* Wed Jun 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-26

- Allow psad domain to setrlimit. Allow psad domain to stream connect to dbus Allow psad domain to exec journalctl_exec_t binary - Update cups_filetrans_named_content() to allow caller domain create ppd directory with cupsd_etc_rw_t label - Allow abrt_t domain to write to rhsmcertd pid files - Allow pegasus_t domain to eexec lvm binaries and allow read/write access to lvm control - Add vhostmd_t domain to read/write to svirt images - Update kdump_manage_kdumpctl_tmp_files() interface to allow caller domain also mmap kdumpctl_tmp_t files - Allow sssd_t and slpad_t domains to mmap generic certs - Allow chronyc_t domain use inherited user ttys - Allow stapserver_t domain to mmap own tmp files - Update nscd_dontaudit_write_sock_file() to dontaudit also stream connect to nscd_t domain - Merge pull request #60 from vmojzis/rawhide - Allow tangd_t domain stream connect to sssd - Allow oddjob_t domain to chat with systemd via dbus - Allow freeipmi domains to mmap sysfs files - Fix typo in logwatch interface file - Allow sysadm_t and staff_t domains to use sudo io logging - Allow sysadm_t domain create sctp sockets - Allow traceroute_t domain to exec bin_t binaries - Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override - Add new interface dev_map_sysfs()
2018-06-27 10:25:55 +02:00 · 2018-06-27 10:25:55 +02:00 · 985fc6104c
commit 985fc6104c
parent 5d84adca3e
3 changed files with 30 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -294,3 +294,5 @@ serefpolicy*
 /selinux-policy-contrib-d23eef1.tar.gz
 /selinux-policy-003cd80.tar.gz
 /selinux-policy-contrib-494e26e.tar.gz
+/selinux-policy-2248854.tar.gz
+/selinux-policy-contrib-23a0603.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 003cd803fb79dd225b523adfda9d655beedbf383
+%global commit0 2248854aed6cf995e0e8b461faf88c4f68476dbb
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 494e26e0f9a9fd1208a7e03018815211a36ee2be
+%global commit1 23a0603743df50bbb47221cc79ecda5a522bb622
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.2
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -716,6 +716,28 @@ exit 0
 %endif

 %changelog
+* Wed Jun 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-26
+- Allow psad domain to setrlimit. Allow psad domain to stream connect to dbus Allow psad domain to exec journalctl_exec_t binary
+- Update cups_filetrans_named_content() to allow caller domain create ppd directory with cupsd_etc_rw_t label
+- Allow abrt_t domain to write to rhsmcertd pid files
+- Allow pegasus_t domain to eexec lvm binaries and allow read/write access to lvm control
+- Add vhostmd_t domain to read/write to svirt images
+- Update kdump_manage_kdumpctl_tmp_files() interface to allow caller domain also mmap kdumpctl_tmp_t files
+- Allow sssd_t and slpad_t domains to mmap generic certs
+- Allow chronyc_t domain use inherited user ttys
+- Allow stapserver_t domain to mmap own tmp files
+- Update nscd_dontaudit_write_sock_file() to dontaudit also stream connect to nscd_t domain
+- Merge pull request #60 from vmojzis/rawhide
+- Allow tangd_t domain stream connect to sssd
+- Allow oddjob_t domain to chat with systemd via dbus
+- Allow freeipmi domains to mmap sysfs files
+- Fix typo in logwatch interface file
+- Allow sysadm_t and staff_t domains to use sudo io logging
+- Allow sysadm_t domain create sctp sockets
+- Allow traceroute_t domain to exec bin_t binaries
+- Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override
+- Add new interface dev_map_sysfs()
+
 * Thu Jun 14 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-25
 - Merge pull request #60 from vmojzis/rawhide
 - Allow tangd_t domain stream connect to sssd
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-003cd80.tar.gz) = 86a521f8fd96b5883713b7c34ec9b4d85d184cb7423fa54da45ea7795e2c56cec6f1b32dacd6bdce982b763fb4fdbbc81c33030dfdcf6ab74f441917213998ba
-SHA512 (selinux-policy-contrib-494e26e.tar.gz) = 908df6c641973aa1c41b5a8f77dbdbe4c3956e89d647b8530c7eab119b35536de95bde0ce68b02f10bd34d056900884018613b4c1b799c1892d0524dbf007a90
-SHA512 (container-selinux.tgz) = e69868867fcef884fd695cca32b6d68a8a001173a82759cb776391ddc77fca5887b84aaa71a11bd14befc3b5082502f8b9098601322da32f38e6a383f4ae12bf
+SHA512 (selinux-policy-2248854.tar.gz) = a31e440d30a9cde54352845dc1d0b0ccd218119eaaf3bd0434ac2faa4b8703bd0214b7c79464182390f3770534aa8d8b63d2564b62634a676047010058e1616c
+SHA512 (selinux-policy-contrib-23a0603.tar.gz) = 9ddbdfb70f85844949bf3711bc6273b645428792ca7378385b8c3b3930142917d8d95a58408f07b00508ed123b3cc91dbfe590931b3ce1c71598499c05a2a688
+SHA512 (container-selinux.tgz) = a12ff217b28203b42fa1a438bd96a6d2ac54bc621bd30c4113007f1a6d687e63446d0a9c191a1bb5bc6e75dc875f8c5caf817c00fe8e04416138581deb3abf12