* Mon Apr 08 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-9

- Merge #18 `Add check for config file consistency`
- Allow tlp_t domain also write to nvme_devices block devices BZ(1696943)
- Fix typo in rhsmcertd SELinux module
- Allow dnsmasq_t domain to manage NetworkManager_var_lib_t files
- Allow rhsmcertd_t domain to read yum.log file labeled as rpm_log_t
- Allow unconfined users to use vsock unlabeled sockets
- Add interface kernel_rw_unlabeled_vsock_socket()
- Allow unconfined users to use smc unlabeled sockets
- Add interface kernel_rw_unlabeled_smc_socket
- Allow systemd_resolved_t domain to read system network state BZ(1697039)
- Allow systemd to mounton kernel sysctls BZ(1696201)
- Add interface kernel_mounton_kernel_sysctl() BZ(1696201)
- Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201
This commit is contained in:
Lukas Vrabec 2019-04-08 15:54:57 +02:00
parent 3da5a62edd
commit 2809c70adb
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 23 additions and 6 deletions

2
.gitignore vendored
View File

@ -357,3 +357,5 @@ serefpolicy*
/selinux-policy-contrib-7010ac2.tar.gz
/selinux-policy-50cc590.tar.gz
/selinux-policy-f1590bb.tar.gz
/selinux-policy-contrib-8659df1.tar.gz
/selinux-policy-f8a2347.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 f1590bba44512c226c35927e8afaa33b31bba36d
%global commit0 f8a234739cc2409b70ebeca3147856f026482aff
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 7010ac2d758cea65ee6aad1a9a8814c52e1ae89b
%global commit1 8659df15169ae04f8e92992709feb826fb22016b
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.4
Release: 8%{?dist}
Release: 9%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,21 @@ exit 0
%endif
%changelog
* Mon Apr 08 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-9
- Merge #18 `Add check for config file consistency`
- Allow tlp_t domain also write to nvme_devices block devices BZ(1696943)
- Fix typo in rhsmcertd SELinux module
- Allow dnsmasq_t domain to manage NetworkManager_var_lib_t files
- Allow rhsmcertd_t domain to read yum.log file labeled as rpm_log_t
- Allow unconfined users to use vsock unlabeled sockets
- Add interface kernel_rw_unlabeled_vsock_socket()
- Allow unconfined users to use smc unlabeled sockets
- Add interface kernel_rw_unlabeled_smc_socket
- Allow systemd_resolved_t domain to read system network state BZ(1697039)
- Allow systemd to mounton kernel sysctls BZ(1696201)
- Add interface kernel_mounton_kernel_sysctl() BZ(1696201)
- Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201
* Fri Apr 05 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-8
- Allow systemd to mounton several systemd direstory to increase security of systemd
Resolves: rhbz#1696201

View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-7010ac2.tar.gz) = 641ae2d0d978fe14146a64aa6f8b46ef8aa5e62ac98fb634655584cc956d886ca47fc97b2050322d336f76db3bae638c32e7a680593399a114749eb01156ab07
SHA512 (selinux-policy-f1590bb.tar.gz) = 128c445f44c9cb77caef881da7845ea6d109008619ee88eb4300d3ce4644d9b543068d13ce518a38c5aa94d82665b392de6d0421d7b257ac95ac79a3c3aac6df
SHA512 (selinux-policy-contrib-8659df1.tar.gz) = 3b153d7b5190452561e1b6253dcdebac1e8cf20d071734b44f38f0e74b3106a5158a1fbcd004d2b29befaed98cda30a937bc4f38a60be13f2943c57b61296cac
SHA512 (selinux-policy-f8a2347.tar.gz) = 7c6434f09f02e8b93ae494e7567a45ad99e14f5fbc00f1d846a6cacad46de1c605dd8255764fd240010a0b5c8c532cee00f6d8f7b29b6751fde2ff94d6afb23d
SHA512 (container-selinux.tgz) = d50466ecfc34645df7f40532688afe720dd51ae7a9e56dbc735278be0e12b076780128ab59aee7534bfe9f91eb36780c7920ad422c936289a2c90f9c8d283d0c
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
SHA512 (container-selinux.tgz) = 85a093c9be8c24a26ce4dbc8cd0ed31d4aec37d68867f4f84b5ad75896ce3c08cebafad5d18af4d3aeaa8c3418a4657841a33089214806b33c272822bcc76516