From 1d35f9ea76e093c61763128ad66160c3e84712a2 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Tue, 12 Jun 2018 14:22:02 +0200 Subject: [PATCH] * Tue Jun 12 2018 Lukas Vrabec - 3.14.2-24 - /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type - Allow ntop_t domain to create/map various sockets/files. - Enable the dictd to communicate via D-bus. - Allow inetd_child process to chat via dbus with abrt - Allow zabbix_agent_t domain to connect to redis_port_t - Allow rhsmcertd_t domain to read xenfs_t files - Allow zabbix_agent_t to run zabbix scripts - Fix openvswith SELinux module - Fix wrong path in tlp context file BZ(1586329) - Update brltty SELinux module - Allow rabbitmq_t domain to create own tmp files/dirs - Allow policykit_t mmap policykit_auth_exec_t files - Allow ipmievd_t domain to read general certs - Add sys_ptrace capability to pcp_pmie_t domain - Allow squid domain to exec ldconfig - Update gpg SELinux policy module - Allow mailman_domain to read system network state - Allow openvswitch_t domain to read neutron state and read/write fixed disk devices - Allow antivirus_domain to read all domain system state - Allow targetd_t domain to red gconf_home_t files/dirs - Label /usr/libexec/bluetooth/obexd as obexd_exec_t - Add interface nagios_unconfined_signull() - Fix typos in zabbix.te file - Add missing requires - Allow tomcat domain sends email - Fix typo in sge policy - Merge pull request #214 from wrabcak/fb-dhcpc - Allow dhcpc_t creating own socket files inside /var/run/ Allow dhcpc_t creating netlink_kobject_uevent_socket, netlink_generic_socket, rawip_socket BZ(1585971) - Allow confined users get AFS tokens - Allow sysadm_t domain to chat via dbus - Associate sysctl_kernel_t type with filesystem attribute - Allow syslogd_t domain to send signull to nagios_unconfined_plugin_t - Fix typo in netutils.te file --- .gitignore | 2 ++ selinux-policy.spec | 41 ++++++++++++++++++++++++++++++++++++++--- sources | 6 +++--- 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index daf156f6..f395f6c0 100644 --- a/.gitignore +++ b/.gitignore @@ -290,3 +290,5 @@ serefpolicy* /selinux-policy-contrib-93edf9a.tar.gz /selinux-policy-d06c960.tar.gz /selinux-policy-contrib-f1b2ca4.tar.gz +/selinux-policy-ae55b01.tar.gz +/selinux-policy-contrib-d23eef1.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 56283d45..394b558c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 d06c960c55dcf093800123327a58c4adf3ffe3dd +%global commit0 ae55b01a8df7f7c4afd8cd6697e848141352c3a2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 f1b2ca4356336a0f8c018fb0d2a811df81f32467 +%global commit1 d23eef15f7aa7c9bee340a374b53e5a3cb485e90 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 23%{?dist} +Release: 24%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -718,6 +718,41 @@ exit 0 %endif %changelog +* Tue Jun 12 2018 Lukas Vrabec - 3.14.2-24 +- /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type +- Allow ntop_t domain to create/map various sockets/files. +- Enable the dictd to communicate via D-bus. +- Allow inetd_child process to chat via dbus with abrt +- Allow zabbix_agent_t domain to connect to redis_port_t +- Allow rhsmcertd_t domain to read xenfs_t files +- Allow zabbix_agent_t to run zabbix scripts +- Fix openvswith SELinux module +- Fix wrong path in tlp context file BZ(1586329) +- Update brltty SELinux module +- Allow rabbitmq_t domain to create own tmp files/dirs +- Allow policykit_t mmap policykit_auth_exec_t files +- Allow ipmievd_t domain to read general certs +- Add sys_ptrace capability to pcp_pmie_t domain +- Allow squid domain to exec ldconfig +- Update gpg SELinux policy module +- Allow mailman_domain to read system network state +- Allow openvswitch_t domain to read neutron state and read/write fixed disk devices +- Allow antivirus_domain to read all domain system state +- Allow targetd_t domain to red gconf_home_t files/dirs +- Label /usr/libexec/bluetooth/obexd as obexd_exec_t +- Add interface nagios_unconfined_signull() +- Fix typos in zabbix.te file +- Add missing requires +- Allow tomcat domain sends email +- Fix typo in sge policy +- Merge pull request #214 from wrabcak/fb-dhcpc +- Allow dhcpc_t creating own socket files inside /var/run/ Allow dhcpc_t creating netlink_kobject_uevent_socket, netlink_generic_socket, rawip_socket BZ(1585971) +- Allow confined users get AFS tokens +- Allow sysadm_t domain to chat via dbus +- Associate sysctl_kernel_t type with filesystem attribute +- Allow syslogd_t domain to send signull to nagios_unconfined_plugin_t +- Fix typo in netutils.te file + * Wed Jun 06 2018 Lukas Vrabec - 3.14.2-23 - Add dac_override capability to sendmail_t domian diff --git a/sources b/sources index 0386654d..3b02f07e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-d06c960.tar.gz) = 80671384c85c91b920ad792b290843986b5ba495416de49cf94535bdba28b3dfe237a925116767dd7e781f76df44168788217169f03648ea82f37aa586395a38 -SHA512 (selinux-policy-contrib-f1b2ca4.tar.gz) = 9908062364aef17c6ebabfecbef6a5df0142f7f13d7a268169498fc59b965f955996f11d5c13b23df7bad59b80a13c707a9854cfa2049e0ae1a756c6f31e3a2b -SHA512 (container-selinux.tgz) = a974188befc2c380af4272bb2a024703fc9917487067caa6e121f884a5534138e9d87ec115d91605e571a1d6c14cbb4aeda43ef86eddbf8bcea4671903c0916a +SHA512 (selinux-policy-ae55b01.tar.gz) = ffb76c965e4dc07a41f1b9b451fb15af8cdf9790d50344b305fa4eb84be71960f70ec27ef11f4080cf902315075b0951d591577d88eac01d789a77c0df3e57a2 +SHA512 (selinux-policy-contrib-d23eef1.tar.gz) = d882b488404ec8b10491fdfa057e137e98d274772e6bbfec6c3aa59f0bfb0dce245de9fc905b3d16bd2e0953caf9849115e72aea05730c374f52a417114fdf64 +SHA512 (container-selinux.tgz) = ffc9eb68e7b3e38994bc07e64cf5862884b00a77c1c751abe69836bcf32ba7f73e5e06e3212a0b1523d1b14695b01c7117f9f0f583d71fa301a3bb65c4d333c4