diff --git a/.gitignore b/.gitignore index a5eaa0e9..e2b08ab2 100644 --- a/.gitignore +++ b/.gitignore @@ -431,3 +431,5 @@ serefpolicy* /selinux-policy-789c659.tar.gz /selinux-policy-b169ed6.tar.gz /selinux-policy-contrib-cabad1f.tar.gz +/selinux-policy-533b7be.tar.gz +/selinux-policy-contrib-be783bd.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index ec29a2fc..0bf92c6a 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 b169ed68eafa6e5ce675629d8ff21ded5f645107 +%global commit0 533b7be0d2b9f6ad895b36cedb2d010ee8be9c03 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 cabad1ffdee56048ffbc69424b64163d4a6edd06 +%global commit1 be783bd4b9aa52ed0bbb5555128659a3e1c91410 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.5 -Release: 20%{?dist} +Release: 21%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -772,6 +772,19 @@ exit 0 %endif %changelog +* Fri Jan 24 2020 Zdenek Pytela - 3.14.5-21 +- Dontaudit timedatex_t read file_contexts_t and validate security contexts +- Make stratisd_t domain unconfined for now. +- stratisd_t policy updates. +- Label /var/spool/plymouth/boot.log as plymouthd_var_log_t +- Label /stratis as stratisd_data_t +- Allow opafm_t to create and use netlink rdma sockets. +- Allow stratisd_t domain to read/write fixed disk devices and removable devices. +- Added macro for stratisd to chat over dbus +- Add dac_override capability to stratisd_t domain +- Allow init_t set the nice level of all domains BZ(1778088) +- Allow userdomain to chat with stratisd over dbus. + * Mon Jan 13 2020 Lukas Vrabec - 3.14.5-20 - Fix typo in anaconda SELinux module - Allow rtkit_t domain to control scheduling for your install_t processes diff --git a/sources b/sources index 420604fe..a414b9c0 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-b169ed6.tar.gz) = 5640904281188d07a33d1f106440b9d468454a88a4b89fe8618c1947d56dede848a8dd89c3257d000e42ee0f5eaa291a1dc15e9d4638513af50dc63d6dba535f -SHA512 (selinux-policy-contrib-cabad1f.tar.gz) = 15c65dfe4f1079ea987b37262304bdca2aa795fe388efeae3ba1d93da49ab7667429ac4a935ec12249a70189cc68606ba4b1d0a1839f1131cbb9404302d82fd2 -SHA512 (container-selinux.tgz) = b4ad092d9ab2a1e0c3251d0246b29823409c10a14c540d4880df006a883c43934083cdaa080ac0cd841b403cf006bb823f808d57a631462ddc588239dd452058 +SHA512 (selinux-policy-533b7be.tar.gz) = 07a1e523e3a2b4ba87ff5c97eda96bcf018669dd2feca6997df3ccecb221410a85f49fde45a90b460c650595ed9385b3024d3654010f760b3a74783ef3e5e0f7 +SHA512 (selinux-policy-contrib-be783bd.tar.gz) = 760f86bc1ebc7380d15657e064bee9a889e5958c5a96247aef79f2ccd886ab8b48289d8fe83a037d5da91baf96129cde2dfa5971f5ea262d46916efffcd371f1 +SHA512 (container-selinux.tgz) = 05a4576ed8dfd670fc008da05f569c4be4e044b9c5c7a12511e4844e86932d9c6f04260bf3e766be59a67d1791b345edb93ff7d73b70b243f078962f6be37b98 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4