* Thu Apr 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-13

- Introduce deny_bluetooth boolean - Allow greylist_milter_t to read network system state BZ(1702672) - Allow freeipmi domains to mmap freeipmi_var_cache_t files - Allow rhsmcertd_t and rpm_t domains to chat over dbus - Allow thumb_t domain to delete cache_home_t files BZ(1701643) - Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind over dbus - Add new interface boltd_dbus_chat() - Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791) - Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750) - Allow cockpit_ws_t domain to set limits BZ(1701703) - Update Nagios policy when sudo is used - Deamon rhsmcertd is able to install certs for docker again - Introduce deny_bluetooth boolean - Don't allow a container to connect to random services - Remove file context /usr/share/spamassassin/sa-update\.cron -> bin_t to label sa-update.cron as spamd_update_exec_t. - Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus - Allow unconfined_t to use bpf tools - Allow x_userdomains to communicate with boltd daemon over dbus
2019-04-25 17:29:03 +02:00 · 2019-04-25 17:29:03 +02:00 · 2675489867
parent a64329452e
commit 2675489867
3 changed files with 28 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -364,3 +364,5 @@ serefpolicy*
 /selinux-policy-contrib-b78d1b1.tar.gz
 /selinux-policy-contrib-d00ed3c.tar.gz
 /selinux-policy-6ed8a72.tar.gz
+/selinux-policy-contrib-5a0561d.tar.gz
+/selinux-policy-54c05f2.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 6ed8a7287528f71218ddea3afedc54c95c39b9e4
+%global commit0 54c05f2645a660c545ec406558b42687df2552a7
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 d00ed3cca362cbdcc43be9111cb3d27c2b3b5266
+%global commit1 5a0561d7b67ae8403d4e1a44acfc8db40ee269a5
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,26 @@ exit 0
 %endif

 %changelog
+* Thu Apr 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-13
+- Introduce deny_bluetooth boolean
+- Allow greylist_milter_t to read network system state BZ(1702672)
+- Allow freeipmi domains to mmap freeipmi_var_cache_t files
+- Allow rhsmcertd_t and rpm_t domains to chat over dbus
+- Allow thumb_t domain to delete cache_home_t files BZ(1701643)
+- Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind over dbus
+- Add new interface boltd_dbus_chat()
+- Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791)
+- Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750)
+- Allow cockpit_ws_t domain to set limits BZ(1701703)
+- Update Nagios policy when sudo is used
+- Deamon rhsmcertd is able to install certs for docker again
+- Introduce deny_bluetooth boolean
+- Don't allow a container to connect to random services
+- Remove file context /usr/share/spamassassin/sa-update\.cron -> bin_t to label sa-update.cron as spamd_update_exec_t.
+- Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus
+- Allow unconfined_t to use bpf tools
+- Allow x_userdomains to communicate with boltd daemon over dbus
+
 * Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-12
 - Fix typo in cups SELinux policy
 - Allow iscsid_t to read modules deps BZ(1700245)
--- a/7
+++ b/7
@ -1,4 +1,3 @@
-SHA512 (selinux-policy-contrib-d00ed3c.tar.gz) = 1bacec62b941abd7a0ad9977037ae6762d1ca4bd02b3c0b0b10091f710b5d96b78f8e9adc824c88d00378bd48d2522a5636562b657679f63ce574f6e0babc0ec
-SHA512 (selinux-policy-6ed8a72.tar.gz) = 895da6ebd991625f509accb47773f6557ce284917d714158ca484af5135e436f1e0e512303100afe9ce665fa0b895b090b04e58fe169c91fc62d9d3999d2336f
-SHA512 (container-selinux.tgz) = f1391d9e30efa936a1d8afb56d88a841a203b893e05aaefb1704367bf6f0d40cf45b7d393081d6a0e3c6ed15a5b559fa17e2b27bc87f409f8b83c20d91fa6709
-SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
+SHA512 (selinux-policy-contrib-5a0561d.tar.gz) = 40ac186675b0c3633263165ecc409f9b36752d74e9c699a637f0a56e6a9162bf6be89b4a2a081e331accabaf82d2d36f260804a0743993a64d0425b3fd3dd0cd
+SHA512 (selinux-policy-54c05f2.tar.gz) = 1ff1a1e7931e107f8f53952428b8abd1b4ec4997463132ad2255afd08f6b6bc240722d07b0a132492ab4f33fac7af14725c440c6d6c959c8b8afe9ad194ee2d4
+SHA512 (container-selinux.tgz) = e17ae54aa1899b413b79f02d95e188a575111f88b723e2b38331da056260c342228fb47b8b85963e8312844e1b0e4f7fe22c3a6cc2c204126c6cdff952425842