* Tue May 19 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-14

- Allow chronyc_t domain to use nsswitch - Allow nscd_socket_use() for domains in nscd_use() unconditionally - Add allow rules for lttng-sessiond domain - Label dirsrv systemd unit files and add dirsrv_systemctl() - Allow gluster geo-replication in rsync mode - Allow nagios_plugin_domain execute programs in bin directories - Allow sys_admin capability for domain labeled systemd_bootchart_t - Split the arping path regexp to 2 lines to prevent from relabeling - Allow tcpdump sniffing offloaded (RDMA) traffic - Revert "Change arping path regexp to work around fixfiles incorrect handling" - Change arping path regexp to work around fixfiles incorrect handling - Allow read efivarfs_t files by domains executing systemctl file
2020-05-19 17:52:53 +02:00 · 2020-05-19 17:52:53 +02:00 · 1111964e2a
parent 6a3fec4b74
commit 1111964e2a
3 changed files with 22 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -460,3 +460,5 @@ serefpolicy*
 /selinux-policy-contrib-6db7310.tar.gz
 /selinux-policy-b583642.tar.gz
 /selinux-policy-contrib-80860a3.tar.gz
+/selinux-policy-contrib-cafd506.tar.gz
+/selinux-policy-6d96694.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 b5836428b2a73ac6fee5fc101a630ea79095a82f
+%global commit0 6d966941f05ea6148bd91886e7bf91d7ae59690c
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 80860a357b13706296074de5e53362dd46887577
+%global commit1 cafd50640ad014d92e9efdc9aef3dbde638f1816
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.6
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -774,6 +774,20 @@ exit 0
 %endif

 %changelog
+* Tue May 19 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-14
+- Allow chronyc_t domain to use nsswitch
+- Allow nscd_socket_use() for domains in nscd_use() unconditionally
+- Add allow rules for lttng-sessiond domain
+- Label dirsrv systemd unit files and add dirsrv_systemctl()
+- Allow gluster geo-replication in rsync mode
+- Allow nagios_plugin_domain execute programs in bin directories
+- Allow sys_admin capability for domain labeled systemd_bootchart_t
+- Split the arping path regexp to 2 lines to prevent from relabeling
+- Allow tcpdump sniffing offloaded (RDMA) traffic
+- Revert "Change arping path regexp to work around fixfiles incorrect handling"
+- Change arping path regexp to work around fixfiles incorrect handling
+- Allow read efivarfs_t files by domains executing systemctl file
+
 * Wed Apr 29 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-13
 - Update networkmanager_read_pid_files() to allow also list_dir_perms
 - Update policy for NetworkManager_ssh_t
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (selinux-policy-b583642.tar.gz) = 6ba0e3a86700485d5c83b2849601a1ccc2a53dde94ce394c6f756a6a58f3173ba7595f741da4b19febc90df6fb9efd627cfddc2fdbb9474b5a2446c1c1454c4b
-SHA512 (selinux-policy-contrib-80860a3.tar.gz) = d42d86bb5b75d24fb59ac7312880da31535c4971b890636be42e63bc99ff74fc8e6b184cf3ab17cfd35d0f17c9e26f928015b15e4b0d3451b512223bf22ada11
-SHA512 (container-selinux.tgz) = ccc15935ad53f5c6e955c500f7c4612e0e6544ee41647dfef13208b55edf52af0a7f652d4ec56130dc944a84f398bf6f991d2baf9bc0fb37d80cd3bee9eac6c9
+SHA512 (selinux-policy-contrib-cafd506.tar.gz) = 8ed7996e84c7c7671891601e68e6b894770458204a0bfb60cf737d4cdab9aaeef76000dd40b8dcc16b6ebf312a5bdf53133be366b0496cc1b38f73c7902bf923
+SHA512 (selinux-policy-6d96694.tar.gz) = 4c69446665068244363a80f13e6ccc4c10deb3f1b2fde7d1ee7f6ac5a3f626b111dbd70454f6176410547b8187355c1a45adcb12cf0ebfb5373d002a99bbef0c
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (container-selinux.tgz) = f6863fbbd458f8415609c051ab0033e400413000d81e58a5b928c12ebf9eefa5603357760823ffe155623670a840fcee6a91a3adae9e6b7877ea5aca03610cd2