rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Jan 29 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-19 

- Add new xdp_socket class
- Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains
- Allow boltd_t domain to read cache_home_t files BZ(1669911)
- Allow winbind_t domain to check for existence of processes labeled as systemd_hostnamed_t BZ(1669912)
- Allow gpg_agent_t to create own tmpfs dirs and sockets
- Allow openvpn_t domain to manage vpnc pidfiles BZ(1667572)
- Add multiple interfaces for vpnc interface file
- Label /var/run/fcgiwrap dir as httpd_var_run_t BZ(1655702)
- In MongoDB 3.4.16, 3.6.6, 4.0.0 and later, mongod reads netstat info from proc and stores it in its diagnostic system (FTDC). See: https://jira.mongodb.org/browse/SERVER-31400 This means that we need to adjust the policy so that the mongod process is allowed to open and read /proc/net/netstat, which typically has symlinks (e.g. /proc/net/snmp).
- Allow gssd_t domain to manage kernel keyrings of every domain.
- Revert "Allow gssd_t domain to read/write kernel keyrings of every domain."
- Allow plymouthd_t search efivarfs directory BZ(1664143)
This commit is contained in:
Lukas Vrabec 2019-01-29 16:51:11 +01:00
parent 1767906c81
commit ee38f3e105
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
2 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 35f00c192427aff18892b9f1f150ee35b885f84a
%global commit0 5181cbd448c7aea433aad45675befadda96002e2
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 2664b0adafc3a35769ae5294cf9ecdf3fda47e1a
%global commit1 992defd63683a26684dbbca3e4d1d652cd340f00
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.3
Release: 18%{?dist}
Release: 19%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -706,6 +706,20 @@ exit 0
%endif
%changelog
* Tue Jan 29 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-19
- Add new xdp_socket class
- Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains
- Allow boltd_t domain to read cache_home_t files BZ(1669911)
- Allow winbind_t domain to check for existence of processes labeled as systemd_hostnamed_t BZ(1669912)
- Allow gpg_agent_t to create own tmpfs dirs and sockets
- Allow openvpn_t domain to manage vpnc pidfiles BZ(1667572)
- Add multiple interfaces for vpnc interface file
- Label /var/run/fcgiwrap dir as httpd_var_run_t BZ(1655702)
- In MongoDB 3.4.16, 3.6.6, 4.0.0 and later, mongod reads netstat info from proc and stores it in its diagnostic system (FTDC). See: https://jira.mongodb.org/browse/SERVER-31400 This means that we need to adjust the policy so that the mongod process is allowed to open and read /proc/net/netstat, which typically has symlinks (e.g. /proc/net/snmp).
- Allow gssd_t domain to manage kernel keyrings of every domain.
- Revert "Allow gssd_t domain to read/write kernel keyrings of every domain."
- Allow plymouthd_t search efivarfs directory BZ(1664143)
* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
- Allow plymouthd_t search efivarfs directory BZ(1664143)
- Allow arpwatch send e-mail notifications BZ(1657327)

6
sources
View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-contrib-2664b0a.tar.gz) = 2365ccf4220f12a123d09b5c00fc4c6c0cde9f724d3907e37b1f11ad15dcd7aff5ac3322d3196148e67fcd77208fddca662de140d7980bcf74db84693e61fc81
SHA512 (selinux-policy-35f00c1.tar.gz) = 78aaa591881139fbd6a23670b039a489c33199366e42b4a1f47b8853c162c90b0cd2b2c399463ffcdf266ac526ca78a1232cbe411e31741fdf5336cdd9ca1f6b
SHA512 (container-selinux.tgz) = 045eefcf7226eea45a19cbfab64bdab4588bf7ac3ee4ff8d62084f12d813b8c4437d33da48288a44912a88ec2f7af90c00fbbaf50dd8fbed50f883b696b615fd
SHA512 (selinux-policy-5181cbd.tar.gz) = e9b3310fcd57e83789d9a052bf9b9ed3ba30298712c0eb20689d2a172ce6eff89f17eba11a7c7fb1b0eda3ef11ac76d7c6cd6b85c88618e973d4e114d8d56d1f
SHA512 (selinux-policy-contrib-992defd.tar.gz) = e5e487dc051183af132e5a009f4dfb1daee222106301ada9de952f43cee2eb4eba07bb2294229f15f176e5f59d267b5b132899ad838fe135355735c7a687a1f9
SHA512 (container-selinux.tgz) = 563741e82819ea25bc67150a6ce8e1f5a6a16725648c4ab4dcabe03bc3725f088640ad2a7df610c42dbf2477d5bf4039f73c01ba9b8d118576448153192c766d