* Wed Jul 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-29
- Allow aide to mmap all files - Revert "Allow firewalld to create rawip sockets" - Revert "Allow firewalld_t do read iptables_var_run_t files" - Allow svirt_tcg_t domain to read system state of virtd_t domains - Update rhcs contexts to reflects the latest fenced changes - Allow httpd_t domain to rw user_tmp_t files - Fix typo in openct policy - Allow winbind_t domian to connect to all ephemeral ports - Allow firewalld_t do read iptables_var_run_t files - Allow abrt_t domain to mmap data_home files - Allow glusterd_t domain to mmap user_tmp_t files - Allow mongodb_t domain to mmap own var_lib_t files - Allow firewalld to read kernel usermodehelper state - Allow modemmanager_t to read sssd public files - Allow openct_t domain to mmap own var_run_t files - Allow nnp transition for devicekit daemons - Allow firewalld to create rawip sockets - Allow firewalld to getattr proc filesystem - Dontaudit sys_admin capability for pcscd_t domain - Revert "Allow pcsd_t domain sys_admin capability" - Allow fetchmail_t domain to stream connect to sssd - Allow pcsd_t domain sys_admin capability - Allow cupsd_t to create cupsd_etc_t dirs - Allow varnishlog_t domain to list varnishd_var_lib_t dirs - Allow mongodb_t domain to read system network state BZ(1599230) - Allow tgtd_t domain to create dirs in /var/run labeled as tgtd_var_run_t BZ(1492377) - Allow iscsid_t domain to mmap sysfs_t files - Allow httpd_t domain to mmap own cache files - Add sys_resource capability to nslcd_t domain - Fixed typo in logging_audisp_domain interface - Add interface files_mmap_all_files() - Add interface iptables_read_var_run() - Allow systemd to mounton init_var_run_t files - Update policy rules for auditd_t based on changes in audit version 3 - Allow systemd_tmpfiles_t do mmap system db files - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Improve domain_transition_pattern to allow mmap entrypoint bin file. - Don't setup unlabeled_t as an entry_type - Allow unconfined_service_t to transition to container_runtime_t
This commit is contained in:
parent
35bcefb9e1
commit
539110c25c
2
.gitignore
vendored
2
.gitignore
vendored
@ -298,3 +298,5 @@ serefpolicy*
|
|||||||
/selinux-policy-contrib-23a0603.tar.gz
|
/selinux-policy-contrib-23a0603.tar.gz
|
||||||
/selinux-policy-d616286.tar.gz
|
/selinux-policy-d616286.tar.gz
|
||||||
/selinux-policy-contrib-bfc11d6.tar.gz
|
/selinux-policy-contrib-bfc11d6.tar.gz
|
||||||
|
/selinux-policy-cc3def4.tar.gz
|
||||||
|
/selinux-policy-contrib-f0ca657.tar.gz
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 d61628691715136c744f049f4d61aeeec3c0d9fa
|
%global commit0 cc3def49862b7cea6b321bdc1cd8bb9b715e7ffc
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 bfc11d6bd418bc719015ea876365d2f894e18499
|
%global commit1 f0ca657fd17cb4c77bb1d7ee4422f94e397e7ac3
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -29,7 +29,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.2
|
Version: 3.14.2
|
||||||
Release: 28%{?dist}
|
Release: 29%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
@ -709,6 +709,47 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-29
|
||||||
|
- Allow aide to mmap all files
|
||||||
|
- Revert "Allow firewalld to create rawip sockets"
|
||||||
|
- Revert "Allow firewalld_t do read iptables_var_run_t files"
|
||||||
|
- Allow svirt_tcg_t domain to read system state of virtd_t domains
|
||||||
|
- Update rhcs contexts to reflects the latest fenced changes
|
||||||
|
- Allow httpd_t domain to rw user_tmp_t files
|
||||||
|
- Fix typo in openct policy
|
||||||
|
- Allow winbind_t domian to connect to all ephemeral ports
|
||||||
|
- Allow firewalld_t do read iptables_var_run_t files
|
||||||
|
- Allow abrt_t domain to mmap data_home files
|
||||||
|
- Allow glusterd_t domain to mmap user_tmp_t files
|
||||||
|
- Allow mongodb_t domain to mmap own var_lib_t files
|
||||||
|
- Allow firewalld to read kernel usermodehelper state
|
||||||
|
- Allow modemmanager_t to read sssd public files
|
||||||
|
- Allow openct_t domain to mmap own var_run_t files
|
||||||
|
- Allow nnp transition for devicekit daemons
|
||||||
|
- Allow firewalld to create rawip sockets
|
||||||
|
- Allow firewalld to getattr proc filesystem
|
||||||
|
- Dontaudit sys_admin capability for pcscd_t domain
|
||||||
|
- Revert "Allow pcsd_t domain sys_admin capability"
|
||||||
|
- Allow fetchmail_t domain to stream connect to sssd
|
||||||
|
- Allow pcsd_t domain sys_admin capability
|
||||||
|
- Allow cupsd_t to create cupsd_etc_t dirs
|
||||||
|
- Allow varnishlog_t domain to list varnishd_var_lib_t dirs
|
||||||
|
- Allow mongodb_t domain to read system network state BZ(1599230)
|
||||||
|
- Allow tgtd_t domain to create dirs in /var/run labeled as tgtd_var_run_t BZ(1492377)
|
||||||
|
- Allow iscsid_t domain to mmap sysfs_t files
|
||||||
|
- Allow httpd_t domain to mmap own cache files
|
||||||
|
- Add sys_resource capability to nslcd_t domain
|
||||||
|
- Fixed typo in logging_audisp_domain interface
|
||||||
|
- Add interface files_mmap_all_files()
|
||||||
|
- Add interface iptables_read_var_run()
|
||||||
|
- Allow systemd to mounton init_var_run_t files
|
||||||
|
- Update policy rules for auditd_t based on changes in audit version 3
|
||||||
|
- Allow systemd_tmpfiles_t do mmap system db files
|
||||||
|
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
|
||||||
|
- Improve domain_transition_pattern to allow mmap entrypoint bin file.
|
||||||
|
- Don't setup unlabeled_t as an entry_type
|
||||||
|
- Allow unconfined_service_t to transition to container_runtime_t
|
||||||
|
|
||||||
* Wed Jul 18 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-28
|
* Wed Jul 18 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-28
|
||||||
- Allow cupsd_t domain to mmap cupsd_etc_t files
|
- Allow cupsd_t domain to mmap cupsd_etc_t files
|
||||||
- Allow kadmind_t domain to mmap krb5kdc_principal_t
|
- Allow kadmind_t domain to mmap krb5kdc_principal_t
|
||||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (container-selinux.tgz) = c7a65ac9b50b465201c405fdac721e2b92e6bfded2c49a9027e1df6fb036730113fbdfa5cce8394fe73e6f0eff371e5bbf4b0e1535b2311b8627696669485ba3
|
SHA512 (container-selinux.tgz) = 2ff3997f7953d99be29fd59a004045e8650771c19c75bd4b4fb5ba9ee7e6f579ad68d8f2174ddc875d3281536b5dc19da950d43aaf552d5d49fee03a18ee5bf1
|
||||||
SHA512 (selinux-policy-d616286.tar.gz) = 2e318cb95da9501b64a46488b9561fea4d7399a5167dc0f78a45876ab450a702e4c2eea6270dd9221ce38bfa205f0394f1eda776219e8b8297828ff5290d868f
|
SHA512 (selinux-policy-cc3def4.tar.gz) = 76f28dedea25e0ab187dc18d4aa316705cf46b4c2b93477f52c86e8781be2bd31edacb6161dbeeca667eaa7218fbab139aac25bf06288624727d840e42e82617
|
||||||
SHA512 (selinux-policy-contrib-bfc11d6.tar.gz) = 7d9e256113afb862de2eac4a4594f08e7f91a0455db1106756cec20546e8404b8d235c3b0a15b48f46348a9492de282521143a1ecf84a79a037e19476f6ad3f1
|
SHA512 (selinux-policy-contrib-f0ca657.tar.gz) = 124f6b2bc63ee343ddc4acc75580d34af27a9f2491f6638f7f17fa612abc322a17ddbb4a36d2aa492044cf13950defc05ba8f5f42c52640feb7c6c81177f1d38
|
||||||
|
Loading…
Reference in New Issue
Block a user