rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-9 

- Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795)
- Allow nagios to exec itself and mmap nagios spool files BZ(1559683)
- Allow nagios to mmap nagios config files BZ(1559683)
- Fixing Ganesha module
- Fix typo in NetworkManager module
- Fix bug in gssproxy SELinux module
- Allow abrt_t domain to mmap container_file_t files BZ(1525573)
- Allow networkmanager to be run ssh client BZ(1558441)
- Allow pcp domains to do dc override BZ(1557913)
- Dontaudit pcp_pmie_t to reaquest lost kernel module
- Allow pcp_pmcd_t to manage unpriv userdomains semaphores BZ(1554955)
- Allow httpd_t to read httpd_log_t dirs BZ(1554912)
- Allow fail2ban_t to read system network state BZ(1557752)
- Allow dac override capability to mandb_t domain BZ(1529399)
- Allow collectd_t domain to mmap collectd_var_lib_t files BZ(1556681)
- Dontaudit bug in kernel 4.16 when domains requesting loading kernel modules BZ(1555369)
- Add Domain transition from gssproxy_t to httpd_t domains BZ(1548439)
- Allow httpd_t to mmap user_home_type files if boolean httpd_read_user_content is enabled BZ(1555359)
- Allow snapperd to relabel snapperd_data_t
- Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets
- Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled
- Allow insmod_t to load modules BZ(1544189)
- Allow systemd_rfkill_t domain sys_admin capability BZ(1557595)
- Allow systemd_networkd_t to read/write tun tap devices
- Add shell_exec_t file as domain entry for init_t
- Label also /run/systemd/resolved/ as systemd_resolved_var_run_t BZ(1556862)
- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module BZ(1557347)
- Improve userdom_mmap_user_home_content_files
- Allow systemd_logind_t domain to setattributes on fixed disk devices BZ(1555414)
- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module
- Allow semanage_t domain mmap usr_t files
- Add new boolean: ssh_use_tcpd()
This commit is contained in:
Lukas Vrabec 2018-03-25 01:02:58 +01:00
parent 67396b3121
commit 0dae2c353f
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -264,3 +264,5 @@ serefpolicy*
/selinux-policy-contrib-d2dd0ad.tar.gz
/selinux-policy-contrib-7ecfe28.tar.gz
/selinux-policy-116b85e.tar.gz
/selinux-policy-154a8cf.tar.gz
/selinux-policy-contrib-504d76b.tar.gz

40
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 116b85e97e58ba673c77b67766fe8807a0100a0e
%global commit0 154a8cf70407f08901f55f333e42e3b0342c9d08
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 7ecfe283d8c85cf9c6da289b9b511ab95b1d3c36
%global commit1 504d76b257ff5bd6e89ef782eccf1ea376da0ecc
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.2
Release: 8%{?dist}
Release: 9%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -717,6 +717,40 @@ exit 0
%endif
%changelog
* Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-9
- Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795)
- Allow nagios to exec itself and mmap nagios spool files BZ(1559683)
- Allow nagios to mmap nagios config files BZ(1559683)
- Fixing Ganesha module
- Fix typo in NetworkManager module
- Fix bug in gssproxy SELinux module
- Allow abrt_t domain to mmap container_file_t files BZ(1525573)
- Allow networkmanager to be run ssh client BZ(1558441)
- Allow pcp domains to do dc override BZ(1557913)
- Dontaudit pcp_pmie_t to reaquest lost kernel module
- Allow pcp_pmcd_t to manage unpriv userdomains semaphores BZ(1554955)
- Allow httpd_t to read httpd_log_t dirs BZ(1554912)
- Allow fail2ban_t to read system network state BZ(1557752)
- Allow dac override capability to mandb_t domain BZ(1529399)
- Allow collectd_t domain to mmap collectd_var_lib_t files BZ(1556681)
- Dontaudit bug in kernel 4.16 when domains requesting loading kernel modules BZ(1555369)
- Add Domain transition from gssproxy_t to httpd_t domains BZ(1548439)
- Allow httpd_t to mmap user_home_type files if boolean httpd_read_user_content is enabled BZ(1555359)
- Allow snapperd to relabel snapperd_data_t
- Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets
- Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled
- Allow insmod_t to load modules BZ(1544189)
- Allow systemd_rfkill_t domain sys_admin capability BZ(1557595)
- Allow systemd_networkd_t to read/write tun tap devices
- Add shell_exec_t file as domain entry for init_t
- Label also /run/systemd/resolved/ as systemd_resolved_var_run_t BZ(1556862)
- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module BZ(1557347)
- Improve userdom_mmap_user_home_content_files
- Allow systemd_logind_t domain to setattributes on fixed disk devices BZ(1555414)
- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module
- Allow semanage_t domain mmap usr_t files
- Add new boolean: ssh_use_tcpd()
* Wed Mar 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-8
- Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets
- Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled

6
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-contrib-7ecfe28.tar.gz) = 0dd8ad461e3442fabe3cc1b5852f512d265f6eaca6a2f62623a61ee645a1addadea4d0892b9ed6df09be6e9a3f91a103b292be14b04d2666c794a74a5017a447
SHA512 (selinux-policy-116b85e.tar.gz) = e5b3f9ed20603e6fa3e2a4b7e50deaaf3202672a99e889194d67a6c2dfd00521fb087701551754dda5905fe81f80c7dd29ff1655c4882c26b5b9a5227198e7a6
SHA512 (container-selinux.tgz) = 65467e6d7afef429a19506dcad5f904b39f5ae9e5d089b5d3cf1560f35a3107ea61f6d0bd8326c1416f1b6264c1ee84ead29e32a65993dc70a726f5fa5811d3a
SHA512 (selinux-policy-154a8cf.tar.gz) = cb2d27370b8bf22e8f6dc2d7aae5531fe7013feae3cafd7981abc5719618b496524114a99d52845fa63582776f7cbeb880d83b5b520211382d8b765403124dc2
SHA512 (container-selinux.tgz) = fcb1cf77dda55ab2b104efe45b06bfccc9fb3e6e816e5b7aaff3a80c7451b4f3cab295f0a21f8ab683f6e2051d2a99ec2eb4a31efc9b58239daa6564f1a81d34
SHA512 (selinux-policy-contrib-504d76b.tar.gz) = 6ee751115a09824eb099a2ae8bc14690c9833f76d00d39d4fc30e78233aeff79031b16c01895b9d04e39599eb988e578166e57cfa363bd896107676618a46418