* Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
- Allow fontconfig file transition for xguest_u user - Add gnome_filetrans_fontconfig_home_content interface - Add permissions needed by systemd's machinectl shell/login - Update SELinux policy for xen services - Add dac_override capability for kdumpctl_t process domain - Allow chronyd_t domain to exec shell - Fix varnisncsa typo - Allow init start freenx-server BZ(1678025) - Create logrotate_use_fusefs boolean - Add tcpd_wrapped_domain for telnetd BZ(1676940) - Allow tcpd bind to services ports BZ(1676940) - Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t - Make shell_exec_t type as entrypoint for vmtools_unconfined_t. - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide - Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t - Allow esmtp access .esmtprc BZ(1691149) - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide - Allow tlp_t domain to read nvme block devices BZ(1692154) - Add support for smart card authentication in cockpit BZ(1690444) - Add permissions needed by systemd's machinectl shell/login - Allow kmod_t domain to mmap modules_dep_t files. - Allow systemd_machined_t dac_override capability BZ(1670787) - Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files - Allow unconfined_domain_type to use bpf tools BZ(1694115) - Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)" - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow unconfined_domain_type to use bpf tools BZ(1694115) - Allow init_t read mnt_t symlinks BZ(1637070) - Update dev_filetrans_all_named_dev() interface - Allow xdm_t domain to execmod temp files BZ(1686675) - Revert "Allow xdm_t domain to create own tmp files BZ(1686675)" - Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582) - Allow confined users labeled as staff_t to run iptables. - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide - Allow xdm_t domain to create own tmp files BZ(1686675) - Add miscfiles_dontaudit_map_generic_certs interface.
This commit is contained in:
parent
4052eb0456
commit
c4065f7c94
3
.gitignore
vendored
3
.gitignore
vendored
@ -351,3 +351,6 @@ serefpolicy*
|
||||
/selinux-policy-contrib-dc92f2d.tar.gz
|
||||
/selinux-policy-b78306b.tar.gz
|
||||
/selinux-policy-contrib-ef0c1e0.tar.gz
|
||||
/macro-expander
|
||||
/selinux-policy-549ed43.tar.gz
|
||||
/selinux-policy-contrib-e753aa8.tar.gz
|
||||
|
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 b78306bdff7cf7960c539477d5886e3e91c75a18
|
||||
%global commit0 549ed432e0e7c6348687e3737aa29fd6e91f6e74
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 ef0c1e086e735f3a3864091e610914bc85a067dc
|
||||
%global commit1 e753aa82ec360bb2715ef2cc8b00eeb1719e1c26
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.4
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
@ -714,6 +714,44 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
|
||||
- Allow fontconfig file transition for xguest_u user
|
||||
- Add gnome_filetrans_fontconfig_home_content interface
|
||||
- Add permissions needed by systemd's machinectl shell/login
|
||||
- Update SELinux policy for xen services
|
||||
- Add dac_override capability for kdumpctl_t process domain
|
||||
- Allow chronyd_t domain to exec shell
|
||||
- Fix varnisncsa typo
|
||||
- Allow init start freenx-server BZ(1678025)
|
||||
- Create logrotate_use_fusefs boolean
|
||||
- Add tcpd_wrapped_domain for telnetd BZ(1676940)
|
||||
- Allow tcpd bind to services ports BZ(1676940)
|
||||
- Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t
|
||||
- Make shell_exec_t type as entrypoint for vmtools_unconfined_t.
|
||||
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
|
||||
- Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
|
||||
- Allow esmtp access .esmtprc BZ(1691149)
|
||||
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
|
||||
- Allow tlp_t domain to read nvme block devices BZ(1692154)
|
||||
- Add support for smart card authentication in cockpit BZ(1690444)
|
||||
- Add permissions needed by systemd's machinectl shell/login
|
||||
- Allow kmod_t domain to mmap modules_dep_t files.
|
||||
- Allow systemd_machined_t dac_override capability BZ(1670787)
|
||||
- Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files
|
||||
- Allow unconfined_domain_type to use bpf tools BZ(1694115)
|
||||
- Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)"
|
||||
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
|
||||
- Allow unconfined_domain_type to use bpf tools BZ(1694115)
|
||||
- Allow init_t read mnt_t symlinks BZ(1637070)
|
||||
- Update dev_filetrans_all_named_dev() interface
|
||||
- Allow xdm_t domain to execmod temp files BZ(1686675)
|
||||
- Revert "Allow xdm_t domain to create own tmp files BZ(1686675)"
|
||||
- Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582)
|
||||
- Allow confined users labeled as staff_t to run iptables.
|
||||
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
|
||||
- Allow xdm_t domain to create own tmp files BZ(1686675)
|
||||
- Add miscfiles_dontaudit_map_generic_certs interface.
|
||||
|
||||
* Sat Mar 23 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-6
|
||||
- Allow boltd_t domain to write to sysfs_t dirs BZ(1689287)
|
||||
- Allow fail2ban execute journalctl BZ(1689034)
|
||||
|
7
sources
7
sources
@ -1,3 +1,4 @@
|
||||
SHA512 (selinux-policy-b78306b.tar.gz) = 475dcb354faa956eac97e611cf1b821aaf9d21b3772a7d8ea81ccd784e64514ac65ec221dade5300c08ce0b60f3104403dbb77ff1fbb92bc53f72e676b1e3917
|
||||
SHA512 (selinux-policy-contrib-ef0c1e0.tar.gz) = 7a34e4cf5d078a5443181efe6043f6a612ad0bf97c0aa80eee69e78f7c62f5a2f226619ed68e7d59eca4c2a91ccb7eea5f1b0df74aae2c884e559d1609e02250
|
||||
SHA512 (container-selinux.tgz) = 578fb3091094079c4464cc90402173809b69db2b291919b76279eacadd7a9ddd6023da5fe868e55a0268004b34237d830613ca597fbeb268f91837d2a65e702d
|
||||
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
|
||||
SHA512 (selinux-policy-549ed43.tar.gz) = 79d87904709dd9ffda8b230e0c9921b7928550ab8d1ac23088035d5765eac2bda189b3f1905c005ce92a97c539d78e78f3d5c6b1f2b43481744044439c50ae22
|
||||
SHA512 (selinux-policy-contrib-e753aa8.tar.gz) = 29eb4d653d3bcb1d0210bec9bc3aec360b2ca6f84049d6fa12fdaf30bff0fe55cb337e7018988db4feb42c0b1dedad9de7e39eb3372a75e4dbdeccb1f9d3feb1
|
||||
SHA512 (container-selinux.tgz) = b4677836f52d49ad2d2f24e201005ffdce6eebc3d967c357acc147cb5b2eeb493b649b01912c92b5ba8046c05cbeba7c7dbefc2b018fac9435bced5fbf04b5ba
|
||||
|
Loading…
Reference in New Issue
Block a user