* Sat Feb 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-20

- Allow sensord_t domain to use nsswitch and execute shell
- Allow opafm_t domain to execute lib_t files
- Allow opafm_t domain to manage kdump_crash_t files and dirs
- Allow virt domains to read/write cephfs filesystems
- Allow virtual machine to write to fixed_disk_device_t
- Update kdump_manage_crash() interface to allow also manage dirs by caller domain Resolves: rhbz#1491585
- Allow svnserve_t domain to create in /tmp svn_0 file labeled as krb5_host_rcache_t
- Allow vhostmd_t read libvirt configuration files
- Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains
- Add miscfiles_filetrans_named_content_letsencrypt() to optional_block - Allow unconfined domains to create letsencrypt directory in /var/lib labeled as cert_t - Allow staff_t user to systemctl iptables units. - Allow systemd to read selinux logind config - obj_perm_sets.spt: Add xdp_socket to socket_class_set. - Add xdp_socket security class and access vectors - Allow transition from init_t domain to user_t domain during ssh login with confined user user_u
This commit is contained in:
Lukas Vrabec 2019-02-02 13:41:12 +01:00
parent 5664a30563
commit 6fe0e8a6a7
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 20 additions and 6 deletions

2
.gitignore vendored
View File

@ -334,3 +334,5 @@ serefpolicy*
/selinux-policy-35f00c1.tar.gz /selinux-policy-35f00c1.tar.gz
/selinux-policy-5181cbd.tar.gz /selinux-policy-5181cbd.tar.gz
/selinux-policy-contrib-992defd.tar.gz /selinux-policy-contrib-992defd.tar.gz
/selinux-policy-contrib-b4944ea.tar.gz
/selinux-policy-07bdaa4.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 5181cbd448c7aea433aad45675befadda96002e2 %global commit0 07bdaa4e38ad031370335669a7df22fc8836dea0
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 992defd63683a26684dbbca3e4d1d652cd340f00 %global commit1 b4944ea2d50d41863dec6ba41d1cc815395da494
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.3 Version: 3.14.3
Release: 19%{?dist} Release: 20%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -706,6 +706,18 @@ exit 0
%endif %endif
%changelog %changelog
* Sat Feb 02 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-20
- Allow sensord_t domain to use nsswitch and execute shell
- Allow opafm_t domain to execute lib_t files
- Allow opafm_t domain to manage kdump_crash_t files and dirs
- Allow virt domains to read/write cephfs filesystems
- Allow virtual machine to write to fixed_disk_device_t
- Update kdump_manage_crash() interface to allow also manage dirs by caller domain Resolves: rhbz#1491585
- Allow svnserve_t domain to create in /tmp svn_0 file labeled as krb5_host_rcache_t
- Allow vhostmd_t read libvirt configuration files
- Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains
- Add miscfiles_filetrans_named_content_letsencrypt() to optional_block - Allow unconfined domains to create letsencrypt directory in /var/lib labeled as cert_t - Allow staff_t user to systemctl iptables units. - Allow systemd to read selinux logind config - obj_perm_sets.spt: Add xdp_socket to socket_class_set. - Add xdp_socket security class and access vectors - Allow transition from init_t domain to user_t domain during ssh login with confined user user_u
* Tue Jan 29 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-19 * Tue Jan 29 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-19
- Add new xdp_socket class - Add new xdp_socket class
- Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains - Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-5181cbd.tar.gz) = e9b3310fcd57e83789d9a052bf9b9ed3ba30298712c0eb20689d2a172ce6eff89f17eba11a7c7fb1b0eda3ef11ac76d7c6cd6b85c88618e973d4e114d8d56d1f SHA512 (selinux-policy-contrib-b4944ea.tar.gz) = bc11049c77dd13e96a94e12a70e219d076c33c46aa2ba093a970661985dc3810d2b7702997b65fd6eaeecdbacd22524be2f707f1a951c9c84b35328d83b3f0f6
SHA512 (selinux-policy-contrib-992defd.tar.gz) = e5e487dc051183af132e5a009f4dfb1daee222106301ada9de952f43cee2eb4eba07bb2294229f15f176e5f59d267b5b132899ad838fe135355735c7a687a1f9 SHA512 (selinux-policy-07bdaa4.tar.gz) = ae462e33c51e445f69551a0a327dcd5b63a38824d96205a69cebed43e0bdb1b37644e2faec4d4dcc6fea09de07793ea240926e2e8d1467be3f3c829f7c825899
SHA512 (container-selinux.tgz) = 75e68ef36831d5ad0ea02be30c8d82285ece4741961103fd01d74d7acb8f707030181cbe5d6d3b3c17242d298bd2662d3f0a603f2880d7abd8af8724b7a70f54 SHA512 (container-selinux.tgz) = 942c04ccf72c164442d0f7db96457cb7d1b2d1871312552e9da42757b3f60d4853e3ec30fc178d0cec69e294ffced74dcd0ecfcda1c6511531d2f170a6d82073