rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Dec 20 2019 Zdenek Pytela <zpytela@redhat.com> - 3.14.5-19 

- Allow init_t nnp domain transition to kmod_t
- Allow userdomain dbus chat with systemd_resolved_t
- Allow init_t read and setattr on /var/lib/fprintd
- Allow sysadm_t dbus chat with colord_t
- Allow confined users run fwupdmgr
- Allow confined users run machinectl
- Allow systemd labeled as init_t domain to create dirs labeled as var_t
- Allow systemd labeled as init_t do read/write tpm_device_t chr files BZ(1778079)
- Add new file context rabbitmq_conf_t.
- Allow journalctl read init state BZ(1731753)
- Add fprintd_read_var_lib_dir and fprintd_setattr_var_lib_dir interfaces
- Allow pulseaudio create .config and dgram sendto to unpriv_userdomain
- Change type in transition for /var/cache/{dnf,yum} directory
- Allow cockpit_ws_t read efivarfs_t BZ(1777085)
- Allow abrt_dump_oops_t domain to create udp sockets BZ(1778030)
- Allow named_t domain to mmap named_zone_t files BZ(1647493)
- Make boinc_var_lib_t label system mountdir attribute
- Allow stratis_t domain to request load modules
- Update fail2ban policy
- Allow spamd_update_t access antivirus_unit_file_t BZ(1774092)
- Allow uuidd_t Domain trasition from sytemd into confined domain with NoNewPrivileges Systemd Security feature.
- Allow rdisc_t Domain trasition from sytemd into confined domain with NoNewPrivileges Systemd Security feature.
This commit is contained in:
Zdenek Pytela 2019-12-20 17:01:21 +01:00
parent f76a9deccc
commit a9b321b3cc
3 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -427,3 +427,5 @@ serefpolicy*
/selinux-policy-contrib-46d44de.tar.gz
/selinux-policy-ae2c4ae.tar.gz
/selinux-policy-4881d15.tar.gz
/selinux-policy-contrib-43e2de6.tar.gz
/selinux-policy-789c659.tar.gz

30
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 4881d15bc1acac413e0ba897de088850cada4de4
%global commit0 789c6593214fa10b15d2c628822cffe985417f5a
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 46d44de3590ea9fcb0f227ea577c7ebf445eddfd
%global commit1 43e2de656ea04a4309c98039a1fcddf416ef6dba
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.5
Release: 18%{?dist}
Release: 19%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -789,6 +789,30 @@ exit 0
%endif
%changelog
* Fri Dec 20 2019 Zdenek Pytela <zpytela@redhat.com> - 3.14.5-19
- Allow init_t nnp domain transition to kmod_t
- Allow userdomain dbus chat with systemd_resolved_t
- Allow init_t read and setattr on /var/lib/fprintd
- Allow sysadm_t dbus chat with colord_t
- Allow confined users run fwupdmgr
- Allow confined users run machinectl
- Allow systemd labeled as init_t domain to create dirs labeled as var_t
- Allow systemd labeled as init_t do read/write tpm_device_t chr files BZ(1778079)
- Add new file context rabbitmq_conf_t.
- Allow journalctl read init state BZ(1731753)
- Add fprintd_read_var_lib_dir and fprintd_setattr_var_lib_dir interfaces
- Allow pulseaudio create .config and dgram sendto to unpriv_userdomain
- Change type in transition for /var/cache/{dnf,yum} directory
- Allow cockpit_ws_t read efivarfs_t BZ(1777085)
- Allow abrt_dump_oops_t domain to create udp sockets BZ(1778030)
- Allow named_t domain to mmap named_zone_t files BZ(1647493)
- Make boinc_var_lib_t label system mountdir attribute
- Allow stratis_t domain to request load modules
- Update fail2ban policy
- Allow spamd_update_t access antivirus_unit_file_t BZ(1774092)
- Allow uuidd_t Domain trasition from sytemd into confined domain with NoNewPrivileges Systemd Security feature.
- Allow rdisc_t Domain trasition from sytemd into confined domain with NoNewPrivileges Systemd Security feature.
* Thu Nov 28 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-18
- Allow systemd to read all proc
- Introduce new type pdns_var_lib_t

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-46d44de.tar.gz) = ba119d77e63cf069deaef68ddd83db4ad07ea9c5c2d7a66bebab6dfbcebe8b6d7cface3c92a6e9353026a14284d6741d72938ec97d9ee78375bdbb9d24c09d87
SHA512 (selinux-policy-4881d15.tar.gz) = b378e0be4bd1ec3dbd4eaa5f04a0aca19ab904a4caaa93ee018f8c27724ebc6c2d3dc0e557dbe0cf6a99b417d1dac4f46c460b7941fe3e896411655576ee09f0
SHA512 (container-selinux.tgz) = fa22c0b233965184692ccf139c270718505b6cf83d270fbc0c4da3c9baae702612167b082d08eeb77a050c3ebe9ee0424ea7ef9b8be437da32b071a4e5338bdd
SHA512 (selinux-policy-contrib-43e2de6.tar.gz) = 56d01491f88f3a40db6cbe059b9b406dd15e254bb1eb7f3faee5635653986b2800bbbf15a66e0f9b972d1b5bae5ac3bc1d9ca207e5cf7a185a08a0347d3a9159
SHA512 (selinux-policy-789c659.tar.gz) = 73a87e1f4b357211d34ed2e8029f2ab08afee33992a6c97119b091e92cb0d704a877f5cb2191a07bd92b348d7cfba782c27a47130fde69de21d6a3d3edf15b78
SHA512 (container-selinux.tgz) = 813577b352bdfb4d0fd1bcba54f55a4d368512b7db3395a3a192205fe76485f9ff7994bc1fe610a27192f7e22818d7b8a2ab0a0128eff7f3387e481cfb0c1961
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4