From f4debe939a4e33e619a554c7ef51248e59de30f5 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Jun 14 2018 13:31:59 +0000 Subject: * Thu Jun 14 2018 Lukas Vrabec - 3.14.2-25 - Merge pull request #60 from vmojzis/rawhide - Allow tangd_t domain stream connect to sssd - Allow oddjob_t domain to chat with systemd via dbus - Allow freeipmi domains to mmap sysfs files - Fix typo in logwatch interface file - Allow spamd_t to manage logwatch_cache_t files/dirs - Allow dnsmasw_t domain to create own tmp files and manage mnt files - Allow fail2ban_client_t to inherit rlimit information from parent process - Allow nscd_t to read kernel sysctls - Label /var/log/conman.d as conman_log_t - Add dac_override capability to tor_t domain - Allow certmonger_t to readwrite to user_tmp_t dirs - Allow abrt_upload_watch_t domain to read general certs - Allow chornyd_t read phc2sys_t shared memory - Add several allow rules for pesign policy: - Add setgid and setuid capabilities to mysqlfd_safe_t domain - Add tomcat_can_network_connect_db boolean - Update virt_use_sanlock() boolean to read sanlock state - Add sanlock_read_state() interface - Allow zoneminder_t to getattr of fs_t - Allow rhsmcertd_t domain to send signull to postgresql_t domain - Add log file type to collectd and allow corresponding access - Allow policykit_t domain to dbus chat with dhcpc_t - Allow traceroute_t domain to exec bin_t binaries - Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override - Add new interface dev_map_sysfs() - Allow sshd_keygen_t to execute plymouthd - Allow systemd_networkd_t create and relabel tun sockets - Add new interface postgresql_signull() --- diff --git a/.gitignore b/.gitignore index f395f6c..9f1210e 100644 --- a/.gitignore +++ b/.gitignore @@ -292,3 +292,5 @@ serefpolicy* /selinux-policy-contrib-f1b2ca4.tar.gz /selinux-policy-ae55b01.tar.gz /selinux-policy-contrib-d23eef1.tar.gz +/selinux-policy-003cd80.tar.gz +/selinux-policy-contrib-494e26e.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 394b558..1366ec9 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 ae55b01a8df7f7c4afd8cd6697e848141352c3a2 +%global commit0 003cd803fb79dd225b523adfda9d655beedbf383 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 d23eef15f7aa7c9bee340a374b53e5a3cb485e90 +%global commit1 494e26e0f9a9fd1208a7e03018815211a36ee2be %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -718,6 +718,37 @@ exit 0 %endif %changelog +* Thu Jun 14 2018 Lukas Vrabec - 3.14.2-25 +- Merge pull request #60 from vmojzis/rawhide +- Allow tangd_t domain stream connect to sssd +- Allow oddjob_t domain to chat with systemd via dbus +- Allow freeipmi domains to mmap sysfs files +- Fix typo in logwatch interface file +- Allow spamd_t to manage logwatch_cache_t files/dirs +- Allow dnsmasw_t domain to create own tmp files and manage mnt files +- Allow fail2ban_client_t to inherit rlimit information from parent process +- Allow nscd_t to read kernel sysctls +- Label /var/log/conman.d as conman_log_t +- Add dac_override capability to tor_t domain +- Allow certmonger_t to readwrite to user_tmp_t dirs +- Allow abrt_upload_watch_t domain to read general certs +- Allow chornyd_t read phc2sys_t shared memory +- Add several allow rules for pesign policy: +- Add setgid and setuid capabilities to mysqlfd_safe_t domain +- Add tomcat_can_network_connect_db boolean +- Update virt_use_sanlock() boolean to read sanlock state +- Add sanlock_read_state() interface +- Allow zoneminder_t to getattr of fs_t +- Allow rhsmcertd_t domain to send signull to postgresql_t domain +- Add log file type to collectd and allow corresponding access +- Allow policykit_t domain to dbus chat with dhcpc_t +- Allow traceroute_t domain to exec bin_t binaries +- Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override +- Add new interface dev_map_sysfs() +- Allow sshd_keygen_t to execute plymouthd +- Allow systemd_networkd_t create and relabel tun sockets +- Add new interface postgresql_signull() + * Tue Jun 12 2018 Lukas Vrabec - 3.14.2-24 - /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type - Allow ntop_t domain to create/map various sockets/files. diff --git a/sources b/sources index 3b02f07..6eb065f 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-ae55b01.tar.gz) = ffb76c965e4dc07a41f1b9b451fb15af8cdf9790d50344b305fa4eb84be71960f70ec27ef11f4080cf902315075b0951d591577d88eac01d789a77c0df3e57a2 -SHA512 (selinux-policy-contrib-d23eef1.tar.gz) = d882b488404ec8b10491fdfa057e137e98d274772e6bbfec6c3aa59f0bfb0dce245de9fc905b3d16bd2e0953caf9849115e72aea05730c374f52a417114fdf64 -SHA512 (container-selinux.tgz) = ffc9eb68e7b3e38994bc07e64cf5862884b00a77c1c751abe69836bcf32ba7f73e5e06e3212a0b1523d1b14695b01c7117f9f0f583d71fa301a3bb65c4d333c4 +SHA512 (selinux-policy-003cd80.tar.gz) = 86a521f8fd96b5883713b7c34ec9b4d85d184cb7423fa54da45ea7795e2c56cec6f1b32dacd6bdce982b763fb4fdbbc81c33030dfdcf6ab74f441917213998ba +SHA512 (selinux-policy-contrib-494e26e.tar.gz) = 908df6c641973aa1c41b5a8f77dbdbe4c3956e89d647b8530c7eab119b35536de95bde0ce68b02f10bd34d056900884018613b4c1b799c1892d0524dbf007a90 +SHA512 (container-selinux.tgz) = e69868867fcef884fd695cca32b6d68a8a001173a82759cb776391ddc77fca5887b84aaa71a11bd14befc3b5082502f8b9098601322da32f38e6a383f4ae12bf