* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-17

- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on - Allow nrpe_t domain to be dbus cliennt - Add interface sssd_signull() - Label /usr/bin/tshark as wireshark_exec_t - Fix typo in dbus_role_template() - Allow userdomains to send data over dgram sockets to userdomains dbus services BZ(1710119) - Allow userdomains dbus domain to execute dbus broker. BZ(1710113) - Allow dovedot_deliver_t setuid/setgid capabilities BZ(1709572) - Allow virt domains to access xserver devices BZ(1705685) - Allow aide to be executed by systemd with correct (aide_t) domain BZ(1648512) - Dontaudit svirt_tcg_t domain to read process state of libvirt BZ(1594598) - Allow pcp_pmie_t domain to use fsetid capability BZ(1708082) - Allow pcp_pmlogger_t to use setrlimit BZ(1708951) - Allow gpsd_t domain to read udev db BZ(1709025) - Add sys_ptrace capaiblity for namespace_init_t domain - Allow systemd to execute sa-update in spamd_update_t domain BZ(1705331) - Allow rhsmcertd_t domain to read rpm cache files - Label /efi same as /boot/efi boot_t BZ(1571962) - Allow transition from udev_t to tlp_t BZ(1705246) - Remove initrc_exec_t for /usr/sbin/apachectl file
2019-05-17 18:12:55 +02:00 · 2019-05-17 18:12:55 +02:00 · fb7eb895aa
parent 1938d6c60c
commit fb7eb895aa
3 changed files with 30 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -371,3 +371,5 @@ serefpolicy*
 /selinux-policy-c5e58b6.tar.gz
 /selinux-policy-contrib-721b2bf.tar.gz
 /selinux-policy-8eaf5bc.tar.gz
+/selinux-policy-contrib-38d51f0.tar.gz
+/selinux-policy-62e78cf.tar.gz
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 8eaf5bc83147ef2a4420363a9a5508338e7e4f56
+%global commit0 62e78cf9f07ef77f1c9d7ce8633dd433310c59d6
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 721b2bf5c8086d4f9718c8d97cc9375ea6c827cb
+%global commit1 38d51f0bce3aa41b5ebde42f27792c183c17f379
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})

 %define distro redhat
@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.4
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,28 @@ exit 0
 %endif

 %changelog
+* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-17
+- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on
+- Allow nrpe_t domain to be dbus cliennt
+- Add interface sssd_signull()
+- Label /usr/bin/tshark as wireshark_exec_t
+- Fix typo in dbus_role_template()
+- Allow userdomains to send data over dgram sockets to userdomains dbus services BZ(1710119)
+- Allow userdomains dbus domain to execute dbus broker. BZ(1710113)
+- Allow dovedot_deliver_t setuid/setgid capabilities BZ(1709572)
+- Allow virt domains to access xserver devices BZ(1705685)
+- Allow aide to be executed by systemd with correct (aide_t) domain BZ(1648512)
+- Dontaudit svirt_tcg_t domain to read process state of libvirt BZ(1594598)
+- Allow pcp_pmie_t domain to use fsetid capability BZ(1708082)
+- Allow pcp_pmlogger_t to use setrlimit BZ(1708951)
+- Allow gpsd_t domain to read udev db BZ(1709025)
+- Add sys_ptrace capaiblity for  namespace_init_t domain
+- Allow systemd to execute sa-update in spamd_update_t domain BZ(1705331)
+- Allow rhsmcertd_t domain to read rpm cache files
+- Label /efi same as /boot/efi boot_t BZ(1571962)
+- Allow transition from udev_t to tlp_t BZ(1705246)
+- Remove initrc_exec_t for /usr/sbin/apachectl file
+
 * Fri May 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-16
 - Add fcontext for apachectl util to fix missing output when executed "httpd -t" from this script.

--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (selinux-policy-contrib-721b2bf.tar.gz) = e09d12528e452f9ae837ad1eceeeb097533b6d83e6138c36ed0fe5c8040b31856af56e137c2690ad1140db0618edbefd5216846fe5811241a03ce47b92aea1a1
-SHA512 (selinux-policy-8eaf5bc.tar.gz) = 62ecedf38e9f97ae25045386f1aed66d0b1f2a71be8f59b7ba1015909bffa798db0fd7e53551bdf8ea7b6a3d625b38c88a8266b5f785ed50282fb2be4c2c1588
-SHA512 (container-selinux.tgz) = b360e27e9d8317e0a49d597651ef7fc3cadf771c5d6fb18d97c8bf3c9b04e09b34da7364e97a81029fad7834acf80c335d7da125b1cc06df2b16fdfd82c90285
+SHA512 (selinux-policy-contrib-38d51f0.tar.gz) = 83dce8123c8eac1bc770201029b710ab3c116f88250555307d449bfdd51419f1305c83d8071e7a20f11b6ae272f198dac0d128251e4959dc8e12ca3194d366ea
+SHA512 (selinux-policy-62e78cf.tar.gz) = 0043629db5f1f9d3a81e6bbd00d5e5ee4abaf989117fd4b287d0be4d12953175ff6c5072f9a28d3de438e1d7b75e2ef827bcba38aa6625dcd61959a14d56b3d0
+SHA512 (container-selinux.tgz) = d7c41133e61c0db2e77da123f32ec954f141ba65be46dfd07d5b5758bfb3c2cb76fb23c43b17c5212d4145eb6ddb01a502dcee380a1ab3b1209cdd6613de6a4b
 SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2