From 85971190533a1bb51be0465f7903095e3a1d863b Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Thu, 15 Mar 2018 20:41:40 +0100 Subject: [PATCH] * Thu Mar 15 2018 Lukas Vrabec - 3.14.2-6 - Allow rpcd_t domain dac override - Allow rpm domain to mmap rpm_var_lib_t files - Allow arpwatch domain to create bluetooth sockets - Allow secadm_t domain to mmap audit config and log files - Update init_abstract_socket_activation() to allow also creating tcp sockets - getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain. - Add SELinux support for systemd-importd - Create new type bpf_t and label /sys/fs/bpf with this type --- .gitignore | 2 ++ selinux-policy.spec | 16 +++++++++++++--- sources | 6 +++--- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index c2f6ab75..fed3558f 100644 --- a/.gitignore +++ b/.gitignore @@ -258,3 +258,5 @@ serefpolicy* /selinux-policy-bd7ad92.tar.gz /selinux-policy-9bd65d3.tar.gz /selinux-policy-contrib-fbc0290.tar.gz +/selinux-policy-contrib-ce817e6.tar.gz +/selinux-policy-370bcfb.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 2c2353c6..9f22c80b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 9bd65d321e20805535392f3ea1bad8ac093bf7b5 +%global commit0 370bcfb1069571c033bcc061b95a626724fb4110 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 fbc029066ded32b6ddafb04023743ec25ebc6197 +%global commit1 ce817e6dd5c114871380864383bd98a1bea6ff31 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -714,6 +714,16 @@ exit 0 %endif %changelog +* Thu Mar 15 2018 Lukas Vrabec - 3.14.2-6 +- Allow rpcd_t domain dac override +- Allow rpm domain to mmap rpm_var_lib_t files +- Allow arpwatch domain to create bluetooth sockets +- Allow secadm_t domain to mmap audit config and log files +- Update init_abstract_socket_activation() to allow also creating tcp sockets +- getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain. +- Add SELinux support for systemd-importd +- Create new type bpf_t and label /sys/fs/bpf with this type + * Mon Mar 12 2018 Lukas Vrabec - 3.14.2-5 - Allow bluetooth_t domain to create alg_socket BZ(1554410) - Allow tor_t domain to execute bin_t files BZ(1496274) diff --git a/sources b/sources index 7d617338..9b719910 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-9bd65d3.tar.gz) = b9b0b072c1dafa8486bbb0c382d255dcbd4abace88f2fc11da7f589434f84f0a431ed291eac97154a824c5189b7fc15cc97be261b3d3c8459303a807ac5c89a3 -SHA512 (selinux-policy-contrib-fbc0290.tar.gz) = 7c0ff61e5a1ed83892f2c71d319dcc9bd1ba0a99b3417bee3fa777ed5e01f5da69a702b8002e0243680416a46125491df60c4896dcac2fdfef1c994132aa640c -SHA512 (container-selinux.tgz) = 4964b40739da515351520f35d3d3164cd0746acc4db53ad26e260dfe210d2a0b9d7cab6c7159033392ed146cdadc357b6c9e870ab05bf3220372776cda1fee37 +SHA512 (selinux-policy-contrib-ce817e6.tar.gz) = 4381d93f6ee94c539ffbcfd49415afbd95926e0a9a9e0059906dd2a8dca2b0cdd99e490c0ac9393b0e90f16fb9ed84aed5ffa92cd15a291f6e93c75c4aca85f6 +SHA512 (selinux-policy-370bcfb.tar.gz) = d515ecf3acd9a6be69df5791fc764a6558fcdf60382d10b8fc28a94eb47fabcadd26afce3852196cdc400e10054564b1f4eab2a0f389df7205e5a2621963ade3 +SHA512 (container-selinux.tgz) = 0ba660b1ff76d454f8e408cedb09f565817fe711d870dffc1d5c2658db9430a4ad126d1b91ec4920658b4483721a1ceb6dd5448eb897584268818985d7dfe023