diff --git a/.gitignore b/.gitignore index b565aff3..a7d8b114 100644 --- a/.gitignore +++ b/.gitignore @@ -401,3 +401,5 @@ serefpolicy* /selinux-policy-contrib-8ce79b2.tar.gz /selinux-policy-contrib-c5a8fd2.tar.gz /selinux-policy-3e6f5ff.tar.gz +/selinux-policy-37ef196.tar.gz +/selinux-policy-contrib-b43d580.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index e06cf2fc..f3d9bd86 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 3e6f5ff6a8472c461de91690fe49fe2f12f76066 +%global commit0 37ef1961203fdfe99780ab25c0ca288a0d3d3a84 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 c5a8fd2a369b81fa96880776dc723a4038af1c49 +%global commit1 b43d580f345a4d6e7cabfed01522ccbb5cf39309 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.5 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,26 @@ exit 0 %endif %changelog +* Fri Sep 20 2019 Lukas Vrabec - 3.14.5-4 +- Run ipa-custodia as ipa_custodia_t +- Update webalizer_t SELinux policy +- Dontaudit thumb_t domain to getattr of nsfs_t files BZ(1753598) +- Allow rhsmcertd_t domain to read rtas_errd lock files +- Add new interface rtas_errd_read_lock() +- Update allow rules set for nrpe_t domain +- Update timedatex SELinux policy to to sychronizate time with GNOME and add new macro chronyd_service_status to chronyd.if +- Allow avahi_t to send msg to lpr_t +- Label /dev/shm/dirsrv/ with dirsrv_tmpfs_t label +- Allow dlm_controld_t domain to read random device +- Label libvirt drivers as virtd_exec_t +- Add sys_ptrace capability to pcp_pmlogger_t domain BZ(1751816) +- Allow gssproxy_t domain read state of all processes on system +- Add new macro systemd_timedated_status to systemd.if to get timedated service status +- Introduce xdm_manage_bootloader booelan +- Revert "Unconfined domains, need to create content with the correct labels" +- Allow xdm_t domain to read sssd pid files BZ(1753240) +- Move open, audit_access, and execmod to common file perms + * Fri Sep 13 2019 Lukas Vrabec - 3.14.5-3 - Add sys_ptrace capability to pcp_pmlogger_t domain BZ(1751816) - Allow gssproxy_t domain read state of all processes on system diff --git a/sources b/sources index 2e5aa0ce..9aa86324 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-c5a8fd2.tar.gz) = 57fb899c9c7501272d9e773774b9c1dfae97274ddfcfa7698ac34c803722b51c1282bcc4b6aa35292d93ce3063395298ef3b794f191698d6b6e6b1968d376685 -SHA512 (selinux-policy-3e6f5ff.tar.gz) = a5f2bfd9f6a9ad4fb857f432b02cae4b259399d1d00a807d0403bd5c4d05a9ce1c23a522c5a71c21953005ee96988cbf6a0e49cc46ba5a3be4f65d5b39cb3f9b -SHA512 (container-selinux.tgz) = 632dfadfbe4f94867194f77ef5bcd8348b08288ab943091f1def637ad826dd1e3a88f998dd0cc154c860c6cc4a8281da6759fc484bcd133424a4a5dea75ed6f8 +SHA512 (selinux-policy-37ef196.tar.gz) = 07c765cced50610af4597b56910d2acb471d378efd2aa2b5fc4c620064842e6702583bc104839e9ec1b65c1738fba6eebd1a94f1fcfd65ad61254ca67cc21c69 +SHA512 (container-selinux.tgz) = 87884fb373e024460f0a5c3b0fbca98e2be6b4b0a2b057b0c9603083a621c029bc6155103a9f02bb13bec0f294884183d3dc2c671e6f0ce3dd5f78099555a24d +SHA512 (selinux-policy-contrib-b43d580.tar.gz) = 0d2d4549532a38d30a064e0f7cfddb0d93956232582b1ff4d3a3617baab4c51dda4256f7101dd275ca2aa4a66d96b0c1955896a1cbb908ef1cfd8071fa25b065 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4