* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-30

- cockpit: Allow cockpit-session to read cockpit-tls state
- Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983)
- Allow named_t domain to read/write samba_var_t files BZ(1738794)
- Dontaudit abrt_t domain to read root_t files
- Allow ipa_dnskey_t domain to read kerberos keytab
- Allow mongod_t domain to read cgroup_t files BZ(1739357)
- Update ibacm_t policy
- Allow systemd to relabel all files on system.
- Revert "Add new boolean systemd_can_relabel"
- Allow xdm_t domain to read kernel sysctl BZ(1740385)
- Add sys_admin capability for xdm_t in user namespace. BZ(1740386)
- Allow dbus communications with resolved for DNS lookups
- Add new boolean systemd_can_relabel
- Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp
- Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t
- Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs
- Run lvmdbusd service as lvm_t
This commit is contained in:
Lukas Vrabec 2019-08-13 17:59:35 +02:00
parent 6e1369286b
commit bee0c094a4
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 27 additions and 6 deletions

2
.gitignore vendored
View File

@ -394,3 +394,5 @@ serefpolicy*
/selinux-policy-contrib-b7144a2.tar.gz /selinux-policy-contrib-b7144a2.tar.gz
/selinux-policy-cd63aff.tar.gz /selinux-policy-cd63aff.tar.gz
/selinux-policy-contrib-e563a8d.tar.gz /selinux-policy-contrib-e563a8d.tar.gz
/selinux-policy-contrib-4396848.tar.gz
/selinux-policy-b313a79.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 cd63aff25446f708713cd6f9f65001e2b35b3427 %global commit0 b313a79dbfd2fba545e00f31aa53d29c6f2b2722
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 e563a8d1d64f11841d6e5f7cca6ecddbdb9a0123 %global commit1 43968483ee1c505dea7ec17dd1789cc1b6fcb831
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.4 Version: 3.14.4
Release: 29%{?dist} Release: 30%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,25 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Aug 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-30
- cockpit: Allow cockpit-session to read cockpit-tls state
- Allow zebrat_t domain to read state of NetworkManager_t processes BZ(1739983)
- Allow named_t domain to read/write samba_var_t files BZ(1738794)
- Dontaudit abrt_t domain to read root_t files
- Allow ipa_dnskey_t domain to read kerberos keytab
- Allow mongod_t domain to read cgroup_t files BZ(1739357)
- Update ibacm_t policy
- Allow systemd to relabel all files on system.
- Revert "Add new boolean systemd_can_relabel"
- Allow xdm_t domain to read kernel sysctl BZ(1740385)
- Add sys_admin capability for xdm_t in user namespace. BZ(1740386)
- Allow dbus communications with resolved for DNS lookups
- Add new boolean systemd_can_relabel
- Allow auditd_t domain to create auditd_tmp_t temporary files and dirs in /tmp or /var/tmp
- Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t
- Update systemd_dontaudit_read_unit_files() interface to dontaudit alos listing dirs
- Run lvmdbusd service as lvm_t
* Wed Aug 07 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-29 * Wed Aug 07 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-29
- Allow dlm_controld_t domain setgid capability - Allow dlm_controld_t domain setgid capability
- Fix SELinux modules not installing in chroots. - Fix SELinux modules not installing in chroots.

View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-cd63aff.tar.gz) = a6b92f5800371c1726f0c8f386f3352f564c52c9ed4a5ecde09a6141fabc657ca44020c34a13c9cd592ec3411c462ced80d74ad77a8403dcad08eec3cdc02136 SHA512 (selinux-policy-contrib-4396848.tar.gz) = 97d5d9f9e59bf607e9170a2ff12b9d33ea8892178be4ea1a202a08fcedb7e1df5d78443cd79e4b544a8f6a67f5783e516f2c85de9f4e56f93753cfe21887639e
SHA512 (selinux-policy-contrib-e563a8d.tar.gz) = 5eb6bdc884b13e94a7a0b91a8e496ffa1a731a87e1362ff571e748129d95f9abd8ed39ff9d1453e062a2a7e78ee36978ce0734fd3e58155b8147e7048ff4107e SHA512 (selinux-policy-b313a79.tar.gz) = eadcceeb207448aa38a3826e3dc444602abfc42c67543ae5a58c2379f78b209fe578bd50101e628d99a02282ba9d473dee3126462f172b68b2c39b889dd8062c
SHA512 (container-selinux.tgz) = 3d4989bcf7a96d7efc64eed149b259d0ad17d405c5aa0c553b04d5de5c956aa290b87b32846a629017528dcb10223e3de1e0f51f810b3d1199356d1b245cabc7
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = b7c4030cc1d3f07c6cfe9ab6cf1b50c571301531866a7e1d44061cff777230acf9bfadbe11929baf4f8a7da74a0ad0f46139fcb0d6039cf1435915f4aab59592