From 6f3f722f7d3e47769c59b34aa67943766c15b07f Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Sat, 22 Feb 2020 17:02:13 +0100 Subject: [PATCH] * Sat Feb 22 2020 Lukas Vrabec - 3.14.6-5 - Allow certmonger_t domain to read pkcs_slotd lock files - Allow httpd_t domain to mmap own var_lib_t files BZ(1804853) - Allow ipda_custodia_t to create udp_socket and added permission nlmsg_read for netlink_route_sockets - Make file context more variable for /usr/bin/fusermount and /bin/fusermount - Allow local_login_t domain to getattr cgroup filesystem - Allow systemd_logind_t domain to manage user_tmp_t char and block devices --- .gitignore | 2 ++ selinux-policy.spec | 14 +++++++++++--- sources | 6 +++--- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index dbd22624..dd776668 100644 --- a/.gitignore +++ b/.gitignore @@ -442,3 +442,5 @@ serefpolicy* /selinux-policy-a303d1d.tar.gz /selinux-policy-contrib-f2a3549.tar.gz /selinux-policy-d5268be.tar.gz +/selinux-policy-bde5c9e.tar.gz +/selinux-policy-contrib-f7a21a9.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 29ef89ee..ef7ab7b0 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 d5268be21538b700a57f7b89399615fde06dd9bc +%global commit0 bde5c9e912959102393fb3708633c39f138e280f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 f2a3549c2ffa2ad553923054809b3c8c91d0dcf0 +%global commit1 f7a21a9f173e1c8071718b1dea40eed2271c284d %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.6 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -772,6 +772,14 @@ exit 0 %endif %changelog +* Sat Feb 22 2020 Lukas Vrabec - 3.14.6-5 +- Allow certmonger_t domain to read pkcs_slotd lock files +- Allow httpd_t domain to mmap own var_lib_t files BZ(1804853) +- Allow ipda_custodia_t to create udp_socket and added permission nlmsg_read for netlink_route_sockets +- Make file context more variable for /usr/bin/fusermount and /bin/fusermount +- Allow local_login_t domain to getattr cgroup filesystem +- Allow systemd_logind_t domain to manage user_tmp_t char and block devices + * Tue Feb 18 2020 Lukas Vrabec - 3.14.6-4 - Update virt_read_qemu_pid_files inteface - Allow systemd_logind_t domain to getattr cgroup filesystem diff --git a/sources b/sources index f051fe91..4c8ebf18 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-f2a3549.tar.gz) = 934192496cb554e35113061ec45a01c967ad9494e209058564783f420bdbe398901515bf46d735af48e6d23516c095d531bf0668e52c39c56a241094e739ec24 -SHA512 (selinux-policy-d5268be.tar.gz) = 659f6fb8501b63ce51217bc2582608dc8da48131ab83160070b062fda5cdbf93d8286e8182d66e034c8b58634a33a7fb7789adeb303073601698d26c5496a08c -SHA512 (container-selinux.tgz) = 84beebe9723339d93bc501667ec113a3338dd179346d76d5c5aba4924959e96ff46a8a13e05fd0870e4764b613e099f1dcbfffbff92ca62e429bc4981f41e64a +SHA512 (selinux-policy-bde5c9e.tar.gz) = 217884f4a617b21258a269f0a8466838866dffd1a0960918d5f81772ce3958033a1b5c94918170044ab022dbbcb0273f07c2ca7b4cea4552f885a415a6b2d1fa +SHA512 (selinux-policy-contrib-f7a21a9.tar.gz) = e3dbe432e1c4171132a14d0c00223ca3e3ca8e8492414f3002f390878919592d093ddbb1fd33597b5d097089fe4252dcced037eeb074bdac22b2188983e5a367 +SHA512 (container-selinux.tgz) = 1ff2a0a228875dd901f1e12102d27275a0a56385c5f49687280cf45e65d97a441ecda3f9eef796992731322ffb3d7e44250b76c26152f45971d33f9f46e47740 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4