* Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-12

- Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672) - Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766) - Add dac_override capability to postgrey_t domain BZ(1638954) - Allow thumb_t domain to execute own tmpfs files BZ(1643698) - Allow xdm_t domain to manage dosfs_t files BZ(1645770) - Label systemd-timesyncd binary as systemd_timedated_exec_t to make it run in systemd_timedated_t domain BZ(1640801) - Improve fs_manage_ecryptfs_files to allow caller domain also mmap ecryptfs_t files BZ(1630675) - Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313)
2018-11-04 19:53:51 +01:00 · 2018-11-04 19:53:51 +01:00 · e4f858261b
commit e4f858261b
parent 38e2f9cae4
3 changed files with 18 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -321,3 +321,5 @@ serefpolicy*
 /selinux-policy-contrib-a69f9e6.tar.gz
 /selinux-policy-contrib-6c30b43.tar.gz
 /selinux-policy-a46eac2.tar.gz
+/selinux-policy-contrib-5a2a313.tar.gz
+/selinux-policy-62d90da.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 a46eac200fe1261c59d4093721e3539139a1e45e
+%global commit0 62d90da2a38c1a701a5f177feb861d0d75357d55
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 6c30b43e6935ef82dc07dc56f4cbcb220ec814aa
+%global commit1 5a2a313e3ac16c6411fd3dd949a836061b33a526
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -709,6 +709,16 @@ exit 0
 %endif

 %changelog
+* Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-12
+- Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672)
+- Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766)
+- Add dac_override capability to postgrey_t domain BZ(1638954)
+- Allow thumb_t domain to execute own tmpfs files BZ(1643698)
+- Allow xdm_t domain to manage dosfs_t files BZ(1645770)
+- Label systemd-timesyncd binary as systemd_timedated_exec_t to make it run in systemd_timedated_t domain BZ(1640801)
+- Improve fs_manage_ecryptfs_files to allow caller domain also mmap ecryptfs_t files BZ(1630675)
+- Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313)
+
 * Sun Nov 04 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-11
 - Add nnp transition rule for vnstatd_t domain using NoNewPrivileges systemd feature BZ(1643063)
 - Allow l2tpd_t domain to mmap /etc/passwd file BZ(1638948)
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-contrib-6c30b43.tar.gz) = fb6cc12a4547a61daedb140f07a0858edc584124442d4010849cf7a5dd8b421ea35825c428b9f4ca7fe6d0ef2ec99cd0798112545911fe5c42cfa55139533347
-SHA512 (selinux-policy-a46eac2.tar.gz) = 88cf4f6801637eed42327796358b74c5db660d2f029c44693149e7339c595736a957626d2302b582fa11a628c655425ee819fabdb21551f819a253edb550f1d4
-SHA512 (container-selinux.tgz) = 7efc8fce110a6ae7ecb4574d7c9a2929997e23e31484924c74b37275121cde680311e46ec44fbdef8a8de89fca46b0c29811ab1a497627330ccf4021ddc47ec7
+SHA512 (selinux-policy-contrib-5a2a313.tar.gz) = 3a2c12e0636b241a36a398ae30db2b64376083034fc1033f5b745c27706559169f16d4c05ec4af6703e90250f0377dbbd80316f086ffce3c4fe942f40359b8af
+SHA512 (selinux-policy-62d90da.tar.gz) = bce754eca7b01c15eab03d182e3d8baebb0783372df33e75f15442b3377c168e57502453950e8383947feb47c21e95184d7cdee35ac8aebcaccdcf5e5eaf04c1
+SHA512 (container-selinux.tgz) = a26a2ddd0aa3868d44bdb55197737e0f66377f5dd8abfcd00f6440b926338071f57f189bb5050d976dcc484d53a7f3ac35c74d48763975bea2afc6509501ebef