Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/selinux-policy.git#d5b79a1cb725b8d95cc6140a4eb965fea7374ece
This commit is contained in:
DistroBaker 2020-12-17 21:38:57 +00:00
parent 7cee52182d
commit a2fc5fba64
2 changed files with 12 additions and 11 deletions

View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 826033875b0857b0b7519cd809aa581978a4ddde
%global commit 5b841a63b80fc0fbf22fe54eaf8ff3af80dadb53
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -24,7 +24,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.7
Release: 12%{?dist}
Release: 13%{?dist}
License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf
@ -424,14 +424,11 @@ mkdir -p %{buildroot}%{_datadir}/selinux/packages
make clean
%if %{BUILD_TARGETED}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
cp %{SOURCE28} %{buildroot}/
%makeCmds targeted mcs allow
%makeModulesConf targeted base contrib
%installCmds targeted mcs allow
# install permissivedomains.cil
%{_sbindir}/semodule -p %{buildroot} -X 100 -s targeted -i %{buildroot}/permissivedomains.cil
rm -rf %{buildroot}/permissivedomains.cil
%{_sbindir}/semodule -p %{buildroot} -X 100 -s targeted -i %{SOURCE28}
# recreate sandbox.pp
rm -rf %{buildroot}%{_sharedstatedir}/selinux/targeted/active/modules/100/sandbox
%make_build %common_params UNK_PERMS=allow NAME=targeted TYPE=mcs sandbox.pp
@ -442,12 +439,9 @@ mv sandbox.pp %{buildroot}%{_datadir}/selinux/packages/sandbox.pp
%if %{BUILD_MINIMUM}
# Build minimum policy
# Commented out because only minimum ref policy currently builds
mkdir -p %{buildroot}%{_datadir}/selinux/minimum
%makeCmds minimum mcs allow
%makeModulesConf targeted base contrib
%installCmds minimum mcs allow
rm -f %{buildroot}%{_sysconfdir}/selinux/minimum/modules/active/modules/sandbox.pp
rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox
%modulesList minimum
%nonBaseModulesList minimum
@ -798,6 +792,13 @@ exit 0
%endif
%changelog
* Thu Dec 17 20:07:23 CET 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-13
- Label /dev/isst_interface as cpu_device_t
- Dontaudit firewalld dac_override capability
- Allow ipsec set the context of a SPD entry to the default context
- Build binary RPMs in CI
- Add SRPM build scripts for COPR
* Tue Dec 15 16:24:44 CET 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-12
- Allow dovecot_auth_t stat /proc filesystem
- Allow sysadm_u user and unconfined_domain_type manage perf_events

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-8260338.tar.gz) = a863803a8b810a1a27652361c74f7dd201f7c60848686cc3ec19561a2d388111c38f3535e3bb3cc422aecfd87a03a734dfeaab508dd53485ce735982dc14195f
SHA512 (selinux-policy-5b841a6.tar.gz) = ee120c604364b9a33d9aa48c0f94511a046f60825fa4c9051149160c6723deda77187ce373bea22c7904f6c8a87d7ff157dbe950d82c461809cbfa4d52bc880d
SHA512 (container-selinux.tgz) = f2a6db821b2fe6cadcb6092703b0b897be2786b4d5f6a17b435a5d905d1dd65f2aba6f94d47e80a9c83001f2fec5c6f99f4e80642092085b8de05cb253a23952
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = b50789d290be91dbd666d27d1f6104603a587639e87c5561259ca353628d4dd3df4480a67fb148c0dc0c8b820d631e9da298bb087480248e9b018b28767079fd