* Wed Mar 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-4
- Update vmtools policy - Allow virt_qemu_ga_t domain to read udev_var_run_t files - Update nagios_run_sudo boolean with few allow rules related to accessing sssd - Update travis CI to install selinux-policy dependencies without checking for gpg check - Allow journalctl_t domain to mmap syslogd_var_run_t files - Allow smokeping process to mmap own var lib files and allow set process group. Resolves: rhbz#1661046 - Allow sbd_t domain to bypass permission checks for sending signals - Allow sbd_t domain read/write all sysctls - Allow kpatch_t domain to communicate with policykit_t domsin over dbus - Allow boltd_t to stream connect to sytem dbus - Allow zabbix_t domain to create sockets labeled as zabbix_var_run_t BZ(1683820) - Allow all domains to send dbus msgs to vmtools_unconfined_t processes - Label /dev/pkey as crypt_device_t - Allow sudodomains to write to systemd_logind_sessions_t pipes. - Label /usr/lib64/libcuda.so.XX.XX library as textrel_shlib_t. - Allow ifconfig_t domain to read /dev/random BZ(1687516) - Fix interface modutils_run_kmod() where was used old interface modutils_domtrans_insmod instead of new one modutils_domtrans_kmod() Resolves: rhbz#1686660 - Update travis CI to install selinux-policy dependencies without checking for gpg check - Label /usr/sbin/nodm as xdm_exec_t same as other display managers - Update userdom_admin_user_template() and init_prog_run_bpf() interfaces to make working bpftool for confined admin - Label /usr/sbin/e2mmpstatus as fsadm_exec_t Resolves: rhbz#1684221 - Update unconfined_dbus_send() interface to allow both direction communication over dbus with unconfined process.
This commit is contained in:
parent
43393ba497
commit
a8da133b94
2
.gitignore
vendored
2
.gitignore
vendored
@ -345,3 +345,5 @@ serefpolicy*
|
|||||||
/selinux-policy-108b4cd.tar.gz
|
/selinux-policy-108b4cd.tar.gz
|
||||||
/selinux-policy-contrib-925fb5e.tar.gz
|
/selinux-policy-contrib-925fb5e.tar.gz
|
||||||
/selinux-policy-aa6253c.tar.gz
|
/selinux-policy-aa6253c.tar.gz
|
||||||
|
/selinux-policy-contrib-c199027.tar.gz
|
||||||
|
/selinux-policy-4c00590.tar.gz
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 aa6253cf8dbcff8d0d73a94c95b22a4813481bd8
|
%global commit0 4c00590e9ef306b76eddd6099f21f4a2a2953d5b
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 925fb5e79748b46e0dd5962ed2df760a9a287079
|
%global commit1 c199027807f785d4c18da80d89b000c75d80137f
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -29,7 +29,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.4
|
Version: 3.14.4
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||||
@ -706,6 +706,30 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-4
|
||||||
|
- Update vmtools policy
|
||||||
|
- Allow virt_qemu_ga_t domain to read udev_var_run_t files
|
||||||
|
- Update nagios_run_sudo boolean with few allow rules related to accessing sssd
|
||||||
|
- Update travis CI to install selinux-policy dependencies without checking for gpg check
|
||||||
|
- Allow journalctl_t domain to mmap syslogd_var_run_t files
|
||||||
|
- Allow smokeping process to mmap own var lib files and allow set process group. Resolves: rhbz#1661046
|
||||||
|
- Allow sbd_t domain to bypass permission checks for sending signals
|
||||||
|
- Allow sbd_t domain read/write all sysctls
|
||||||
|
- Allow kpatch_t domain to communicate with policykit_t domsin over dbus
|
||||||
|
- Allow boltd_t to stream connect to sytem dbus
|
||||||
|
- Allow zabbix_t domain to create sockets labeled as zabbix_var_run_t BZ(1683820)
|
||||||
|
- Allow all domains to send dbus msgs to vmtools_unconfined_t processes
|
||||||
|
- Label /dev/pkey as crypt_device_t
|
||||||
|
- Allow sudodomains to write to systemd_logind_sessions_t pipes.
|
||||||
|
- Label /usr/lib64/libcuda.so.XX.XX library as textrel_shlib_t.
|
||||||
|
- Allow ifconfig_t domain to read /dev/random BZ(1687516)
|
||||||
|
- Fix interface modutils_run_kmod() where was used old interface modutils_domtrans_insmod instead of new one modutils_domtrans_kmod() Resolves: rhbz#1686660
|
||||||
|
- Update travis CI to install selinux-policy dependencies without checking for gpg check
|
||||||
|
- Label /usr/sbin/nodm as xdm_exec_t same as other display managers
|
||||||
|
- Update userdom_admin_user_template() and init_prog_run_bpf() interfaces to make working bpftool for confined admin
|
||||||
|
- Label /usr/sbin/e2mmpstatus as fsadm_exec_t Resolves: rhbz#1684221
|
||||||
|
- Update unconfined_dbus_send() interface to allow both direction communication over dbus with unconfined process.
|
||||||
|
|
||||||
* Wed Feb 27 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-3
|
* Wed Feb 27 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-3
|
||||||
- Reverting https://src.fedoraproject.org/rpms/selinux-policy/pull-request/15 because "%pretrans" cannot use shell scripts.
|
- Reverting https://src.fedoraproject.org/rpms/selinux-policy/pull-request/15 because "%pretrans" cannot use shell scripts.
|
||||||
Resolves: rhbz#1683365
|
Resolves: rhbz#1683365
|
||||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-contrib-925fb5e.tar.gz) = 67db505efbb50744e38502a1f95fdd84ce869107fd42dc8eb840f58d562dba4957c48dbb9400c0acce146c2707cf5ab3823459f5710fa5448f10ac8beec00c1b
|
SHA512 (selinux-policy-contrib-c199027.tar.gz) = 6310ac4d95d1adbc2049f7b7720f894474e19748f05e145109b038047e992cf9a11a020a8d39d7acb7f31046381286cd77ff51d74613d033926af8940da2614b
|
||||||
SHA512 (selinux-policy-aa6253c.tar.gz) = 93fe4655ddf9833d0e40a6dc741691c8520b4e71cc8ef939151d5980d9519e8ba8ec175e1970455cb9166630570633c58fa86231dd5eac02b5e239ffaa4d86e2
|
SHA512 (selinux-policy-4c00590.tar.gz) = bb353aa1f4f63dbfdc7e558fa53f663969c51e4e81a493fcd3c424714d1e3dcfb4e9c2d06806726730b0871cb201cf254343498a48cc6a5a63a2a72fd4a29eb6
|
||||||
SHA512 (container-selinux.tgz) = bfc07f23e367f2ae42d1296656ecc0122712e482682a81e435a346071819eb3c9b4ad37b3f914565e76376c4ac61d60d55cf901af1ce2cf0f19497b9b08cc75c
|
SHA512 (container-selinux.tgz) = 08977a95836779814bd3aeb9523d4671c9139332c8ce65655ada00ec85fbfdc55c1f9ca0480b3aa75585274bff929d0d94c6008585ce75467a60640237774a0d
|
||||||
|
Loading…
Reference in New Issue
Block a user