rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-13

Browse Source 
- Update pesign policy to allow pesign_t domain to read bind cache files/dirs
- Add dac_override capability to mdadm_t domain
- Create ibacm_tmpfs_t type for the ibacm policy
- Dontaudit capability sys_admin for dhcpd_t domain
- Makes rhsmcertd_t domain an exception to the constraint preventing changing the user identity in object contexts.
- Allow abrt_t domain to mmap generic tmp_t files
- Label /usr/sbin/wpa_cli as wpa_cli_exec_t
- Allow sandbox_xserver_t domain write to user_tmp_t files
- Allow certutil running as ipsec_mgmt_t domain to mmap ipsec_mgmt pid files Dontaudit ipsec_mgmt_t domain to write to the all mountpoints
- Add interface files_map_generic_tmp_files()
- Add dac_override capability to the syslogd_t domain
- Create systemd_timedated_var_run_t label
- Update systemd_timedated_t domain to allow create own pid files/access init_var_lib_t files and read dbus files BZ(1646202)
- Add init_read_var_lib_lnk_files and init_read_var_lib_sock_files interfaces
This commit is contained in:
Lukas Vrabec 2018-11-07 23:34:46 +01:00
parent e4f858261b
commit 70c776a7bc
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -323,3 +323,5 @@ serefpolicy*
/selinux-policy-a46eac2.tar.gz /selinux-policy-a46eac2.tar.gz
/selinux-policy-contrib-5a2a313.tar.gz /selinux-policy-contrib-5a2a313.tar.gz
/selinux-policy-62d90da.tar.gz /selinux-policy-62d90da.tar.gz
/selinux-policy-contrib-a01743f.tar.gz
/selinux-policy-4cbc1ae.tar.gz

22
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 62d90da2a38c1a701a5f177feb861d0d75357d55 %global commit0 4cbc1ae7dbe8f08edee55b33d1031f0ee0c6ff4e
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 5a2a313e3ac16c6411fd3dd949a836061b33a526 %global commit1 a01743f0cd8f3fd2aa99b32ff01697eeb0918b0c
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.3 Version: 3.14.3
Release: 12%{?dist} Release: 13%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -709,6 +709,22 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Nov 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-13
- Update pesign policy to allow pesign_t domain to read bind cache files/dirs
- Add dac_override capability to mdadm_t domain
- Create ibacm_tmpfs_t type for the ibacm policy
- Dontaudit capability sys_admin for dhcpd_t domain
- Makes rhsmcertd_t domain an exception to the constraint preventing changing the user identity in object contexts.
- Allow abrt_t domain to mmap generic tmp_t files
- Label /usr/sbin/wpa_cli as wpa_cli_exec_t
- Allow sandbox_xserver_t domain write to user_tmp_t files
- Allow certutil running as ipsec_mgmt_t domain to mmap ipsec_mgmt pid files Dontaudit ipsec_mgmt_t domain to write to the all mountpoints
- Add interface files_map_generic_tmp_files()
- Add dac_override capability to the syslogd_t domain
- Create systemd_timedated_var_run_t label
- Update systemd_timedated_t domain to allow create own pid files/access init_var_lib_t files and read dbus files BZ(1646202)
- Add init_read_var_lib_lnk_files and init_read_var_lib_sock_files interfaces
* Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-12 * Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-12
- Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672) - Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672)
- Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766) - Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766)

6
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-contrib-5a2a313.tar.gz) = 3a2c12e0636b241a36a398ae30db2b64376083034fc1033f5b745c27706559169f16d4c05ec4af6703e90250f0377dbbd80316f086ffce3c4fe942f40359b8af SHA512 (selinux-policy-contrib-a01743f.tar.gz) = 4f21db7f96599c85d4d16b275b693338f63c00083e0931e4658d93c23ee969f6670c7dcde67d54e3c55718577759bd14f7ee68c3e82896e0b6334077fbc98686
SHA512 (selinux-policy-62d90da.tar.gz) = bce754eca7b01c15eab03d182e3d8baebb0783372df33e75f15442b3377c168e57502453950e8383947feb47c21e95184d7cdee35ac8aebcaccdcf5e5eaf04c1 SHA512 (selinux-policy-4cbc1ae.tar.gz) = 0d6a5f5df9dda62b72ad037f124eed91e06d7657d15c0d6155b6e5449b6fca034c6ac1759fb5cb42ab39ea9973a5149403267afc21f15f849e86bea1d6b61f62
SHA512 (container-selinux.tgz) = a26a2ddd0aa3868d44bdb55197737e0f66377f5dd8abfcd00f6440b926338071f57f189bb5050d976dcc484d53a7f3ac35c74d48763975bea2afc6509501ebef SHA512 (container-selinux.tgz) = d4cc25cfd87b9efd77424f3a799044a927488756e31bd157f59613acb0bb4da19013fc2e22ff9194b2ebfb6c57d33a98d7a1f76e9720f1ac8fa889b39807f0ac