rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Sun Nov 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-12

Browse Source 
- Label /var/cache/nginx as httpd_cache_t
- Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
- Created dnsmasq_use_ipset boolean
- Allow capability dac_override in logwatch_mail_t domain
- Allow automount_t domain to execute ping in own SELinux domain (ping_t)
- Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
- Allow collectd_t domain to create netlink_generic_socket sockets
- Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
- Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
- Label /etc/postfix/chroot-update as postfix_exec_t
- Update tmpreaper_t policy due to fuser command
- Allow kdump_t domain to create netlink_route and udp sockets
- Allow stratisd to connect to dbus
- Allow fail2ban_t domain to create netlink netfilter sockets.
- Allow dovecot get filesystem quotas
- Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
- Allow systemd-tmpfiles processes to set rlimit information
- Allow cephfs to use xattrs for storing contexts
- Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
This commit is contained in:
Lukas Vrabec 2019-11-03 12:59:34 +01:00
parent 0c284fe6fc
commit 4faaca1916
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -416,3 +416,5 @@ serefpolicy*
/selinux-policy-c95997f.tar.gz
/selinux-policy-contrib-6b3a800.tar.gz
/selinux-policy-7b7648b.tar.gz
/selinux-policy-contrib-dee19b8.tar.gz
/selinux-policy-40f6bcc.tar.gz

27
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 7b7648b9040e7af3c95047f562b151b712757fab
%global commit0 40f6bccc38526717eb8ff2032d3c915bc77ad3d1
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 6b3a80044b76f0aaf7b3dd09c4651dd37fa26db9
%global commit1 dee19b8b41fcf9ca57e9e019b30b112a7546c030
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.5
Release: 11%{?dist}
Release: 12%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,27 @@ exit 0
%endif
%changelog
* Sun Nov 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-12
- Label /var/cache/nginx as httpd_cache_t
- Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
- Created dnsmasq_use_ipset boolean
- Allow capability dac_override in logwatch_mail_t domain
- Allow automount_t domain to execute ping in own SELinux domain (ping_t)
- Allow tmpreaper_t domain to getattr files labeled as mtrr_device_t
- Allow collectd_t domain to create netlink_generic_socket sockets
- Allow rhsmcertd_t domain to read/write rtas_errd_var_lock_t files
- Allow tmpwatch process labeled as tmpreaper_t domain to execute fuser command.
- Label /etc/postfix/chroot-update as postfix_exec_t
- Update tmpreaper_t policy due to fuser command
- Allow kdump_t domain to create netlink_route and udp sockets
- Allow stratisd to connect to dbus
- Allow fail2ban_t domain to create netlink netfilter sockets.
- Allow dovecot get filesystem quotas
- Allow networkmanager_t domain to execute chronyd binary in chronyd_t domain. BZ(1765689)
- Allow systemd-tmpfiles processes to set rlimit information
- Allow cephfs to use xattrs for storing contexts
- Update files_filetrans_named_content() interface to allow caller domain to create /oldroot /.profile with correct label etc_runtime_t
* Fri Oct 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-11
- Allow confined users to run newaliases
- Add interface mysql_dontaudit_rw_db()

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-6b3a800.tar.gz) = 9b3e196ebba79b2cb8b9d6a6e967624a32a03f8212852c8924aa9cd3d224b4556f5c3da6a3edaf213a706c23621eaa6d1bdfc0182439a33abf70518861fe91ba
SHA512 (selinux-policy-7b7648b.tar.gz) = 968c3c226063a8de950809c06fdd3661e07f9b5cb8124614d65303546e47d65556b585d545fa041c34dee28eea429092821703bc0395f52d3ce11f778e3aa0f2
SHA512 (container-selinux.tgz) = a263a723da828dd48f2d801f6710ecedc83223d7ecb1650b9ff1eac755326d871f0648a2bc2bc1643e0a4141b04b90c96b60863ead7130324dac5849985adca4
SHA512 (selinux-policy-contrib-dee19b8.tar.gz) = dc7f4e9f11b00548505f698d4993dcd66229b60afdd7c558aef391bb9ff90a4a9ae6fa8a62c9f565e2cc131e0dc6e8341998af3b9728d360de59c68737eb5183
SHA512 (selinux-policy-40f6bcc.tar.gz) = b82310184959b36cd2a6de960913994b1ebf63c36d95a7b2de14f3cdf6feb2df1f215900925957b6a47a5be2f7ff9dc41fff4e9b6db3a82c683eca8e73f9c322
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = 7a0d3e5c47fd1c856b63ed5aa9eba1f553fcd4afa941cf66a61876032dbb53d4dcfd58fff105251b2d8c34e6e47c086815b4bd31f363b1eaa73192c1c5f3dab9