* Thu Feb 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-7

- Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
- Allow certmonger_t domain to access /etc/pki/pki-tomcat BZ(1542600)
- Allow keepalived_t domain getattr proc filesystem
- Allow init_t to create UNIX sockets for unconfined services (BZ1543049)
- Allow ipsec_mgmt_t execute ifconfig_exec_t binaries Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
- Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t
This commit is contained in:
Lukas Vrabec 2018-02-08 14:38:23 +01:00
parent 00dcc13b60
commit b22b1d1da0
3 changed files with 16 additions and 6 deletions

2
.gitignore vendored
View File

@ -246,3 +246,5 @@ serefpolicy*
/selinux-policy-contrib-a1cd00e.tar.gz
/selinux-policy-642cc91.tar.gz
/selinux-policy-contrib-b657ba0.tar.gz
/selinux-policy-contrib-0311bf8.tar.gz
/selinux-policy-ef9ecd7.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 642cc914194fdf225bab87ad62a2af18aa10d7ac
%global commit0 ef9ecd7412c0ce6cf3e1ade2295a562d1ca1efc2
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 b657ba01c0bcce6fa62a1d5319cc2e105b5bc6d7
%global commit1 0311bf8534a6dc4f797d28b48f76a0023c17919f
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.1
Release: 6%{?dist}
Release: 7%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -719,6 +719,14 @@ exit 0
%endif
%changelog
* Thu Feb 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-7
- Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
- Allow certmonger_t domain to access /etc/pki/pki-tomcat BZ(1542600)
- Allow keepalived_t domain getattr proc filesystem
- Allow init_t to create UNIX sockets for unconfined services (BZ1543049)
- Allow ipsec_mgmt_t execute ifconfig_exec_t binaries Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
- Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t
* Tue Feb 06 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-6
- Allow openvswitch_t domain to read cpuid, write to sysfs files and creating openvswitch_tmp_t sockets
- Add new interface ppp_filetrans_named_content()

View File

@ -1,3 +1,3 @@
SHA512 (container-selinux.tgz) = 2e41e73ea7296d784010b0ad1c8a5080f4c5cf1834e69a3f71a3618e9571cfb90395fb96ec24a8915014859c8547382181047203f1df101641db250622b3a65b
SHA512 (selinux-policy-642cc91.tar.gz) = 27df867d6c4c3110238235720335d94b9f4b4742a0a91a27538af9e401518acc58af0619f09f6210f246b5e6f67b57e59fd3c48723406246d124f08a7792ae0f
SHA512 (selinux-policy-contrib-b657ba0.tar.gz) = 480185612e71f93c15ae5616cce435a2bee9bd92ec61e7934ec36c2ee95a77e82e36a9d0c58c36d10cda5378deac041339cd9bfe3b3c10c69371e81e177b916d
SHA512 (selinux-policy-contrib-0311bf8.tar.gz) = c60ed0049134ccdbeac0a5fa2db8719ff32c4b4f3b9e32113ac71c52b22c6cfd7b516d9ab82ce44d202579a8560e566754e0ac07f079dd4eadbe7f8170c9986c
SHA512 (selinux-policy-ef9ecd7.tar.gz) = 9cd195437fa49f13ca2537b3d3954f632081d3d4cfbf232d74fba36f45431542c6ee2e4f865ba0586172574dffcd64cc8f71242129413ab2bf6d42ea3ede5c9a
SHA512 (container-selinux.tgz) = 8d15bfbd73b4fabfe6cf5531c232b8cb4a81225b9e3cdcc8e3eb80e1f3cb8a6e59b6be7112b4d09dd6a20a2b6bcd80f8b3184a6f550270ed14047e3f432b75fe