diff --git a/.gitignore b/.gitignore index 02281dd4..a1f44dd4 100644 --- a/.gitignore +++ b/.gitignore @@ -367,3 +367,5 @@ serefpolicy* /selinux-policy-contrib-5a0561d.tar.gz /selinux-policy-54c05f2.tar.gz /selinux-policy-088381c.tar.gz +/selinux-policy-contrib-e33aa41.tar.gz +/selinux-policy-c5e58b6.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 0967f7d9..1aac870e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 088381c4e36d3b4d4b289ac27a2a2a97f953585e +%global commit0 c5e58b6c669747beeaca6ecf98f501f754ab871f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 5a0561d7b67ae8403d4e1a44acfc8db40ee269a5 +%global commit1 e33aa41687d9585e96fb87ac73168055ab4b8b8f %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,16 @@ exit 0 %endif %changelog +* Thu May 02 2019 Lukas Vrabec - 3.14.4-15 +- Allow iscsid_t domain to mmap modules_dep_t files +- Allow ngaios to use chown capability +- Dontaudit gpg_domain to create netlink_audit sockets +- Remove role transition in rpm_run() interface to allow sysadm_r jump to rpm_t type. BZ(1704251) +- Allow dirsrv_t domain to execute own tmp files BZ(1703111) +- Update fs_rw_cephfs_files() interface to allow also caller domain to read/write cephpfs_t lnk files +- Update domain_can_mmap_files() boolean to allow also mmap lnk files +- Improve userdom interfaces to drop guest_u SELinux user to use nsswitch + * Fri Apr 26 2019 Lukas Vrabec - 3.14.4-14 - Allow transition from cockpit_session to unpriv user domains diff --git a/sources b/sources index ca94ffb4..901ccd3e 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-5a0561d.tar.gz) = 40ac186675b0c3633263165ecc409f9b36752d74e9c699a637f0a56e6a9162bf6be89b4a2a081e331accabaf82d2d36f260804a0743993a64d0425b3fd3dd0cd -SHA512 (selinux-policy-088381c.tar.gz) = 831d10631a6f70ebe44b1ad9057326a58be6fd71e4261f58c4d8e8cb1dfa7905653c2bbfec7ee23feda749f2a5067b5c41d3331145e56d5d3bfe2cc309ee02e5 -SHA512 (container-selinux.tgz) = f3813f79fdddda9bba892035f0ed530a835c8db9f791bf83c6afb25868e0b575a88132f7021b20604f5144bfd40a00fb0076107c962a8857f319f86381db3ea2 +SHA512 (selinux-policy-contrib-e33aa41.tar.gz) = b2c1db40dd776aeff22da4b53ecd46469751e34c5fde42468275aa255c71d3974b4aa63a55c51cf221876822d30a7f70e56691e052b29a46979728687737fd23 +SHA512 (selinux-policy-c5e58b6.tar.gz) = 511c35663eb7dd9dbe34a8beea7dda20530fba71be9159bc2f1d70b08938772b5623f16260f791694e4fc8288879c4d3bd552c006bbb7ac9b077da64d468386b +SHA512 (container-selinux.tgz) = 4b5f62d6345875873a03d68e9fbda15a034ae46b92886634f4ef07e3e2edfe64a244eb1dc87006c92aaef7bac53fbabf82c854b7add22a6f1748a00dc6f10d38 SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2