* Fri Dec 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-14
- Remove all ganesha bits from gluster and rpc policy - Label /usr/share/spamassassin/sa-update.cron as spamd_update_exec_t - Add dac_override capability to ssad_t domains - Allow pesign_t domain to read gnome home configs - Label /usr/libexec/lm_sensors/sensord-service-wrapper as lsmd_exec_t - Allow rngd_t domains read kernel state - Allow certmonger_t domains to read bind cache - Allow ypbind_t domain to stream connect to sssd - Allow rngd_t domain to setsched - Allow sanlock_t domain to read/write sysfs_t files - Add dac_override capability to postfix_local_t domain - Allow ypbind_t to search sssd_var_lib_t dirs - Allow virt_qemu_ga_t domain to write to user_tmp_t files - Allow systemd_logind_t to dbus chat with virt_qemu_ga_t - Update sssd_manage_lib_files() interface to allow also mmap sssd_var_lib_t files - Add new interface sssd_signal() - Update xserver_filetrans_home_content() and xserver_filetrans_admin_home_content() unterfaces to allow caller domain to create .vnc dir in users homedir labeled as xdm_home_t - Update logging_filetrans_named_content() to allow caller domains of this interface to create /var/log/journal/remote directory labeled as var_log_t - Add sys_resource capability to the systemd_passwd_agent_t domain - Allow ipsec_t domains to read bind cache - kernel/files.fc: Label /run/motd as etc_t - Allow systemd to stream connect to userdomain processes - Label /var/lib/private/systemd/ as init_var_lib_t - Allow initrc_t domain to create new socket labeled as init_T - Allow audisp_remote_t domain remote logging client to read local audit events from relevant socket. - Add tracefs_t type to mountpoint attribute - Allow useradd_t and groupadd_t domains to send signals to sssd_t - Allow systemd_logind_t domain to remove directories labeled as tmpfs_t BZ(1648636) - Allow useradd_t and groupadd_t domains to access sssd files because of the new feature in shadow-utils
This commit is contained in:
parent
4086d43dcb
commit
22bdc94c2b
2
.gitignore
vendored
2
.gitignore
vendored
@ -325,3 +325,5 @@ serefpolicy*
|
||||
/selinux-policy-62d90da.tar.gz
|
||||
/selinux-policy-contrib-a01743f.tar.gz
|
||||
/selinux-policy-4cbc1ae.tar.gz
|
||||
/selinux-policy-contrib-a0e3869.tar.gz
|
||||
/selinux-policy-509e071.tar.gz
|
||||
|
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 4cbc1ae7dbe8f08edee55b33d1031f0ee0c6ff4e
|
||||
%global commit0 509e071fb3ded4e982bdf7fdcdc8bbc8f7779172
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 a01743f0cd8f3fd2aa99b32ff01697eeb0918b0c
|
||||
%global commit1 a0e386916f8bbd64918c3ab98267431e8a78bfe9
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.3
|
||||
Release: 13%{?dist}
|
||||
Release: 14%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
@ -709,6 +709,37 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Dec 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-14
|
||||
- Remove all ganesha bits from gluster and rpc policy
|
||||
- Label /usr/share/spamassassin/sa-update.cron as spamd_update_exec_t
|
||||
- Add dac_override capability to ssad_t domains
|
||||
- Allow pesign_t domain to read gnome home configs
|
||||
- Label /usr/libexec/lm_sensors/sensord-service-wrapper as lsmd_exec_t
|
||||
- Allow rngd_t domains read kernel state
|
||||
- Allow certmonger_t domains to read bind cache
|
||||
- Allow ypbind_t domain to stream connect to sssd
|
||||
- Allow rngd_t domain to setsched
|
||||
- Allow sanlock_t domain to read/write sysfs_t files
|
||||
- Add dac_override capability to postfix_local_t domain
|
||||
- Allow ypbind_t to search sssd_var_lib_t dirs
|
||||
- Allow virt_qemu_ga_t domain to write to user_tmp_t files
|
||||
- Allow systemd_logind_t to dbus chat with virt_qemu_ga_t
|
||||
- Update sssd_manage_lib_files() interface to allow also mmap sssd_var_lib_t files
|
||||
- Add new interface sssd_signal()
|
||||
- Update xserver_filetrans_home_content() and xserver_filetrans_admin_home_content() unterfaces to allow caller domain to create .vnc dir in users homedir labeled as xdm_home_t
|
||||
- Update logging_filetrans_named_content() to allow caller domains of this interface to create /var/log/journal/remote directory labeled as var_log_t
|
||||
- Add sys_resource capability to the systemd_passwd_agent_t domain
|
||||
- Allow ipsec_t domains to read bind cache
|
||||
- kernel/files.fc: Label /run/motd as etc_t
|
||||
- Allow systemd to stream connect to userdomain processes
|
||||
- Label /var/lib/private/systemd/ as init_var_lib_t
|
||||
- Allow initrc_t domain to create new socket labeled as init_T
|
||||
- Allow audisp_remote_t domain remote logging client to read local audit events from relevant socket.
|
||||
- Add tracefs_t type to mountpoint attribute
|
||||
- Allow useradd_t and groupadd_t domains to send signals to sssd_t
|
||||
- Allow systemd_logind_t domain to remove directories labeled as tmpfs_t BZ(1648636)
|
||||
- Allow useradd_t and groupadd_t domains to access sssd files because of the new feature in shadow-utils
|
||||
|
||||
* Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-13
|
||||
- Update pesign policy to allow pesign_t domain to read bind cache files/dirs
|
||||
- Add dac_override capability to mdadm_t domain
|
||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (selinux-policy-contrib-a01743f.tar.gz) = 4f21db7f96599c85d4d16b275b693338f63c00083e0931e4658d93c23ee969f6670c7dcde67d54e3c55718577759bd14f7ee68c3e82896e0b6334077fbc98686
|
||||
SHA512 (selinux-policy-4cbc1ae.tar.gz) = 0d6a5f5df9dda62b72ad037f124eed91e06d7657d15c0d6155b6e5449b6fca034c6ac1759fb5cb42ab39ea9973a5149403267afc21f15f849e86bea1d6b61f62
|
||||
SHA512 (container-selinux.tgz) = d4cc25cfd87b9efd77424f3a799044a927488756e31bd157f59613acb0bb4da19013fc2e22ff9194b2ebfb6c57d33a98d7a1f76e9720f1ac8fa889b39807f0ac
|
||||
SHA512 (selinux-policy-contrib-a0e3869.tar.gz) = ba019a31f71790b65f07fad44ffcab0d50d1b4a4086ea7f3b756d67895aac1b6e0d01514f192bc07c9ede1f35fe7b2ab28b7d3a159255e305d8c08e65d393427
|
||||
SHA512 (selinux-policy-509e071.tar.gz) = cd4c1411aa74c43491d4482d537aa25b3dd670afef72e6da927e515cdb7ed66515f6d700c9bd02167f03faec3034733b6f61a82e58ba0a8ec2a85e14d33be3e2
|
||||
SHA512 (container-selinux.tgz) = 1e5c84f12624082b371cf56228ea17a39c4ba55689ca65d85498b51e5762129fe34099061ef42d052577a64ae89d8abd60e15bc81878db251155438202ee0165
|
||||
|
Loading…
Reference in New Issue
Block a user