* Tue Feb 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-21

- Allow glusterd_t to write to automount unnamed pipe Resolves: rhbz#1674243
- Allow ddclient_t to setcap Resolves: rhbz#1674298
- Add dac_override capability to vpnc_t domain
- Add dac_override capability to spamd_t domain
- Allow ibacm_t domain to read system state and label all ibacm sockets and symlinks as ibacm_var_run_t in /var/run
- Allow read network state of system for processes labeled as ibacm_t
- Allow ibacm_t domain to send dgram sockets to kernel processes
- Allow dovecot_t to connect to MySQL UNIX socket
- Fix CI for use on forks
- Fix typo bug in sensord policy
- Update ibacm_t policy after testing lastest version of this component
- Allow sensord_t domain to mmap own log files
- Allow virt_doamin to read/write dev device
- Add dac_override capability for ipa_helper_t
- Update policy with multiple allow rules to make working installing VM in MLS policy
- Allow syslogd_t domain to send null signal to all domains on system Resolves: rhbz#1673847 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow systemd-logind daemon to remove shared memory during logout Resolves: rhbz#1674172 - Always label /home symlinks as home_root_t - Update mount_read_pid_files macro to allow also list mount_var_run_t dirs - Fix typo bug in userdomain SELinux policy - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow user domains to stop systemd user sessions during logout process - Fix CI for use on forks - Label /dev/sev char device as sev_device_t - Add s_manage_fusefs_named_sockets interface - Allow systemd-journald to receive messages including a memfd
This commit is contained in:
Lukas Vrabec 2019-02-12 17:05:35 +01:00
parent 6fe0e8a6a7
commit 37bb67856f
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 26 additions and 6 deletions

2
.gitignore vendored
View File

@ -336,3 +336,5 @@ serefpolicy*
/selinux-policy-contrib-992defd.tar.gz /selinux-policy-contrib-992defd.tar.gz
/selinux-policy-contrib-b4944ea.tar.gz /selinux-policy-contrib-b4944ea.tar.gz
/selinux-policy-07bdaa4.tar.gz /selinux-policy-07bdaa4.tar.gz
/selinux-policy-contrib-8b8ce9b.tar.gz
/selinux-policy-8258bc1.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 07bdaa4e38ad031370335669a7df22fc8836dea0 %global commit0 8258bc10ab4591c277398a872364355be7b15cd4
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 b4944ea2d50d41863dec6ba41d1cc815395da494 %global commit1 8b8ce9b1a026b041163de4ab4ef29e9515dbf541
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.3 Version: 3.14.3
Release: 20%{?dist} Release: 21%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -706,6 +706,24 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Feb 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-21
- Allow glusterd_t to write to automount unnamed pipe Resolves: rhbz#1674243
- Allow ddclient_t to setcap Resolves: rhbz#1674298
- Add dac_override capability to vpnc_t domain
- Add dac_override capability to spamd_t domain
- Allow ibacm_t domain to read system state and label all ibacm sockets and symlinks as ibacm_var_run_t in /var/run
- Allow read network state of system for processes labeled as ibacm_t
- Allow ibacm_t domain to send dgram sockets to kernel processes
- Allow dovecot_t to connect to MySQL UNIX socket
- Fix CI for use on forks
- Fix typo bug in sensord policy
- Update ibacm_t policy after testing lastest version of this component
- Allow sensord_t domain to mmap own log files
- Allow virt_doamin to read/write dev device
- Add dac_override capability for ipa_helper_t
- Update policy with multiple allow rules to make working installing VM in MLS policy
- Allow syslogd_t domain to send null signal to all domains on system Resolves: rhbz#1673847 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow systemd-logind daemon to remove shared memory during logout Resolves: rhbz#1674172 - Always label /home symlinks as home_root_t - Update mount_read_pid_files macro to allow also list mount_var_run_t dirs - Fix typo bug in userdomain SELinux policy - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow user domains to stop systemd user sessions during logout process - Fix CI for use on forks - Label /dev/sev char device as sev_device_t - Add s_manage_fusefs_named_sockets interface - Allow systemd-journald to receive messages including a memfd
* Sat Feb 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-20 * Sat Feb 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-20
- Allow sensord_t domain to use nsswitch and execute shell - Allow sensord_t domain to use nsswitch and execute shell
- Allow opafm_t domain to execute lib_t files - Allow opafm_t domain to execute lib_t files

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-contrib-b4944ea.tar.gz) = bc11049c77dd13e96a94e12a70e219d076c33c46aa2ba093a970661985dc3810d2b7702997b65fd6eaeecdbacd22524be2f707f1a951c9c84b35328d83b3f0f6 SHA512 (selinux-policy-contrib-8b8ce9b.tar.gz) = 4f4903d5c0fe059c4478e7989c40bbb7513cc36cb1fcf6ec30de77d73d85954252116ab424dbda180ec73fd49ee7832967ca816e17177eb360e31d38509db5a1
SHA512 (selinux-policy-07bdaa4.tar.gz) = ae462e33c51e445f69551a0a327dcd5b63a38824d96205a69cebed43e0bdb1b37644e2faec4d4dcc6fea09de07793ea240926e2e8d1467be3f3c829f7c825899 SHA512 (selinux-policy-8258bc1.tar.gz) = ab3d2a9fe55732e67a76323a1ed1556ff7d79738c95e3b9d411c71589d92478e3507468eb085a2e2a45bd5081317d00253b78cc47be0622cff40716cf046402c
SHA512 (container-selinux.tgz) = 942c04ccf72c164442d0f7db96457cb7d1b2d1871312552e9da42757b3f60d4853e3ec30fc178d0cec69e294ffced74dcd0ecfcda1c6511531d2f170a6d82073 SHA512 (container-selinux.tgz) = 89579044b28cab6d41f830d591317bd8ff5db968bf698b68e69d5b36aca871e85a7c7155c38703e07be6c41e16b655b0747eb0a47aa04169da87fab0fcfe9d91