* Mon Apr 08 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-9

- Merge #18 `Add check for config file consistency` - Allow tlp_t domain also write to nvme_devices block devices BZ(1696943) - Fix typo in rhsmcertd SELinux module - Allow dnsmasq_t domain to manage NetworkManager_var_lib_t files - Allow rhsmcertd_t domain to read yum.log file labeled as rpm_log_t - Allow unconfined users to use vsock unlabeled sockets - Add interface kernel_rw_unlabeled_vsock_socket() - Allow unconfined users to use smc unlabeled sockets - Add interface kernel_rw_unlabeled_smc_socket - Allow systemd_resolved_t domain to read system network state BZ(1697039) - Allow systemd to mounton kernel sysctls BZ(1696201) - Add interface kernel_mounton_kernel_sysctl() BZ(1696201) - Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201
2019-04-08 15:54:57 +02:00 · 2019-04-08 15:54:57 +02:00 · 2809c70adb
parent 3da5a62edd
commit 2809c70adb
3 changed files with 23 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -357,3 +357,5 @@ serefpolicy*
 /selinux-policy-contrib-7010ac2.tar.gz
 /selinux-policy-50cc590.tar.gz
 /selinux-policy-f1590bb.tar.gz
+/selinux-policy-contrib-8659df1.tar.gz
+/selinux-policy-f8a2347.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 f1590bba44512c226c35927e8afaa33b31bba36d
+%global commit0 f8a234739cc2409b70ebeca3147856f026482aff
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 7010ac2d758cea65ee6aad1a9a8814c52e1ae89b
+%global commit1 8659df15169ae04f8e92992709feb826fb22016b
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,21 @@ exit 0
 %endif

 %changelog
+* Mon Apr 08 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-9
+- Merge #18 `Add check for config file consistency`
+- Allow tlp_t domain also write to nvme_devices block devices BZ(1696943)
+- Fix typo in rhsmcertd SELinux module
+- Allow dnsmasq_t domain to manage NetworkManager_var_lib_t files
+- Allow rhsmcertd_t domain to read yum.log file labeled as rpm_log_t
+- Allow unconfined users to use vsock unlabeled sockets
+- Add interface kernel_rw_unlabeled_vsock_socket()
+- Allow unconfined users to use smc unlabeled sockets
+- Add interface kernel_rw_unlabeled_smc_socket
+- Allow systemd_resolved_t domain to read system network state BZ(1697039)
+- Allow systemd to mounton kernel sysctls BZ(1696201)
+- Add interface kernel_mounton_kernel_sysctl() BZ(1696201)
+- Allow systemd to mounton several systemd direstory to increase security of systemd Resolves: rhbz#1696201
+
 * Fri Apr 05 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-8
 - Allow systemd to mounton several systemd direstory to increase security of systemd
 Resolves: rhbz#1696201
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-7010ac2.tar.gz) = 641ae2d0d978fe14146a64aa6f8b46ef8aa5e62ac98fb634655584cc956d886ca47fc97b2050322d336f76db3bae638c32e7a680593399a114749eb01156ab07
-SHA512 (selinux-policy-f1590bb.tar.gz) = 128c445f44c9cb77caef881da7845ea6d109008619ee88eb4300d3ce4644d9b543068d13ce518a38c5aa94d82665b392de6d0421d7b257ac95ac79a3c3aac6df
+SHA512 (selinux-policy-contrib-8659df1.tar.gz) = 3b153d7b5190452561e1b6253dcdebac1e8cf20d071734b44f38f0e74b3106a5158a1fbcd004d2b29befaed98cda30a937bc4f38a60be13f2943c57b61296cac
+SHA512 (selinux-policy-f8a2347.tar.gz) = 7c6434f09f02e8b93ae494e7567a45ad99e14f5fbc00f1d846a6cacad46de1c605dd8255764fd240010a0b5c8c532cee00f6d8f7b29b6751fde2ff94d6afb23d
+SHA512 (container-selinux.tgz) = d50466ecfc34645df7f40532688afe720dd51ae7a9e56dbc735278be0e12b076780128ab59aee7534bfe9f91eb36780c7920ad422c936289a2c90f9c8d283d0c
 SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
-SHA512 (container-selinux.tgz) = 85a093c9be8c24a26ce4dbc8cd0ed31d4aec37d68867f4f84b5ad75896ce3c08cebafad5d18af4d3aeaa8c3418a4657841a33089214806b33c272822bcc76516