* Mon Jul 08 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-22
- Label /var/kerberos/krb5 as krb5_keytab_t - Allow glusterd_t domain to setpgid - Allow lsmd_t domain to execute /usr/bin/debuginfo-install - Allow sbd_t domain to manage cgroup dirs - Allow opafm_t domain to modify scheduling information of another process. - Allow wireshark_t domain to create netlink netfilter sockets - Allow gpg_agent_t domain to use nsswitch - Allow httpd script types to mmap httpd rw content - Allow dkim_milter_t domain to execute shell BZ(17116937) - Allow sbd_t domain to use nsswitch - Allow rhsmcertd_t domain to send signull to all domains - Allow snort_t domain to create netlink netfilter sockets BZ(1723184) - Dontaudit blueman to read state of all domains on system BZ(1722696) - Allow boltd_t domain to use ps and get state of all domains on system. BZ(1723217) - Allow rtkit_daemon_t to uise sys_ptrace usernamespace capability BZ(1723308) - Replace "-" by "_" in types names - Change condor_domain declaration in condor_systemctl - Allow firewalld_t domain to read iptables_var_run_t files BZ(1722405) - Allow auditd_t domain to send signals to audisp_remote_t domain - Allow systemd labeled as init_t domain to read/write faillog_t. BZ(1723132) - Allow systemd_tmpfiles_t domain to relabel from usermodehelper_t files - Add interface kernel_relabelfrom_usermodehelper() - Dontaudit unpriv_userdomain to manage boot_t files - Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509) - Allow systemd to execute bootloader grub2-set-bootflag BZ(1722531) - Allow associate efivarfs_t on sysfs_t
This commit is contained in:
parent
8e8fb9c480
commit
f57a61daab
2
.gitignore
vendored
2
.gitignore
vendored
@ -381,3 +381,5 @@ serefpolicy*
|
||||
/selinux-policy-26ad838.tar.gz
|
||||
/selinux-policy-contrib-2f9692d.tar.gz
|
||||
/selinux-policy-5b2d489.tar.gz
|
||||
/selinux-policy-contrib-7d3bcf4.tar.gz
|
||||
/selinux-policy-905153e.tar.gz
|
||||
|
@ -1,11 +1,11 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 5b2d4897031e5981a7eff958e030449c45f6a124
|
||||
%global commit0 905153ec95cbd126ca77dccae57ef453bc0ad2a5
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 2f9692d829113985c576641ec0dd5192340e5645
|
||||
%global commit1 7d3bcf40795a24bc1f808deeb5c5b1a54ecc6197
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
@ -29,7 +29,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.4
|
||||
Release: 21%{?dist}
|
||||
Release: 22%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
@ -787,6 +787,34 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jul 08 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-22
|
||||
- Label /var/kerberos/krb5 as krb5_keytab_t
|
||||
- Allow glusterd_t domain to setpgid
|
||||
- Allow lsmd_t domain to execute /usr/bin/debuginfo-install
|
||||
- Allow sbd_t domain to manage cgroup dirs
|
||||
- Allow opafm_t domain to modify scheduling information of another process.
|
||||
- Allow wireshark_t domain to create netlink netfilter sockets
|
||||
- Allow gpg_agent_t domain to use nsswitch
|
||||
- Allow httpd script types to mmap httpd rw content
|
||||
- Allow dkim_milter_t domain to execute shell BZ(17116937)
|
||||
- Allow sbd_t domain to use nsswitch
|
||||
- Allow rhsmcertd_t domain to send signull to all domains
|
||||
- Allow snort_t domain to create netlink netfilter sockets BZ(1723184)
|
||||
- Dontaudit blueman to read state of all domains on system BZ(1722696)
|
||||
- Allow boltd_t domain to use ps and get state of all domains on system. BZ(1723217)
|
||||
- Allow rtkit_daemon_t to uise sys_ptrace usernamespace capability BZ(1723308)
|
||||
- Replace "-" by "_" in types names
|
||||
- Change condor_domain declaration in condor_systemctl
|
||||
- Allow firewalld_t domain to read iptables_var_run_t files BZ(1722405)
|
||||
- Allow auditd_t domain to send signals to audisp_remote_t domain
|
||||
- Allow systemd labeled as init_t domain to read/write faillog_t. BZ(1723132)
|
||||
- Allow systemd_tmpfiles_t domain to relabel from usermodehelper_t files
|
||||
- Add interface kernel_relabelfrom_usermodehelper()
|
||||
- Dontaudit unpriv_userdomain to manage boot_t files
|
||||
- Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)
|
||||
- Allow systemd to execute bootloader grub2-set-bootflag BZ(1722531)
|
||||
- Allow associate efivarfs_t on sysfs_t
|
||||
|
||||
* Tue Jun 18 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-21
|
||||
- Add vnstatd_var_lib_t to mountpoint attribute BZ(1648864)
|
||||
- cockpit: Support split-out TLS proxy
|
||||
|
6
sources
6
sources
@ -1,4 +1,4 @@
|
||||
SHA512 (selinux-policy-5b2d489.tar.gz) = c5b1434ad8659daddd06d6e3c147e04dc5d2bcd62d9916fde98607ead9df68cdd9e785dc7bf948b7ce8b7c0e68255b37a7f87f44f6bbb629f678027800a8d4dc
|
||||
SHA512 (selinux-policy-contrib-2f9692d.tar.gz) = a8adfb1f5773295d0b2b70a660e1ff37b1e8e69b8e81c364b2efa2e5ab557a458cd9530dd24c7feba98dd6df19f5a4711c8946049431340e2decc4ddbf3da635
|
||||
SHA512 (selinux-policy-contrib-7d3bcf4.tar.gz) = 2869511bad83649d066471781b9910ab577a2ae981a0f046688c7d5ec83203e1549013d1a164295e77fcb83c5c8adcdf1e7a191c117610aa092c91abd8046fee
|
||||
SHA512 (selinux-policy-905153e.tar.gz) = 1b8e6d4c1b47f5f5436ad61e4777e9c13b0746ea802a51ddcc542c0f60c24fb5dc58a4303f645fb1d1c7336c23302e1c56829bfdf460b841414ee7791a9a15d3
|
||||
SHA512 (container-selinux.tgz) = e7cf088717a965271df59ab9b145d0df9f5b06e7a8b4979b435cb9141d43a68ddae0e62127c1afb4e94fe2bb6428e42c8f276d4a8982322532a9da28a1bd33e8
|
||||
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
|
||||
SHA512 (container-selinux.tgz) = b2fdeaf63e3ab10ba132d1b55f66f3313dbc5b0411015055bca0a3a6d9435c5242fe8353ee238439b0f7d0f1e6cef307b52059b05945b034bb8e595503a81684
|
||||
|
Loading…
Reference in New Issue
Block a user