinux-policy-aa4c070.tar.gz) = d8ac4aa13531b2ddd30a3f1eddad3e77cdd5f955d0960b7d40e52e7bbd667428c2dd13be1b4b3559dcd6c36eec7e05d349b5de7141910f44e16233fba7a9ddb2 SHA512 (selinux-policy-c95997f.tar.gz) = 50b2fc0cf928f6408c85bb805cf6bb5b1369a125937db897acbcf69ef24b988427723b313c4d1032bc4313c036a720c017b771c3df53410c1514c6c97acc9ac0
SHA512 (container-selinux.tgz) = a7a91d81967702fcbff61f8c066887cf033dfbc1671b4d35f273fb137a3400b121efa1d166e99cc741b8a06e65458a86290f43cda333fa9f80168d9e24f4ab12 SHA512 (container-selinux.tgz) = 1d271ad131ddde8eaf08304d9bb9b86e01588a513d3ebdf0bc8fcd4249132a060bf5c5d2e8311badba4a0428ab700c1a27b5d0b9f11e93d78e0ef15acc987aa4
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4