* Thu Apr 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-13

- Introduce deny_bluetooth boolean
- Allow greylist_milter_t to read network system state BZ(1702672)
- Allow freeipmi domains to mmap freeipmi_var_cache_t files
- Allow rhsmcertd_t and rpm_t domains to chat over dbus
- Allow thumb_t domain to delete cache_home_t files BZ(1701643)
- Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind over dbus
- Add new interface boltd_dbus_chat()
- Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791)
- Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750)
- Allow cockpit_ws_t domain to set limits BZ(1701703)
- Update Nagios policy when sudo is used
- Deamon rhsmcertd is able to install certs for docker again
- Introduce deny_bluetooth boolean
- Don't allow a container to connect to random services
- Remove file context /usr/share/spamassassin/sa-update\.cron -> bin_t to label sa-update.cron as spamd_update_exec_t.
- Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus
- Allow unconfined_t to use bpf tools
- Allow x_userdomains to communicate with boltd daemon over dbus
This commit is contained in:
Lukas Vrabec 2019-04-25 17:29:03 +02:00
parent a64329452e
commit 2675489867
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 28 additions and 7 deletions

2
.gitignore vendored
View File

@ -364,3 +364,5 @@ serefpolicy*
/selinux-policy-contrib-b78d1b1.tar.gz /selinux-policy-contrib-b78d1b1.tar.gz
/selinux-policy-contrib-d00ed3c.tar.gz /selinux-policy-contrib-d00ed3c.tar.gz
/selinux-policy-6ed8a72.tar.gz /selinux-policy-6ed8a72.tar.gz
/selinux-policy-contrib-5a0561d.tar.gz
/selinux-policy-54c05f2.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 6ed8a7287528f71218ddea3afedc54c95c39b9e4 %global commit0 54c05f2645a660c545ec406558b42687df2552a7
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 d00ed3cca362cbdcc43be9111cb3d27c2b3b5266 %global commit1 5a0561d7b67ae8403d4e1a44acfc8db40ee269a5
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.4 Version: 3.14.4
Release: 12%{?dist} Release: 13%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,26 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Apr 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-13
- Introduce deny_bluetooth boolean
- Allow greylist_milter_t to read network system state BZ(1702672)
- Allow freeipmi domains to mmap freeipmi_var_cache_t files
- Allow rhsmcertd_t and rpm_t domains to chat over dbus
- Allow thumb_t domain to delete cache_home_t files BZ(1701643)
- Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind over dbus
- Add new interface boltd_dbus_chat()
- Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791)
- Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750)
- Allow cockpit_ws_t domain to set limits BZ(1701703)
- Update Nagios policy when sudo is used
- Deamon rhsmcertd is able to install certs for docker again
- Introduce deny_bluetooth boolean
- Don't allow a container to connect to random services
- Remove file context /usr/share/spamassassin/sa-update\.cron -> bin_t to label sa-update.cron as spamd_update_exec_t.
- Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus
- Allow unconfined_t to use bpf tools
- Allow x_userdomains to communicate with boltd daemon over dbus
* Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-12 * Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-12
- Fix typo in cups SELinux policy - Fix typo in cups SELinux policy
- Allow iscsid_t to read modules deps BZ(1700245) - Allow iscsid_t to read modules deps BZ(1700245)

View File

@ -1,4 +1,3 @@
SHA512 (selinux-policy-contrib-d00ed3c.tar.gz) = 1bacec62b941abd7a0ad9977037ae6762d1ca4bd02b3c0b0b10091f710b5d96b78f8e9adc824c88d00378bd48d2522a5636562b657679f63ce574f6e0babc0ec SHA512 (selinux-policy-contrib-5a0561d.tar.gz) = 40ac186675b0c3633263165ecc409f9b36752d74e9c699a637f0a56e6a9162bf6be89b4a2a081e331accabaf82d2d36f260804a0743993a64d0425b3fd3dd0cd
SHA512 (selinux-policy-6ed8a72.tar.gz) = 895da6ebd991625f509accb47773f6557ce284917d714158ca484af5135e436f1e0e512303100afe9ce665fa0b895b090b04e58fe169c91fc62d9d3999d2336f SHA512 (selinux-policy-54c05f2.tar.gz) = 1ff1a1e7931e107f8f53952428b8abd1b4ec4997463132ad2255afd08f6b6bc240722d07b0a132492ab4f33fac7af14725c440c6d6c959c8b8afe9ad194ee2d4
SHA512 (container-selinux.tgz) = f1391d9e30efa936a1d8afb56d88a841a203b893e05aaefb1704367bf6f0d40cf45b7d393081d6a0e3c6ed15a5b559fa17e2b27bc87f409f8b83c20d91fa6709 SHA512 (container-selinux.tgz) = e17ae54aa1899b413b79f02d95e188a575111f88b723e2b38331da056260c342228fb47b8b85963e8312844e1b0e4f7fe22c3a6cc2c204126c6cdff952425842
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2