* Thu Jul 30 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-22

- Allow virtlockd only getattr and lock block devices - Allow qemu-ga read all non security file types conditionally - Allow virtlockd manage VMs posix file locks - Allow smbd get attributes of device files labeled samba_share_t - Label /tmp/krb5_0.rcache2 with krb5_host_rcache_t - Add a new httpd_can_manage_courier_spool boolean - Create interface courier_manage_spool_sockets() in courier policy to allow to search dir and allow manage sock files - Revert "Allow qemu-kvm read and write /dev/mapper/control" - Revert "Allow qemu read and write /dev/mapper/control" - Revert "Dontaudit and disallow sys_admin capability for keepalived_t domain" - Dontaudit pcscd_t setting its process scheduling - Dontaudit thumb_t setting its process scheduling - Allow munin domain transition with NoNewPrivileges - Add dev_lock_all_blk_files() interface - Allow auditd manage kerberos host rcache files - Allow systemd-logind dbus chat with fwupd
2020-07-30 17:41:10 +02:00 · 2020-07-30 17:41:10 +02:00 · 8394f612f0
parent d77690be67
commit 8394f612f0
3 changed files with 28 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -471,3 +471,7 @@ serefpolicy*
 /selinux-policy-contrib-27225b9.tar.gz
 /selinux-policy-d5c0a2d.tar.gz
 /selinux-policy-9c84d68.tar.gz
+/selinux-policy-af31e95.tar.gz
+/selinux-policy-contrib-3e36d23.tar.gz
+/selinux-policy-contrib-72b3524.tar.gz
+/selinux-policy-3952201.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 9c84d687e0fef5d8e4e25273bd25f58c28a7c67c
+%global commit0 395220122fcd6b93956c758a2a5094487254a89e
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 27225b9de42be65760194536680c9d596f1a1895
+%global commit1 72b352431e6cdce2bd6a26ad942d373f42dbba58
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.6
-Release: 21%{?dist}
+Release: 22%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -784,6 +784,24 @@ exit 0
 %endif

 %changelog
+* Thu Jul 30 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-22
+- Allow virtlockd only getattr and lock block devices
+- Allow qemu-ga read all non security file types conditionally
+- Allow virtlockd manage VMs posix file locks
+- Allow smbd get attributes of device files labeled samba_share_t
+- Label /tmp/krb5_0.rcache2 with krb5_host_rcache_t
+- Add a new httpd_can_manage_courier_spool boolean
+- Create interface courier_manage_spool_sockets() in courier policy to allow to search dir and allow manage sock files
+- Revert "Allow qemu-kvm read and write /dev/mapper/control"
+- Revert "Allow qemu read and write /dev/mapper/control"
+- Revert "Dontaudit and disallow sys_admin capability for keepalived_t domain"
+- Dontaudit pcscd_t setting its process scheduling
+- Dontaudit thumb_t setting its process scheduling
+- Allow munin domain transition with NoNewPrivileges
+- Add dev_lock_all_blk_files() interface
+- Allow auditd manage kerberos host rcache files
+- Allow systemd-logind dbus chat with fwupd
+
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.14.6-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-27225b9.tar.gz) = 0cdb3e3aeaaf2c80de65d25e5d4ad1a394df9e9d7c2eb5a8c82548b86a31afd230976f4d598209d3765c21b9202ee0e5b8e98774fc84bdba9f16949ccd1956f7
-SHA512 (selinux-policy-9c84d68.tar.gz) = 3705d873f144f3ba952dabdf772490f89872042bfc11d82efc787b0afe580704530ff7aa5b34b7515487f4e27d22a973c9bae01fc3936bb8201c52d0f3938156
-SHA512 (container-selinux.tgz) = 831a83e557ef61b577b7adc61144e4c8056922e0f9de7b32fa57f3d972d2c5746c1b53a114ac382f87a631aa85c2d53b787ed5206c68395c6a2d67913e766978
+SHA512 (selinux-policy-contrib-72b3524.tar.gz) = cea10b427dd3163af8c41f42e8335725d922365829ea22b3cea86ed65db1428aea36543f2eb1e117dda47cc7281b5df29458ed7ce14353b9927646f6c7b01380
+SHA512 (selinux-policy-3952201.tar.gz) = bbbfe75befd7991a5daadfdea9077e72d9afd184cf942a692a5027874ff9f35b3111a9d6f6fc600db55846d05019d45003e1e2b38e2ede33569a35adaf72d1ea
+SHA512 (container-selinux.tgz) = 56ab458b50e755d586bfb4df82a6fab788124feb5b57a7947d5c38208468c76826c466e1515264fd3cbfed785b110251f2233125b3c8e61a67503437c12a92c3
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4