rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-11

Browse Source 
- Add nnp transition rule for vnstatd_t domain using NoNewPrivileges systemd feature BZ(1643063)
- Allow l2tpd_t domain to mmap /etc/passwd file BZ(1638948)
- Add dac_override capability to ftpd_t domain
- Allow gpg_t to create own tmpfs dirs and sockets
- Allow rhsmcertd_t domain to relabel cert_t files
- Add SELinux policy for kpatch
- Allow nova_t domain to use pam
- sysstat: grant sysstat_t the search_dir_perms set
- Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313)
- Allow systemd_logind_t to read fixed dist device BZ(1645631)
- Allow systemd_logind_t domain to read nvme devices BZ(1645567)
- Allow systemd_rfkill_t domain to comunicate via dgram sockets with syslogd BZ(1638981)
- kernel/files.fc: Label /run/motd.d(/.*)? as etc_t
- Allow ipsec_mgmt_t process to send signals other than SIGKILL, SIGSTOP, or SIGCHLD to the ipsec_t domains BZ(1638949)
- Allow X display manager to check status and reload services which are part of x_domain attribute
- Add interface miscfiles_relabel_generic_cert()
- Make kpatch policy active
- Fix userdom_write_user_tmp_dirs() to allow caller domain also read/write user_tmp_t dirs
- Dontaudit sys_admin capability for netutils_t domain
- Label tcp and udp ports 2611 as qpasa_agent_port_t
This commit is contained in:
Lukas Vrabec 2018-11-04 01:55:34 +01:00
parent b602e5bcc1
commit 9fcbb6398f
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
2 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 2d39d24bc2473eac94a5ccdfa373e29db041d3fd
%global commit0 a46eac200fe1261c59d4093721e3539139a1e45e
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 a69f9e63d83dd5f603147ddf7a349e075c80959d
%global commit1 6c30b43e6935ef82dc07dc56f4cbcb220ec814aa
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.3
Release: 10%{?dist}
Release: 11%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -709,6 +709,28 @@ exit 0
%endif
%changelog
* Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-11
- Add nnp transition rule for vnstatd_t domain using NoNewPrivileges systemd feature BZ(1643063)
- Allow l2tpd_t domain to mmap /etc/passwd file BZ(1638948)
- Add dac_override capability to ftpd_t domain
- Allow gpg_t to create own tmpfs dirs and sockets
- Allow rhsmcertd_t domain to relabel cert_t files
- Add SELinux policy for kpatch
- Allow nova_t domain to use pam
- sysstat: grant sysstat_t the search_dir_perms set
- Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313)
- Allow systemd_logind_t to read fixed dist device BZ(1645631)
- Allow systemd_logind_t domain to read nvme devices BZ(1645567)
- Allow systemd_rfkill_t domain to comunicate via dgram sockets with syslogd BZ(1638981)
- kernel/files.fc: Label /run/motd.d(/.*)? as etc_t
- Allow ipsec_mgmt_t process to send signals other than SIGKILL, SIGSTOP, or SIGCHLD to the ipsec_t domains BZ(1638949)
- Allow X display manager to check status and reload services which are part of x_domain attribute
- Add interface miscfiles_relabel_generic_cert()
- Make kpatch policy active
- Fix userdom_write_user_tmp_dirs() to allow caller domain also read/write user_tmp_t dirs
- Dontaudit sys_admin capability for netutils_t domain
- Label tcp and udp ports 2611 as qpasa_agent_port_t
* Tue Oct 16 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-10
- Allow boltd_t domain to dbus chat with fwupd_t domain BZ(1633786)

6
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-2d39d24.tar.gz) = 0b25543fa70599a6086336fa90edf69acda23d7c5df861a88b5733e7c14947e5f05a178e7f8fb5ebc8da9c90c1a45a746265c9ced677f4887c5267252d0e59b4
SHA512 (selinux-policy-contrib-a69f9e6.tar.gz) = c62e676a671e7972ea21e29c2b63c773d52364abc578aea4a5d58d283311dcef8fa8ea5f835802e2672a8ee0ee182c7d3d548df9de09df400d7dddc4ad26efce
SHA512 (container-selinux.tgz) = 4551b22581627050aa1e3bb3af025f22203d6d551d2e45e364bd702b4ca89253c6c47bb32fdf8e80727a8586defbfcd0d52e2a612d97a22d8f76217666c7f864
SHA512 (selinux-policy-a46eac2.tar.gz) = 88cf4f6801637eed42327796358b74c5db660d2f029c44693149e7339c595736a957626d2302b582fa11a628c655425ee819fabdb21551f819a253edb550f1d4
SHA512 (selinux-policy-contrib-6c30b43.tar.gz) = fb6cc12a4547a61daedb140f07a0858edc584124442d4010849cf7a5dd8b421ea35825c428b9f4ca7fe6d0ef2ec99cd0798112545911fe5c42cfa55139533347
SHA512 (container-selinux.tgz) = 7efc8fce110a6ae7ecb4574d7c9a2929997e23e31484924c74b37275121cde680311e46ec44fbdef8a8de89fca46b0c29811ab1a497627330ccf4021ddc47ec7