* Sun Jul 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-30

- Allow sblim_sfcbd_t domain to mmap own tmpfs files
- Allow nfsd_t domain to read krb5 keytab files
- Allow nfsd_t domain to manage fadm pid files
- Allow virt_domain to create icmp sockets BZ(1609142)
- Dontaudit oracleasm_t domain to request sys_admin capability
- Update logging_manage_all_logs() interface to allow caller domain map all logfiles
This commit is contained in:
Lukas Vrabec 2018-07-29 17:17:33 +02:00
parent 539110c25c
commit da3bd2ceb6
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 16 additions and 6 deletions

2
.gitignore vendored
View File

@ -300,3 +300,5 @@ serefpolicy*
/selinux-policy-contrib-bfc11d6.tar.gz /selinux-policy-contrib-bfc11d6.tar.gz
/selinux-policy-cc3def4.tar.gz /selinux-policy-cc3def4.tar.gz
/selinux-policy-contrib-f0ca657.tar.gz /selinux-policy-contrib-f0ca657.tar.gz
/selinux-policy-contrib-6bfaa82.tar.gz
/selinux-policy-e08b2da.tar.gz

View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 cc3def49862b7cea6b321bdc1cd8bb9b715e7ffc %global commit0 e08b2dab562597085bbc9800006a298a6fcdba0c
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 f0ca657fd17cb4c77bb1d7ee4422f94e397e7ac3 %global commit1 6bfaa82e671e166c8483dffd4c56120562846f8e
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.2 Version: 3.14.2
Release: 29%{?dist} Release: 30%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -709,6 +709,14 @@ exit 0
%endif %endif
%changelog %changelog
* Sun Jul 29 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-30
- Allow sblim_sfcbd_t domain to mmap own tmpfs files
- Allow nfsd_t domain to read krb5 keytab files
- Allow nfsd_t domain to manage fadm pid files
- Allow virt_domain to create icmp sockets BZ(1609142)
- Dontaudit oracleasm_t domain to request sys_admin capability
- Update logging_manage_all_logs() interface to allow caller domain map all logfiles
* Wed Jul 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-29 * Wed Jul 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-29
- Allow aide to mmap all files - Allow aide to mmap all files
- Revert "Allow firewalld to create rawip sockets" - Revert "Allow firewalld to create rawip sockets"

View File

@ -1,3 +1,3 @@
SHA512 (container-selinux.tgz) = 2ff3997f7953d99be29fd59a004045e8650771c19c75bd4b4fb5ba9ee7e6f579ad68d8f2174ddc875d3281536b5dc19da950d43aaf552d5d49fee03a18ee5bf1 SHA512 (selinux-policy-contrib-6bfaa82.tar.gz) = 755a389bd3960a66447acffd40ff4f5b4e8f3b454f5e380e74625a9547b205f96786ff7bba2616a76adf740c1dd6e7855d056e67b857b9edbf52eee02975cbd7
SHA512 (selinux-policy-cc3def4.tar.gz) = 76f28dedea25e0ab187dc18d4aa316705cf46b4c2b93477f52c86e8781be2bd31edacb6161dbeeca667eaa7218fbab139aac25bf06288624727d840e42e82617 SHA512 (selinux-policy-e08b2da.tar.gz) = 0b0d1693b8e544d60c5ff5c64dca93ab62e6d43925522740ca08ac4eaf30d7a363af5b90021c20ec6f379be5b13db56e5133c9b95511e3a7584ca8a12097e726
SHA512 (selinux-policy-contrib-f0ca657.tar.gz) = 124f6b2bc63ee343ddc4acc75580d34af27a9f2491f6638f7f17fa612abc322a17ddbb4a36d2aa492044cf13950defc05ba8f5f42c52640feb7c6c81177f1d38 SHA512 (container-selinux.tgz) = 03dc7da74a0b83f3df985dc51bdfb69676b92a8d9b99149f9135639b3ac3f1ce362652e744170ce2b25f5dd46974e4726c9e80ce4604d26dded14f0980315c4d