* Thu Mar 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-11

- Allow accountsd_t domain to dac override BZ(1561304) - Allow cockpit_ws_t domain to read system state BZ(1561053) - Allow postfix_map_t domain to use inherited user ptys BZ(1561295) - Allow abrt_dump_oops_t domain dac override BZ(1561467) - Allow l2tpd_t domain to run stream connect for sssd_t BZ(1561755) - Allow crontab domains to do dac override - Allow snapperd_t domain to unmount fs_t filesystems - Allow pcp processes to read fixed_disk devices BZ(1560816) - Allow unconfined and confined users to use dccp sockets - Allow systemd to manage bpf dirs/files - Allow traceroute_t to create dccp_sockets
2018-03-29 19:27:36 +02:00 · 2018-03-29 19:27:36 +02:00 · 9762a51f7b
commit 9762a51f7b
parent 0ac6359923
3 changed files with 21 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -266,3 +266,5 @@ serefpolicy*
 /selinux-policy-116b85e.tar.gz
 /selinux-policy-154a8cf.tar.gz
 /selinux-policy-contrib-504d76b.tar.gz
+/selinux-policy-01924d8.tar.gz
+/selinux-policy-contrib-1255203.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 154a8cf70407f08901f55f333e42e3b0342c9d08
+%global commit0 01924d88be61f3e27e247848a94c855fe00569dd
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 504d76b257ff5bd6e89ef782eccf1ea376da0ecc
+%global commit1 1255203e38764839fa90a34f43de98f81278756a
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -717,6 +717,19 @@ exit 0
 %endif

 %changelog
+* Thu Mar 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-11
+- Allow accountsd_t domain to dac override BZ(1561304)
+- Allow cockpit_ws_t domain to read system state BZ(1561053)
+- Allow postfix_map_t domain to use inherited user ptys BZ(1561295)
+- Allow abrt_dump_oops_t domain dac override BZ(1561467)
+- Allow l2tpd_t domain to run stream connect for sssd_t BZ(1561755)
+- Allow crontab domains to do dac override
+- Allow snapperd_t domain to unmount fs_t filesystems
+- Allow pcp processes to read fixed_disk devices BZ(1560816)
+- Allow unconfined and confined users to use dccp sockets
+- Allow systemd to manage bpf dirs/files
+- Allow traceroute_t to create dccp_sockets
+
 * Mon Mar 26 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-10
 - Fedora Atomic host using for temp files /sysroot/tmp patch, we should label same as /tmp adding file context equivalence BZ(1559531)

--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-154a8cf.tar.gz) = cb2d27370b8bf22e8f6dc2d7aae5531fe7013feae3cafd7981abc5719618b496524114a99d52845fa63582776f7cbeb880d83b5b520211382d8b765403124dc2
-SHA512 (container-selinux.tgz) = fcb1cf77dda55ab2b104efe45b06bfccc9fb3e6e816e5b7aaff3a80c7451b4f3cab295f0a21f8ab683f6e2051d2a99ec2eb4a31efc9b58239daa6564f1a81d34
-SHA512 (selinux-policy-contrib-504d76b.tar.gz) = 6ee751115a09824eb099a2ae8bc14690c9833f76d00d39d4fc30e78233aeff79031b16c01895b9d04e39599eb988e578166e57cfa363bd896107676618a46418
+SHA512 (selinux-policy-01924d8.tar.gz) = c8ebdee9ac293216059e06100cb4c1c3d4f8db0e9bb27a4eeccf3f760a99e0bc77e159cfb56247b58bbe743f8ebda2fc8c73c4fe2182646d81d3dae4651419f8
+SHA512 (selinux-policy-contrib-1255203.tar.gz) = 5d3db6f6417d5d2197afad616e65baac4d32e01825410d190841e15cef63f3c4e2cd799d0407e86662eddf3ae79b80e1ea41e6408562a7466e662b910798ccd6
+SHA512 (container-selinux.tgz) = adfdb07302cfc3083e194b37708908a83365c3ff609033cb66270dc35e4ef02528c7bce9c320f3ad5dc054d5559649666ccd2e1b30e6dd0d02fee0c0d6ca71ee