rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Sep 20 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-4 

- Run ipa-custodia as ipa_custodia_t
- Update webalizer_t SELinux policy
- Dontaudit thumb_t domain to getattr of nsfs_t files BZ(1753598)
- Allow rhsmcertd_t domain to read rtas_errd lock files
- Add new interface rtas_errd_read_lock()
- Update allow rules set for nrpe_t domain
- Update timedatex SELinux policy to to sychronizate time with GNOME and add new macro chronyd_service_status to chronyd.if
- Allow avahi_t to send msg to lpr_t
- Label /dev/shm/dirsrv/ with dirsrv_tmpfs_t label
- Allow dlm_controld_t domain to read random device
- Label libvirt drivers as virtd_exec_t
- Add sys_ptrace capability to pcp_pmlogger_t domain BZ(1751816)
- Allow gssproxy_t domain read state of all processes on system
- Add new macro systemd_timedated_status to systemd.if to get timedated service status
- Introduce xdm_manage_bootloader booelan
- Revert "Unconfined domains, need to create content with the correct labels"
- Allow xdm_t domain to read sssd pid files BZ(1753240)
- Move open, audit_access, and execmod to common file perms
This commit is contained in:
Lukas Vrabec 2019-09-20 15:00:31 +02:00
parent ecab8b5cc3
commit 361693e74b
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -401,3 +401,5 @@ serefpolicy*
/selinux-policy-contrib-8ce79b2.tar.gz
/selinux-policy-contrib-c5a8fd2.tar.gz
/selinux-policy-3e6f5ff.tar.gz
/selinux-policy-37ef196.tar.gz
/selinux-policy-contrib-b43d580.tar.gz

26
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 3e6f5ff6a8472c461de91690fe49fe2f12f76066
%global commit0 37ef1961203fdfe99780ab25c0ca288a0d3d3a84
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 c5a8fd2a369b81fa96880776dc723a4038af1c49
%global commit1 b43d580f345a4d6e7cabfed01522ccbb5cf39309
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.5
Release: 3%{?dist}
Release: 4%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,26 @@ exit 0
%endif
%changelog
* Fri Sep 20 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-4
- Run ipa-custodia as ipa_custodia_t
- Update webalizer_t SELinux policy
- Dontaudit thumb_t domain to getattr of nsfs_t files BZ(1753598)
- Allow rhsmcertd_t domain to read rtas_errd lock files
- Add new interface rtas_errd_read_lock()
- Update allow rules set for nrpe_t domain
- Update timedatex SELinux policy to to sychronizate time with GNOME and add new macro chronyd_service_status to chronyd.if
- Allow avahi_t to send msg to lpr_t
- Label /dev/shm/dirsrv/ with dirsrv_tmpfs_t label
- Allow dlm_controld_t domain to read random device
- Label libvirt drivers as virtd_exec_t
- Add sys_ptrace capability to pcp_pmlogger_t domain BZ(1751816)
- Allow gssproxy_t domain read state of all processes on system
- Add new macro systemd_timedated_status to systemd.if to get timedated service status
- Introduce xdm_manage_bootloader booelan
- Revert "Unconfined domains, need to create content with the correct labels"
- Allow xdm_t domain to read sssd pid files BZ(1753240)
- Move open, audit_access, and execmod to common file perms
* Fri Sep 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-3
- Add sys_ptrace capability to pcp_pmlogger_t domain BZ(1751816)
- Allow gssproxy_t domain read state of all processes on system

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-c5a8fd2.tar.gz) = 57fb899c9c7501272d9e773774b9c1dfae97274ddfcfa7698ac34c803722b51c1282bcc4b6aa35292d93ce3063395298ef3b794f191698d6b6e6b1968d376685
SHA512 (selinux-policy-3e6f5ff.tar.gz) = a5f2bfd9f6a9ad4fb857f432b02cae4b259399d1d00a807d0403bd5c4d05a9ce1c23a522c5a71c21953005ee96988cbf6a0e49cc46ba5a3be4f65d5b39cb3f9b
SHA512 (container-selinux.tgz) = 632dfadfbe4f94867194f77ef5bcd8348b08288ab943091f1def637ad826dd1e3a88f998dd0cc154c860c6cc4a8281da6759fc484bcd133424a4a5dea75ed6f8
SHA512 (selinux-policy-37ef196.tar.gz) = 07c765cced50610af4597b56910d2acb471d378efd2aa2b5fc4c620064842e6702583bc104839e9ec1b65c1738fba6eebd1a94f1fcfd65ad61254ca67cc21c69
SHA512 (container-selinux.tgz) = 87884fb373e024460f0a5c3b0fbca98e2be6b4b0a2b057b0c9603083a621c029bc6155103a9f02bb13bec0f294884183d3dc2c671e6f0ce3dd5f78099555a24d
SHA512 (selinux-policy-contrib-b43d580.tar.gz) = 0d2d4549532a38d30a064e0f7cfddb0d93956232582b1ff4d3a3617baab4c51dda4256f7101dd275ca2aa4a66d96b0c1955896a1cbb908ef1cfd8071fa25b065
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4