From e4f858261b4dc376ced46f11ad32b56738f4e702 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Sun, 4 Nov 2018 19:53:51 +0100 Subject: [PATCH] * Sun Nov 04 2018 Lukas Vrabec - 3.14.3-12 - Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672) - Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766) - Add dac_override capability to postgrey_t domain BZ(1638954) - Allow thumb_t domain to execute own tmpfs files BZ(1643698) - Allow xdm_t domain to manage dosfs_t files BZ(1645770) - Label systemd-timesyncd binary as systemd_timedated_exec_t to make it run in systemd_timedated_t domain BZ(1640801) - Improve fs_manage_ecryptfs_files to allow caller domain also mmap ecryptfs_t files BZ(1630675) - Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313) --- .gitignore | 2 ++ selinux-policy.spec | 16 +++++++++++++--- sources | 6 +++--- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 996f767b..3c29f8cf 100644 --- a/.gitignore +++ b/.gitignore @@ -321,3 +321,5 @@ serefpolicy* /selinux-policy-contrib-a69f9e6.tar.gz /selinux-policy-contrib-6c30b43.tar.gz /selinux-policy-a46eac2.tar.gz +/selinux-policy-contrib-5a2a313.tar.gz +/selinux-policy-62d90da.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index d8eec8b9..23fcebdb 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 a46eac200fe1261c59d4093721e3539139a1e45e +%global commit0 62d90da2a38c1a701a5f177feb861d0d75357d55 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 6c30b43e6935ef82dc07dc56f4cbcb220ec814aa +%global commit1 5a2a313e3ac16c6411fd3dd949a836061b33a526 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 11%{?dist} +Release: 12%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -709,6 +709,16 @@ exit 0 %endif %changelog +* Sun Nov 04 2018 Lukas Vrabec - 3.14.3-12 +- Dontaudit thumb_t domain to setattr on lib_t dirs BZ(1643672) +- Dontaudit cupsd_t domain to setattr lib_t dirs BZ(1636766) +- Add dac_override capability to postgrey_t domain BZ(1638954) +- Allow thumb_t domain to execute own tmpfs files BZ(1643698) +- Allow xdm_t domain to manage dosfs_t files BZ(1645770) +- Label systemd-timesyncd binary as systemd_timedated_exec_t to make it run in systemd_timedated_t domain BZ(1640801) +- Improve fs_manage_ecryptfs_files to allow caller domain also mmap ecryptfs_t files BZ(1630675) +- Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313) + * Sun Nov 04 2018 Lukas Vrabec - 3.14.3-11 - Add nnp transition rule for vnstatd_t domain using NoNewPrivileges systemd feature BZ(1643063) - Allow l2tpd_t domain to mmap /etc/passwd file BZ(1638948) diff --git a/sources b/sources index fd734749..7289b0f1 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-6c30b43.tar.gz) = fb6cc12a4547a61daedb140f07a0858edc584124442d4010849cf7a5dd8b421ea35825c428b9f4ca7fe6d0ef2ec99cd0798112545911fe5c42cfa55139533347 -SHA512 (selinux-policy-a46eac2.tar.gz) = 88cf4f6801637eed42327796358b74c5db660d2f029c44693149e7339c595736a957626d2302b582fa11a628c655425ee819fabdb21551f819a253edb550f1d4 -SHA512 (container-selinux.tgz) = 7efc8fce110a6ae7ecb4574d7c9a2929997e23e31484924c74b37275121cde680311e46ec44fbdef8a8de89fca46b0c29811ab1a497627330ccf4021ddc47ec7 +SHA512 (selinux-policy-contrib-5a2a313.tar.gz) = 3a2c12e0636b241a36a398ae30db2b64376083034fc1033f5b745c27706559169f16d4c05ec4af6703e90250f0377dbbd80316f086ffce3c4fe942f40359b8af +SHA512 (selinux-policy-62d90da.tar.gz) = bce754eca7b01c15eab03d182e3d8baebb0783372df33e75f15442b3377c168e57502453950e8383947feb47c21e95184d7cdee35ac8aebcaccdcf5e5eaf04c1 +SHA512 (container-selinux.tgz) = a26a2ddd0aa3868d44bdb55197737e0f66377f5dd8abfcd00f6440b926338071f57f189bb5050d976dcc484d53a7f3ac35c74d48763975bea2afc6509501ebef