* Tue Jan 30 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-4

- rpm: Label /usr/share/rpm usr_t (ostree/Atomic systems) - Update dbus_role_template() BZ(1536218) - Allow lldpad_t domain to mmap own tmpfs files BZ(1534119) - Allow blueman_t dbus chat with policykit_t BZ(1470501) - Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t BZ(1507110) - Allow postfix_master_t and postfix_local_t to connect to system dbus. BZ(1530275) - Allow system_munin_plugin_t domain to read sssd public files and allow stream connect to ssd daemon BZ(1528471) - Allow rkt_t domain to bind on rkt_port_t tcp BZ(1534636) - Allow jetty_t domain to mmap own temp files BZ(1534628) - Allow sslh_t domain to read sssd public files and stream connect to sssd. BZ(1534624) - Consistently label usr_t for kernel/initrd in /usr - kernel/files.fc: Label /usr/lib/sysimage as usr_t - Allow iptables sysctl load list support with SELinux enforced - Label HOME_DIR/.config/systemd/user/* user unit files as systemd_unit_file_t BZ(1531864)
2018-01-30 12:57:41 +01:00 · 2018-01-30 12:57:41 +01:00 · e9c4389283
parent e7bae02f22
commit e9c4389283
3 changed files with 24 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -241,3 +241,5 @@ serefpolicy*
 /selinux-policy-contrib-68a780b.tar.gz
 /selinux-policy-0087f3e.tar.gz
 /selinux-policy-contrib-93c9a53.tar.gz
+/selinux-policy-747f4e6.tar.gz
+/selinux-policy-contrib-4fe9943.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 0087f3e102d17ccd709e91873493ad4367a4604e
+%global commit0 747f4e6775d773ab74efae5aa37f3e5e7f0d4aca
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 93c9a53f55dfee388e5b7e945fc19b4283fe9b3a
+%global commit1 4fe994375eb873a2fb7a1205180df832d1f32079
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
@ -719,6 +719,22 @@ exit 0
 %endif

 %changelog
+* Tue Jan 30 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-4
+- rpm: Label /usr/share/rpm usr_t (ostree/Atomic systems)
+- Update dbus_role_template() BZ(1536218)
+- Allow lldpad_t domain to mmap own tmpfs files BZ(1534119)
+- Allow blueman_t dbus chat with policykit_t BZ(1470501)
+- Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t BZ(1507110)
+- Allow postfix_master_t and postfix_local_t to connect to system dbus. BZ(1530275)
+- Allow system_munin_plugin_t domain to read sssd public files and allow stream connect to ssd daemon BZ(1528471)
+- Allow rkt_t domain to bind on rkt_port_t tcp BZ(1534636)
+- Allow jetty_t domain to mmap own temp files BZ(1534628)
+- Allow sslh_t domain to read sssd public files and stream connect to sssd. BZ(1534624)
+- Consistently label usr_t for kernel/initrd in /usr
+- kernel/files.fc: Label /usr/lib/sysimage as usr_t
+- Allow iptables sysctl load list support with SELinux enforced
+- Label HOME_DIR/.config/systemd/user/* user unit files as systemd_unit_file_t BZ(1531864)
+
 * Fri Jan 19 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-3
 - Merge pull request #45 from jlebon/pr/rot-sd-dbus-rawhide
 - Allow virt_domains to acces infiniband pkeys.
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (selinux-policy-0087f3e.tar.gz) = fed487abb21eb46d80ddae7686fabdaf107163d0b372d757ea7f60e4d5bb32e635ea46bf81ba602fff46281f230e4a273d3d5abaf7107bf4d5c72a845ca7cec9
-SHA512 (selinux-policy-contrib-93c9a53.tar.gz) = b2e3b29d30e418a766a9a4eeb1833c9bb6ab3e9ad599bfa88694978ca3e32e3ec97e9317095e08b97d92a0705536e423ac6e6f7d726d7150d341bcd9122afc58
-SHA512 (container-selinux.tgz) = 2e026f683942fd5dc73a107fd3a143b843e0af70abe939a2859dfcc28bad2e283094b2a13dafa0f7ae1a0fd65d3fda3cff33fbaade6097c9b6781e25da8ee582
+SHA512 (selinux-policy-747f4e6.tar.gz) = e0caa773814d47f8e803d92540d9a0f94c9842fc0c9f970692734d257e8cab74b912da024ee7b1fb0a354d15d87d1c2cedf11e71fd4a5b7e57d9f6a1ca9f6585
+SHA512 (selinux-policy-contrib-4fe9943.tar.gz) = a8f8db61c7a7a1ea0eef723c11d733014a893edb41ec3b8383dc2f482eb1d80001fcacae226b95461439dae8d592332739c634fb83d137722326ad0d1385940f
+SHA512 (container-selinux.tgz) = e45c6e1d9fa8df43a7950e3d1bae6e274ccd094fc8e859db9f90c284b463530d79f141b8aabc85b8ce109811b11022df20ec47df4514b65e5bc4088f2cb973af