* Fri Apr 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-14
- Add dac_override capability to mailman_mail_t domain - Add dac_override capability to radvd_t domain - Update openvswitch policy - Add dac_override capability to oddjob_homedir_t domain - Allow slapd_t domain to mmap slapd_var_run_t files - Rename tang policy to tangd - Allow virtd_t domain to relabel virt_var_lib_t files - Allow logrotate_t domain to stop services via systemd - Add tang policy - Allow mozilla_plugin_t to create mozilla.pdf file in user homedir with label mozilla_home_t - Allow snapperd_t daemon to create unlabeled dirs. - Make httpd_var_run_t mountpoint - Allow hsqldb_t domain to mmap own temp files - We have inconsistency in cgi templates with upstream, we use _content_t, but refpolicy use httpd__content_t. Created aliasses to make it consistence - Allow Openvswitch adding netdev bridge ovs 2.7.2.10 FDP - Add new Boolean tomcat_use_execmem - Allow nfsd_t domain to read/write sysctl fs files - Allow conman to read system state - Allow brltty_t domain to be dbusd system client - Allow zebra_t domain to bind on babel udp port - Allow freeipmi domain to read sysfs_t files - Allow targetd_t domain mmap lvm config files - Allow abrt_t domain to manage kdump crash files - Add capability dac_override to antivirus domain - Allow svirt_t domain mmap svirt_image_t files BZ(1514538) - Allow ftpd_t domain to chat with systemd - Allow systemd init named socket activation for uuidd policy - Allow networkmanager domain to write to ecryptfs_t files BZ(1566706) - Allow l2tpd domain to stream connect to sssd BZ(1568160) - Dontaudit abrt_t to write to lib_t dirs BZ(1566784) - Allow NetworkManager_ssh_t domain transition to insmod_t BZ(1567630) - Allow certwatch to manage cert files BZ(1561418) - Merge pull request #53 from tmzullinger/rawhide - Merge pull request #52 from thetra0/rawhide - Allow abrt_dump_oops_t domain to mmap all non security files BZ(1565748) - Allow gpg_t domain mmap cert_t files Allow gpg_t mmap gpg_agent_t files - Allow NetworkManager_ssh_t domain use generic ptys. BZ(1565851) - Allow pppd_t domain read/write l2tpd pppox sockets BZ(1566096) - Allow xguest user use bluetooth sockets if xguest_use_bluetooth boolean is turned on. - Allow pppd_t domain creating pppox sockets BZ(1566271) - Allow abrt to map var_lib_t files - Allow chronyc to read system state BZ(1565217) - Allow keepalived_t domain to chat with systemd via dbus - Allow git to mmap git_(sys|user)_content_t files BZ(1518027) - Allow netutils_t domain to create bluetooth sockets - Allow traceroute to bind on generic sctp node - Allow traceroute to search network sysctls - Allow systemd to use virtio console - Label /dev/op_panel and /dev/opal-prd as opal_device_t
This commit is contained in:
parent
5c972253e7
commit
19c9a7d734
2
.gitignore
vendored
2
.gitignore
vendored
@ -272,3 +272,5 @@ serefpolicy*
|
|||||||
/selinux-policy-bb22502.tar.gz
|
/selinux-policy-bb22502.tar.gz
|
||||||
/selinux-policy-b8ddd7e.tar.gz
|
/selinux-policy-b8ddd7e.tar.gz
|
||||||
/selinux-policy-contrib-4b13776.tar.gz
|
/selinux-policy-contrib-4b13776.tar.gz
|
||||||
|
/selinux-policy-fee4738.tar.gz
|
||||||
|
/selinux-policy-contrib-6c883f6.tar.gz
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 b8ddd7e996c81e52fd793d69d2cfca8f21cffdbf
|
%global commit0 fee4738dd084c71e46aede3c55d1120522a855d6
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 4b13776189d49c87144522f1b5a7ba0a58970f1b
|
%global commit1 6c883f6889d087c93133428c18bff50330828153
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -29,7 +29,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.2
|
Version: 3.14.2
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
@ -718,6 +718,75 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-14
|
||||||
|
- Add dac_override capability to mailman_mail_t domain
|
||||||
|
- Add dac_override capability to radvd_t domain
|
||||||
|
- Update openvswitch policy
|
||||||
|
- Add dac_override capability to oddjob_homedir_t domain
|
||||||
|
- Allow slapd_t domain to mmap slapd_var_run_t files
|
||||||
|
- Rename tang policy to tangd
|
||||||
|
- Allow virtd_t domain to relabel virt_var_lib_t files
|
||||||
|
- Allow logrotate_t domain to stop services via systemd
|
||||||
|
- Add tang policy
|
||||||
|
- Allow mozilla_plugin_t to create mozilla.pdf file in user homedir with label mozilla_home_t
|
||||||
|
- Allow snapperd_t daemon to create unlabeled dirs.
|
||||||
|
- Make httpd_var_run_t mountpoint
|
||||||
|
- Allow hsqldb_t domain to mmap own temp files
|
||||||
|
- We have inconsistency in cgi templates with upstream, we use _content_t, but refpolicy use httpd__content_t. Created aliasses to make it consistence
|
||||||
|
- Allow Openvswitch adding netdev bridge ovs 2.7.2.10 FDP
|
||||||
|
- Add new Boolean tomcat_use_execmem
|
||||||
|
- Allow nfsd_t domain to read/write sysctl fs files
|
||||||
|
- Allow conman to read system state
|
||||||
|
- Allow brltty_t domain to be dbusd system client
|
||||||
|
- Allow zebra_t domain to bind on babel udp port
|
||||||
|
- Allow freeipmi domain to read sysfs_t files
|
||||||
|
- Allow targetd_t domain mmap lvm config files
|
||||||
|
- Allow abrt_t domain to manage kdump crash files
|
||||||
|
- Add capability dac_override to antivirus domain
|
||||||
|
- Allow svirt_t domain mmap svirt_image_t files BZ(1514538)
|
||||||
|
- Allow ftpd_t domain to chat with systemd
|
||||||
|
- Allow systemd init named socket activation for uuidd policy
|
||||||
|
- Allow networkmanager domain to write to ecryptfs_t files BZ(1566706)
|
||||||
|
- Allow l2tpd domain to stream connect to sssd BZ(1568160)
|
||||||
|
- Dontaudit abrt_t to write to lib_t dirs BZ(1566784)
|
||||||
|
- Allow NetworkManager_ssh_t domain transition to insmod_t BZ(1567630)
|
||||||
|
- Allow certwatch to manage cert files BZ(1561418)
|
||||||
|
- Merge pull request #53 from tmzullinger/rawhide
|
||||||
|
- Merge pull request #52 from thetra0/rawhide
|
||||||
|
- Allow abrt_dump_oops_t domain to mmap all non security files BZ(1565748)
|
||||||
|
- Allow gpg_t domain mmap cert_t files Allow gpg_t mmap gpg_agent_t files
|
||||||
|
- Allow NetworkManager_ssh_t domain use generic ptys. BZ(1565851)
|
||||||
|
- Allow pppd_t domain read/write l2tpd pppox sockets BZ(1566096)
|
||||||
|
- Allow xguest user use bluetooth sockets if xguest_use_bluetooth boolean is turned on.
|
||||||
|
- Allow pppd_t domain creating pppox sockets BZ(1566271)
|
||||||
|
- Allow abrt to map var_lib_t files
|
||||||
|
- Allow chronyc to read system state BZ(1565217)
|
||||||
|
- Allow keepalived_t domain to chat with systemd via dbus
|
||||||
|
- Allow git to mmap git_(sys|user)_content_t files BZ(1518027)
|
||||||
|
- Allow netutils_t domain to create bluetooth sockets
|
||||||
|
- Allow traceroute to bind on generic sctp node
|
||||||
|
- Allow traceroute to search network sysctls
|
||||||
|
- Allow systemd to use virtio console
|
||||||
|
- Label /dev/op_panel and /dev/opal-prd as opal_device_t
|
||||||
|
- Label /run/ebtables.lock as iptables_var_run_t
|
||||||
|
- Allow udev_t domain to manage udev_rules_t char files.
|
||||||
|
- Assign babel_port_t label to udp port 6696
|
||||||
|
- Add new interface lvm_map_config
|
||||||
|
- Merge pull request #212 from stlaz/patch-1
|
||||||
|
- Allow local_login_t reads of udev_var_run_t context
|
||||||
|
- Associate sysctl_crypto_t fs with fs_t BZ(1569313)
|
||||||
|
- Label /dev/vhost-vsock char device as vhost_device_t
|
||||||
|
- Allow iptables_t domain to create dirs in etc_t with system_conf_t labels
|
||||||
|
- Allow x userdomain to mmap xserver_tmpfs_t files
|
||||||
|
- Allow sysadm_t to mount tracefs_t
|
||||||
|
- Allow unconfined user all perms under bpf class BZ(1565738)
|
||||||
|
- Allow SELinux users (except guest and xguest) to using bluetooth sockets
|
||||||
|
- Add new interface files_map_var_lib_files()
|
||||||
|
- Allow user_t and staff_t domains create netlink tcpdiag sockets
|
||||||
|
- Allow systemd-networkd to read sysctl_t files
|
||||||
|
- Allow systemd_networkd_t to read/write tun tap devices
|
||||||
|
- refpolicy: Update for kernel sctp support
|
||||||
|
|
||||||
* Thu Apr 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-13
|
* Thu Apr 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-13
|
||||||
- refpolicy: Update for kernel sctp support
|
- refpolicy: Update for kernel sctp support
|
||||||
- Allow smbd_t send to nmbd_t via dgram sockets BZ(1563791)
|
- Allow smbd_t send to nmbd_t via dgram sockets BZ(1563791)
|
||||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-b8ddd7e.tar.gz) = 9287be6e36d4c6a6fc36a5ab30170c8a1ad865f167a98cd1cbb72fefcc5ef7853b147a679342ff4fddf4d94a03c2ae5ebc5b81ece8eab8ff2a5b111a426d7f43
|
SHA512 (selinux-policy-fee4738.tar.gz) = 9ddc50caee037fda2eebb5e8fa6d448626b2ec2931262601a32d692f90c4e2d2aa30324871fb272019f781b408cd505f5d51c60a85b5612192bd88fdc10ed0af
|
||||||
SHA512 (selinux-policy-contrib-4b13776.tar.gz) = 19ccaa52c67ffc6bd6c907861400d18e5e64f9c7ab37ac56c96d831aa5a89d96fff2e8a22fe6b5be0ae23aec5426639e2295ba33e43bf02daa2b80c2106bd685
|
SHA512 (selinux-policy-contrib-6c883f6.tar.gz) = 8acef041e381d30e9666750c59311f18bd204b2e759cc258a6c032bf7f524a160c296440746baa59e280deee27f5b38476b888cb14c4cc97d03d4137c1e098e6
|
||||||
SHA512 (container-selinux.tgz) = 608b1f59dbd761a968d69d46b9f658b33c71e572b27c3c3cdc87efd3544662fac58b9bf6b41fae5afee6269d231d848a7e7f0f1afbd0f91f5729e87fc17a9a50
|
SHA512 (container-selinux.tgz) = b3c6878e5410833515938e1f53f29d6cdad2d00c0203af5e114ff3a4d6e51ef9630ac600c0d6104f69cf7578de106d54b04d9ee3f4abe6a2676e0b9fb8343a12
|
||||||
|
Loading…
Reference in New Issue
Block a user