rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Oct 04 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-6

Browse Source 
- Update aide_t domain to allow this tool to analyze also /dev filesystem
- Allow bitlbee_t domain map files in /usr
- Allow stratisd to getattr of fixed disk device nodes
- Add net_broadcast capability to openvswitch_t domain BZ(1716044)
- Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
- Allow cobblerd_t domain search apache configuration dirs
- Dontaudit NetworkManager_t domain to write to kdump temp pipies BZ(1750428)
- Label /var/log/collectd.log as collectd_log_t
- Allow boltd_t domain to manage sysfs files and dirs BZ(1754360)
- Add fowner capability to the pcp_pmlogger_t domain BZ(1754767)
- networkmanager: allow NetworkManager_t to create bluetooth_socket
- Fix ipa_custodia_stream_connect interface
- Add new interface udev_getattr_rules_chr_files()
- Make dbus-broker service working on s390x arch
- Add new interface dev_mounton_all_device_nodes()
- Add new interface dev_create_all_files()
- Allow systemd(init_t) to load kernel modules
- Allow ldconfig_t domain to manage initrc_tmp_t objects
- Add new interface init_write_initrc_tmp_pipes()
- Add new interface init_manage_script_tmp_files()
- Allow xdm_t setpcap capability in user namespace BZ(1756790)
- Allow x_userdomain to mmap generic SSL certificates
- Allow xdm_t domain to user netlink_route sockets BZ(1756791)
- Update files_create_var_lib_dirs() interface to allow caller domain also set attributes of var_lib_t directory BZ(1754245)
- Allow sudo userdomain to run rpm related commands
- Add sys_admin capability for ipsec_t domain
- Allow systemd_modules_load_t domain to read systemd pid files
- Add new interface init_read_pid_files()
- Allow systemd labeled as init_t domain to manage faillog_t objects
- Add file context ipsec_var_run_t for /var/run/charon\.dck to ipsec.fc
- Make ipa_custodia policy active
This commit is contained in:
Lukas Vrabec 2019-10-04 14:03:09 +02:00
parent a21f7739e6
commit e84c9b118f
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 41 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -406,3 +406,5 @@ serefpolicy*
/selinux-policy-31db3dc.tar.gz /selinux-policy-31db3dc.tar.gz
/selinux-policy-contrib-c3a90b3.tar.gz /selinux-policy-contrib-c3a90b3.tar.gz
/selinux-policy-contrib-bfb130f.tar.gz /selinux-policy-contrib-bfb130f.tar.gz
/selinux-policy-contrib-2c0ecb3.tar.gz
/selinux-policy-d63d681.tar.gz

39
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources # github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 31db3dc710352793e122ccc2bab65f1de1021a77 %global commit0 d63d681bef779d7f83956f5ba968cde2a25f77fd
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources # github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 bfb130fe27395f109ebbeb7d861304b5efd546f3 %global commit1 2c0ecb3472e18e26894ab629dca36ad09999e4af
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.5 Version: 3.14.5
Release: 5%{?dist} Release: 6%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,39 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Oct 04 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-6
- Update aide_t domain to allow this tool to analyze also /dev filesystem
- Allow bitlbee_t domain map files in /usr
- Allow stratisd to getattr of fixed disk device nodes
- Add net_broadcast capability to openvswitch_t domain BZ(1716044)
- Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
- Allow cobblerd_t domain search apache configuration dirs
- Dontaudit NetworkManager_t domain to write to kdump temp pipies BZ(1750428)
- Label /var/log/collectd.log as collectd_log_t
- Allow boltd_t domain to manage sysfs files and dirs BZ(1754360)
- Add fowner capability to the pcp_pmlogger_t domain BZ(1754767)
- networkmanager: allow NetworkManager_t to create bluetooth_socket
- Fix ipa_custodia_stream_connect interface
- Add new interface udev_getattr_rules_chr_files()
- Make dbus-broker service working on s390x arch
- Add new interface dev_mounton_all_device_nodes()
- Add new interface dev_create_all_files()
- Allow systemd(init_t) to load kernel modules
- Allow ldconfig_t domain to manage initrc_tmp_t objects
- Add new interface init_write_initrc_tmp_pipes()
- Add new interface init_manage_script_tmp_files()
- Allow xdm_t setpcap capability in user namespace BZ(1756790)
- Allow x_userdomain to mmap generic SSL certificates
- Allow xdm_t domain to user netlink_route sockets BZ(1756791)
- Update files_create_var_lib_dirs() interface to allow caller domain also set attributes of var_lib_t directory BZ(1754245)
- Allow sudo userdomain to run rpm related commands
- Add sys_admin capability for ipsec_t domain
- Allow systemd_modules_load_t domain to read systemd pid files
- Add new interface init_read_pid_files()
- Allow systemd labeled as init_t domain to manage faillog_t objects
- Add file context ipsec_var_run_t for /var/run/charon\.dck to ipsec.fc
- Make ipa_custodia policy active
* Fri Sep 20 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-5 * Fri Sep 20 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-5
- Fix ipa_custodia_stream_connect interface - Fix ipa_custodia_stream_connect interface
- Allow systemd_modules_load_t domain to read systemd pid files - Allow systemd_modules_load_t domain to read systemd pid files

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-bfb130f.tar.gz) = 177cac438c237cd182190e51dc718bc728ac29e4957cadcb2acd354c7b397627db85a7f6ac9aeed3b291647dfb98f1ac554c6b4cd8e722beadfedc1c133b6f92 SHA512 (selinux-policy-contrib-2c0ecb3.tar.gz) = 8dbaab26f120da2d373dd0ab083ca186a329aebd9205ff4f2f1993ddc7d36c9b8d91b68937b490d5be3bb9a97b019351ed2d94c7bd69595be76df73da193117b
SHA512 (selinux-policy-31db3dc.tar.gz) = 4ca478f41ea2af15aba4c0eba3f92e5f70b19435df02db2e0508c2e6afc611de22d44c338951587be894b09317c09ed72cc8dade4f9718a675491579b972b970 SHA512 (selinux-policy-d63d681.tar.gz) = 12d5261076de9edc2755859888325fa90d7d3fae0157022bd2f192e15d6695e7d5285d8ddfb46ecd6baee78a60338ae46fcc3710bdcf30c80735d6d6c0dfd1b1
SHA512 (container-selinux.tgz) = fae6be5045dfb4c16cb077657c14679224cfce676e6c0a398667d0b0ec4e3f298cfbc6f3dafc79f312ec2c6981232cc4df2fe58ecea8a07d55f0d17e6ec22ef1
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = 8917bc6d62ce172a4dd88e3c99ed8b2cf4d930a2847e407678f184b45c29582a4364fb56c770d48c590e75593e7be9271c7131ec2aae611efdce01e1370be1ab