* Tue Jun 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-24

- /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type - Allow ntop_t domain to create/map various sockets/files. - Enable the dictd to communicate via D-bus. - Allow inetd_child process to chat via dbus with abrt - Allow zabbix_agent_t domain to connect to redis_port_t - Allow rhsmcertd_t domain to read xenfs_t files - Allow zabbix_agent_t to run zabbix scripts - Fix openvswith SELinux module - Fix wrong path in tlp context file BZ(1586329) - Update brltty SELinux module - Allow rabbitmq_t domain to create own tmp files/dirs - Allow policykit_t mmap policykit_auth_exec_t files - Allow ipmievd_t domain to read general certs - Add sys_ptrace capability to pcp_pmie_t domain - Allow squid domain to exec ldconfig - Update gpg SELinux policy module - Allow mailman_domain to read system network state - Allow openvswitch_t domain to read neutron state and read/write fixed disk devices - Allow antivirus_domain to read all domain system state - Allow targetd_t domain to red gconf_home_t files/dirs - Label /usr/libexec/bluetooth/obexd as obexd_exec_t - Add interface nagios_unconfined_signull() - Fix typos in zabbix.te file - Add missing requires - Allow tomcat domain sends email - Fix typo in sge policy - Merge pull request #214 from wrabcak/fb-dhcpc - Allow dhcpc_t creating own socket files inside /var/run/ Allow dhcpc_t creating netlink_kobject_uevent_socket, netlink_generic_socket, rawip_socket BZ(1585971) - Allow confined users get AFS tokens - Allow sysadm_t domain to chat via dbus - Associate sysctl_kernel_t type with filesystem attribute - Allow syslogd_t domain to send signull to nagios_unconfined_plugin_t - Fix typo in netutils.te file
2018-06-12 14:22:02 +02:00 · 2018-06-12 14:22:02 +02:00 · 1d35f9ea76
parent afcdb03a67
commit 1d35f9ea76
3 changed files with 43 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -290,3 +290,5 @@ serefpolicy*
 /selinux-policy-contrib-93edf9a.tar.gz
 /selinux-policy-d06c960.tar.gz
 /selinux-policy-contrib-f1b2ca4.tar.gz
+/selinux-policy-ae55b01.tar.gz
+/selinux-policy-contrib-d23eef1.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 d06c960c55dcf093800123327a58c4adf3ffe3dd
+%global commit0 ae55b01a8df7f7c4afd8cd6697e848141352c3a2
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 f1b2ca4356336a0f8c018fb0d2a811df81f32467
+%global commit1 d23eef15f7aa7c9bee340a374b53e5a3cb485e90
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -718,6 +718,41 @@ exit 0
 %endif

 %changelog
+* Tue Jun 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-24
+- /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type
+- Allow ntop_t domain to create/map various sockets/files.
+- Enable the dictd to communicate via D-bus.
+- Allow inetd_child process to chat via dbus with abrt
+- Allow zabbix_agent_t domain to connect to redis_port_t
+- Allow rhsmcertd_t domain to read xenfs_t files
+- Allow zabbix_agent_t to run zabbix scripts
+- Fix openvswith SELinux module
+- Fix wrong path in tlp context file BZ(1586329)
+- Update brltty SELinux module
+- Allow rabbitmq_t domain to create own tmp files/dirs
+- Allow policykit_t mmap policykit_auth_exec_t files
+- Allow ipmievd_t domain to read general certs
+- Add sys_ptrace capability to pcp_pmie_t domain
+- Allow squid domain to exec ldconfig
+- Update gpg SELinux policy module
+- Allow mailman_domain to read system network state
+- Allow openvswitch_t domain to read neutron state and read/write fixed disk devices
+- Allow antivirus_domain to read all domain system state
+- Allow targetd_t domain to red gconf_home_t files/dirs
+- Label /usr/libexec/bluetooth/obexd as obexd_exec_t
+- Add interface nagios_unconfined_signull()
+- Fix typos in zabbix.te file
+- Add missing requires
+- Allow tomcat domain sends email
+- Fix typo in sge policy
+- Merge pull request #214 from wrabcak/fb-dhcpc
+- Allow dhcpc_t creating own socket files inside /var/run/ Allow dhcpc_t creating netlink_kobject_uevent_socket, netlink_generic_socket, rawip_socket BZ(1585971)
+- Allow confined users get AFS tokens
+- Allow sysadm_t domain to chat via dbus
+- Associate sysctl_kernel_t type with filesystem attribute
+- Allow syslogd_t domain to send signull to nagios_unconfined_plugin_t
+- Fix typo in netutils.te file
+
 * Wed Jun 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-23
 - Add dac_override capability to sendmail_t domian

--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-d06c960.tar.gz) = 80671384c85c91b920ad792b290843986b5ba495416de49cf94535bdba28b3dfe237a925116767dd7e781f76df44168788217169f03648ea82f37aa586395a38
-SHA512 (selinux-policy-contrib-f1b2ca4.tar.gz) = 9908062364aef17c6ebabfecbef6a5df0142f7f13d7a268169498fc59b965f955996f11d5c13b23df7bad59b80a13c707a9854cfa2049e0ae1a756c6f31e3a2b
-SHA512 (container-selinux.tgz) = a974188befc2c380af4272bb2a024703fc9917487067caa6e121f884a5534138e9d87ec115d91605e571a1d6c14cbb4aeda43ef86eddbf8bcea4671903c0916a
+SHA512 (selinux-policy-ae55b01.tar.gz) = ffb76c965e4dc07a41f1b9b451fb15af8cdf9790d50344b305fa4eb84be71960f70ec27ef11f4080cf902315075b0951d591577d88eac01d789a77c0df3e57a2
+SHA512 (selinux-policy-contrib-d23eef1.tar.gz) = d882b488404ec8b10491fdfa057e137e98d274772e6bbfec6c3aa59f0bfb0dce245de9fc905b3d16bd2e0953caf9849115e72aea05730c374f52a417114fdf64
+SHA512 (container-selinux.tgz) = ffc9eb68e7b3e38994bc07e64cf5862884b00a77c1c751abe69836bcf32ba7f73e5e06e3212a0b1523d1b14695b01c7117f9f0f583d71fa301a3bb65c4d333c4