From a64329452e1255f56eeea4d1b1501dfa7d3b4f95 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Fri, 19 Apr 2019 22:39:06 +0200 Subject: [PATCH] * Fri Apr 19 2019 Lukas Vrabec - 3.14.4-12 - Fix typo in cups SELinux policy - Allow iscsid_t to read modules deps BZ(1700245) - Allow cups_pdf_t domain to create cupsd_log_t dirs in /var/log BZ(1700442) - Allow httpd_rotatelogs_t to execute generic binaries - Update system_dbus policy because of dbus-broker-20-2 - Allow httpd_t doman to read/write /dev/zero device BZ(1700758) - Allow tlp_t domain to read module deps files BZ(1699459) - Add file context for /usr/lib/dotnet/dotnet - Update dev_rw_zero() interface by adding map permission - Allow bounded transition for executing init scripts --- .gitignore | 2 ++ selinux-policy.spec | 18 +++++++++++++++--- sources | 6 +++--- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 43d4c771..96d18092 100644 --- a/.gitignore +++ b/.gitignore @@ -362,3 +362,5 @@ serefpolicy* /selinux-policy-379f4fb.tar.gz /selinux-policy-2163c68.tar.gz /selinux-policy-contrib-b78d1b1.tar.gz +/selinux-policy-contrib-d00ed3c.tar.gz +/selinux-policy-6ed8a72.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index c49b0c9a..694e1ef1 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 2163c68418f8ac9e3ae8fa57bb0068a6b648f109 +%global commit0 6ed8a7287528f71218ddea3afedc54c95c39b9e4 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 b78d1b1ed3768cb6241486b76edd9b473fe60e6f +%global commit1 d00ed3cca362cbdcc43be9111cb3d27c2b3b5266 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 11%{?dist} +Release: 12%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,18 @@ exit 0 %endif %changelog +* Fri Apr 19 2019 Lukas Vrabec - 3.14.4-12 +- Fix typo in cups SELinux policy +- Allow iscsid_t to read modules deps BZ(1700245) +- Allow cups_pdf_t domain to create cupsd_log_t dirs in /var/log BZ(1700442) +- Allow httpd_rotatelogs_t to execute generic binaries +- Update system_dbus policy because of dbus-broker-20-2 +- Allow httpd_t doman to read/write /dev/zero device BZ(1700758) +- Allow tlp_t domain to read module deps files BZ(1699459) +- Add file context for /usr/lib/dotnet/dotnet +- Update dev_rw_zero() interface by adding map permission +- Allow bounded transition for executing init scripts + * Fri Apr 12 2019 Lukas Vrabec - 3.14.4-11 - Allow mongod_t domain to lsearch in cgroups BZ(1698743) - Allow rngd communication with pcscd BZ(1679217) diff --git a/sources b/sources index cb120965..ab44e813 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-2163c68.tar.gz) = 39ede15834630559eeb14645246ebb734f342d63d25c95442231ab8044faa22e601c3c7323acea6289ecccd601bb701bb5f7dd7f70b2c94a421f1802a3c52713 -SHA512 (selinux-policy-contrib-b78d1b1.tar.gz) = fcd40a98b4cb183d4f7daa2ebe63412554651f31c2639c86b9a67324d273ea25e4e1529e546a0a6a21160e19594dc11c63c30344d2a2b0b4933c247468922c29 -SHA512 (container-selinux.tgz) = 1b38f927429674c50533eca11ea726579bfd207453474fafae1c0949004fc1ccd7a7cadd6ad01682ff0a1e706a9475c2ccf85d4712f2d43b967c04e200b7f860 +SHA512 (selinux-policy-contrib-d00ed3c.tar.gz) = 1bacec62b941abd7a0ad9977037ae6762d1ca4bd02b3c0b0b10091f710b5d96b78f8e9adc824c88d00378bd48d2522a5636562b657679f63ce574f6e0babc0ec +SHA512 (selinux-policy-6ed8a72.tar.gz) = 895da6ebd991625f509accb47773f6557ce284917d714158ca484af5135e436f1e0e512303100afe9ce665fa0b895b090b04e58fe169c91fc62d9d3999d2336f +SHA512 (container-selinux.tgz) = f1391d9e30efa936a1d8afb56d88a841a203b893e05aaefb1704367bf6f0d40cf45b7d393081d6a0e3c6ed15a5b559fa17e2b27bc87f409f8b83c20d91fa6709 SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2