* Fri Jun 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-17
- Allow pdns server to read system state - Allow irqbalance nnp_transition - Fix description tag for the sssd_connect_all_unreserved_ports tunable - Allow journalctl process set its resource limits - Add sssd_access_kernel_keys tunable to conditionally access kernel keys - Make keepalived work with network namespaces - Create sssd_connect_all_unreserved_ports boolean - Allow hypervkvpd to request kernel to load a module - Allow systemd_private_tmp(dirsrv_tmp_t) - Allow microcode_ctl get attributes of sysfs directories - Remove duplicate files_dontaudit_list_tmp(radiusd_t) line - Allow radiusd connect to gssproxy over unix domain stream socket - Add fwupd_cache_t file context for '/var/cache/fwupd(/.*)?' - Allow qemu read and write /dev/mapper/control - Allow tlp_t can_exec() tlp_exec_t - Dontaudit vpnc_t setting its process scheduling - Remove files_mmap_usr_files() call for particular domains - Allow dirsrv_t list cgroup directories - Crete the kerberos_write_kadmind_tmp_files() interface - Allow realmd_t dbus chat with accountsd_t - Label systemd-growfs and systemd-makefs as fsadm_exec_t - Allow staff_u and user_u setattr generic usb devices - Allow sysadm_t dbus chat with accountsd - Modify kernel_rw_key() not to include append permission - Add kernel_rw_key() interface to access to kernel keyrings - Modify systemd_delete_private_tmp() to use delete_*_pattern macros - Allow systemd-modules to load kernel modules - Add cachefiles_dev_t as a typealias to cachefiles_device_t - Allow libkrb5 lib read client keytabs - Allow domain mmap usr_t files - Remove files_mmap_usr_files() call for systemd domains - Allow sshd write to kadmind temporary files - Do not audit staff_t and user_t attempts to manage boot_t entries - Add files_dontaudit_manage_boot_dirs() interface - Allow systemd-tty-ask-password-agent read efivarfs files
This commit is contained in:
Zdenek Pytela
parent
154654f526
commit
c04fecfb03
2
.gitignore
vendored
2
.gitignore
vendored
@ -464,3 +464,5 @@ serefpolicy*
|
||||
/selinux-policy-6d96694.tar.gz
|
||||
/selinux-policy-contrib-22a7272.tar.gz
|
||||
/selinux-policy-7dd92fd.tar.gz
|
||||
/selinux-policy-contrib-2a1096a.tar.gz
|
||||
/selinux-policy-427796e.tar.gz
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 7dd92fda6b04b5c90feb038aabefb728a8773750
|
||||
%global commit0 427796e812ddf1284b6f78f41efd8137fe26f2f0
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 22a72723552b1c4bc6dd42f7f55fd9dd42426c3c
|
||||
%global commit1 2a1096a616c714d0bc4eb0d94e42ccab369c0db5
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.6
|
||||
Release: 16%{?dist}
|
||||
Release: 17%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
@ -784,6 +784,43 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jun 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-17
|
||||
- Allow pdns server to read system state
|
||||
- Allow irqbalance nnp_transition
|
||||
- Fix description tag for the sssd_connect_all_unreserved_ports tunable
|
||||
- Allow journalctl process set its resource limits
|
||||
- Add sssd_access_kernel_keys tunable to conditionally access kernel keys
|
||||
- Make keepalived work with network namespaces
|
||||
- Create sssd_connect_all_unreserved_ports boolean
|
||||
- Allow hypervkvpd to request kernel to load a module
|
||||
- Allow systemd_private_tmp(dirsrv_tmp_t)
|
||||
- Allow microcode_ctl get attributes of sysfs directories
|
||||
- Remove duplicate files_dontaudit_list_tmp(radiusd_t) line
|
||||
- Allow radiusd connect to gssproxy over unix domain stream socket
|
||||
- Add fwupd_cache_t file context for '/var/cache/fwupd(/.*)?'
|
||||
- Allow qemu read and write /dev/mapper/control
|
||||
- Allow tlp_t can_exec() tlp_exec_t
|
||||
- Dontaudit vpnc_t setting its process scheduling
|
||||
- Remove files_mmap_usr_files() call for particular domains
|
||||
- Allow dirsrv_t list cgroup directories
|
||||
- Crete the kerberos_write_kadmind_tmp_files() interface
|
||||
- Allow realmd_t dbus chat with accountsd_t
|
||||
- Label systemd-growfs and systemd-makefs as fsadm_exec_t
|
||||
- Allow staff_u and user_u setattr generic usb devices
|
||||
- Allow sysadm_t dbus chat with accountsd
|
||||
- Modify kernel_rw_key() not to include append permission
|
||||
- Add kernel_rw_key() interface to access to kernel keyrings
|
||||
- Modify systemd_delete_private_tmp() to use delete_*_pattern macros
|
||||
- Allow systemd-modules to load kernel modules
|
||||
- Add cachefiles_dev_t as a typealias to cachefiles_device_t
|
||||
- Allow libkrb5 lib read client keytabs
|
||||
- Allow domain mmap usr_t files
|
||||
- Remove files_mmap_usr_files() call for systemd domains
|
||||
- Allow sshd write to kadmind temporary files
|
||||
- Do not audit staff_t and user_t attempts to manage boot_t entries
|
||||
- Add files_dontaudit_manage_boot_dirs() interface
|
||||
- Allow systemd-tty-ask-password-agent read efivarfs files
|
||||
|
||||
* Thu Jun 25 2020 Adam Williamson <awilliam@redhat.com> - 3.14.6-16
|
||||
- Fix scriptlets when /etc/selinux/config does not exist
|
||||
|
||||
|
||||
6
sources
6
sources
@ -1,4 +1,4 @@
|
||||
SHA512 (selinux-policy-contrib-22a7272.tar.gz) = c379dbd32627dd0d04a98f95d7291a9e5ab24932ebaaf065f8b5ccc941b23e36235a3e5ae9b78ee96e0fda28f2fc26bdfead6645e0925dd94856b47b6b66e60b
|
||||
SHA512 (selinux-policy-7dd92fd.tar.gz) = 4a61d12d6565d1722a04a16878e48b1f8b74dd43e2f52d66495557e4a77eb0a50cd882f619a6f0d8c038ff64d38219fba06bce7f883aca86bf308d8a89340549
|
||||
SHA512 (selinux-policy-contrib-2a1096a.tar.gz) = 1cfbde139b1343b64938cdbb047e11c5ce7a76b9476de2ec3f9803dcd9441c108cbada4bc47ba4c44fe78f281997b12cb7db13b1eee75c4bef3e55c2093bb2b2
|
||||
SHA512 (selinux-policy-427796e.tar.gz) = 01dd45439da3472f4b41bd6bd4226f70557a3453b7ff296df1af900dad2a1d94c5299f0c192af033e676a3c3fe8c9b11b9a1fca57da3ad5c66185f533bd3e3d6
|
||||
SHA512 (container-selinux.tgz) = e65c8e027ea4b07e4f257a8a297629622118155244d4ebe62186b4fb1e00218cbb5a1d5ff67f258f69d36ee45d5889bd73f61b6911defa29e5d5ec0b5c5be9bf
|
||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||
SHA512 (container-selinux.tgz) = 521d0028bf2140be7586ab39f4ac99c136cf8559506f9b755beb3ac50bd4de474430848c322d0917c7f9a1230ecc4d93704e12fefb19a64b5089456fc047438c
|
||||
|
||||
Loading…
Reference in New Issue
Block a user