rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Aug 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-25

Browse Source 
- Allow certmonger fowner capability
- The nfsdcld service is now confined by SELinux
- Change transitions for ~/.config/Yubico
- Allow all users to connect to systemd-userdbd with a unix socket
- Add file context for ~/.config/Yubico
- Allow syslogd_t domain to read/write tmpfs systemd-bootchart files
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Revert "Allow passwd to get attributes in proc_t"
- Revert "Allow login_pgm attribute to get attributes in proc_t"
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Allow traceroute_t and ping_t to bind generic nodes.
- Create macro corenet_icmp_bind_generic_node()
- Allow unconfined_t to node_bind icmp_sockets in node_t domain
This commit is contained in:
Zdenek Pytela 2020-08-24 15:21:10 +02:00
parent 74e5e49dca
commit 491bb86202
3 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -478,3 +478,6 @@ serefpolicy*
/selinux-policy-217d493.tar.gz /selinux-policy-217d493.tar.gz
/selinux-policy-contrib-9b7cf70.tar.gz /selinux-policy-contrib-9b7cf70.tar.gz
/selinux-policy-6fe2056.tar.gz /selinux-policy-6fe2056.tar.gz
/selinux-policy-contrib-7c37fde.tar.gz
/selinux-policy-5e99183.tar.gz
/selinux-policy-099ea7b.tar.gz

23
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 6fe205674f9cd1face5e2cf1aeb90d265ef89ba8 %global commit0 099ea7b7bd113cac657f98d406c77839cce98859
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 9b7cf700494669ec9b27e59abe53beae09a8c7c7 %global commit1 7c37fdec5dbf351cd55491174ae06c983e4e72bc
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.6 Version: 3.14.6
Release: 24%{?dist} Release: 25%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -784,6 +784,23 @@ exit 0
%endif %endif
%changelog %changelog
* Mon Aug 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-25
- Allow certmonger fowner capability
- The nfsdcld service is now confined by SELinux
- Change transitions for ~/.config/Yubico
- Allow all users to connect to systemd-userdbd with a unix socket
- Add file context for ~/.config/Yubico
- Allow syslogd_t domain to read/write tmpfs systemd-bootchart files
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Revert "Allow passwd to get attributes in proc_t"
- Revert "Allow login_pgm attribute to get attributes in proc_t"
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Allow traceroute_t and ping_t to bind generic nodes.
- Create macro corenet_icmp_bind_generic_node()
- Allow unconfined_t to node_bind icmp_sockets in node_t domain
* Thu Aug 13 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-24 * Thu Aug 13 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-24
- Add ipa_helper_noatsecure() interface unconditionally - Add ipa_helper_noatsecure() interface unconditionally
- Conditionally allow nagios_plugin_domain dbus chat with init - Conditionally allow nagios_plugin_domain dbus chat with init

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-9b7cf70.tar.gz) = ba053dedf48c9fa5199f7ede41f12959680de910ebf7f7c8d8a9259eef59d89c5dca3e4b52aff96ea6c6b2ddfdda7ba0f64c1483d7f86da83ee9f439c16de5f6 SHA512 (selinux-policy-contrib-7c37fde.tar.gz) = 481ce52174972d455de8559c51cb3eb4f74f5a990412dbdd4d69f158bb465c2cc6342e13e24f4047f33d4f2e7c79f7f0123f0520dd9a6af524f0a3666d649b9e
SHA512 (selinux-policy-6fe2056.tar.gz) = d9ec5664bd5fc99244c4c91bb7fb68f8a67f88b250dc6ec3f018328fe89a796c60d096edd57fca0239d668c98c567367e015aa2e7785792dc0891c783c130d7f SHA512 (selinux-policy-099ea7b.tar.gz) = 0fe2b0aaad88b1ffca83bb8b1e19a781860e854ab7630a38a4656c531d1b035ce695f67468cf34c49e21cc39a17fbabfa0c14cfb3fddf215626aaefd45890aca
SHA512 (container-selinux.tgz) = db901e9d5ca68a5f771437852d1ab2f5463df945ec9673f3e1ce18cb081aa60544d89e3357f33407aa18196fc1f8b4c554a0690a6bfd0017ff75216c84a19a59 SHA512 (container-selinux.tgz) = 667a09b3f37706727eb8992b9d57d767e6d6643cf1f495339934cb36d8d30272c193fa7cfbffe9df50b0cef7dd6883e7df1750970ee41c2db1d891bf75d73d34
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4