* Wed Jun 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-22
- Fix typo in authconfig policy - Update ctdb domain to support gNFS setup - Allow authconfig_t dbus chat with policykit - Allow lircd_t domain to read system state - Revert "Allow fsdaemon_t do send emails BZ(1582701)" - Typo in uuidd policy - Allow tangd_t domain read certs - Allow vpnc_t domain to read configfs_t files/dirs BZ(1583107) - Allow vpnc_t domain to read generic certs BZ(1583100) - Label /var/lib/phpMyAdmin directory as httpd_sys_rw_content_t BZ(1584811) - Allow NetworkManager_ssh_t domain to be system dbud client - Allow virt_qemu_ga_t read utmp - Add capability dac_override to system_mail_t domain - Update uuidd policy to reflect last changes from base branch - Add cap dac_override to procmail_t domain - Allow sendmail to mmap etc_aliases_t files BZ(1578569) - Add new interface dbus_read_pid_sock_files() - Allow mpd_t domain read config_home files if mpd_enable_homedirs boolean will be enabled - Allow fsdaemon_t do send emails BZ(1582701) - Allow firewalld_t domain to request kernel module BZ(1573501) - Allow chronyd_t domain to send send msg via dgram socket BZ(1584757) - Add sys_admin capability to fprint_t SELinux domain - Allow cyrus_t domain to create own files under /var/run BZ(1582885) - Allow cachefiles_kernel_t domain to have capability dac_override - Update policy for ypserv_t domain - Allow zebra_t domain to bind on tcp/udp ports labeled as qpasa_agent_port_t - Allow cyrus to have dac_override capability - Dontaudit action when abrt-hook-ccpp is writing to nscd sockets - Fix homedir polyinstantion under mls - Fixed typo in init.if file - Allow systemd to remove generic tmpt files BZ(1583144) - Update init_named_socket_activation() interface to also allow systemd create objects in /var/run with proper label during socket activation - Allow systemd-networkd and systemd-resolved services read system-dbusd socket BZ(1579075) - Fix typo in authlogin SELinux security module - Allod nsswitch_domain attribute to be system dbusd client BZ(1584632) - Allow audisp_t domain to mmap audisp_exec_t binary - Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file - Label tcp/udp ports 2612 as qpasa_agetn_port_t
This commit is contained in:
parent
58acce3c84
commit
318acc9510
2
.gitignore
vendored
2
.gitignore
vendored
@ -287,3 +287,5 @@ serefpolicy*
|
||||
/selinux-policy-contrib-12d91da.tar.gz
|
||||
/selinux-policy-contrib-6cf567f.tar.gz
|
||||
/selinux-policy-a1ec13e.tar.gz
|
||||
/selinux-policy-contrib-93edf9a.tar.gz
|
||||
/selinux-policy-d06c960.tar.gz
|
||||
|
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 a1ec13e6114be5f88449a3f7e87468ca5f36ead5
|
||||
%global commit0 d06c960c55dcf093800123327a58c4adf3ffe3dd
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 6cf567fea24b91d5a6a82e37e66a0c01548846b2
|
||||
%global commit1 93edf9a38fec7dac9845cb7d5630b4ae931e36f7
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.2
|
||||
Release: 21%{?dist}
|
||||
Release: 22%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
@ -718,6 +718,46 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jun 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-22
|
||||
- Fix typo in authconfig policy
|
||||
- Update ctdb domain to support gNFS setup
|
||||
- Allow authconfig_t dbus chat with policykit
|
||||
- Allow lircd_t domain to read system state
|
||||
- Revert "Allow fsdaemon_t do send emails BZ(1582701)"
|
||||
- Typo in uuidd policy
|
||||
- Allow tangd_t domain read certs
|
||||
- Allow vpnc_t domain to read configfs_t files/dirs BZ(1583107)
|
||||
- Allow vpnc_t domain to read generic certs BZ(1583100)
|
||||
- Label /var/lib/phpMyAdmin directory as httpd_sys_rw_content_t BZ(1584811)
|
||||
- Allow NetworkManager_ssh_t domain to be system dbud client
|
||||
- Allow virt_qemu_ga_t read utmp
|
||||
- Add capability dac_override to system_mail_t domain
|
||||
- Update uuidd policy to reflect last changes from base branch
|
||||
- Add cap dac_override to procmail_t domain
|
||||
- Allow sendmail to mmap etc_aliases_t files BZ(1578569)
|
||||
- Add new interface dbus_read_pid_sock_files()
|
||||
- Allow mpd_t domain read config_home files if mpd_enable_homedirs boolean will be enabled
|
||||
- Allow fsdaemon_t do send emails BZ(1582701)
|
||||
- Allow firewalld_t domain to request kernel module BZ(1573501)
|
||||
- Allow chronyd_t domain to send send msg via dgram socket BZ(1584757)
|
||||
- Add sys_admin capability to fprint_t SELinux domain
|
||||
- Allow cyrus_t domain to create own files under /var/run BZ(1582885)
|
||||
- Allow cachefiles_kernel_t domain to have capability dac_override
|
||||
- Update policy for ypserv_t domain
|
||||
- Allow zebra_t domain to bind on tcp/udp ports labeled as qpasa_agent_port_t
|
||||
- Allow cyrus to have dac_override capability
|
||||
- Dontaudit action when abrt-hook-ccpp is writing to nscd sockets
|
||||
- Fix homedir polyinstantion under mls
|
||||
- Fixed typo in init.if file
|
||||
- Allow systemd to remove generic tmpt files BZ(1583144)
|
||||
- Update init_named_socket_activation() interface to also allow systemd create objects in /var/run with proper label during socket activation
|
||||
- Allow systemd-networkd and systemd-resolved services read system-dbusd socket BZ(1579075)
|
||||
- Fix typo in authlogin SELinux security module
|
||||
- Allod nsswitch_domain attribute to be system dbusd client BZ(1584632)
|
||||
- Allow audisp_t domain to mmap audisp_exec_t binary
|
||||
- Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file
|
||||
- Label tcp/udp ports 2612 as qpasa_agetn_port_t
|
||||
|
||||
* Sat May 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-21
|
||||
- Add dac_override to exim policy BZ(1574303)
|
||||
- Fix typo in conntrackd.fc file
|
||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (selinux-policy-contrib-6cf567f.tar.gz) = 46f21dd2d17f314e6beb2197ba80139c4fa2d468e9f60caeb99200a943e62435b8567f4134fcf15674d9544382cd48c7befc82a91360f5123533bab22dd14d26
|
||||
SHA512 (selinux-policy-a1ec13e.tar.gz) = 1dfc5fa9345f39d0815f6450951fd6925b2f1a3df091193c259545218197b3f31cdff033d0e2c9a2f61de387c1deb3cac1573b17ec43c313ba4520c3ed5f71af
|
||||
SHA512 (container-selinux.tgz) = 25c6d9a075212c43a7895e858d6466e5b3a9658753efd06096442481d285ef7ed7e4cd1bad39d9fb9f0c4e44253c10c513880e6f75a717c335d1fdfbbb3f91b3
|
||||
SHA512 (selinux-policy-contrib-93edf9a.tar.gz) = dcbcbe679f779d594625ba1e25ae346e6854274ee4ca297f2e94b216352b054bcd98364792f048f638f38abc4e436bf400e38d634a43dc322f5c65129e18a782
|
||||
SHA512 (selinux-policy-d06c960.tar.gz) = 80671384c85c91b920ad792b290843986b5ba495416de49cf94535bdba28b3dfe237a925116767dd7e781f76df44168788217169f03648ea82f37aa586395a38
|
||||
SHA512 (container-selinux.tgz) = f841e4e02294f0c12bbb81bc463ba8129154f5fdb18b9ad7fe254e86b6668dca069991dd3c3b3b8a20ef072fcd018750fbf8f5399a1a221b427bd92268d0b243
|
||||
|
Loading…
Reference in New Issue
Block a user