From 9b1e4d53d1ecdf5931cf0f67d35d0479baee47be Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Mon, 15 Oct 2018 17:44:05 +0200 Subject: [PATCH] * Mon Oct 15 2018 Lukas Vrabec - 3.14.3-9 - Allow caller domains using cron_*_role to have entrypoint permission on system_cron_spool_t files BZ(1625645) - Add interface cron_system_spool_entrypoint() - Bolt added d-bus API for force-powering the thunderbolt controller, so system-dbusd needs acces to boltd pipes BZ(1637676) - Add interfaces for boltd SELinux module - Add dac_override capability to modemmanager_t domain BZ(1636608) - Allow systemd to mount boltd_var_run_t dirs BZ(1636823) - Label correctly /var/named/chroot*/dev/unrandom in bind chroot. --- .gitignore | 2 ++ selinux-policy.spec | 15 ++++++++++++--- sources | 6 +++--- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 40632318..64b57f58 100644 --- a/.gitignore +++ b/.gitignore @@ -316,3 +316,5 @@ serefpolicy* /selinux-policy-493101e.tar.gz /selinux-policy-contrib-765b73a.tar.gz /selinux-policy-8bcb254.tar.gz +/selinux-policy-contrib-5252fe6.tar.gz +/selinux-policy-2d39d24.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 0b9804d4..256ec7e3 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 8bcb254ccc7d4db69198f130eb064eb834df055f +%global commit0 2d39d24bc2473eac94a5ccdfa373e29db041d3fd %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 765b73a30143dd95a99f1f41a7a5a6511ebcf12a +%global commit1 5252fe6bb92d282173ba836b59172bc7c99609a8 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -709,6 +709,15 @@ exit 0 %endif %changelog +* Mon Oct 15 2018 Lukas Vrabec - 3.14.3-9 +- Allow caller domains using cron_*_role to have entrypoint permission on system_cron_spool_t files BZ(1625645) +- Add interface cron_system_spool_entrypoint() +- Bolt added d-bus API for force-powering the thunderbolt controller, so system-dbusd needs acces to boltd pipes BZ(1637676) +- Add interfaces for boltd SELinux module +- Add dac_override capability to modemmanager_t domain BZ(1636608) +- Allow systemd to mount boltd_var_run_t dirs BZ(1636823) +- Label correctly /var/named/chroot*/dev/unrandom in bind chroot. + * Sat Oct 13 2018 Lukas Vrabec - 3.14.3-8 - ejabberd SELinux module removed, it's shipped by ejabberd-selinux package diff --git a/sources b/sources index 3bd7a105..ff06a766 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-765b73a.tar.gz) = 496ecbc450f3eeb95ec40aa9fb98a663c65c293a40494f001d21193f382f6b5fa77594e0d89bdc77187a273f0a5c6a11087ca66938fbd8bd3ee1b0d5900b40ed -SHA512 (selinux-policy-8bcb254.tar.gz) = 8e839d3c17b911397167f9cbe871c41c3263dec98563804ee25f73fa6f6af63fbf4b2830dde9b54132838c8cde543209ad9c7df9e1c3b1618dd84a663a07f0e2 -SHA512 (container-selinux.tgz) = 24ffe763a027b53ec5b6636edddf65797bbb5ac2914869aebc04d451c6ac6012ea83822ec9d127cce71af16b4268f6c25ef351b922fcea9e4345f5845669bece +SHA512 (selinux-policy-contrib-5252fe6.tar.gz) = 366636200668f30cf8520fb8fb2f4f6292d86b093fbe03c3414da24705ac40ab5e4f7943b484fbeba5f3def76fe1e2cf2b1160f56f7ad04d0aef3b6dd61cde74 +SHA512 (selinux-policy-2d39d24.tar.gz) = 0b25543fa70599a6086336fa90edf69acda23d7c5df861a88b5733e7c14947e5f05a178e7f8fb5ebc8da9c90c1a45a746265c9ced677f4887c5267252d0e59b4 +SHA512 (container-selinux.tgz) = b24c37183ad16f64eb5b3b50a4e4293a17b94571dd7bfb365f219127dde35e4235d7c3f885fb25cb7e12e8e836e1f48a8b854b8acf22a1856617a5b9ca8423d2