diff --git a/.gitignore b/.gitignore index 2064ebbb..d08fee46 100644 --- a/.gitignore +++ b/.gitignore @@ -464,3 +464,5 @@ serefpolicy* /selinux-policy-6d96694.tar.gz /selinux-policy-contrib-22a7272.tar.gz /selinux-policy-7dd92fd.tar.gz +/selinux-policy-contrib-2a1096a.tar.gz +/selinux-policy-427796e.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 568566a6..4f280fbe 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 7dd92fda6b04b5c90feb038aabefb728a8773750 +%global commit0 427796e812ddf1284b6f78f41efd8137fe26f2f0 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 22a72723552b1c4bc6dd42f7f55fd9dd42426c3c +%global commit1 2a1096a616c714d0bc4eb0d94e42ccab369c0db5 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.6 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -784,6 +784,43 @@ exit 0 %endif %changelog +* Fri Jun 26 2020 Zdenek Pytela - 3.14.6-17 +- Allow pdns server to read system state +- Allow irqbalance nnp_transition +- Fix description tag for the sssd_connect_all_unreserved_ports tunable +- Allow journalctl process set its resource limits +- Add sssd_access_kernel_keys tunable to conditionally access kernel keys +- Make keepalived work with network namespaces +- Create sssd_connect_all_unreserved_ports boolean +- Allow hypervkvpd to request kernel to load a module +- Allow systemd_private_tmp(dirsrv_tmp_t) +- Allow microcode_ctl get attributes of sysfs directories +- Remove duplicate files_dontaudit_list_tmp(radiusd_t) line +- Allow radiusd connect to gssproxy over unix domain stream socket +- Add fwupd_cache_t file context for '/var/cache/fwupd(/.*)?' +- Allow qemu read and write /dev/mapper/control +- Allow tlp_t can_exec() tlp_exec_t +- Dontaudit vpnc_t setting its process scheduling +- Remove files_mmap_usr_files() call for particular domains +- Allow dirsrv_t list cgroup directories +- Crete the kerberos_write_kadmind_tmp_files() interface +- Allow realmd_t dbus chat with accountsd_t +- Label systemd-growfs and systemd-makefs as fsadm_exec_t +- Allow staff_u and user_u setattr generic usb devices +- Allow sysadm_t dbus chat with accountsd +- Modify kernel_rw_key() not to include append permission +- Add kernel_rw_key() interface to access to kernel keyrings +- Modify systemd_delete_private_tmp() to use delete_*_pattern macros +- Allow systemd-modules to load kernel modules +- Add cachefiles_dev_t as a typealias to cachefiles_device_t +- Allow libkrb5 lib read client keytabs +- Allow domain mmap usr_t files +- Remove files_mmap_usr_files() call for systemd domains +- Allow sshd write to kadmind temporary files +- Do not audit staff_t and user_t attempts to manage boot_t entries +- Add files_dontaudit_manage_boot_dirs() interface +- Allow systemd-tty-ask-password-agent read efivarfs files + * Thu Jun 25 2020 Adam Williamson - 3.14.6-16 - Fix scriptlets when /etc/selinux/config does not exist diff --git a/sources b/sources index 13a96110..6625e9dd 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-22a7272.tar.gz) = c379dbd32627dd0d04a98f95d7291a9e5ab24932ebaaf065f8b5ccc941b23e36235a3e5ae9b78ee96e0fda28f2fc26bdfead6645e0925dd94856b47b6b66e60b -SHA512 (selinux-policy-7dd92fd.tar.gz) = 4a61d12d6565d1722a04a16878e48b1f8b74dd43e2f52d66495557e4a77eb0a50cd882f619a6f0d8c038ff64d38219fba06bce7f883aca86bf308d8a89340549 +SHA512 (selinux-policy-contrib-2a1096a.tar.gz) = 1cfbde139b1343b64938cdbb047e11c5ce7a76b9476de2ec3f9803dcd9441c108cbada4bc47ba4c44fe78f281997b12cb7db13b1eee75c4bef3e55c2093bb2b2 +SHA512 (selinux-policy-427796e.tar.gz) = 01dd45439da3472f4b41bd6bd4226f70557a3453b7ff296df1af900dad2a1d94c5299f0c192af033e676a3c3fe8c9b11b9a1fca57da3ad5c66185f533bd3e3d6 +SHA512 (container-selinux.tgz) = e65c8e027ea4b07e4f257a8a297629622118155244d4ebe62186b4fb1e00218cbb5a1d5ff67f258f69d36ee45d5889bd73f61b6911defa29e5d5ec0b5c5be9bf SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 -SHA512 (container-selinux.tgz) = 521d0028bf2140be7586ab39f4ac99c136cf8559506f9b755beb3ac50bd4de474430848c322d0917c7f9a1230ecc4d93704e12fefb19a64b5089456fc047438c