From 87f0e22c98ce8cb9e47861b16e5f2e93f9768205 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: May 25 2018 22:32:49 +0000 Subject: * Sat May 26 2018 Lukas Vrabec - 3.14.1-30 - Add dac_override to exim policy BZ(1574303) - Fix typo in conntrackd.fc file - Allow sssd_t to kill sssd_selinux_manager_t - Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db is turned on - Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp - Allow policykit_auth_t to read udev db files BZ(1574419) - Allow varnishd_t do be dbus client BZ(1582251) - Allow cyrus_t domain to mmap own pid files BZ(1582183) - Allow user_mail_t domain to mmap etc_aliases_t files - Allow gkeyringd domains to run ssh agents - Allow gpg_pinentry_t domain read ssh state - Allow gpg_agent_t to send msgs to syslog/journal - Add dac_override capability to dovecot_t domain - Allow nscd_t domain to mmap system_db_t files - Allow tangd_t domain to create tcp sockets and add new interface tangd_read_db_files - Allow sysadm_u use xdm - Allow xdm_t domain to listen ofor unix dgram sockets BZ(1581495) - Add interface ssh_read_state() - Fix typo in sysnetwork.if file - Update dev_map_xserver_misc interface to allo mmaping char devices instead of files - Allow noatsecure permission for all domain transitions from systemd. - Allow systemd to read tangd db files - Fix typo in ssh.if file - Allow xdm_t domain to mmap xserver_misc_device_t files --- diff --git a/.gitignore b/.gitignore index 1461c32..dcba72a 100644 --- a/.gitignore +++ b/.gitignore @@ -285,3 +285,5 @@ serefpolicy* /selinux-policy-f7ef859.tar.gz /selinux-policy-contrib-f3cd7ec.tar.gz /selinux-policy-2df0978.tar.gz +/selinux-policy-bf47bbe.tar.gz +/selinux-policy-contrib-317ccb3.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index a38b33c..a913812 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 2df0978fb23a1c2f5ba9f73bfdb30c0d8d152c9b +%global commit0 bf47bbe0a26b17ac78beac584a9f7d4c73da7476 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 f3cd7ecd1eafef83ddb03a9fc64792cdc02c1ab6 +%global commit1 317ccb36c9ba5e726b16bdf8a20e5fd03746e2d7 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 29%{?dist} +Release: 30%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -718,6 +718,32 @@ exit 0 %endif %changelog +* Sat May 26 2018 Lukas Vrabec - 3.14.1-30 +- Add dac_override to exim policy BZ(1574303) +- Fix typo in conntrackd.fc file +- Allow sssd_t to kill sssd_selinux_manager_t +- Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db is turned on +- Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp +- Allow policykit_auth_t to read udev db files BZ(1574419) +- Allow varnishd_t do be dbus client BZ(1582251) +- Allow cyrus_t domain to mmap own pid files BZ(1582183) +- Allow user_mail_t domain to mmap etc_aliases_t files +- Allow gkeyringd domains to run ssh agents +- Allow gpg_pinentry_t domain read ssh state +- Allow gpg_agent_t to send msgs to syslog/journal +- Add dac_override capability to dovecot_t domain +- Allow nscd_t domain to mmap system_db_t files +- Allow tangd_t domain to create tcp sockets and add new interface tangd_read_db_files +- Allow sysadm_u use xdm +- Allow xdm_t domain to listen ofor unix dgram sockets BZ(1581495) +- Add interface ssh_read_state() +- Fix typo in sysnetwork.if file +- Update dev_map_xserver_misc interface to allo mmaping char devices instead of files +- Allow noatsecure permission for all domain transitions from systemd. +- Allow systemd to read tangd db files +- Fix typo in ssh.if file +- Allow xdm_t domain to mmap xserver_misc_device_t files + * Thu May 24 2018 Lukas Vrabec - 3.14.1-29 - Fixed typos in devices.if file diff --git a/sources b/sources index ddba8d9..44c652d 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-2df0978.tar.gz) = 85b216df7c0e03db57a74dd3f715b315c80cbe197bc434032db1d9fa227c02c460754eff0bd88dd282b80b7a5bcab271b674010960b9d9e4d82d5575c14b484c -SHA512 (selinux-policy-contrib-f3cd7ec.tar.gz) = 0b55e24826433971ff4e838ab2b7709593e8a9f59424107852aacd8a8145d39b27ac6dd26c3c59dc2924e103af1b0fbdd83689280b64f31100977d29ae61e070 -SHA512 (container-selinux.tgz) = 6518f62cc36af3f3eb6786ca9b58b15a70c894dab3ef3b9e90e0dd5760a778b29fe6722b9ec174f18bbc9d67bfecb4fba89825d27adf52fb8d3c48531eadfb39 +SHA512 (selinux-policy-bf47bbe.tar.gz) = 9b05b84df5d17b5ae9feaad97cdee9c38722d0c4345e1c264904758f53d762af6b233c872140ac11d844ff18a342750a2a3c32c74d31d2895e4654dfcb441b13 +SHA512 (selinux-policy-contrib-317ccb3.tar.gz) = fc5e2b031aecf36feb8f2cc6f77e16e60817e214d45e916847be738154f339ad1c9a7b7c28db8c86f48ac552946de7ce5d25a988dffdd7b0873a33ecdf0b6293 +SHA512 (container-selinux.tgz) = bd50cef89fe9844169449b4dd626986f30e23575aef297096b551eb06be2ab7a44f87c9ffa236a2fec30ebeea4022ef5d519b7d44bd4050d3b7b5230dd98e549