diff --git a/.gitignore b/.gitignore index 24cad0dd..cf683366 100644 --- a/.gitignore +++ b/.gitignore @@ -397,3 +397,5 @@ serefpolicy* /selinux-policy-contrib-4396848.tar.gz /selinux-policy-b313a79.tar.gz /selinux-policy-contrib-c55a896.tar.gz +/selinux-policy-6a0cb45.tar.gz +/selinux-policy-contrib-8ce79b2.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 66a580a4..364a04f1 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 b313a79dbfd2fba545e00f31aa53d29c6f2b2722 +%global commit0 6a0cb453ba0dcbbc7e75fa04a6647936ccdb339a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 c55a896148db8d2b16ef06149399a6c6b110d8b5 +%global commit1 8ce79b2c82b2d3e62bb4b22404e755bad7131c98 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.5 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -787,6 +787,36 @@ exit 0 %endif %changelog +* Wed Sep 04 2019 Lukas Vrabec - 3.14.5-2 +- Allow zabbix_t domain to manage zabbix_var_lib_t sock files and connect to unix_stream_socket +- Dontaudit sandbox web types to setattr lib_t dirs +- Dontaudit system_mail_t domains to check for existence other applications on system BZ(1747369) +- Allow haproxy_t domain to read network state of system +- Allow processes labeled as keepalived_t domain to get process group +- Introduce dbusd_unit_file_type +- Allow pesign_t domain to read/write named cache files. +- Label /var/log/hawkey.log as rpm_log_t and update rpm named filetrans interfaces. +- Allow httpd_t domain to read/write named_cache_t files +- Add new interface bind_rw_cache() +- Allow cupsd_t domain to create directory with name ppd in dirs labeled as cupsd_etc_t with label cupsd_rw_etc_t. +- Update cpucontrol_t SELinux policy +- Allow pcp_pmcd_t domain to bind on udp port labeled as statsd_port_t +- Run lldpd service as lldpad_t. +- Allow spamd_update_t domain to create unix dgram sockets. +- Update dbus role template for confined users to allow login into x session +- Label /usr/libexec/microcode_ctl/reload_microcode as cpucontrol_exec_t +- Fix typo in networkmanager_append_log() interface +- Update collectd policy to allow daemon create /var/log/collectd with collectd_log_t label +- Allow login user type to use systemd user session +- Allow xdm_t domain to start dbusd services. +- Introduce new type xdm_unit_file_t +- Remove allowing all domain to communicate over pipes with all domain under rpm_transition_domain attribute +- Allow systemd labeled as init_t to remove sockets with tmp_t label BZ(1745632) +- Allow ipsec_t domain to read/write named cache files +- Allow sysadm_t to create hawkey log file with rpm_log_t SELinux label +- Allow domains systemd_networkd_t and systemd_logind_t to chat over dbus +- Label udp 8125 port as statsd_port_t + * Tue Aug 13 2019 Lukas Vrabec - 3.14.5-1 - Bump version diff --git a/sources b/sources index 109d2241..f200472b 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-contrib-c55a896.tar.gz) = 6a0388a314ccb52b18636c91f8398b3ed930e2a7b42e3f2106bd1bca9df19bdc089367d970b4a1f7be3ea425b047028c38ebb31fded74f4080297b18241f9970 -SHA512 (selinux-policy-b313a79.tar.gz) = eadcceeb207448aa38a3826e3dc444602abfc42c67543ae5a58c2379f78b209fe578bd50101e628d99a02282ba9d473dee3126462f172b68b2c39b889dd8062c -SHA512 (container-selinux.tgz) = af6b07cd90cad7ddbd42a4c33fa7527177c7ec0b7d4ba330699f9916daba8c8d7edfb5ad358d4ecccb3bf4943ce786faf35a011fb107203b1d73081c4f6c197d +SHA512 (container-selinux.tgz) = aeb4861d2f79b35ee10c1ad12280ea8d84ee33546eff2321287de98102093e2e004f689557ec884af929cc71bdcb38c9cc2ecf00226433a44a6e52d1d11959b4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (selinux-policy-6a0cb45.tar.gz) = b0058489dffe2de2bebcb9f7b9a1bf6d143e5c6fa0ed50bd1fff1b52be052f5f958d0feb4b9bd82d763dd87d6979bd8a37a52f7be52bbf44f76a8bc90439c79e +SHA512 (selinux-policy-contrib-8ce79b2.tar.gz) = e36bb51c1bcb553a54a95a29cb6440b6f120c805d5fa34e324da181d45abc4c489db51b58296df73c45bc702a86eadbb13001c2e88efa590f18128fff6fe3e9e