Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#d5b79a1cb725b8d95cc6140a4eb965fea7374ece
2020-12-17 21:38:57 +00:00 · 2020-12-17 21:38:57 +00:00 · a2fc5fba64
commit a2fc5fba64
parent 7cee52182d
2 changed files with 12 additions and 11 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 826033875b0857b0b7519cd809aa581978a4ddde
+%global commit 5b841a63b80fc0fbf22fe54eaf8ff3af80dadb53
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.7
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -424,14 +424,11 @@ mkdir -p %{buildroot}%{_datadir}/selinux/packages
 make clean
 %if %{BUILD_TARGETED}
 # Build targeted policy
-# Commented out because only targeted ref policy currently builds
-cp %{SOURCE28} %{buildroot}/
 %makeCmds targeted mcs allow
 %makeModulesConf targeted base contrib
 %installCmds targeted mcs allow
 # install permissivedomains.cil
-%{_sbindir}/semodule -p %{buildroot} -X 100 -s targeted -i %{buildroot}/permissivedomains.cil
-rm -rf %{buildroot}/permissivedomains.cil
+%{_sbindir}/semodule -p %{buildroot} -X 100 -s targeted -i %{SOURCE28}
 # recreate sandbox.pp
 rm -rf %{buildroot}%{_sharedstatedir}/selinux/targeted/active/modules/100/sandbox
 %make_build %common_params UNK_PERMS=allow NAME=targeted TYPE=mcs sandbox.pp
@ -442,12 +439,9 @@ mv sandbox.pp %{buildroot}%{_datadir}/selinux/packages/sandbox.pp

 %if %{BUILD_MINIMUM}
 # Build minimum policy
-# Commented out because only minimum ref policy currently builds
-mkdir -p %{buildroot}%{_datadir}/selinux/minimum
 %makeCmds minimum mcs allow
 %makeModulesConf targeted base contrib
 %installCmds minimum mcs allow
-rm -f %{buildroot}%{_sysconfdir}/selinux/minimum/modules/active/modules/sandbox.pp
 rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox
 %modulesList minimum
 %nonBaseModulesList minimum
@ -798,6 +792,13 @@ exit 0
 %endif

 %changelog
+* Thu Dec 17 20:07:23 CET 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-13
+- Label /dev/isst_interface as cpu_device_t
+- Dontaudit firewalld dac_override capability
+- Allow ipsec set the context of a SPD entry to the default context
+- Build binary RPMs in CI
+- Add SRPM build scripts for COPR
+
 * Tue Dec 15 16:24:44 CET 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-12
 - Allow dovecot_auth_t stat /proc filesystem
 - Allow sysadm_u user and unconfined_domain_type manage perf_events
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-8260338.tar.gz) = a863803a8b810a1a27652361c74f7dd201f7c60848686cc3ec19561a2d388111c38f3535e3bb3cc422aecfd87a03a734dfeaab508dd53485ce735982dc14195f
+SHA512 (selinux-policy-5b841a6.tar.gz) = ee120c604364b9a33d9aa48c0f94511a046f60825fa4c9051149160c6723deda77187ce373bea22c7904f6c8a87d7ff157dbe950d82c461809cbfa4d52bc880d
+SHA512 (container-selinux.tgz) = f2a6db821b2fe6cadcb6092703b0b897be2786b4d5f6a17b435a5d905d1dd65f2aba6f94d47e80a9c83001f2fec5c6f99f4e80642092085b8de05cb253a23952
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = b50789d290be91dbd666d27d1f6104603a587639e87c5561259ca353628d4dd3df4480a67fb148c0dc0c8b820d631e9da298bb087480248e9b018b28767079fd