rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merged update from upstream sources 

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/selinux-policy.git#fa72125856bf3148d227f294213f8a446fe75cd0
This commit is contained in:
DistroBaker 2020-12-17 03:03:39 +00:00
parent 14735eb5eb
commit 7cee52182d
3 changed files with 42 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -1,6 +1,6 @@
## Purpose
SELinux Fedora Policy is a fork of the [SElinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
SELinux Fedora Policy is a fork of the [SELinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
## Structure
@ -21,7 +21,7 @@ On GitHub, we have one repository containing the policy sources.
Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_.
### dist-git
Package sources in dist-git are composed from _selinux-policy_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files.
Package sources in dist-git are composed from the _selinux-policy_ repository snapshot tarball, _container-selinux_ policy files snapshot, the _macro-expander_ script snapshot, and from other config files.
## Build process
@ -31,7 +31,7 @@ Package sources in dist-git are composed from _selinux-policy_, and _macro-expan
$ git clone git@github.com:fedora-selinux/selinux-policy.git
$ cd selinux-policy
2. Create, backport, cherry-pick needed changes to a particular branch and push them.
2. Create, backport, or cherry-pick needed changes to a particular branch and push them.
3. Clone the **selinux-policy** dist-git repository.
@ -39,11 +39,11 @@ Package sources in dist-git are composed from _selinux-policy_, and _macro-expan
$ fedpkg clone selinux-policy
$ cd selinux-policy
4. Download the latest snaphot from the selinux-policy github repository.
4. Download the latest snapshot from the selinux-policy GitHub repository.
$ ./make-rhat-patches.sh
5. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push.
5. Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.
6. Build the package.
$ fedpkg build

37
selinux-policy.spec
View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit d4ba4f91dd7b02b09059163fe7fe112a2293ee25
%global commit 826033875b0857b0b7519cd809aa581978a4ddde
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -24,7 +24,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.7
Release: 10%{?dist}
Release: 12%{?dist}
License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf
@ -65,6 +65,7 @@ Source102: rpm.macros
Url: %{giturl}
BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
BuildRequires: make
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(post): /bin/awk /usr/bin/sha512sum
Requires: rpm-plugin-selinux
@ -797,6 +798,38 @@ exit 0
%endif
%changelog
* Tue Dec 15 16:24:44 CET 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-12
- Allow dovecot_auth_t stat /proc filesystem
- Allow sysadm_u user and unconfined_domain_type manage perf_events
- Allow pcp-pmcd manage perf_events
- Add manage_perf_event_perms object permissions set
- Add perf_event access vectors.
- Allow sssd, unix_chkpwd, groupadd stat /proc filesystem
- Allow stub-resolv.conf to be a symlink
- sysnetwork.if: avoid directly referencing systemd_resolved_var_run_t
- Create the systemd_dbus_chat_resolved() compatibility interface
- Allow nsswitch-domain write to systemd-resolved PID socket files
- Add systemd_resolved_write_pid_sock_files() interface
- Add default file context for "/var/run/chrony-dhcp(/.*)?"
- Allow timedatex dbus chat with cron system domain
- Add cron_dbus_chat_system_job() interface
- Allow systemd-logind manage init's pid files
* Wed Dec 9 15:39:03 CET 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-11
- Allow systemd-logind manage init's pid files
- Allow tcsd the setgid capability
- Allow systemd-resolved manage its private runtime symlinks
- Update systemd_resolved_read_pid() to also read symlinks
- Update systemd-sleep policy
- Add groupadd_t fowner capability
- Migrate to GitHub Actions
- Update README.md to reflect the state after contrib and base merge
- Add README.md announcing merging of selinux-policy and selinux-policy-contrib
- Adapt .travis.yml to contrib merge
- Merge contrib into the main repo
- Prepare to merge contrib repo
- Move stuff around to match the main repo
* Thu Nov 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-10
- Allow Xephyr connect to 6000/tcp port and open user ptys
- Allow kexec manage generic tmp files

4
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-d4ba4f9.tar.gz) = 7a2c585103daff6b23d3a0e060efa91da63b3cdbeddcecfa69f15b10d70ee63fe9b8b21e092f25991e7dac2991ba72fa3ca61cd31ea14717cb79156c012dbc2f
SHA512 (container-selinux.tgz) = 9e8cccc4932513daf58fbe3fa1acff6fbb9537e30651af0bfa40b6e368e02f1330a551eb70c4f432a959830ab78099879d4ad4b5936be41d6513769ce1cd8156
SHA512 (selinux-policy-8260338.tar.gz) = a863803a8b810a1a27652361c74f7dd201f7c60848686cc3ec19561a2d388111c38f3535e3bb3cc422aecfd87a03a734dfeaab508dd53485ce735982dc14195f
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = b50789d290be91dbd666d27d1f6104603a587639e87c5561259ca353628d4dd3df4480a67fb148c0dc0c8b820d631e9da298bb087480248e9b018b28767079fd