* Wed Jun 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-22

- Fix typo in authconfig policy - Update ctdb domain to support gNFS setup - Allow authconfig_t dbus chat with policykit - Allow lircd_t domain to read system state - Revert "Allow fsdaemon_t do send emails BZ(1582701)" - Typo in uuidd policy - Allow tangd_t domain read certs - Allow vpnc_t domain to read configfs_t files/dirs BZ(1583107) - Allow vpnc_t domain to read generic certs BZ(1583100) - Label /var/lib/phpMyAdmin directory as httpd_sys_rw_content_t BZ(1584811) - Allow NetworkManager_ssh_t domain to be system dbud client - Allow virt_qemu_ga_t read utmp - Add capability dac_override to system_mail_t domain - Update uuidd policy to reflect last changes from base branch - Add cap dac_override to procmail_t domain - Allow sendmail to mmap etc_aliases_t files BZ(1578569) - Add new interface dbus_read_pid_sock_files() - Allow mpd_t domain read config_home files if mpd_enable_homedirs boolean will be enabled - Allow fsdaemon_t do send emails BZ(1582701) - Allow firewalld_t domain to request kernel module BZ(1573501) - Allow chronyd_t domain to send send msg via dgram socket BZ(1584757) - Add sys_admin capability to fprint_t SELinux domain - Allow cyrus_t domain to create own files under /var/run BZ(1582885) - Allow cachefiles_kernel_t domain to have capability dac_override - Update policy for ypserv_t domain - Allow zebra_t domain to bind on tcp/udp ports labeled as qpasa_agent_port_t - Allow cyrus to have dac_override capability - Dontaudit action when abrt-hook-ccpp is writing to nscd sockets - Fix homedir polyinstantion under mls - Fixed typo in init.if file - Allow systemd to remove generic tmpt files BZ(1583144) - Update init_named_socket_activation() interface to also allow systemd create objects in /var/run with proper label during socket activation - Allow systemd-networkd and systemd-resolved services read system-dbusd socket BZ(1579075) - Fix typo in authlogin SELinux security module - Allod nsswitch_domain attribute to be system dbusd client BZ(1584632) - Allow audisp_t domain to mmap audisp_exec_t binary - Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file - Label tcp/udp ports 2612 as qpasa_agetn_port_t
2018-06-06 10:25:52 +02:00 · 2018-06-06 10:25:52 +02:00 · 318acc9510
commit 318acc9510
parent 58acce3c84
3 changed files with 48 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -287,3 +287,5 @@ serefpolicy*
 /selinux-policy-contrib-12d91da.tar.gz
 /selinux-policy-contrib-6cf567f.tar.gz
 /selinux-policy-a1ec13e.tar.gz
+/selinux-policy-contrib-93edf9a.tar.gz
+/selinux-policy-d06c960.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 a1ec13e6114be5f88449a3f7e87468ca5f36ead5
+%global commit0 d06c960c55dcf093800123327a58c4adf3ffe3dd
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 6cf567fea24b91d5a6a82e37e66a0c01548846b2
+%global commit1 93edf9a38fec7dac9845cb7d5630b4ae931e36f7
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 21%{?dist}
+Release: 22%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -718,6 +718,46 @@ exit 0
 %endif

 %changelog
+* Wed Jun 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-22
+- Fix typo in authconfig policy
+- Update ctdb domain to support gNFS setup
+- Allow authconfig_t dbus chat with policykit
+- Allow lircd_t domain to read system state
+- Revert "Allow fsdaemon_t do send emails BZ(1582701)"
+- Typo in uuidd policy
+- Allow tangd_t domain read certs
+- Allow vpnc_t domain to read configfs_t files/dirs BZ(1583107)
+- Allow vpnc_t domain to read generic certs BZ(1583100)
+- Label /var/lib/phpMyAdmin directory as httpd_sys_rw_content_t BZ(1584811)
+- Allow NetworkManager_ssh_t domain to be system dbud client
+- Allow virt_qemu_ga_t read utmp
+- Add capability dac_override to system_mail_t domain
+- Update uuidd policy to reflect last changes from base branch
+- Add cap dac_override to procmail_t domain
+- Allow sendmail to mmap etc_aliases_t files BZ(1578569)
+- Add new interface dbus_read_pid_sock_files()
+- Allow mpd_t domain read config_home files if mpd_enable_homedirs boolean will be enabled
+- Allow fsdaemon_t do send emails BZ(1582701)
+- Allow firewalld_t domain to request kernel module BZ(1573501)
+- Allow chronyd_t domain to send send msg via dgram socket BZ(1584757)
+- Add sys_admin capability to fprint_t SELinux domain
+- Allow cyrus_t domain to create own files under /var/run BZ(1582885)
+- Allow cachefiles_kernel_t domain to have capability dac_override
+- Update policy for ypserv_t domain
+- Allow zebra_t domain to bind on tcp/udp ports labeled as qpasa_agent_port_t
+- Allow cyrus to have dac_override capability
+- Dontaudit action when abrt-hook-ccpp is writing to nscd sockets
+- Fix homedir polyinstantion under mls
+- Fixed typo in init.if file
+- Allow systemd to remove generic tmpt files BZ(1583144)
+- Update init_named_socket_activation() interface to also allow systemd create objects in /var/run with proper label during socket activation
+- Allow systemd-networkd and systemd-resolved services read system-dbusd socket BZ(1579075)
+- Fix typo in authlogin SELinux security module
+- Allod nsswitch_domain attribute to be system dbusd client BZ(1584632)
+- Allow audisp_t domain to mmap audisp_exec_t binary
+- Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file
+- Label tcp/udp ports 2612 as qpasa_agetn_port_t
+
 * Sat May 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-21
 - Add dac_override to exim policy BZ(1574303)
 - Fix typo in conntrackd.fc file
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-6cf567f.tar.gz) = 46f21dd2d17f314e6beb2197ba80139c4fa2d468e9f60caeb99200a943e62435b8567f4134fcf15674d9544382cd48c7befc82a91360f5123533bab22dd14d26
-SHA512 (selinux-policy-a1ec13e.tar.gz) = 1dfc5fa9345f39d0815f6450951fd6925b2f1a3df091193c259545218197b3f31cdff033d0e2c9a2f61de387c1deb3cac1573b17ec43c313ba4520c3ed5f71af
-SHA512 (container-selinux.tgz) = 25c6d9a075212c43a7895e858d6466e5b3a9658753efd06096442481d285ef7ed7e4cd1bad39d9fb9f0c4e44253c10c513880e6f75a717c335d1fdfbbb3f91b3
+SHA512 (selinux-policy-contrib-93edf9a.tar.gz) = dcbcbe679f779d594625ba1e25ae346e6854274ee4ca297f2e94b216352b054bcd98364792f048f638f38abc4e436bf400e38d634a43dc322f5c65129e18a782
+SHA512 (selinux-policy-d06c960.tar.gz) = 80671384c85c91b920ad792b290843986b5ba495416de49cf94535bdba28b3dfe237a925116767dd7e781f76df44168788217169f03648ea82f37aa586395a38
+SHA512 (container-selinux.tgz) = f841e4e02294f0c12bbb81bc463ba8129154f5fdb18b9ad7fe254e86b6668dca069991dd3c3b3b8a20ef072fcd018750fbf8f5399a1a221b427bd92268d0b243