* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-30

- cockpit: Allow cockpit-session to read cockpit-tls state - Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983) - Allow named_t domain to read/write samba_var_t files BZ(1738794) - Dontaudit abrt_t domain to read root_t files - Allow ipa_dnskey_t domain to read kerberos keytab - Allow mongod_t domain to read cgroup_t files BZ(1739357) - Update ibacm_t policy - Allow systemd to relabel all files on system. - Revert "Add new boolean systemd_can_relabel" - Allow xdm_t domain to read kernel sysctl BZ(1740385) - Add sys_admin capability for xdm_t in user namespace. BZ(1740386) - Allow dbus communications with resolved for DNS lookups - Add new boolean systemd_can_relabel - Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp - Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t - Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs - Run lvmdbusd service as lvm_t
2019-08-13 17:59:35 +02:00 · 2019-08-13 17:59:35 +02:00 · bee0c094a4
parent 6e1369286b
commit bee0c094a4
3 changed files with 27 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -394,3 +394,5 @@ serefpolicy*
 /selinux-policy-contrib-b7144a2.tar.gz
 /selinux-policy-cd63aff.tar.gz
 /selinux-policy-contrib-e563a8d.tar.gz
+/selinux-policy-contrib-4396848.tar.gz
+/selinux-policy-b313a79.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 cd63aff25446f708713cd6f9f65001e2b35b3427
+%global commit0 b313a79dbfd2fba545e00f31aa53d29c6f2b2722
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 e563a8d1d64f11841d6e5f7cca6ecddbdb9a0123
+%global commit1 43968483ee1c505dea7ec17dd1789cc1b6fcb831
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 29%{?dist}
+Release: 30%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,25 @@ exit 0
 %endif

 %changelog
+* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-30
+- cockpit: Allow cockpit-session to read cockpit-tls state
+- Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983)
+- Allow named_t domain to read/write samba_var_t files BZ(1738794)
+- Dontaudit abrt_t domain to read root_t files
+- Allow ipa_dnskey_t domain to read kerberos keytab
+- Allow mongod_t domain to read cgroup_t files BZ(1739357)
+- Update ibacm_t policy
+- Allow systemd to relabel all files on system.
+- Revert "Add new boolean systemd_can_relabel"
+- Allow xdm_t domain to read kernel sysctl BZ(1740385)
+- Add sys_admin capability for xdm_t in user namespace. BZ(1740386)
+- Allow dbus communications with resolved for DNS lookups
+- Add new boolean systemd_can_relabel
+- Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp
+- Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t
+- Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs
+- Run lvmdbusd service as lvm_t
+
 * Wed Aug 07 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-29
 - Allow dlm_controld_t domain setgid capability
 - Fix SELinux modules not installing in chroots.
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (selinux-policy-cd63aff.tar.gz) = a6b92f5800371c1726f0c8f386f3352f564c52c9ed4a5ecde09a6141fabc657ca44020c34a13c9cd592ec3411c462ced80d74ad77a8403dcad08eec3cdc02136
-SHA512 (selinux-policy-contrib-e563a8d.tar.gz) = 5eb6bdc884b13e94a7a0b91a8e496ffa1a731a87e1362ff571e748129d95f9abd8ed39ff9d1453e062a2a7e78ee36978ce0734fd3e58155b8147e7048ff4107e
+SHA512 (selinux-policy-contrib-4396848.tar.gz) = 97d5d9f9e59bf607e9170a2ff12b9d33ea8892178be4ea1a202a08fcedb7e1df5d78443cd79e4b544a8f6a67f5783e516f2c85de9f4e56f93753cfe21887639e
+SHA512 (selinux-policy-b313a79.tar.gz) = eadcceeb207448aa38a3826e3dc444602abfc42c67543ae5a58c2379f78b209fe578bd50101e628d99a02282ba9d473dee3126462f172b68b2c39b889dd8062c
+SHA512 (container-selinux.tgz) = 3d4989bcf7a96d7efc64eed149b259d0ad17d405c5aa0c553b04d5de5c956aa290b87b32846a629017528dcb10223e3de1e0f51f810b3d1199356d1b245cabc7
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = b7c4030cc1d3f07c6cfe9ab6cf1b50c571301531866a7e1d44061cff777230acf9bfadbe11929baf4f8a7da74a0ad0f46139fcb0d6039cf1435915f4aab59592