* Tue Aug 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-31

- Allow kprop_t domain to read network state
- Add support boltd policy
- Allow kpropd domain to exec itself
- Allow pdns_t to bind on tcp transproxy port
- Add support for opafm service
- Allow hsqldb_t domain to read cgroup files
- Allow rngd_t domain to read generic certs
- Allow innd_t domain to mmap own var_lib_t files
- Update screen_role_temaplate interface
- Allow chronyd_t domain to mmap own tmpfs files
- Allow sblim_sfcbd_t domain to mmap own tmpfs files
- Allow systemd to mounont boltd lib dirs
- Allow sysadm_t domain to create rawip sockets
- Allow sysadm_t domain to listen on socket
- Update sudo_role_template() to allow caller domain also setattr generic ptys
- Update logging_manage_all_logs() interface to allow caller domain map all logfiles
This commit is contained in:
Lukas Vrabec 2018-08-07 15:54:42 +02:00
parent 75a1d62043
commit bb7c753263
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
2 changed files with 24 additions and 6 deletions

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 e08b2dab562597085bbc9800006a298a6fcdba0c %global commit0 cf5a654b7ac989a686044cb450cf5856e763f4d5
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 6bfaa82e671e166c8483dffd4c56120562846f8e %global commit1 e60295e6037f32dc30a47ef7b77549dade16f7ef
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.2 Version: 3.14.2
Release: 30%{?dist} Release: 31%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -709,6 +709,24 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Aug 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-31
- Allow kprop_t domain to read network state
- Add support boltd policy
- Allow kpropd domain to exec itself
- Allow pdns_t to bind on tcp transproxy port
- Add support for opafm service
- Allow hsqldb_t domain to read cgroup files
- Allow rngd_t domain to read generic certs
- Allow innd_t domain to mmap own var_lib_t files
- Update screen_role_temaplate interface
- Allow chronyd_t domain to mmap own tmpfs files
- Allow sblim_sfcbd_t domain to mmap own tmpfs files
- Allow systemd to mounont boltd lib dirs
- Allow sysadm_t domain to create rawip sockets
- Allow sysadm_t domain to listen on socket
- Update sudo_role_template() to allow caller domain also setattr generic ptys
- Update logging_manage_all_logs() interface to allow caller domain map all logfiles
* Sun Jul 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-30 * Sun Jul 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-30
- Allow sblim_sfcbd_t domain to mmap own tmpfs files - Allow sblim_sfcbd_t domain to mmap own tmpfs files
- Allow nfsd_t domain to read krb5 keytab files - Allow nfsd_t domain to read krb5 keytab files

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-contrib-6bfaa82.tar.gz) = 755a389bd3960a66447acffd40ff4f5b4e8f3b454f5e380e74625a9547b205f96786ff7bba2616a76adf740c1dd6e7855d056e67b857b9edbf52eee02975cbd7 SHA512 (selinux-policy-cf5a654.tar.gz) = bb9e69869672a2ba70c94bbbd361da63a39367cd35f30daa8d5afbe60f1800f23252e56df564ee9c404b8e6a9130c57b559c666fc3c264e182f5751d47afb36d
SHA512 (selinux-policy-e08b2da.tar.gz) = 0b0d1693b8e544d60c5ff5c64dca93ab62e6d43925522740ca08ac4eaf30d7a363af5b90021c20ec6f379be5b13db56e5133c9b95511e3a7584ca8a12097e726 SHA512 (selinux-policy-contrib-e60295e.tar.gz) = 95b51f55da5cd006b31f2fed0a9043241e68b606b5176c5b0912f5a311b3dd02277c26d35dbb97cf52faaae169b3fb5cdabfbbcdb5927a3f155985321182e3aa
SHA512 (container-selinux.tgz) = 03dc7da74a0b83f3df985dc51bdfb69676b92a8d9b99149f9135639b3ac3f1ce362652e744170ce2b25f5dd46974e4726c9e80ce4604d26dded14f0980315c4d SHA512 (container-selinux.tgz) = 3057e92810c56c22aebf34d06623176615f61c0e5778273f34894ed4fdd8ce89d0ac525e66dd26fe09542741f5b12135d6a21d102d058aeab85df7fb15a626a7