diff --git a/.gitignore b/.gitignore index a639197d..e3250282 100644 --- a/.gitignore +++ b/.gitignore @@ -408,3 +408,5 @@ serefpolicy* /selinux-policy-contrib-bfb130f.tar.gz /selinux-policy-contrib-2c0ecb3.tar.gz /selinux-policy-d63d681.tar.gz +/selinux-policy-aa4c070.tar.gz +/selinux-policy-contrib-84cf0f5.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index a756a1e3..39bacda3 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 d63d681bef779d7f83956f5ba968cde2a25f77fd +%global commit0 aa4c0707e6664ede25e49f57d3c9b4d267650ca1 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 2c0ecb3472e18e26894ab629dca36ad09999e4af +%global commit1 84cf0f5cf648b7ff7047af65ecee908d4293bfb0 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.5 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,23 @@ exit 0 %endif %changelog +* Wed Oct 09 2019 Lukas Vrabec - 3.14.5-7 +- Revert "nova.fc: fix duplicated slash" +- Introduce new bolean httpd_use_opencryptoki +- Add new interface apache_read_state() +- Allow setroubleshoot_fixit_t to read random_device_t +- Label /etc/named direcotory as named_conf_t BZ(1759495) +- nova.fc: fix duplicated slash +- Allow dkim to execute sendmail +- Update virt_read_content interface to allow caller domain mmap virt_content_t block devices and files +- Update aide_t domain to allow this tool to analyze also /dev filesystem +- Update interface modutils_read_module_deps to allow caller domain also mmap modules_dep_t files BZ(1758634) +- Allow avahi_t to send msg to xdm_t +- Allow systemd_logind to read dosfs files & dirs Allow systemd-logind - a system service that manages user logins, to read files and list dirs on a DOS filesystem +- Update dev_manage_sysfs() to support managing also lnk files BZ(1759019) +- Allow systemd_logind_t domain to read blk_files in domain removable_device_t +- Add new interface udev_getattr_rules_chr_files() + * Fri Oct 04 2019 Lukas Vrabec - 3.14.5-6 - Update aide_t domain to allow this tool to analyze also /dev filesystem - Allow bitlbee_t domain map files in /usr diff --git a/sources b/sources index c147cf08..3568b1e8 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-2c0ecb3.tar.gz) = 8dbaab26f120da2d373dd0ab083ca186a329aebd9205ff4f2f1993ddc7d36c9b8d91b68937b490d5be3bb9a97b019351ed2d94c7bd69595be76df73da193117b -SHA512 (selinux-policy-d63d681.tar.gz) = 12d5261076de9edc2755859888325fa90d7d3fae0157022bd2f192e15d6695e7d5285d8ddfb46ecd6baee78a60338ae46fcc3710bdcf30c80735d6d6c0dfd1b1 +SHA512 (selinux-policy-aa4c070.tar.gz) = d8ac4aa13531b2ddd30a3f1eddad3e77cdd5f955d0960b7d40e52e7bbd667428c2dd13be1b4b3559dcd6c36eec7e05d349b5de7141910f44e16233fba7a9ddb2 +SHA512 (selinux-policy-contrib-84cf0f5.tar.gz) = 3191ad0e26a25001bb25412ceb8987299421ece7fd8c14c1ffdcb4664d604abe1ca64dfb8a6eaec107fb9f8959fca4d24eb720ecf34cd9b7a545423cf5d52346 +SHA512 (container-selinux.tgz) = 9ea48fe013912947d06903e1dfbe61b4f8dfae932e2cd565533f07bd683d3f6c74f110c4236bff208839c201e07589c2cec3c08ae796c09eb0e7b5e25544fcb2 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 8917bc6d62ce172a4dd88e3c99ed8b2cf4d930a2847e407678f184b45c29582a4364fb56c770d48c590e75593e7be9271c7131ec2aae611efdce01e1370be1ab