From d1c7bc688fdb61bf8a854d53253015367331d544 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Tue, 7 Jul 2020 16:11:16 +0200 Subject: [PATCH] * Tue Jul 07 2020 Zdenek Pytela - 3.14.6-18 - Allow oddjob_t process noatsecure permission for ipa_helper_t - Allow keepalived manage its private type runtime directories - Update irqbalance runtime directory file context - Allow irqbalance file transition for pid sock_files and directories - Allow systemd_private_tmp(dirsrv_tmp_t) instead of dirsrv_t - Allow virtlogd_t manage virt lib files - Allow systemd set efivarfs files attributes - Support systemctl --user in machinectl - Allow chkpwd_t read and write systemd-machined devpts character nodes - Allow init_t write to inherited systemd-logind sessions pipes --- .gitignore | 2 ++ selinux-policy.spec | 18 +++++++++++++++--- sources | 6 +++--- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index d08fee46..2d9c982e 100644 --- a/.gitignore +++ b/.gitignore @@ -466,3 +466,5 @@ serefpolicy* /selinux-policy-7dd92fd.tar.gz /selinux-policy-contrib-2a1096a.tar.gz /selinux-policy-427796e.tar.gz +/selinux-policy-contrib-f55cbfd.tar.gz +/selinux-policy-f0e4878.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 4f280fbe..1d9e2eff 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 427796e812ddf1284b6f78f41efd8137fe26f2f0 +%global commit0 f0e48785589982929a4b597c6a663dde980e468d %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 2a1096a616c714d0bc4eb0d94e42ccab369c0db5 +%global commit1 f55cbfd889cdd7dac3e2a7d334684f607127c1ae %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.6 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -784,6 +784,18 @@ exit 0 %endif %changelog +* Tue Jul 07 2020 Zdenek Pytela - 3.14.6-18 +- Allow oddjob_t process noatsecure permission for ipa_helper_t +- Allow keepalived manage its private type runtime directories +- Update irqbalance runtime directory file context +- Allow irqbalance file transition for pid sock_files and directories +- Allow systemd_private_tmp(dirsrv_tmp_t) instead of dirsrv_t +- Allow virtlogd_t manage virt lib files +- Allow systemd set efivarfs files attributes +- Support systemctl --user in machinectl +- Allow chkpwd_t read and write systemd-machined devpts character nodes +- Allow init_t write to inherited systemd-logind sessions pipes + * Fri Jun 26 2020 Zdenek Pytela - 3.14.6-17 - Allow pdns server to read system state - Allow irqbalance nnp_transition diff --git a/sources b/sources index 6625e9dd..906003a8 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-2a1096a.tar.gz) = 1cfbde139b1343b64938cdbb047e11c5ce7a76b9476de2ec3f9803dcd9441c108cbada4bc47ba4c44fe78f281997b12cb7db13b1eee75c4bef3e55c2093bb2b2 -SHA512 (selinux-policy-427796e.tar.gz) = 01dd45439da3472f4b41bd6bd4226f70557a3453b7ff296df1af900dad2a1d94c5299f0c192af033e676a3c3fe8c9b11b9a1fca57da3ad5c66185f533bd3e3d6 -SHA512 (container-selinux.tgz) = e65c8e027ea4b07e4f257a8a297629622118155244d4ebe62186b4fb1e00218cbb5a1d5ff67f258f69d36ee45d5889bd73f61b6911defa29e5d5ec0b5c5be9bf +SHA512 (selinux-policy-contrib-f55cbfd.tar.gz) = c8d52f4cb20c76ae508a7e98fa2b307ee71417798640b37e97cb6c3c9658cfa6e9f558d6cf036ce2e833d55971a737d2f744066521ed38b0b7d48a83ed5ea8ad +SHA512 (selinux-policy-f0e4878.tar.gz) = be00a28b1bee5edfe655c5b960d793fde54709d367dc2065f3e61f3fc8f11a051836c4fad57eac38123c5ff914413b76b46efbd196047fa9932db875e7cd1937 +SHA512 (container-selinux.tgz) = acc5f6c1622069bee2fd5fd9fa7e96b0fcd6c06c70e57183c908dab95221d38c6c93b8748f4187c0ba9b28ca9629d1dbda68a9cdb38f6a723a0baced5482b533 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4