* Tue Feb 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-21

- Allow glusterd_t to write to automount unnamed pipe Resolves: rhbz#1674243 - Allow ddclient_t to setcap Resolves: rhbz#1674298 - Add dac_override capability to vpnc_t domain - Add dac_override capability to spamd_t domain - Allow ibacm_t domain to read system state and label all ibacm sockets and symlinks as ibacm_var_run_t in /var/run - Allow read network state of system for processes labeled as ibacm_t - Allow ibacm_t domain to send dgram sockets to kernel processes - Allow dovecot_t to connect to MySQL UNIX socket - Fix CI for use on forks - Fix typo bug in sensord policy - Update ibacm_t policy after testing lastest version of this component - Allow sensord_t domain to mmap own log files - Allow virt_doamin to read/write dev device - Add dac_override capability for ipa_helper_t - Update policy with multiple allow rules to make working installing VM in MLS policy - Allow syslogd_t domain to send null signal to all domains on system Resolves: rhbz#1673847 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow systemd-logind daemon to remove shared memory during logout Resolves: rhbz#1674172 - Always label /home symlinks as home_root_t - Update mount_read_pid_files macro to allow also list mount_var_run_t dirs - Fix typo bug in userdomain SELinux policy - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow user domains to stop systemd user sessions during logout process - Fix CI for use on forks - Label /dev/sev char device as sev_device_t - Add s_manage_fusefs_named_sockets interface - Allow systemd-journald to receive messages including a memfd
2019-02-12 17:05:35 +01:00 · 2019-02-12 17:05:35 +01:00 · 37bb67856f
commit 37bb67856f
parent 6fe0e8a6a7
3 changed files with 26 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -336,3 +336,5 @@ serefpolicy*
 /selinux-policy-contrib-992defd.tar.gz
 /selinux-policy-contrib-b4944ea.tar.gz
 /selinux-policy-07bdaa4.tar.gz
 /selinux-policy-contrib-8b8ce9b.tar.gz
 /selinux-policy-8258bc1.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 07bdaa4e38ad031370335669a7df22fc8836dea0
+%global commit0 8258bc10ab4591c277398a872364355be7b15cd4
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 b4944ea2d50d41863dec6ba41d1cc815395da494
+%global commit1 8b8ce9b1a026b041163de4ab4ef29e9515dbf541
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -706,6 +706,24 @@ exit 0
 %endif
 %changelog
 * Tue Feb 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-21
 - Allow glusterd_t to write to automount unnamed pipe Resolves: rhbz#1674243
 - Allow ddclient_t to setcap Resolves: rhbz#1674298
 - Add dac_override capability to vpnc_t domain
 - Add dac_override capability to spamd_t domain
 - Allow ibacm_t domain to read system state and label all ibacm sockets and symlinks as ibacm_var_run_t in /var/run
 - Allow read network state of system for processes labeled as ibacm_t
 - Allow ibacm_t domain to send dgram sockets to kernel processes
 - Allow dovecot_t to connect to MySQL UNIX socket
 - Fix CI for use on forks
 - Fix typo bug in sensord policy
 - Update ibacm_t policy after testing lastest version of this component
 - Allow sensord_t domain to mmap own log files
 - Allow virt_doamin to read/write dev device
 - Add dac_override capability for ipa_helper_t
 - Update policy with multiple allow rules to make working installing VM in MLS policy
 - Allow syslogd_t domain to send null signal to all domains on system Resolves: rhbz#1673847 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow systemd-logind daemon to remove shared memory during logout Resolves: rhbz#1674172 - Always label /home symlinks as home_root_t - Update mount_read_pid_files macro to allow also list mount_var_run_t dirs - Fix typo bug in userdomain SELinux policy - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow user domains to stop systemd user sessions during logout process - Fix CI for use on forks - Label /dev/sev char device as sev_device_t - Add s_manage_fusefs_named_sockets interface - Allow systemd-journald to receive messages including a memfd
 * Sat Feb 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-20
 - Allow sensord_t domain to use nsswitch and execute shell
 - Allow opafm_t domain to execute lib_t files
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-b4944ea.tar.gz) = bc11049c77dd13e96a94e12a70e219d076c33c46aa2ba093a970661985dc3810d2b7702997b65fd6eaeecdbacd22524be2f707f1a951c9c84b35328d83b3f0f6
+SHA512 (selinux-policy-contrib-8b8ce9b.tar.gz) = 4f4903d5c0fe059c4478e7989c40bbb7513cc36cb1fcf6ec30de77d73d85954252116ab424dbda180ec73fd49ee7832967ca816e17177eb360e31d38509db5a1
-SHA512 (selinux-policy-07bdaa4.tar.gz) = ae462e33c51e445f69551a0a327dcd5b63a38824d96205a69cebed43e0bdb1b37644e2faec4d4dcc6fea09de07793ea240926e2e8d1467be3f3c829f7c825899
+SHA512 (selinux-policy-8258bc1.tar.gz) = ab3d2a9fe55732e67a76323a1ed1556ff7d79738c95e3b9d411c71589d92478e3507468eb085a2e2a45bd5081317d00253b78cc47be0622cff40716cf046402c
-SHA512 (container-selinux.tgz) = 942c04ccf72c164442d0f7db96457cb7d1b2d1871312552e9da42757b3f60d4853e3ec30fc178d0cec69e294ffced74dcd0ecfcda1c6511531d2f170a6d82073
+SHA512 (container-selinux.tgz) = 89579044b28cab6d41f830d591317bd8ff5db968bf698b68e69d5b36aca871e85a7c7155c38703e07be6c41e16b655b0747eb0a47aa04169da87fab0fcfe9d91