* Wed Nov 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-13

- Fix typo bugs in rtas_errd_read_lock() interface - cockpit: Drop cockpit-cert-session - Allow timedatex_t domain to systemctl chronyd domains - Allow ipa_helper_t to read kr5_keytab_t files - cockpit: Allow cockpit-session to read cockpit-tls state directory - Allow stratisd_t domain to read nvme and fixed disk devices - Update lldpad_t policy module - Dontaudit tmpreaper_t getting attributes from sysctl_type files - cockpit: Support https instance factory - Added macro for timedatex to chat over dbus. - Fix typo in dev_filetrans_all_named_dev() - Update files_manage_etc_runtime_files() interface to allow manage also dirs - Fix typo in cachefiles device - Dontaudit sys_admin capability for auditd_t domains - Allow x_userdomain to read adjtime_t files - Allow users using template userdom_unpriv_user_template() to run bpf tool - Allow x_userdomain to dbus_chat with timedatex.
2019-11-13 15:45:37 +01:00 · 2019-11-13 15:45:37 +01:00 · d1df004bac
parent 72c4289c25
commit d1df004bac
3 changed files with 27 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -418,3 +418,5 @@ serefpolicy*
 /selinux-policy-7b7648b.tar.gz
 /selinux-policy-contrib-dee19b8.tar.gz
 /selinux-policy-40f6bcc.tar.gz
+/selinux-policy-contrib-6c531fb.tar.gz
+/selinux-policy-4253587.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 40f6bccc38526717eb8ff2032d3c915bc77ad3d1
+%global commit0 425358721b94b80f2597a9fb1fd269051b92e1aa
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 dee19b8b41fcf9ca57e9e019b30b112a7546c030
+%global commit1 6c531fbe9839ed089245918743948f844a8f58da
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.5
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,25 @@ exit 0
 %endif

 %changelog
+* Wed Nov 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-13
+- Fix typo bugs in rtas_errd_read_lock() interface
+- cockpit: Drop cockpit-cert-session
+- Allow timedatex_t domain to systemctl chronyd domains
+- Allow ipa_helper_t to read kr5_keytab_t files
+- cockpit: Allow cockpit-session to read cockpit-tls state directory
+- Allow stratisd_t domain to read nvme and fixed disk devices
+- Update lldpad_t policy module
+- Dontaudit tmpreaper_t getting attributes from sysctl_type files
+- cockpit: Support https instance factory
+- Added macro for timedatex to chat over dbus.
+- Fix typo in dev_filetrans_all_named_dev()
+- Update files_manage_etc_runtime_files() interface to allow manage also dirs
+- Fix typo in cachefiles device
+- Dontaudit sys_admin capability for auditd_t domains
+- Allow x_userdomain to read adjtime_t files
+- Allow users using template userdom_unpriv_user_template() to run bpf tool
+- Allow x_userdomain to dbus_chat with timedatex.
+
 * Sun Nov 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-12
 - Label /var/cache/nginx as httpd_cache_t
 - Allow abrt_upload_watch_t domain to send dgram msgs to kernel processes and stream connect to journald
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-dee19b8.tar.gz) = dc7f4e9f11b00548505f698d4993dcd66229b60afdd7c558aef391bb9ff90a4a9ae6fa8a62c9f565e2cc131e0dc6e8341998af3b9728d360de59c68737eb5183
-SHA512 (selinux-policy-40f6bcc.tar.gz) = b82310184959b36cd2a6de960913994b1ebf63c36d95a7b2de14f3cdf6feb2df1f215900925957b6a47a5be2f7ff9dc41fff4e9b6db3a82c683eca8e73f9c322
+SHA512 (selinux-policy-contrib-6c531fb.tar.gz) = a6b2212d8d6684905d05a75bda64933abb8f4d68cf5e8cc8b982a6eb071dfdf382c4b07cd15eb5594f2092f53bec25f37b15a43920c0ef856aa5dfcf41c5bb4b
+SHA512 (selinux-policy-4253587.tar.gz) = 4577ef3bd26f52cb7865475599192a38c19faf0d090169af8f3696aede177561dd74e830e50bff88cb9e253721043a4bf8ee6bc8fa2287f7b9cf40a9611f50a1
+SHA512 (container-selinux.tgz) = 1ed85817b06b92efe5b09f449a47e46730c650d04c70b8e28ab80009be851885a232edb84a075dd37eb3c1b4291204abeeacd62bb31394bf481dfd5afb65cfb6
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
-SHA512 (container-selinux.tgz) = 7a0d3e5c47fd1c856b63ed5aa9eba1f553fcd4afa941cf66a61876032dbb53d4dcfd58fff105251b2d8c34e6e47c086815b4bd31f363b1eaa73192c1c5f3dab9