rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-17

Browse Source 
- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on
- Allow nrpe_t domain to be dbus cliennt
- Add interface sssd_signull()
- Label /usr/bin/tshark as wireshark_exec_t
- Fix typo in dbus_role_template()
- Allow userdomains to send data over dgram sockets to userdomains dbus services BZ(1710119)
- Allow userdomains dbus domain to execute dbus broker. BZ(1710113)
- Allow dovedot_deliver_t setuid/setgid capabilities BZ(1709572)
- Allow virt domains to access xserver devices BZ(1705685)
- Allow aide to be executed by systemd with correct (aide_t) domain BZ(1648512)
- Dontaudit svirt_tcg_t domain to read process state of libvirt BZ(1594598)
- Allow pcp_pmie_t domain to use fsetid capability BZ(1708082)
- Allow pcp_pmlogger_t to use setrlimit BZ(1708951)
- Allow gpsd_t domain to read udev db BZ(1709025)
- Add sys_ptrace capaiblity for  namespace_init_t domain
- Allow systemd to execute sa-update in spamd_update_t domain BZ(1705331)
- Allow rhsmcertd_t domain to read rpm cache files
- Label /efi same as /boot/efi boot_t BZ(1571962)
- Allow transition from udev_t to tlp_t BZ(1705246)
- Remove initrc_exec_t for /usr/sbin/apachectl file
This commit is contained in:
Lukas Vrabec 2019-05-17 18:12:55 +02:00
parent 1938d6c60c
commit fb7eb895aa
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
3 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -371,3 +371,5 @@ serefpolicy*
/selinux-policy-c5e58b6.tar.gz
/selinux-policy-contrib-721b2bf.tar.gz
/selinux-policy-8eaf5bc.tar.gz
/selinux-policy-contrib-38d51f0.tar.gz
/selinux-policy-62e78cf.tar.gz

28
selinux-policy.spec
View File

@ -1,11 +1,11 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 8eaf5bc83147ef2a4420363a9a5508338e7e4f56
%global commit0 62e78cf9f07ef77f1c9d7ce8633dd433310c59d6
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 721b2bf5c8086d4f9718c8d97cc9375ea6c827cb
%global commit1 38d51f0bce3aa41b5ebde42f27792c183c17f379
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat
@ -29,7 +29,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.4
Release: 16%{?dist}
Release: 17%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@ -787,6 +787,28 @@ exit 0
%endif
%changelog
* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-17
- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on
- Allow nrpe_t domain to be dbus cliennt
- Add interface sssd_signull()
- Label /usr/bin/tshark as wireshark_exec_t
- Fix typo in dbus_role_template()
- Allow userdomains to send data over dgram sockets to userdomains dbus services BZ(1710119)
- Allow userdomains dbus domain to execute dbus broker. BZ(1710113)
- Allow dovedot_deliver_t setuid/setgid capabilities BZ(1709572)
- Allow virt domains to access xserver devices BZ(1705685)
- Allow aide to be executed by systemd with correct (aide_t) domain BZ(1648512)
- Dontaudit svirt_tcg_t domain to read process state of libvirt BZ(1594598)
- Allow pcp_pmie_t domain to use fsetid capability BZ(1708082)
- Allow pcp_pmlogger_t to use setrlimit BZ(1708951)
- Allow gpsd_t domain to read udev db BZ(1709025)
- Add sys_ptrace capaiblity for namespace_init_t domain
- Allow systemd to execute sa-update in spamd_update_t domain BZ(1705331)
- Allow rhsmcertd_t domain to read rpm cache files
- Label /efi same as /boot/efi boot_t BZ(1571962)
- Allow transition from udev_t to tlp_t BZ(1705246)
- Remove initrc_exec_t for /usr/sbin/apachectl file
* Fri May 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-16
- Add fcontext for apachectl util to fix missing output when executed "httpd -t" from this script.

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-policy-contrib-721b2bf.tar.gz) = e09d12528e452f9ae837ad1eceeeb097533b6d83e6138c36ed0fe5c8040b31856af56e137c2690ad1140db0618edbefd5216846fe5811241a03ce47b92aea1a1
SHA512 (selinux-policy-8eaf5bc.tar.gz) = 62ecedf38e9f97ae25045386f1aed66d0b1f2a71be8f59b7ba1015909bffa798db0fd7e53551bdf8ea7b6a3d625b38c88a8266b5f785ed50282fb2be4c2c1588
SHA512 (container-selinux.tgz) = b360e27e9d8317e0a49d597651ef7fc3cadf771c5d6fb18d97c8bf3c9b04e09b34da7364e97a81029fad7834acf80c335d7da125b1cc06df2b16fdfd82c90285
SHA512 (selinux-policy-contrib-38d51f0.tar.gz) = 83dce8123c8eac1bc770201029b710ab3c116f88250555307d449bfdd51419f1305c83d8071e7a20f11b6ae272f198dac0d128251e4959dc8e12ca3194d366ea
SHA512 (selinux-policy-62e78cf.tar.gz) = 0043629db5f1f9d3a81e6bbd00d5e5ee4abaf989117fd4b287d0be4d12953175ff6c5072f9a28d3de438e1d7b75e2ef827bcba38aa6625dcd61959a14d56b3d0
SHA512 (container-selinux.tgz) = d7c41133e61c0db2e77da123f32ec954f141ba65be46dfd07d5b5758bfb3c2cb76fb23c43b17c5212d4145eb6ddb01a502dcee380a1ab3b1209cdd6613de6a4b
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2