* Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-13

- Update pesign policy to allow pesign_t domain to read bind cache files/dirs - Add dac_override capability to mdadm_t domain - Create ibacm_tmpfs_t type for the ibacm policy - Dontaudit capability sys_admin for dhcpd_t domain - Makes rhsmcertd_t domain an exception to the constraint preventing changing the user identity in object contexts. - Allow abrt_t domain to mmap generic tmp_t files - Label /usr/sbin/wpa_cli as wpa_cli_exec_t - Allow sandbox_xserver_t domain write to user_tmp_t files - Allow certutil running as ipsec_mgmt_t domain to mmap ipsec_mgmt pid files Dontaudit ipsec_mgmt_t domain to write to the all mountpoints - Add interface files_map_generic_tmp_files() - Add dac_override capability to the syslogd_t domain - Create systemd_timedated_var_run_t label - Update systemd_timedated_t domain to allow create own pid files/access init_var_lib_t files and read dbus files BZ(1646202) - Add init_read_var_lib_lnk_files and init_read_var_lib_sock_files interfaces
2018-11-07 23:34:46 +01:00 · 2018-11-07 23:34:46 +01:00 · 70c776a7bc
parent e4f858261b
commit 70c776a7bc
3 changed files with 24 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -323,3 +323,5 @@ serefpolicy*
 /selinux-policy-a46eac2.tar.gz
 /selinux-policy-contrib-5a2a313.tar.gz
 /selinux-policy-62d90da.tar.gz
+/selinux-policy-contrib-a01743f.tar.gz
+/selinux-policy-4cbc1ae.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 62d90da2a38c1a701a5f177feb861d0d75357d55
+%global commit0 4cbc1ae7dbe8f08edee55b33d1031f0ee0c6ff4e
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 5a2a313e3ac16c6411fd3dd949a836061b33a526
+%global commit1 a01743f0cd8f3fd2aa99b32ff01697eeb0918b0c
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -709,6 +709,22 @@ exit 0
 %endif

 %changelog
+* Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-13
+- Update pesign policy to allow pesign_t domain to read bind cache files/dirs
+- Add dac_override capability to mdadm_t domain
+- Create ibacm_tmpfs_t type for the ibacm policy
+- Dontaudit capability sys_admin for dhcpd_t domain
+- Makes rhsmcertd_t domain an exception to the constraint preventing changing the user identity in object contexts.
+- Allow abrt_t domain to mmap generic tmp_t files
+- Label /usr/sbin/wpa_cli as wpa_cli_exec_t
+- Allow sandbox_xserver_t domain write to user_tmp_t files
+- Allow certutil running as ipsec_mgmt_t domain to mmap ipsec_mgmt pid files Dontaudit ipsec_mgmt_t domain to write to the all mountpoints
+- Add interface files_map_generic_tmp_files()
+- Add dac_override capability to the syslogd_t domain
+- Create systemd_timedated_var_run_t label
+- Update systemd_timedated_t domain to allow create own pid files/access init_var_lib_t files and read dbus files BZ(1646202)
+- Add init_read_var_lib_lnk_files and init_read_var_lib_sock_files interfaces
+
 * Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-12
 - Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672)
 - Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766)
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-5a2a313.tar.gz) = 3a2c12e0636b241a36a398ae30db2b64376083034fc1033f5b745c27706559169f16d4c05ec4af6703e90250f0377dbbd80316f086ffce3c4fe942f40359b8af
-SHA512 (selinux-policy-62d90da.tar.gz) = bce754eca7b01c15eab03d182e3d8baebb0783372df33e75f15442b3377c168e57502453950e8383947feb47c21e95184d7cdee35ac8aebcaccdcf5e5eaf04c1
-SHA512 (container-selinux.tgz) = a26a2ddd0aa3868d44bdb55197737e0f66377f5dd8abfcd00f6440b926338071f57f189bb5050d976dcc484d53a7f3ac35c74d48763975bea2afc6509501ebef
+SHA512 (selinux-policy-contrib-a01743f.tar.gz) = 4f21db7f96599c85d4d16b275b693338f63c00083e0931e4658d93c23ee969f6670c7dcde67d54e3c55718577759bd14f7ee68c3e82896e0b6334077fbc98686
+SHA512 (selinux-policy-4cbc1ae.tar.gz) = 0d6a5f5df9dda62b72ad037f124eed91e06d7657d15c0d6155b6e5449b6fca034c6ac1759fb5cb42ab39ea9973a5149403267afc21f15f849e86bea1d6b61f62
+SHA512 (container-selinux.tgz) = d4cc25cfd87b9efd77424f3a799044a927488756e31bd157f59613acb0bb4da19013fc2e22ff9194b2ebfb6c57d33a98d7a1f76e9720f1ac8fa889b39807f0ac