diff --git a/.gitignore b/.gitignore index f9f3738..7056803 100644 --- a/.gitignore +++ b/.gitignore @@ -252,3 +252,5 @@ serefpolicy* /selinux-policy-contrib-6777a17.tar.gz /selinux-policy-2c13be1.tar.gz /selinux-policy-contrib-27f5e51.tar.gz +/selinux-policy-contrib-9facb1c.tar.gz +/selinux-policy-e16d205.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index d245aa8..243d269 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 2c13be1fb543c51935785e7a43b798a9f35f5aa0 +%global commit0 e16d205404edadd93214b9622c8c795ea53abe77 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 27f5e51152311f5d4b3a0783bf187539874cb180 +%global commit1 9facb1c4761877d6461472a98b8a0bc29229c83e %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -714,6 +714,32 @@ exit 0 %endif %changelog +* Mon Mar 05 2018 Lukas Vrabec - 3.14.1-11 +- Allow vdagent_t domain search cgroup dirs BZ(1541564) +- Allow bluetooth_t domain listen on bluetooth sockets BZ(1549247) +- Allow bluetooth domain creating bluetooth sockets BZ(1551577) +- pki_log_t should be log_file +- Allow gpgdomain to unix_stream socket connectto +- Make working gpg agent in gpg_agent_t domain +- Dontaudit thumb_t to rw lvm pipes BZ(154997) +- Allow start cups_lpd via systemd socket activation BZ(1532015) +- Improve screen_role_template Resolves: rhbz#1534111 +- Dontaudit modemmanager to setpgid. BZ(1520482) +- Dontaudit kernel bug when systemd requesting load kernel module BZ(1547227) +- Allow systemd-networkd to create netlink generic sockets BZ(1551578) +- refpolicy: Define getrlimit permission for class process +- refpolicy: Define smc_socket security class +- Allow transition from sysadm role into mdadm_t domain. +- ssh_t trying to communicate with gpg agent not sshd_t +- Allow sshd_t communicate with gpg_agent_t +- Allow initrc domains to mmap binaries with direct_init_entry attribute BZ(1545643) +- Revert "Allow systemd_rfkill_t domain to reguest kernel load module BZ(1543650)" +- Revert "Allow systemd to request load kernel module BZ(1547227)" +- Allow systemd to write to all pidfile socketes because of SocketActivation unit option ListenStream= BZ(1543576) +- Add interface lvm_dontaudit_rw_pipes() BZ(154997) +- Add interfaces for systemd socket activation +- Allow systemd-resolved to create stub-resolv.conf with right label net_conf_t BZ(1547098) + * Thu Feb 22 2018 Lukas Vrabec - 3.14.1-10 - refpolicy: Define extended_socket_class policy capability and socket classes - Make bluetooth_var_lib_t as mountpoint BZ(1547416) diff --git a/sources b/sources index 2f99b40..6990676 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-2c13be1.tar.gz) = 1da74c4666c89844313aed8d46d62f9835d8fc2fa9d55b5017c4cf827e55832b0b098cc53096a9e05974f5f3cedeb297896f00f0ebb070bfd5831edff21ea7fb -SHA512 (selinux-policy-contrib-27f5e51.tar.gz) = 998d005bb1c8283631be43de0b9230b3babd4b011233f2a775d1a04171a2a063b1c2e6d5f5587afafc949b479430d6bcf4cc7ae8221013805e6140fed439c793 -SHA512 (container-selinux.tgz) = ee7df5af8fdf4414e09558e3b537b5e8ffda37f46b4774d92cb25ef8be3dfe5db180d368a038ff14eac5edb3fddf91acf2af72fb9ddacd08e9b865d97a952a39 +SHA512 (container-selinux.tgz) = 928d818d9716a6fe7679777e3d1d23745eefffca1d260a609bf770762790fdf988df3bc7817ac22d5973ed1444bef8125617498c70681ea2944727aa85a7f73c +SHA512 (selinux-policy-contrib-9facb1c.tar.gz) = 5f23eb8a311134c8b773a2b66f0761c07409b5645158b2a92f156eb4ce8bd25dfddd7f902bb37f75b97d91559e74ce6f25c21d7af7564b4e2d0d3b9d2d262664 +SHA512 (selinux-policy-e16d205.tar.gz) = 721ead4f225e9071724ee9a2b1c521de6289e90b4b5da3fd6458421b1cf611d48928eb41fc7d852cf6ff7cd5bfa4047bf64b292896dce0281953bb46b8bd6b2a