* Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-20

- Allow tangd_t domain to create tcp sockets and add new interface tangd_read_db_files - Allow mailman_mail_t domain to search for apache configs - Allow mailman_cgi_t domain to ioctl an httpd with a unix domain stream sockets. - Improve procmail_domtrans() to allow mmaping procmail_exec_t - Allow ptrace arbitrary processes - Allow jabberd_router_t domain read kerberos keytabs BZ(1573945) - Allow certmonger to geattr of filesystems BZ(1578755) - Update dev_map_xserver_misc interface to allo mmaping char devices instead of files - Allow noatsecure permission for all domain transitions from systemd. - Allow systemd to read tangd db files - Fix typo in ssh.if file - Allow xdm_t domain to mmap xserver_misc_device_t files - Allow xdm_t domain to execute systemd-coredump binary - Add bridge_socket, dccp_socket, ib_socket and mpls_socket to socket_class_set - Improve modutils_domtrans_insmod() interface to mmap insmod_exec_t binaries - Improve iptables_domtrans() interface to allow mmaping iptables_exec_t binary - Improve auth_domtrans_login_programinterface to allow also mmap login_exec_t binaries - Improve auth_domtrans_chk_passwd() interface to allow also mmaping chkpwd_exec_t binaries. - Allow mmap dhcpc_exec_t binaries in sysnet_domtrans_dhcpc interface - Improve running xorg with proper SELinux domain even if systemd security feature NoNewPrivileges is used
2018-05-24 16:07:11 +02:00 · 2018-05-24 16:07:11 +02:00 · 9364159b18
parent ee05a93b19
commit 9364159b18
3 changed files with 31 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -283,3 +283,5 @@ serefpolicy*
 /selinux-policy-contrib-19624b4.tar.gz
 /selinux-policy-contrib-5ae0301.tar.gz
 /selinux-policy-ba72e52.tar.gz
+/selinux-policy-877fde5.tar.gz
+/selinux-policy-contrib-12d91da.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 ba72e52d6e782b6c0bc4da292da81065d5b5c8b3
+%global commit0 877fde5e4cceb08ad0cf0e8110b1fca267e943f7
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 5ae0301be43d26dead51a7ec36f1c07b80dca638
+%global commit1 12d91dabfa5b0c6c8a69e76f3caae0e6d60c9d1b
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -718,6 +718,29 @@ exit 0
 %endif

 %changelog
+* Thu May 24 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-20
+- Allow tangd_t domain to create tcp sockets and add new interface tangd_read_db_files
+- Allow mailman_mail_t domain to search for apache configs
+- Allow mailman_cgi_t domain to ioctl an httpd with a unix domain stream sockets.
+- Improve procmail_domtrans() to allow mmaping procmail_exec_t
+- Allow ptrace arbitrary processes
+- Allow jabberd_router_t domain read kerberos keytabs BZ(1573945)
+- Allow certmonger to geattr of filesystems BZ(1578755)
+- Update dev_map_xserver_misc interface to allo mmaping char devices instead of files
+- Allow noatsecure permission for all domain transitions from systemd.
+- Allow systemd to read tangd db files
+- Fix typo in ssh.if file
+- Allow xdm_t domain to mmap xserver_misc_device_t files
+- Allow xdm_t domain to execute systemd-coredump binary
+- Add bridge_socket, dccp_socket, ib_socket and mpls_socket to socket_class_set
+- Improve modutils_domtrans_insmod() interface to mmap insmod_exec_t binaries
+- Improve iptables_domtrans() interface to allow mmaping iptables_exec_t binary
+- Improve auth_domtrans_login_programinterface to allow also mmap login_exec_t binaries
+- Improve auth_domtrans_chk_passwd() interface to allow also mmaping chkpwd_exec_t binaries.
+- Allow mmap dhcpc_exec_t binaries in sysnet_domtrans_dhcpc interface
+- Improve running xorg with proper SELinux domain even if systemd security feature NoNewPrivileges is used
+
+
 * Tue May 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-19
 - Increase dependency versions of policycoreutils and checkpolicy packages 

--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-5ae0301.tar.gz) = 14d6a14c3f3227114f1539070a9b998b3875888a0a0e669f52cac86696ee55f2411d727f96d4763569171a7232f6a16b63cdfe0ae768df0b52b3c032f19d5d53
-SHA512 (selinux-policy-ba72e52.tar.gz) = edae928ecbcadd6ff0313a5414c88f8aaad609b7b7fbcbaa4a89574fdbe77fd73f3424c7671b4152a14fd49ec1559c73297779bcd2c727e438bb42a50f420d19
-SHA512 (container-selinux.tgz) = 719e82f66868cc356f79ada820e88d15334e9616b1090e5c944af357fe0edf7dcbeaad66223e00ffcaa921aa88c46a5b33f43ace28de844693bbfb290bd130a4
+SHA512 (selinux-policy-877fde5.tar.gz) = 29f4074fd84d026077bab774f72d63a538fa1b84ac5ff3b07e026e78f2031edd494a16b6a6930f7741be85124b4881a77744730dfe01a22cb938c2245778b523
+SHA512 (selinux-policy-contrib-12d91da.tar.gz) = 38afcb055eb582db1fa2f1207badb5eddfd5ee632e52e75f2449bd65d8a3fe81177430220b75dd13838fd5ecd4cc3f2402a3bcd6c5fbc367145aea66a09d7e88
+SHA512 (container-selinux.tgz) = c38b1799acb4f517655be8ede3f05debcebd81624e00bd9d429a277d8eecbf17d15618631bed8ce03c63286d574a61ebfb0782d6dd77c5e70d616fb1e968aed9