* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-18
- Fix typo in gpg SELinux module - Update gpg policy to make ti working with confined users - Add domain transition that systemd labeled as init_t can execute spamd_update_exec_t binary to run newly created process as spamd_update_t - Remove allow rule for virt_qemu_ga_t to write/append user_tmp_t files - Label /var/run/user/*/dbus-1 as session_dbusd_tmp_t - Add dac_override capability to namespace_init_t domain - Label /usr/sbin/corosync-qdevice as cluster_exec_t - Allow NetworkManager_ssh_t domain to open communication channel with system dbus. BZ(1677484) - Label /usr/libexec/dnf-utils as debuginfo_exec_t - Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on - Allow nrpe_t domain to be dbus cliennt - Add interface sssd_signull() - Label /usr/bin/tshark as wireshark_exec_t - Update userdomains to allow confined users to create gpg keys - Allow associate all filesystem_types with fs_t - Dontaudit syslogd_t using kill in unamespaces BZ(1711122) - Allow init_t to manage session_dbusd_tmp_t dirs - Allow systemd_gpt_generator_t to read/write to clearance - Allow su_domain_type to getattr to /dev/gpmctl - Update userdom_login_user_template() template to make working systemd user session for guest and xguest SELinux users
This commit is contained in:
parent
fb7eb895aa
commit
4ce765ae0a
2
.gitignore
vendored
2
.gitignore
vendored
@ -373,3 +373,5 @@ serefpolicy*
|
||||
/selinux-policy-8eaf5bc.tar.gz
|
||||
/selinux-policy-contrib-38d51f0.tar.gz
|
||||
/selinux-policy-62e78cf.tar.gz
|
||||
/selinux-policy-contrib-ebaeade.tar.gz
|
||||
/selinux-policy-78cbf0a.tar.gz
|
||||
|
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 62e78cf9f07ef77f1c9d7ce8633dd433310c59d6
|
||||
%global commit0 78cbf0a9d74895e255a68ae92688fb6b5288f363
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 38d51f0bce3aa41b5ebde42f27792c183c17f379
|
||||
%global commit1 ebaeade60f7b8f2f0697fc0d6c2be7132c6bb531
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.4
|
||||
Release: 17%{?dist}
|
||||
Release: 18%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
@ -787,6 +787,28 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-18
|
||||
- Fix typo in gpg SELinux module
|
||||
- Update gpg policy to make ti working with confined users
|
||||
- Add domain transition that systemd labeled as init_t can execute spamd_update_exec_t binary to run newly created process as spamd_update_t
|
||||
- Remove allow rule for virt_qemu_ga_t to write/append user_tmp_t files
|
||||
- Label /var/run/user/*/dbus-1 as session_dbusd_tmp_t
|
||||
- Add dac_override capability to namespace_init_t domain
|
||||
- Label /usr/sbin/corosync-qdevice as cluster_exec_t
|
||||
- Allow NetworkManager_ssh_t domain to open communication channel with system dbus. BZ(1677484)
|
||||
- Label /usr/libexec/dnf-utils as debuginfo_exec_t
|
||||
- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on
|
||||
- Allow nrpe_t domain to be dbus cliennt
|
||||
- Add interface sssd_signull()
|
||||
- Label /usr/bin/tshark as wireshark_exec_t
|
||||
- Update userdomains to allow confined users to create gpg keys
|
||||
- Allow associate all filesystem_types with fs_t
|
||||
- Dontaudit syslogd_t using kill in unamespaces BZ(1711122)
|
||||
- Allow init_t to manage session_dbusd_tmp_t dirs
|
||||
- Allow systemd_gpt_generator_t to read/write to clearance
|
||||
- Allow su_domain_type to getattr to /dev/gpmctl
|
||||
- Update userdom_login_user_template() template to make working systemd user session for guest and xguest SELinux users
|
||||
|
||||
* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-17
|
||||
- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on
|
||||
- Allow nrpe_t domain to be dbus cliennt
|
||||
|
6
sources
6
sources
@ -1,4 +1,4 @@
|
||||
SHA512 (selinux-policy-contrib-38d51f0.tar.gz) = 83dce8123c8eac1bc770201029b710ab3c116f88250555307d449bfdd51419f1305c83d8071e7a20f11b6ae272f198dac0d128251e4959dc8e12ca3194d366ea
|
||||
SHA512 (selinux-policy-62e78cf.tar.gz) = 0043629db5f1f9d3a81e6bbd00d5e5ee4abaf989117fd4b287d0be4d12953175ff6c5072f9a28d3de438e1d7b75e2ef827bcba38aa6625dcd61959a14d56b3d0
|
||||
SHA512 (container-selinux.tgz) = d7c41133e61c0db2e77da123f32ec954f141ba65be46dfd07d5b5758bfb3c2cb76fb23c43b17c5212d4145eb6ddb01a502dcee380a1ab3b1209cdd6613de6a4b
|
||||
SHA512 (selinux-policy-contrib-ebaeade.tar.gz) = f82aed1e88afe629509250be6f7a94fdc50edf1d57c321c0375e243836c1ef44cfbba4b8871330adac31e81197cbe5a7baeb500585166193af1d0d06afcc4c2e
|
||||
SHA512 (selinux-policy-78cbf0a.tar.gz) = 034614016fbc1d592b70f2c4cacf491f230752d7ecd79638e2992ce7ddd5062c5c27c5ea48cbc3c9fcc29f31609e950578d86444c2c11f4de8a91a2def80e416
|
||||
SHA512 (container-selinux.tgz) = d4522b4eca9a2ea02cb84a69d155700c063f1121fbedabe3dde42d24541bf84b520440f8545c2c664999933c1ce64d529dab043940b718403d1212701e722b14
|
||||
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
|
||||
|
Loading…
Reference in New Issue
Block a user