* Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-9
- Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795) - Allow nagios to exec itself and mmap nagios spool files BZ(1559683) - Allow nagios to mmap nagios config files BZ(1559683) - Fixing Ganesha module - Fix typo in NetworkManager module - Fix bug in gssproxy SELinux module - Allow abrt_t domain to mmap container_file_t files BZ(1525573) - Allow networkmanager to be run ssh client BZ(1558441) - Allow pcp domains to do dc override BZ(1557913) - Dontaudit pcp_pmie_t to reaquest lost kernel module - Allow pcp_pmcd_t to manage unpriv userdomains semaphores BZ(1554955) - Allow httpd_t to read httpd_log_t dirs BZ(1554912) - Allow fail2ban_t to read system network state BZ(1557752) - Allow dac override capability to mandb_t domain BZ(1529399) - Allow collectd_t domain to mmap collectd_var_lib_t files BZ(1556681) - Dontaudit bug in kernel 4.16 when domains requesting loading kernel modules BZ(1555369) - Add Domain transition from gssproxy_t to httpd_t domains BZ(1548439) - Allow httpd_t to mmap user_home_type files if boolean httpd_read_user_content is enabled BZ(1555359) - Allow snapperd to relabel snapperd_data_t - Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets - Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled - Allow insmod_t to load modules BZ(1544189) - Allow systemd_rfkill_t domain sys_admin capability BZ(1557595) - Allow systemd_networkd_t to read/write tun tap devices - Add shell_exec_t file as domain entry for init_t - Label also /run/systemd/resolved/ as systemd_resolved_var_run_t BZ(1556862) - Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module BZ(1557347) - Improve userdom_mmap_user_home_content_files - Allow systemd_logind_t domain to setattributes on fixed disk devices BZ(1555414) - Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module - Allow semanage_t domain mmap usr_t files - Add new boolean: ssh_use_tcpd()
This commit is contained in:
parent
67396b3121
commit
0dae2c353f
|
@ -264,3 +264,5 @@ serefpolicy*
|
||||||
/selinux-policy-contrib-d2dd0ad.tar.gz
|
/selinux-policy-contrib-d2dd0ad.tar.gz
|
||||||
/selinux-policy-contrib-7ecfe28.tar.gz
|
/selinux-policy-contrib-7ecfe28.tar.gz
|
||||||
/selinux-policy-116b85e.tar.gz
|
/selinux-policy-116b85e.tar.gz
|
||||||
|
/selinux-policy-154a8cf.tar.gz
|
||||||
|
/selinux-policy-contrib-504d76b.tar.gz
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 116b85e97e58ba673c77b67766fe8807a0100a0e
|
%global commit0 154a8cf70407f08901f55f333e42e3b0342c9d08
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 7ecfe283d8c85cf9c6da289b9b511ab95b1d3c36
|
%global commit1 504d76b257ff5bd6e89ef782eccf1ea376da0ecc
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.2
|
Version: 3.14.2
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
|
@ -717,6 +717,40 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Mar 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-9
|
||||||
|
- Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795)
|
||||||
|
- Allow nagios to exec itself and mmap nagios spool files BZ(1559683)
|
||||||
|
- Allow nagios to mmap nagios config files BZ(1559683)
|
||||||
|
- Fixing Ganesha module
|
||||||
|
- Fix typo in NetworkManager module
|
||||||
|
- Fix bug in gssproxy SELinux module
|
||||||
|
- Allow abrt_t domain to mmap container_file_t files BZ(1525573)
|
||||||
|
- Allow networkmanager to be run ssh client BZ(1558441)
|
||||||
|
- Allow pcp domains to do dc override BZ(1557913)
|
||||||
|
- Dontaudit pcp_pmie_t to reaquest lost kernel module
|
||||||
|
- Allow pcp_pmcd_t to manage unpriv userdomains semaphores BZ(1554955)
|
||||||
|
- Allow httpd_t to read httpd_log_t dirs BZ(1554912)
|
||||||
|
- Allow fail2ban_t to read system network state BZ(1557752)
|
||||||
|
- Allow dac override capability to mandb_t domain BZ(1529399)
|
||||||
|
- Allow collectd_t domain to mmap collectd_var_lib_t files BZ(1556681)
|
||||||
|
- Dontaudit bug in kernel 4.16 when domains requesting loading kernel modules BZ(1555369)
|
||||||
|
- Add Domain transition from gssproxy_t to httpd_t domains BZ(1548439)
|
||||||
|
- Allow httpd_t to mmap user_home_type files if boolean httpd_read_user_content is enabled BZ(1555359)
|
||||||
|
- Allow snapperd to relabel snapperd_data_t
|
||||||
|
- Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets
|
||||||
|
- Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled
|
||||||
|
- Allow insmod_t to load modules BZ(1544189)
|
||||||
|
- Allow systemd_rfkill_t domain sys_admin capability BZ(1557595)
|
||||||
|
- Allow systemd_networkd_t to read/write tun tap devices
|
||||||
|
- Add shell_exec_t file as domain entry for init_t
|
||||||
|
- Label also /run/systemd/resolved/ as systemd_resolved_var_run_t BZ(1556862)
|
||||||
|
- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module BZ(1557347)
|
||||||
|
- Improve userdom_mmap_user_home_content_files
|
||||||
|
- Allow systemd_logind_t domain to setattributes on fixed disk devices BZ(1555414)
|
||||||
|
- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module
|
||||||
|
- Allow semanage_t domain mmap usr_t files
|
||||||
|
- Add new boolean: ssh_use_tcpd()
|
||||||
|
|
||||||
* Wed Mar 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-8
|
* Wed Mar 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-8
|
||||||
- Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets
|
- Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets
|
||||||
- Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled
|
- Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled
|
||||||
|
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
||||||
SHA512 (selinux-policy-contrib-7ecfe28.tar.gz) = 0dd8ad461e3442fabe3cc1b5852f512d265f6eaca6a2f62623a61ee645a1addadea4d0892b9ed6df09be6e9a3f91a103b292be14b04d2666c794a74a5017a447
|
SHA512 (selinux-policy-154a8cf.tar.gz) = cb2d27370b8bf22e8f6dc2d7aae5531fe7013feae3cafd7981abc5719618b496524114a99d52845fa63582776f7cbeb880d83b5b520211382d8b765403124dc2
|
||||||
SHA512 (selinux-policy-116b85e.tar.gz) = e5b3f9ed20603e6fa3e2a4b7e50deaaf3202672a99e889194d67a6c2dfd00521fb087701551754dda5905fe81f80c7dd29ff1655c4882c26b5b9a5227198e7a6
|
SHA512 (container-selinux.tgz) = fcb1cf77dda55ab2b104efe45b06bfccc9fb3e6e816e5b7aaff3a80c7451b4f3cab295f0a21f8ab683f6e2051d2a99ec2eb4a31efc9b58239daa6564f1a81d34
|
||||||
SHA512 (container-selinux.tgz) = 65467e6d7afef429a19506dcad5f904b39f5ae9e5d089b5d3cf1560f35a3107ea61f6d0bd8326c1416f1b6264c1ee84ead29e32a65993dc70a726f5fa5811d3a
|
SHA512 (selinux-policy-contrib-504d76b.tar.gz) = 6ee751115a09824eb099a2ae8bc14690c9833f76d00d39d4fc30e78233aeff79031b16c01895b9d04e39599eb988e578166e57cfa363bd896107676618a46418
|
||||||
|
|
Loading…
Reference in New Issue