* Sat Apr 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-12

- Add new boolean redis_enable_notify() - Label /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t - Add new label for vmtools scripts and label it as vmtools_unconfined_t stored in /etc/vmware-tools/ - Allow svnserve_t domain to manage kerberos rcache and read krb5 keytab - Add dac_override and dac_read_search capability to hypervvssd_t domain - Label /usr/lib/systemd/systemd-fence_sanlockd as fenced_exec_t - Allow samba to create /tmp/host_0 as krb5_host_rcache_t - Add dac_override capability to fsdaemon_t BZ(1564143) - Allow abrt_t domain to map dos files BZ(1564193) - Add dac_override capability to automount_t domain - Allow keepalived_t domain to connect to system dbus bus - Allow nfsd_t to read nvme block devices BZ(1562554) - Allow lircd_t domain to execute bin_t files BZ(1562835) - Allow l2tpd_t domain to read sssd public files BZ(1563355) - Allow logrotate_t domain to do dac_override BZ(1539327) - Remove labeling for /etc/vmware-tools to bin_t it should be vmtools_unconfined_exec_t - Add capability sys_resource to systemd_sysctl_t domain - Label all /dev/rbd* devices as fixed_disk_device_t - Allow xdm_t domain to mmap xserver_log_t files BZ(1564469) - Allow local_login_t domain to rread udev db - Allow systemd_gpt_generator_t to read /dev/random device - add definition of bpf class and systemd perms
2018-04-07 20:34:23 +02:00 · 2018-04-07 20:34:23 +02:00 · 1778514e56
parent 9762a51f7b
commit 1778514e56
3 changed files with 32 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -268,3 +268,5 @@ serefpolicy*
 /selinux-policy-contrib-504d76b.tar.gz
 /selinux-policy-01924d8.tar.gz
 /selinux-policy-contrib-1255203.tar.gz
+/selinux-policy-contrib-10b75cc.tar.gz
+/selinux-policy-bb22502.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 01924d88be61f3e27e247848a94c855fe00569dd
+%global commit0 bb225028a9a5145547fb08cc8b18d1d17b1b4c02
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 1255203e38764839fa90a34f43de98f81278756a
+%global commit1 10b75cc2d3be4bc057bb63d254afaacd53a9cd03
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -717,6 +717,30 @@ exit 0
 %endif

 %changelog
+* Sat Apr 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-12
+- Add new boolean redis_enable_notify()
+- Label  /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t
+- Add new label for vmtools scripts and label it as vmtools_unconfined_t stored in /etc/vmware-tools/
+- Allow svnserve_t domain to manage kerberos rcache and read krb5 keytab
+- Add dac_override and dac_read_search capability to hypervvssd_t domain
+- Label /usr/lib/systemd/systemd-fence_sanlockd as fenced_exec_t
+- Allow samba to create /tmp/host_0 as krb5_host_rcache_t
+- Add dac_override capability to fsdaemon_t BZ(1564143)
+- Allow abrt_t domain to map dos files BZ(1564193)
+- Add dac_override capability to automount_t domain
+- Allow keepalived_t domain to connect to system dbus bus
+- Allow nfsd_t to read nvme block devices BZ(1562554)
+- Allow lircd_t domain to execute bin_t files BZ(1562835)
+- Allow l2tpd_t domain to read sssd public files BZ(1563355)
+- Allow logrotate_t domain to do dac_override BZ(1539327)
+- Remove labeling for /etc/vmware-tools to bin_t it should be vmtools_unconfined_exec_t
+- Add capability sys_resource to systemd_sysctl_t domain
+- Label all /dev/rbd* devices as fixed_disk_device_t
+- Allow xdm_t domain to mmap xserver_log_t files BZ(1564469)
+- Allow local_login_t domain to rread udev db
+- Allow systemd_gpt_generator_t to read /dev/random device
+- add definition of bpf class and systemd perms
+
 * Thu Mar 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-11
 - Allow accountsd_t domain to dac override BZ(1561304)
 - Allow cockpit_ws_t domain to read system state BZ(1561053)
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-01924d8.tar.gz) = c8ebdee9ac293216059e06100cb4c1c3d4f8db0e9bb27a4eeccf3f760a99e0bc77e159cfb56247b58bbe743f8ebda2fc8c73c4fe2182646d81d3dae4651419f8
-SHA512 (selinux-policy-contrib-1255203.tar.gz) = 5d3db6f6417d5d2197afad616e65baac4d32e01825410d190841e15cef63f3c4e2cd799d0407e86662eddf3ae79b80e1ea41e6408562a7466e662b910798ccd6
-SHA512 (container-selinux.tgz) = adfdb07302cfc3083e194b37708908a83365c3ff609033cb66270dc35e4ef02528c7bce9c320f3ad5dc054d5559649666ccd2e1b30e6dd0d02fee0c0d6ca71ee
+SHA512 (selinux-policy-contrib-10b75cc.tar.gz) = 406584495d53ef60dfe90a842906d86dd93c769f5e3c207ef8ca49be90d54bc98615b23953217bce945d0099be928fafe3ac60d0912456335c0652c8ab282def
+SHA512 (selinux-policy-bb22502.tar.gz) = 9571c259971c43168e2feb352ee03579e68084b00565ce567040c06e556fe64ba3ca1f06644980612ad3dd47b95416c66f7a5ee4426f03cead8c715e20ae4a49
+SHA512 (container-selinux.tgz) = 7a10741c808044e7ba23a6be5e7a294456eb1ea8c802167415e106943727a37be50c061c0b58eb6b593ce22941635a61cb35af1bfd38ab236efe9341a47feffe