* Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7

- Allow fontconfig file transition for xguest_u user - Add gnome_filetrans_fontconfig_home_content interface - Add permissions needed by systemd's machinectl shell/login - Update SELinux policy for xen services - Add dac_override capability for kdumpctl_t process domain - Allow chronyd_t domain to exec shell - Fix varnisncsa typo - Allow init start freenx-server BZ(1678025) - Create logrotate_use_fusefs boolean - Add tcpd_wrapped_domain for telnetd BZ(1676940) - Allow tcpd bind to services ports BZ(1676940) - Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t - Make shell_exec_t type as entrypoint for vmtools_unconfined_t. - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide - Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t - Allow esmtp access .esmtprc BZ(1691149) - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide - Allow tlp_t domain to read nvme block devices BZ(1692154) - Add support for smart card authentication in cockpit BZ(1690444) - Add permissions needed by systemd's machinectl shell/login - Allow kmod_t domain to mmap modules_dep_t files. - Allow systemd_machined_t dac_override capability BZ(1670787) - Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files - Allow unconfined_domain_type to use bpf tools BZ(1694115) - Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)" - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow unconfined_domain_type to use bpf tools BZ(1694115) - Allow init_t read mnt_t symlinks BZ(1637070) - Update dev_filetrans_all_named_dev() interface - Allow xdm_t domain to execmod temp files BZ(1686675) - Revert "Allow xdm_t domain to create own tmp files BZ(1686675)" - Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582) - Allow confined users labeled as staff_t to run iptables. - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow xdm_t domain to create own tmp files BZ(1686675) - Add miscfiles_dontaudit_map_generic_certs interface.
2019-04-03 14:33:40 +02:00 · 2019-04-03 14:33:40 +02:00 · c4065f7c94
commit c4065f7c94
parent 4052eb0456
3 changed files with 48 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -351,3 +351,6 @@ serefpolicy*
 /selinux-policy-contrib-dc92f2d.tar.gz
 /selinux-policy-b78306b.tar.gz
 /selinux-policy-contrib-ef0c1e0.tar.gz
 /macro-expander
 /selinux-policy-549ed43.tar.gz
 /selinux-policy-contrib-e753aa8.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 b78306bdff7cf7960c539477d5886e3e91c75a18
+%global commit0 549ed432e0e7c6348687e3737aa29fd6e91f6e74
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 ef0c1e086e735f3a3864091e610914bc85a067dc
+%global commit1 e753aa82ec360bb2715ef2cc8b00eeb1719e1c26
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -714,6 +714,44 @@ exit 0
 %endif
 %changelog
 * Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
 - Allow fontconfig file transition for xguest_u user
 - Add gnome_filetrans_fontconfig_home_content interface
 - Add permissions needed by systemd's machinectl shell/login
 - Update SELinux policy for xen services
 - Add dac_override capability for kdumpctl_t process domain
 - Allow chronyd_t domain to exec shell
 - Fix varnisncsa typo
 - Allow init start freenx-server BZ(1678025)
 - Create logrotate_use_fusefs boolean
 - Add tcpd_wrapped_domain for telnetd BZ(1676940)
 - Allow tcpd bind to services ports BZ(1676940)
 - Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t
 - Make shell_exec_t type as entrypoint for vmtools_unconfined_t.
 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
 - Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
 - Allow esmtp access .esmtprc BZ(1691149)
 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
 - Allow tlp_t domain to read nvme block devices BZ(1692154)
 - Add support for smart card authentication in cockpit BZ(1690444)
 - Add permissions needed by systemd's machinectl shell/login
 - Allow kmod_t domain to mmap modules_dep_t files.
 - Allow systemd_machined_t dac_override capability BZ(1670787)
 - Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files
 - Allow unconfined_domain_type to use bpf tools BZ(1694115)
 - Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)"
 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
 - Allow unconfined_domain_type to use bpf tools BZ(1694115)
 - Allow init_t read mnt_t symlinks BZ(1637070)
 - Update dev_filetrans_all_named_dev() interface
 - Allow xdm_t domain to execmod temp files BZ(1686675)
 - Revert "Allow xdm_t domain to create own tmp files BZ(1686675)"
 - Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582)
 - Allow confined users labeled as staff_t to run iptables.
 - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
 - Allow xdm_t domain to create own tmp files BZ(1686675)
 - Add miscfiles_dontaudit_map_generic_certs interface.
 * Sat Mar 23 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-6
 - Allow boltd_t domain to write to sysfs_t dirs BZ(1689287)
 - Allow fail2ban execute journalctl BZ(1689034)
--- a/7
+++ b/7
@ -1,3 +1,4 @@
-SHA512 (selinux-policy-b78306b.tar.gz) = 475dcb354faa956eac97e611cf1b821aaf9d21b3772a7d8ea81ccd784e64514ac65ec221dade5300c08ce0b60f3104403dbb77ff1fbb92bc53f72e676b1e3917
+SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
-SHA512 (selinux-policy-contrib-ef0c1e0.tar.gz) = 7a34e4cf5d078a5443181efe6043f6a612ad0bf97c0aa80eee69e78f7c62f5a2f226619ed68e7d59eca4c2a91ccb7eea5f1b0df74aae2c884e559d1609e02250
+SHA512 (selinux-policy-549ed43.tar.gz) = 79d87904709dd9ffda8b230e0c9921b7928550ab8d1ac23088035d5765eac2bda189b3f1905c005ce92a97c539d78e78f3d5c6b1f2b43481744044439c50ae22
-SHA512 (container-selinux.tgz) = 578fb3091094079c4464cc90402173809b69db2b291919b76279eacadd7a9ddd6023da5fe868e55a0268004b34237d830613ca597fbeb268f91837d2a65e702d
+SHA512 (selinux-policy-contrib-e753aa8.tar.gz) = 29eb4d653d3bcb1d0210bec9bc3aec360b2ca6f84049d6fa12fdaf30bff0fe55cb337e7018988db4feb42c0b1dedad9de7e39eb3372a75e4dbdeccb1f9d3feb1
 SHA512 (container-selinux.tgz) = b4677836f52d49ad2d2f24e201005ffdce6eebc3d967c357acc147cb5b2eeb493b649b01912c92b5ba8046c05cbeba7c7dbefc2b018fac9435bced5fbf04b5ba