* Tue Jan 29 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-19
- Add new xdp_socket class - Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains - Allow boltd_t domain to read cache_home_t files BZ(1669911) - Allow winbind_t domain to check for existence of processes labeled as systemd_hostnamed_t BZ(1669912) - Allow gpg_agent_t to create own tmpfs dirs and sockets - Allow openvpn_t domain to manage vpnc pidfiles BZ(1667572) - Add multiple interfaces for vpnc interface file - Label /var/run/fcgiwrap dir as httpd_var_run_t BZ(1655702) - In MongoDB 3.4.16, 3.6.6, 4.0.0 and later, mongod reads netstat info from proc and stores it in its diagnostic system (FTDC). See: https://jira.mongodb.org/browse/SERVER-31400 This means that we need to adjust the policy so that the mongod process is allowed to open and read /proc/net/netstat, which typically has symlinks (e.g. /proc/net/snmp). - Allow gssd_t domain to manage kernel keyrings of every domain. - Revert "Allow gssd_t domain to read/write kernel keyrings of every domain." - Allow plymouthd_t search efivarfs directory BZ(1664143)
This commit is contained in:
parent
1767906c81
commit
ee38f3e105
|
@ -1,11 +1,11 @@
|
||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy base sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 35f00c192427aff18892b9f1f150ee35b885f84a
|
%global commit0 5181cbd448c7aea433aad45675befadda96002e2
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
# github repo with selinux-policy contrib sources
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
%global commit1 2664b0adafc3a35769ae5294cf9ecdf3fda47e1a
|
%global commit1 992defd63683a26684dbbca3e4d1d652cd340f00
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.3
|
Version: 3.14.3
|
||||||
Release: 18%{?dist}
|
Release: 19%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||||
|
@ -706,6 +706,20 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 29 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-19
|
||||||
|
- Add new xdp_socket class
|
||||||
|
- Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains
|
||||||
|
- Allow boltd_t domain to read cache_home_t files BZ(1669911)
|
||||||
|
- Allow winbind_t domain to check for existence of processes labeled as systemd_hostnamed_t BZ(1669912)
|
||||||
|
- Allow gpg_agent_t to create own tmpfs dirs and sockets
|
||||||
|
- Allow openvpn_t domain to manage vpnc pidfiles BZ(1667572)
|
||||||
|
- Add multiple interfaces for vpnc interface file
|
||||||
|
- Label /var/run/fcgiwrap dir as httpd_var_run_t BZ(1655702)
|
||||||
|
- In MongoDB 3.4.16, 3.6.6, 4.0.0 and later, mongod reads netstat info from proc and stores it in its diagnostic system (FTDC). See: https://jira.mongodb.org/browse/SERVER-31400 This means that we need to adjust the policy so that the mongod process is allowed to open and read /proc/net/netstat, which typically has symlinks (e.g. /proc/net/snmp).
|
||||||
|
- Allow gssd_t domain to manage kernel keyrings of every domain.
|
||||||
|
- Revert "Allow gssd_t domain to read/write kernel keyrings of every domain."
|
||||||
|
- Allow plymouthd_t search efivarfs directory BZ(1664143)
|
||||||
|
|
||||||
* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
|
* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
|
||||||
- Allow plymouthd_t search efivarfs directory BZ(1664143)
|
- Allow plymouthd_t search efivarfs directory BZ(1664143)
|
||||||
- Allow arpwatch send e-mail notifications BZ(1657327)
|
- Allow arpwatch send e-mail notifications BZ(1657327)
|
||||||
|
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
||||||
SHA512 (selinux-policy-contrib-2664b0a.tar.gz) = 2365ccf4220f12a123d09b5c00fc4c6c0cde9f724d3907e37b1f11ad15dcd7aff5ac3322d3196148e67fcd77208fddca662de140d7980bcf74db84693e61fc81
|
SHA512 (selinux-policy-5181cbd.tar.gz) = e9b3310fcd57e83789d9a052bf9b9ed3ba30298712c0eb20689d2a172ce6eff89f17eba11a7c7fb1b0eda3ef11ac76d7c6cd6b85c88618e973d4e114d8d56d1f
|
||||||
SHA512 (selinux-policy-35f00c1.tar.gz) = 78aaa591881139fbd6a23670b039a489c33199366e42b4a1f47b8853c162c90b0cd2b2c399463ffcdf266ac526ca78a1232cbe411e31741fdf5336cdd9ca1f6b
|
SHA512 (selinux-policy-contrib-992defd.tar.gz) = e5e487dc051183af132e5a009f4dfb1daee222106301ada9de952f43cee2eb4eba07bb2294229f15f176e5f59d267b5b132899ad838fe135355735c7a687a1f9
|
||||||
SHA512 (container-selinux.tgz) = 045eefcf7226eea45a19cbfab64bdab4588bf7ac3ee4ff8d62084f12d813b8c4437d33da48288a44912a88ec2f7af90c00fbbaf50dd8fbed50f883b696b615fd
|
SHA512 (container-selinux.tgz) = 563741e82819ea25bc67150a6ce8e1f5a6a16725648c4ab4dcabe03bc3725f088640ad2a7df610c42dbf2477d5bf4039f73c01ba9b8d118576448153192c766d
|
||||||
|
|
Loading…
Reference in New Issue