* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18

- Allow plymouthd_t search efivarfs directory BZ(1664143)
- Allow arpwatch send e-mail notifications BZ(1657327)
- Allow tangd_t domain to bind on tcp ports labeled as tangd_port_t
- Allow gssd_t domain to read/write kernel keyrings of every domain.
- Allow systemd_timedated_t domain nnp_transition BZ(1666222)
- Add the fs_search_efivarfs_dir interface
- Create tangd_port_t with default label tcp/7406
- Add interface domain_rw_all_domains_keyrings()
- Some of the selinux-policy macros doesn't work in chroots/initial installs. BZ(1665643)
This commit is contained in:
Lukas Vrabec 2019-01-15 18:29:10 +01:00
parent 0071dcc85b
commit 1d650f7cbb
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
4 changed files with 21 additions and 8 deletions

2
.gitignore vendored
View File

@ -330,3 +330,5 @@ serefpolicy*
/selinux-policy-contrib-a265988.tar.gz
/selinux-policy-d0c5c81.tar.gz
/selinux-policy-0379b0e.tar.gz
/selinux-policy-contrib-2664b0a.tar.gz
/selinux-policy-35f00c1.tar.gz

View File

@ -55,7 +55,7 @@ if [ -z "${_policytype}" ]; then \
fi \
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
%{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* \
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy \
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
fi \
%{nil}
@ -69,7 +69,7 @@ fi \
if [ $1 -eq 0 ]; then \
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
%{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy \
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
fi \
fi \
%{nil}

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 0379b0e4a4b22a7e86d183a9cfdd5f38080ac38b
%global commit0 35f00c192427aff18892b9f1f150ee35b885f84a
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 a265988e553a6f76d712aff33e2def21c38628ab
%global commit1 2664b0adafc3a35769ae5294cf9ecdf3fda47e1a
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.3
Release: 17%{?dist}
Release: 18%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -713,6 +713,17 @@ exit 0
%endif
%changelog
* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
- Allow plymouthd_t search efivarfs directory BZ(1664143)
- Allow arpwatch send e-mail notifications BZ(1657327)
- Allow tangd_t domain to bind on tcp ports labeled as tangd_port_t
- Allow gssd_t domain to read/write kernel keyrings of every domain.
- Allow systemd_timedated_t domain nnp_transition BZ(1666222)
- Add the fs_search_efivarfs_dir interface
- Create tangd_port_t with default label tcp/7406
- Add interface domain_rw_all_domains_keyrings()
- Some of the selinux-policy macros doesn't work in chroots/initial installs. BZ(1665643)
* Fri Jan 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-17
- Allow staff_t domain to read read_binfmt_misc filesystem
- Add interface fs_read_binfmt_misc()

View File

@ -1,3 +1,3 @@
SHA512 (container-selinux.tgz) = 158ad35b4bff3aca9218ebfb21599bd583e2b9ce8a7a92b86609e30218d214f87e5354b94269de4eee2c4333949d9e69ba79e34755437cb26e1af7432ea3a816
SHA512 (selinux-policy-contrib-a265988.tar.gz) = 04916bc9e470fcf7e7963da3cad1f4daf4a283faba50273cbae2cdd12d31625e7ee70e2ae74059322ac1e1bd51b0044c74420468236315861f3bf40639a39069
SHA512 (selinux-policy-0379b0e.tar.gz) = 89eff3b59d4a2508cbe9fe4f27da06ed6e2ac06e6abcdd83dc806e90579c7640c607c8eab0f516e8db83652eab6195b1a66e95d2b0ef754cd19612090f288964
SHA512 (selinux-policy-contrib-2664b0a.tar.gz) = 2365ccf4220f12a123d09b5c00fc4c6c0cde9f724d3907e37b1f11ad15dcd7aff5ac3322d3196148e67fcd77208fddca662de140d7980bcf74db84693e61fc81
SHA512 (selinux-policy-35f00c1.tar.gz) = 78aaa591881139fbd6a23670b039a489c33199366e42b4a1f47b8853c162c90b0cd2b2c399463ffcdf266ac526ca78a1232cbe411e31741fdf5336cdd9ca1f6b
SHA512 (container-selinux.tgz) = 045eefcf7226eea45a19cbfab64bdab4588bf7ac3ee4ff8d62084f12d813b8c4437d33da48288a44912a88ec2f7af90c00fbbaf50dd8fbed50f883b696b615fd