* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
- Allow plymouthd_t search efivarfs directory BZ(1664143) - Allow arpwatch send e-mail notifications BZ(1657327) - Allow tangd_t domain to bind on tcp ports labeled as tangd_port_t - Allow gssd_t domain to read/write kernel keyrings of every domain. - Allow systemd_timedated_t domain nnp_transition BZ(1666222) - Add the fs_search_efivarfs_dir interface - Create tangd_port_t with default label tcp/7406 - Add interface domain_rw_all_domains_keyrings() - Some of the selinux-policy macros doesn't work in chroots/initial installs. BZ(1665643)
This commit is contained in:
parent
0071dcc85b
commit
1d650f7cbb
2
.gitignore
vendored
2
.gitignore
vendored
@ -330,3 +330,5 @@ serefpolicy*
|
|||||||
/selinux-policy-contrib-a265988.tar.gz
|
/selinux-policy-contrib-a265988.tar.gz
|
||||||
/selinux-policy-d0c5c81.tar.gz
|
/selinux-policy-d0c5c81.tar.gz
|
||||||
/selinux-policy-0379b0e.tar.gz
|
/selinux-policy-0379b0e.tar.gz
|
||||||
|
/selinux-policy-contrib-2664b0a.tar.gz
|
||||||
|
/selinux-policy-35f00c1.tar.gz
|
||||||
|
@ -55,7 +55,7 @@ if [ -z "${_policytype}" ]; then \
|
|||||||
fi \
|
fi \
|
||||||
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
|
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
|
||||||
%{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* \
|
%{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* \
|
||||||
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy \
|
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
|
||||||
fi \
|
fi \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
@ -69,7 +69,7 @@ fi \
|
|||||||
if [ $1 -eq 0 ]; then \
|
if [ $1 -eq 0 ]; then \
|
||||||
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
|
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
|
||||||
%{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \
|
%{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \
|
||||||
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy \
|
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
|
||||||
fi \
|
fi \
|
||||||
fi \
|
fi \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 0379b0e4a4b22a7e86d183a9cfdd5f38080ac38b
|
%global commit0 35f00c192427aff18892b9f1f150ee35b885f84a
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 a265988e553a6f76d712aff33e2def21c38628ab
|
%global commit1 2664b0adafc3a35769ae5294cf9ecdf3fda47e1a
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -29,7 +29,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.3
|
Version: 3.14.3
|
||||||
Release: 17%{?dist}
|
Release: 18%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
@ -713,6 +713,17 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
|
||||||
|
- Allow plymouthd_t search efivarfs directory BZ(1664143)
|
||||||
|
- Allow arpwatch send e-mail notifications BZ(1657327)
|
||||||
|
- Allow tangd_t domain to bind on tcp ports labeled as tangd_port_t
|
||||||
|
- Allow gssd_t domain to read/write kernel keyrings of every domain.
|
||||||
|
- Allow systemd_timedated_t domain nnp_transition BZ(1666222)
|
||||||
|
- Add the fs_search_efivarfs_dir interface
|
||||||
|
- Create tangd_port_t with default label tcp/7406
|
||||||
|
- Add interface domain_rw_all_domains_keyrings()
|
||||||
|
- Some of the selinux-policy macros doesn't work in chroots/initial installs. BZ(1665643)
|
||||||
|
|
||||||
* Fri Jan 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-17
|
* Fri Jan 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-17
|
||||||
- Allow staff_t domain to read read_binfmt_misc filesystem
|
- Allow staff_t domain to read read_binfmt_misc filesystem
|
||||||
- Add interface fs_read_binfmt_misc()
|
- Add interface fs_read_binfmt_misc()
|
||||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (container-selinux.tgz) = 158ad35b4bff3aca9218ebfb21599bd583e2b9ce8a7a92b86609e30218d214f87e5354b94269de4eee2c4333949d9e69ba79e34755437cb26e1af7432ea3a816
|
SHA512 (selinux-policy-contrib-2664b0a.tar.gz) = 2365ccf4220f12a123d09b5c00fc4c6c0cde9f724d3907e37b1f11ad15dcd7aff5ac3322d3196148e67fcd77208fddca662de140d7980bcf74db84693e61fc81
|
||||||
SHA512 (selinux-policy-contrib-a265988.tar.gz) = 04916bc9e470fcf7e7963da3cad1f4daf4a283faba50273cbae2cdd12d31625e7ee70e2ae74059322ac1e1bd51b0044c74420468236315861f3bf40639a39069
|
SHA512 (selinux-policy-35f00c1.tar.gz) = 78aaa591881139fbd6a23670b039a489c33199366e42b4a1f47b8853c162c90b0cd2b2c399463ffcdf266ac526ca78a1232cbe411e31741fdf5336cdd9ca1f6b
|
||||||
SHA512 (selinux-policy-0379b0e.tar.gz) = 89eff3b59d4a2508cbe9fe4f27da06ed6e2ac06e6abcdd83dc806e90579c7640c607c8eab0f516e8db83652eab6195b1a66e95d2b0ef754cd19612090f288964
|
SHA512 (container-selinux.tgz) = 045eefcf7226eea45a19cbfab64bdab4588bf7ac3ee4ff8d62084f12d813b8c4437d33da48288a44912a88ec2f7af90c00fbbaf50dd8fbed50f883b696b615fd
|
||||||
|
Loading…
Reference in New Issue
Block a user