* Sat May 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-21

- Add dac_override to exim policy BZ(1574303)
- Fix typo in conntrackd.fc file
- Allow sssd_t to kill sssd_selinux_manager_t
- Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db  is turned on
- Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp
- Allow policykit_auth_t to read udev db files BZ(1574419)
- Allow varnishd_t do be dbus client BZ(1582251)
- Allow cyrus_t domain to mmap own pid files BZ(1582183)
- Allow user_mail_t domain to mmap etc_aliases_t files
- Allow gkeyringd domains to run ssh agents
- Allow gpg_pinentry_t domain read ssh state
- Allow sysadm_u use xdm
- Allow xdm_t domain to listen ofor unix dgram sockets BZ(1581495)
- Add interface ssh_read_state()
- Fix typo in sysnetwork.if file
This commit is contained in:
Lukas Vrabec 2018-05-26 00:25:28 +02:00
parent 9364159b18
commit 58acce3c84
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 25 additions and 6 deletions

2
.gitignore vendored
View File

@ -285,3 +285,5 @@ serefpolicy*
/selinux-policy-ba72e52.tar.gz
/selinux-policy-877fde5.tar.gz
/selinux-policy-contrib-12d91da.tar.gz
/selinux-policy-contrib-6cf567f.tar.gz
/selinux-policy-a1ec13e.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 877fde5e4cceb08ad0cf0e8110b1fca267e943f7
%global commit0 a1ec13e6114be5f88449a3f7e87468ca5f36ead5
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 12d91dabfa5b0c6c8a69e76f3caae0e6d60c9d1b
%global commit1 6cf567fea24b91d5a6a82e37e66a0c01548846b2
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.2
Release: 20%{?dist}
Release: 21%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -718,6 +718,23 @@ exit 0
%endif
%changelog
* Sat May 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-21
- Add dac_override to exim policy BZ(1574303)
- Fix typo in conntrackd.fc file
- Allow sssd_t to kill sssd_selinux_manager_t
- Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db is turned on
- Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp
- Allow policykit_auth_t to read udev db files BZ(1574419)
- Allow varnishd_t do be dbus client BZ(1582251)
- Allow cyrus_t domain to mmap own pid files BZ(1582183)
- Allow user_mail_t domain to mmap etc_aliases_t files
- Allow gkeyringd domains to run ssh agents
- Allow gpg_pinentry_t domain read ssh state
- Allow sysadm_u use xdm
- Allow xdm_t domain to listen ofor unix dgram sockets BZ(1581495)
- Add interface ssh_read_state()
- Fix typo in sysnetwork.if file
* Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-20
- Allow tangd_t domain to create tcp sockets and add new interface tangd_read_db_files
- Allow mailman_mail_t domain to search for apache configs

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-877fde5.tar.gz) = 29f4074fd84d026077bab774f72d63a538fa1b84ac5ff3b07e026e78f2031edd494a16b6a6930f7741be85124b4881a77744730dfe01a22cb938c2245778b523
SHA512 (selinux-policy-contrib-12d91da.tar.gz) = 38afcb055eb582db1fa2f1207badb5eddfd5ee632e52e75f2449bd65d8a3fe81177430220b75dd13838fd5ecd4cc3f2402a3bcd6c5fbc367145aea66a09d7e88
SHA512 (container-selinux.tgz) = c38b1799acb4f517655be8ede3f05debcebd81624e00bd9d429a277d8eecbf17d15618631bed8ce03c63286d574a61ebfb0782d6dd77c5e70d616fb1e968aed9
SHA512 (selinux-policy-contrib-6cf567f.tar.gz) = 46f21dd2d17f314e6beb2197ba80139c4fa2d468e9f60caeb99200a943e62435b8567f4134fcf15674d9544382cd48c7befc82a91360f5123533bab22dd14d26
SHA512 (selinux-policy-a1ec13e.tar.gz) = 1dfc5fa9345f39d0815f6450951fd6925b2f1a3df091193c259545218197b3f31cdff033d0e2c9a2f61de387c1deb3cac1573b17ec43c313ba4520c3ed5f71af
SHA512 (container-selinux.tgz) = 25c6d9a075212c43a7895e858d6466e5b3a9658753efd06096442481d285ef7ed7e4cd1bad39d9fb9f0c4e44253c10c513880e6f75a717c335d1fdfbbb3f91b3