* Wed Jun 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-26

- Allow psad domain to setrlimit. Allow psad domain to stream connect to dbus Allow psad domain to exec journalctl_exec_t binary
- Update cups_filetrans_named_content() to allow caller domain create ppd directory with cupsd_etc_rw_t label
- Allow abrt_t domain to write to rhsmcertd pid files
- Allow pegasus_t domain to eexec lvm binaries and allow read/write access to lvm control
- Add vhostmd_t domain to read/write to svirt images
- Update kdump_manage_kdumpctl_tmp_files() interface to allow caller domain also mmap kdumpctl_tmp_t files
- Allow sssd_t and slpad_t domains to mmap generic certs
- Allow chronyc_t domain use inherited user ttys
- Allow stapserver_t domain to mmap own tmp files
- Update nscd_dontaudit_write_sock_file() to dontaudit also stream connect to nscd_t domain
- Merge pull request #60 from vmojzis/rawhide
- Allow tangd_t domain stream connect to sssd
- Allow oddjob_t domain to chat with systemd via dbus
- Allow freeipmi domains to mmap sysfs files
- Fix typo in logwatch interface file
- Allow sysadm_t and staff_t domains to use sudo io logging
- Allow sysadm_t domain create sctp sockets
- Allow traceroute_t domain to exec bin_t binaries
- Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override
- Add new interface dev_map_sysfs()
This commit is contained in:
Lukas Vrabec 2018-06-27 10:25:55 +02:00
parent 5d84adca3e
commit 985fc6104c
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 30 additions and 6 deletions

2
.gitignore vendored
View File

@ -294,3 +294,5 @@ serefpolicy*
/selinux-policy-contrib-d23eef1.tar.gz /selinux-policy-contrib-d23eef1.tar.gz
/selinux-policy-003cd80.tar.gz /selinux-policy-003cd80.tar.gz
/selinux-policy-contrib-494e26e.tar.gz /selinux-policy-contrib-494e26e.tar.gz
/selinux-policy-2248854.tar.gz
/selinux-policy-contrib-23a0603.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 003cd803fb79dd225b523adfda9d655beedbf383 %global commit0 2248854aed6cf995e0e8b461faf88c4f68476dbb
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 494e26e0f9a9fd1208a7e03018815211a36ee2be %global commit1 23a0603743df50bbb47221cc79ecda5a522bb622
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.2 Version: 3.14.2
Release: 25%{?dist} Release: 26%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -716,6 +716,28 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Jun 27 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-26
- Allow psad domain to setrlimit. Allow psad domain to stream connect to dbus Allow psad domain to exec journalctl_exec_t binary
- Update cups_filetrans_named_content() to allow caller domain create ppd directory with cupsd_etc_rw_t label
- Allow abrt_t domain to write to rhsmcertd pid files
- Allow pegasus_t domain to eexec lvm binaries and allow read/write access to lvm control
- Add vhostmd_t domain to read/write to svirt images
- Update kdump_manage_kdumpctl_tmp_files() interface to allow caller domain also mmap kdumpctl_tmp_t files
- Allow sssd_t and slpad_t domains to mmap generic certs
- Allow chronyc_t domain use inherited user ttys
- Allow stapserver_t domain to mmap own tmp files
- Update nscd_dontaudit_write_sock_file() to dontaudit also stream connect to nscd_t domain
- Merge pull request #60 from vmojzis/rawhide
- Allow tangd_t domain stream connect to sssd
- Allow oddjob_t domain to chat with systemd via dbus
- Allow freeipmi domains to mmap sysfs files
- Fix typo in logwatch interface file
- Allow sysadm_t and staff_t domains to use sudo io logging
- Allow sysadm_t domain create sctp sockets
- Allow traceroute_t domain to exec bin_t binaries
- Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override
- Add new interface dev_map_sysfs()
* Thu Jun 14 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-25 * Thu Jun 14 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-25
- Merge pull request #60 from vmojzis/rawhide - Merge pull request #60 from vmojzis/rawhide
- Allow tangd_t domain stream connect to sssd - Allow tangd_t domain stream connect to sssd

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-003cd80.tar.gz) = 86a521f8fd96b5883713b7c34ec9b4d85d184cb7423fa54da45ea7795e2c56cec6f1b32dacd6bdce982b763fb4fdbbc81c33030dfdcf6ab74f441917213998ba SHA512 (selinux-policy-2248854.tar.gz) = a31e440d30a9cde54352845dc1d0b0ccd218119eaaf3bd0434ac2faa4b8703bd0214b7c79464182390f3770534aa8d8b63d2564b62634a676047010058e1616c
SHA512 (selinux-policy-contrib-494e26e.tar.gz) = 908df6c641973aa1c41b5a8f77dbdbe4c3956e89d647b8530c7eab119b35536de95bde0ce68b02f10bd34d056900884018613b4c1b799c1892d0524dbf007a90 SHA512 (selinux-policy-contrib-23a0603.tar.gz) = 9ddbdfb70f85844949bf3711bc6273b645428792ca7378385b8c3b3930142917d8d95a58408f07b00508ed123b3cc91dbfe590931b3ce1c71598499c05a2a688
SHA512 (container-selinux.tgz) = e69868867fcef884fd695cca32b6d68a8a001173a82759cb776391ddc77fca5887b84aaa71a11bd14befc3b5082502f8b9098601322da32f38e6a383f4ae12bf SHA512 (container-selinux.tgz) = a12ff217b28203b42fa1a438bd96a6d2ac54bc621bd30c4113007f1a6d687e63446d0a9c191a1bb5bc6e75dc875f8c5caf817c00fe8e04416138581deb3abf12