From ef7c751093fdc342fcd9c3f004b41e2582dda52b Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Thu, 4 Oct 2018 16:27:59 +0200 Subject: [PATCH] * Thu Oct 04 2018 Lukas Vrabec - 3.14.3-5 - Allow dictd_t domain to mmap dictd_var_lib_t files BZ(1634650) - Fix typo in boltd.te policy - Allow fail2ban_t domain to mmap journal - Add kill capability to named_t domain - Allow neutron domain to read/write /var/run/utmp - Create boltd_var_run_t type for boltd pid files - Allow tomcat_domain to read /dev/random - Allow neutron_t domain to use pam - Add the port used by nsca (Nagios Service Check Acceptor) --- .gitignore | 2 ++ selinux-policy.spec | 17 ++++++++++++++--- sources | 6 +++--- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index f6651fdb..0bbf14ff 100644 --- a/.gitignore +++ b/.gitignore @@ -310,3 +310,5 @@ serefpolicy* /selinux-policy-38c6414.tar.gz /selinux-policy-contrib-dab4b50.tar.gz /selinux-policy-446ee2a.tar.gz +/selinux-policy-0813126.tar.gz +/selinux-policy-contrib-ff6d7f4.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 0fb4b17f..222dad40 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 446ee2abb3b37bb0fe27fa313048069d3c83b0e7 +%global commit0 08131262642800aecab1c830382056bcc312bd55 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 dab4b50b7d2268b6cfb675754903b1a413008bba +%global commit1 ff6d7f41cdba4524422558bf381447c1f8181014 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -709,6 +709,17 @@ exit 0 %endif %changelog +* Thu Oct 04 2018 Lukas Vrabec - 3.14.3-5 +- Allow dictd_t domain to mmap dictd_var_lib_t files BZ(1634650) +- Fix typo in boltd.te policy +- Allow fail2ban_t domain to mmap journal +- Add kill capability to named_t domain +- Allow neutron domain to read/write /var/run/utmp +- Create boltd_var_run_t type for boltd pid files +- Allow tomcat_domain to read /dev/random +- Allow neutron_t domain to use pam +- Add the port used by nsca (Nagios Service Check Acceptor) + * Mon Sep 24 2018 Lukas Vrabec - 3.14.3-4 - Update sources to include SELinux policy for containers diff --git a/sources b/sources index 4d630e5c..4ccd6f36 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-dab4b50.tar.gz) = f75ccf7d02520c85ca80f80b00101713689595e82765605c6a3a33e6c6488fd04885b06ff36d50f88741182b8d010e5157133ff9a5679fc1a45bbd09b461859b -SHA512 (selinux-policy-446ee2a.tar.gz) = a460286e138f0424cb2da998d72fa7f332f92713604d5d17aa55da79620591ccf857b9682984cc3b4a9965ad7178269ebadb512979d5c86d6ef288a7811c3d09 -SHA512 (container-selinux.tgz) = 56596d0044897ad64722f8fb5fffb8d308d257384e64c1da0fdb1856bc8de2550fdca39f49fcd086ea95a4a1504d252e0f697530452c67abde864a2606967b2e +SHA512 (selinux-policy-0813126.tar.gz) = 9cd52f0513b8fe26ba5e8ef52dca203d58b09ce17c7ba2daab2b8a3b91e20d6188ed3dbebb388aab9329d636d63359cb34e5f65f49399b05da921a531f368fa2 +SHA512 (selinux-policy-contrib-ff6d7f4.tar.gz) = ec107276762235a01183a43428978a8b28e5e43c63abd255d7e2ebf9828230eaafe67539d6826f6934de4e6ef16fc9cda82b4c824172d20da55f1ff98803104a +SHA512 (container-selinux.tgz) = 399c9b708e9acd91b42e27d086067b5959bf3df5de55c5f9d1cd8fa5c2c4723a136e7054c0f93c49be7e32d444ed7483f2a394de36c93fa508452ee3e2ef86d3