* Thu Apr 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-13
- Introduce deny_bluetooth boolean - Allow greylist_milter_t to read network system state BZ(1702672) - Allow freeipmi domains to mmap freeipmi_var_cache_t files - Allow rhsmcertd_t and rpm_t domains to chat over dbus - Allow thumb_t domain to delete cache_home_t files BZ(1701643) - Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind over dbus - Add new interface boltd_dbus_chat() - Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791) - Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750) - Allow cockpit_ws_t domain to set limits BZ(1701703) - Update Nagios policy when sudo is used - Deamon rhsmcertd is able to install certs for docker again - Introduce deny_bluetooth boolean - Don't allow a container to connect to random services - Remove file context /usr/share/spamassassin/sa-update\.cron -> bin_t to label sa-update.cron as spamd_update_exec_t. - Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus - Allow unconfined_t to use bpf tools - Allow x_userdomains to communicate with boltd daemon over dbus
This commit is contained in:
parent
a64329452e
commit
2675489867
2
.gitignore
vendored
2
.gitignore
vendored
@ -364,3 +364,5 @@ serefpolicy*
|
||||
/selinux-policy-contrib-b78d1b1.tar.gz
|
||||
/selinux-policy-contrib-d00ed3c.tar.gz
|
||||
/selinux-policy-6ed8a72.tar.gz
|
||||
/selinux-policy-contrib-5a0561d.tar.gz
|
||||
/selinux-policy-54c05f2.tar.gz
|
||||
|
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 6ed8a7287528f71218ddea3afedc54c95c39b9e4
|
||||
%global commit0 54c05f2645a660c545ec406558b42687df2552a7
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 d00ed3cca362cbdcc43be9111cb3d27c2b3b5266
|
||||
%global commit1 5a0561d7b67ae8403d4e1a44acfc8db40ee269a5
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.4
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
@ -787,6 +787,26 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Apr 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-13
|
||||
- Introduce deny_bluetooth boolean
|
||||
- Allow greylist_milter_t to read network system state BZ(1702672)
|
||||
- Allow freeipmi domains to mmap freeipmi_var_cache_t files
|
||||
- Allow rhsmcertd_t and rpm_t domains to chat over dbus
|
||||
- Allow thumb_t domain to delete cache_home_t files BZ(1701643)
|
||||
- Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind over dbus
|
||||
- Add new interface boltd_dbus_chat()
|
||||
- Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791)
|
||||
- Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750)
|
||||
- Allow cockpit_ws_t domain to set limits BZ(1701703)
|
||||
- Update Nagios policy when sudo is used
|
||||
- Deamon rhsmcertd is able to install certs for docker again
|
||||
- Introduce deny_bluetooth boolean
|
||||
- Don't allow a container to connect to random services
|
||||
- Remove file context /usr/share/spamassassin/sa-update\.cron -> bin_t to label sa-update.cron as spamd_update_exec_t.
|
||||
- Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus
|
||||
- Allow unconfined_t to use bpf tools
|
||||
- Allow x_userdomains to communicate with boltd daemon over dbus
|
||||
|
||||
* Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-12
|
||||
- Fix typo in cups SELinux policy
|
||||
- Allow iscsid_t to read modules deps BZ(1700245)
|
||||
|
7
sources
7
sources
@ -1,4 +1,3 @@
|
||||
SHA512 (selinux-policy-contrib-d00ed3c.tar.gz) = 1bacec62b941abd7a0ad9977037ae6762d1ca4bd02b3c0b0b10091f710b5d96b78f8e9adc824c88d00378bd48d2522a5636562b657679f63ce574f6e0babc0ec
|
||||
SHA512 (selinux-policy-6ed8a72.tar.gz) = 895da6ebd991625f509accb47773f6557ce284917d714158ca484af5135e436f1e0e512303100afe9ce665fa0b895b090b04e58fe169c91fc62d9d3999d2336f
|
||||
SHA512 (container-selinux.tgz) = f1391d9e30efa936a1d8afb56d88a841a203b893e05aaefb1704367bf6f0d40cf45b7d393081d6a0e3c6ed15a5b559fa17e2b27bc87f409f8b83c20d91fa6709
|
||||
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
|
||||
SHA512 (selinux-policy-contrib-5a0561d.tar.gz) = 40ac186675b0c3633263165ecc409f9b36752d74e9c699a637f0a56e6a9162bf6be89b4a2a081e331accabaf82d2d36f260804a0743993a64d0425b3fd3dd0cd
|
||||
SHA512 (selinux-policy-54c05f2.tar.gz) = 1ff1a1e7931e107f8f53952428b8abd1b4ec4997463132ad2255afd08f6b6bc240722d07b0a132492ab4f33fac7af14725c440c6d6c959c8b8afe9ad194ee2d4
|
||||
SHA512 (container-selinux.tgz) = e17ae54aa1899b413b79f02d95e188a575111f88b723e2b38331da056260c342228fb47b8b85963e8312844e1b0e4f7fe22c3a6cc2c204126c6cdff952425842
|
||||
|
Loading…
Reference in New Issue
Block a user