* Thu Mar 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-6

- Allow rpcd_t domain dac override
- Allow rpm domain to mmap rpm_var_lib_t files
- Allow arpwatch domain to create bluetooth sockets
- Allow secadm_t domain to mmap audit config and log files
- Update init_abstract_socket_activation() to allow also creating tcp sockets
- getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain.
- Add SELinux support for systemd-importd
- Create new type bpf_t and label /sys/fs/bpf with this type
This commit is contained in:
Lukas Vrabec 2018-03-15 20:41:40 +01:00
parent 529a517a7a
commit 8597119053
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 18 additions and 6 deletions

2
.gitignore vendored
View File

@ -258,3 +258,5 @@ serefpolicy*
/selinux-policy-bd7ad92.tar.gz
/selinux-policy-9bd65d3.tar.gz
/selinux-policy-contrib-fbc0290.tar.gz
/selinux-policy-contrib-ce817e6.tar.gz
/selinux-policy-370bcfb.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 9bd65d321e20805535392f3ea1bad8ac093bf7b5
%global commit0 370bcfb1069571c033bcc061b95a626724fb4110
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 fbc029066ded32b6ddafb04023743ec25ebc6197
%global commit1 ce817e6dd5c114871380864383bd98a1bea6ff31
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.2
Release: 5%{?dist}
Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -714,6 +714,16 @@ exit 0
%endif
%changelog
* Thu Mar 15 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-6
- Allow rpcd_t domain dac override
- Allow rpm domain to mmap rpm_var_lib_t files
- Allow arpwatch domain to create bluetooth sockets
- Allow secadm_t domain to mmap audit config and log files
- Update init_abstract_socket_activation() to allow also creating tcp sockets
- getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain.
- Add SELinux support for systemd-importd
- Create new type bpf_t and label /sys/fs/bpf with this type
* Mon Mar 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-5
- Allow bluetooth_t domain to create alg_socket BZ(1554410)
- Allow tor_t domain to execute bin_t files BZ(1496274)

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-9bd65d3.tar.gz) = b9b0b072c1dafa8486bbb0c382d255dcbd4abace88f2fc11da7f589434f84f0a431ed291eac97154a824c5189b7fc15cc97be261b3d3c8459303a807ac5c89a3
SHA512 (selinux-policy-contrib-fbc0290.tar.gz) = 7c0ff61e5a1ed83892f2c71d319dcc9bd1ba0a99b3417bee3fa777ed5e01f5da69a702b8002e0243680416a46125491df60c4896dcac2fdfef1c994132aa640c
SHA512 (container-selinux.tgz) = 4964b40739da515351520f35d3d3164cd0746acc4db53ad26e260dfe210d2a0b9d7cab6c7159033392ed146cdadc357b6c9e870ab05bf3220372776cda1fee37
SHA512 (selinux-policy-contrib-ce817e6.tar.gz) = 4381d93f6ee94c539ffbcfd49415afbd95926e0a9a9e0059906dd2a8dca2b0cdd99e490c0ac9393b0e90f16fb9ed84aed5ffa92cd15a291f6e93c75c4aca85f6
SHA512 (selinux-policy-370bcfb.tar.gz) = d515ecf3acd9a6be69df5791fc764a6558fcdf60382d10b8fc28a94eb47fabcadd26afce3852196cdc400e10054564b1f4eab2a0f389df7205e5a2621963ade3
SHA512 (container-selinux.tgz) = 0ba660b1ff76d454f8e408cedb09f565817fe711d870dffc1d5c2658db9430a4ad126d1b91ec4920658b4483721a1ceb6dd5448eb897584268818985d7dfe023