* Thu Mar 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-6

- Allow rpcd_t domain dac override - Allow rpm domain to mmap rpm_var_lib_t files - Allow arpwatch domain to create bluetooth sockets - Allow secadm_t domain to mmap audit config and log files - Update init_abstract_socket_activation() to allow also creating tcp sockets - getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain. - Add SELinux support for systemd-importd - Create new type bpf_t and label /sys/fs/bpf with this type
2018-03-15 20:41:40 +01:00 · 2018-03-15 20:41:40 +01:00 · 8597119053
parent 529a517a7a
commit 8597119053
3 changed files with 18 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -258,3 +258,5 @@ serefpolicy*
 /selinux-policy-bd7ad92.tar.gz
 /selinux-policy-9bd65d3.tar.gz
 /selinux-policy-contrib-fbc0290.tar.gz
+/selinux-policy-contrib-ce817e6.tar.gz
+/selinux-policy-370bcfb.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 9bd65d321e20805535392f3ea1bad8ac093bf7b5
+%global commit0 370bcfb1069571c033bcc061b95a626724fb4110
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 fbc029066ded32b6ddafb04023743ec25ebc6197
+%global commit1 ce817e6dd5c114871380864383bd98a1bea6ff31
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -714,6 +714,16 @@ exit 0
 %endif

 %changelog
+* Thu Mar 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-6
+- Allow rpcd_t domain dac override
+- Allow rpm domain to mmap rpm_var_lib_t files
+- Allow arpwatch domain to create bluetooth sockets
+- Allow secadm_t domain to mmap audit config and log files
+- Update init_abstract_socket_activation() to allow also creating tcp sockets
+- getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain.
+- Add SELinux support for systemd-importd
+- Create new type bpf_t and label /sys/fs/bpf with this type
+
 * Mon Mar 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-5
 - Allow bluetooth_t domain to create alg_socket BZ(1554410)
 - Allow tor_t domain to execute bin_t files BZ(1496274)
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-9bd65d3.tar.gz) = b9b0b072c1dafa8486bbb0c382d255dcbd4abace88f2fc11da7f589434f84f0a431ed291eac97154a824c5189b7fc15cc97be261b3d3c8459303a807ac5c89a3
-SHA512 (selinux-policy-contrib-fbc0290.tar.gz) = 7c0ff61e5a1ed83892f2c71d319dcc9bd1ba0a99b3417bee3fa777ed5e01f5da69a702b8002e0243680416a46125491df60c4896dcac2fdfef1c994132aa640c
-SHA512 (container-selinux.tgz) = 4964b40739da515351520f35d3d3164cd0746acc4db53ad26e260dfe210d2a0b9d7cab6c7159033392ed146cdadc357b6c9e870ab05bf3220372776cda1fee37
+SHA512 (selinux-policy-contrib-ce817e6.tar.gz) = 4381d93f6ee94c539ffbcfd49415afbd95926e0a9a9e0059906dd2a8dca2b0cdd99e490c0ac9393b0e90f16fb9ed84aed5ffa92cd15a291f6e93c75c4aca85f6
+SHA512 (selinux-policy-370bcfb.tar.gz) = d515ecf3acd9a6be69df5791fc764a6558fcdf60382d10b8fc28a94eb47fabcadd26afce3852196cdc400e10054564b1f4eab2a0f389df7205e5a2621963ade3
+SHA512 (container-selinux.tgz) = 0ba660b1ff76d454f8e408cedb09f565817fe711d870dffc1d5c2658db9430a4ad126d1b91ec4920658b4483721a1ceb6dd5448eb897584268818985d7dfe023