* Tue Jun 18 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-21
- Add vnstatd_var_lib_t to mountpoint attribute BZ(1648864) - cockpit: Support split-out TLS proxy - Allow dkim_milter_t to use shell BZ(1716937) - Create explicit fc rule for mailman executable BZ(1666004) - Update interface networkmanager_manage_pid_files() to allow manage also dirs - Allow dhcpd_t domain to mmap dnssec_t files BZ(1718701) - Add new interface bind_map_dnssec_keys() - Update virt_use_nfs() boolean to allow virt_t to mmap nfs_t files - Allow redis_t domain to read public sssd files - Allow fetchmail_t to connect to dovecot stream sockets BZ(1715569) - Allow confined users to login via cockpit - Allow nfsd_t domain to do chroot becasue of new version of nfsd - Add gpg_agent_roles to system_r roles - Allow qpidd_t domain to getattr all fs_t filesystem and mmap usr_t files - Allow rhsmcertd_t domain to manage rpm cache - Allow sbd_t domain to read tmpfs_t symlinks - Allow ctdb_t domain to manage samba_var_t files/links/sockets and dirs - Allow kadmind_t domain to read home config data - Allow sbd_t domain to readwrite cgroups - Allow NetworkManager_t domain to read nsfs_t files BZ(1715597) - Label /var/log/pacemaker/pacemaker as cluster_var_log_t - Allow certmonger_t domain to manage named cache files/dirs - Allow pcp_pmcd_t domain to domtrans to mdadm_t domain BZ(1714800) - Allow crack_t domain read /et/passwd files - Label fontconfig cache and config files and directories BZ(1659905) - Allow dhcpc_t domain to manage network manager pid files - Label /usr/sbin/nft as iptables_exec_t - Allow userdomain attribute to manage cockpit_ws_t stream sockets - Allow ssh_agent_type to read/write cockpit_session_t unnamed pipes - Add interface ssh_agent_signal()
This commit is contained in:
parent
191f6b36c3
commit
4d8c6240ed
1
.gitignore
vendored
1
.gitignore
vendored
@ -379,3 +379,4 @@ serefpolicy*
|
||||
/selinux-policy-50e97b7.tar.gz
|
||||
/selinux-policy-contrib-7dabd9f.tar.gz
|
||||
/selinux-policy-26ad838.tar.gz
|
||||
/selinux-policy-contrib-2f9692d.tar.gz
|
||||
|
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 26ad838210206ef428322035335b92090fcee7c9
|
||||
%global commit0 5b2d4897031e5981a7eff958e030449c45f6a124
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 7dabd9fa102e21b3e7c91a0e2eef6854e9f0f40d
|
||||
%global commit1 2f9692d829113985c576641ec0dd5192340e5645
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.4
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
@ -787,6 +787,38 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jun 18 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-21
|
||||
- Add vnstatd_var_lib_t to mountpoint attribute BZ(1648864)
|
||||
- cockpit: Support split-out TLS proxy
|
||||
- Allow dkim_milter_t to use shell BZ(1716937)
|
||||
- Create explicit fc rule for mailman executable BZ(1666004)
|
||||
- Update interface networkmanager_manage_pid_files() to allow manage also dirs
|
||||
- Allow dhcpd_t domain to mmap dnssec_t files BZ(1718701)
|
||||
- Add new interface bind_map_dnssec_keys()
|
||||
- Update virt_use_nfs() boolean to allow virt_t to mmap nfs_t files
|
||||
- Allow redis_t domain to read public sssd files
|
||||
- Allow fetchmail_t to connect to dovecot stream sockets BZ(1715569)
|
||||
- Allow confined users to login via cockpit
|
||||
- Allow nfsd_t domain to do chroot becasue of new version of nfsd
|
||||
- Add gpg_agent_roles to system_r roles
|
||||
- Allow qpidd_t domain to getattr all fs_t filesystem and mmap usr_t files
|
||||
- Allow rhsmcertd_t domain to manage rpm cache
|
||||
- Allow sbd_t domain to read tmpfs_t symlinks
|
||||
- Allow ctdb_t domain to manage samba_var_t files/links/sockets and dirs
|
||||
- Allow kadmind_t domain to read home config data
|
||||
- Allow sbd_t domain to readwrite cgroups
|
||||
- Allow NetworkManager_t domain to read nsfs_t files BZ(1715597)
|
||||
- Label /var/log/pacemaker/pacemaker as cluster_var_log_t
|
||||
- Allow certmonger_t domain to manage named cache files/dirs
|
||||
- Allow pcp_pmcd_t domain to domtrans to mdadm_t domain BZ(1714800)
|
||||
- Allow crack_t domain read /et/passwd files
|
||||
- Label fontconfig cache and config files and directories BZ(1659905)
|
||||
- Allow dhcpc_t domain to manage network manager pid files
|
||||
- Label /usr/sbin/nft as iptables_exec_t
|
||||
- Allow userdomain attribute to manage cockpit_ws_t stream sockets
|
||||
- Allow ssh_agent_type to read/write cockpit_session_t unnamed pipes
|
||||
- Add interface ssh_agent_signal()
|
||||
|
||||
* Thu May 30 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-20
|
||||
- Allow pcp_pmcd_t domain to domtrans to mdadm_t domain BZ(1714800)
|
||||
- Allow spamd_update_t to exec itsef
|
||||
|
5
sources
5
sources
@ -1,4 +1,3 @@
|
||||
SHA512 (selinux-policy-contrib-7dabd9f.tar.gz) = 21870f25d058d2c480c6a4486fed1089ea6ef5d6dffa950127305c1d396b1027ad803177b070a3cb83c4eec3b1a5c8e5b4fe7dcc7adc90851abb909fa347b997
|
||||
SHA512 (selinux-policy-26ad838.tar.gz) = cc1ec3ea59673fb8042f5ff59eb369f6f57d698e99aa70daa141232c4b00e3a994a6e9940a836b790dceaa63575a06cc2b4a4fec20b43e3be35335c928c6d099
|
||||
SHA512 (container-selinux.tgz) = dc93b03f3163f93389ce0ecd2cf48c65f02a52e7b4d70fc37aacaad68161d0b20c45f14e768153e33712d4943814cb13cfcc439c01bde876e1c37b8d48c5f7bb
|
||||
SHA512 (selinux-policy-contrib-2f9692d.tar.gz) = a8adfb1f5773295d0b2b70a660e1ff37b1e8e69b8e81c364b2efa2e5ab557a458cd9530dd24c7feba98dd6df19f5a4711c8946049431340e2decc4ddbf3da635
|
||||
SHA512 (container-selinux.tgz) = b2fdeaf63e3ab10ba132d1b55f66f3313dbc5b0411015055bca0a3a6d9435c5242fe8353ee238439b0f7d0f1e6cef307b52059b05945b034bb8e595503a81684
|
||||
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
|
||||
|
Loading…
Reference in New Issue
Block a user