diff --git a/.gitignore b/.gitignore index 1ed5f7d..3131831 100644 --- a/.gitignore +++ b/.gitignore @@ -297,3 +297,5 @@ serefpolicy* /selinux-policy-contrib-487de26.tar.gz /selinux-policy-b96e707.tar.gz /selinux-policy-0083cd1.tar.gz +/selinux-policy-contrib-39a8058.tar.gz +/selinux-policy-f840baf.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 1dc6f6b..455e971 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 0083cd16930073219576903859a5cb53fac968bd +%global commit0 f840bafa1c40af3aa9956979b7116f2c9a187724 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 487de26324135aff6ad7295d759be67e8c1f7318 +%global commit1 39a80580b403a3f712a046d60f05d12e0a024bed %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 35%{?dist} +Release: 36%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -718,6 +718,47 @@ exit 0 %endif %changelog +* Wed Jul 25 2018 Lukas Vrabec - 3.14.1-36 +- Allow aide to mmap all files +- Revert "Allow firewalld_t do read iptables_var_run_t files" +- Revert "Allow firewalld to create rawip sockets" +- Allow svirt_tcg_t domain to read system state of virtd_t domains +- Update rhcs contexts to reflects the latest fenced changes +- Allow httpd_t domain to rw user_tmp_t files +- Fix typo in openct policy +- Allow winbind_t domian to connect to all ephemeral ports +- Allow firewalld_t do read iptables_var_run_t files +- Allow abrt_t domain to mmap data_home files +- Allow glusterd_t domain to mmap user_tmp_t files +- Allow mongodb_t domain to mmap own var_lib_t files +- Allow firewalld to read kernel usermodehelper state +- Allow modemmanager_t to read sssd public files +- Allow openct_t domain to mmap own var_run_t files +- Allow nnp transition for devicekit daemons +- Allow firewalld to create rawip sockets +- Allow firewalld to getattr proc filesystem +- Dontaudit sys_admin capability for pcscd_t domain +- Revert "Allow pcsd_t domain sys_admin capability" +- Allow fetchmail_t domain to stream connect to sssd +- Allow pcsd_t domain sys_admin capability +- Allow cupsd_t to create cupsd_etc_t dirs +- Allow varnishlog_t domain to list varnishd_var_lib_t dirs +- Allow mongodb_t domain to read system network state BZ(1599230) +- Allow zoneminder_t to getattr of fs_t +- Allow tgtd_t domain to create dirs in /var/run labeled as tgtd_var_run_t BZ(1492377) +- Allow iscsid_t domain to mmap sysfs_t files +- Allow httpd_t domain to mmap own cache files +- Add sys_resource capability to nslcd_t domain +- Fixed typo in logging_audisp_domain interface +- Add interface files_mmap_all_files() +- Add interface iptables_read_var_run() +- Allow systemd to mounton init_var_run_t files +- Update policy rules for auditd_t based on changes in audit version 3 +- Allow systemd_tmpfiles_t do mmap system db files +- Don't setup unlabeled_t as an entry_type +- Allow unconfined_service_t to transition to container_runtime_t +- Improve domain_transition_pattern to allow mmap entrypoint bin file. + * Wed Jul 18 2018 Lukas Vrabec - 3.14.1-35 - Allow cupsd_t domain to mmap cupsd_etc_t files - Allow kadmind_t domain to mmap krb5kdc_principal_t diff --git a/sources b/sources index 3d7260b..47977d7 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-0083cd1.tar.gz) = 5835c0afe340563f2cdf143a8303006de8b7bc9cae74840c163a912009f5ebfe767038d5f767aca40dc74b1749446c864b5307970d57f757ec169acec3b1fcd4 -SHA512 (selinux-policy-contrib-487de26.tar.gz) = 83ba573017a2bcf10079e47ca7b64e425f11416bfe37b9276458e70a5abe4c7bdca205d7045d75f740b9be56211a48971bdcb095a09f185eb479c9f2d10aaa81 -SHA512 (container-selinux.tgz) = ad20c8207d40c88dcde52cf69a2f8f9df4c4146abc2042ca029d09cf3494d8f9de5abf59427a957b36ab9f25237eaf20e7760a95f14c2e4cf969b9cf0ce22f6e +SHA512 (container-selinux.tgz) = 95c10da50468e1b51488852ea989536dbab4945809f32f78224ed1fda55e99d2e4eef62106a336090367fc48a8066f1bb49973f54a28c22e05ffa68cebe767e9 +SHA512 (selinux-policy-contrib-39a8058.tar.gz) = 54475ab14a2f5358fdb26a36469bd185f36fd5e4bd0d2cf3af2a79ca72732dabc093180e8203e8d841fceb4a7fa2b3605cb3f5dc787f61e9d114cb7764c7746b +SHA512 (selinux-policy-f840baf.tar.gz) = c01f6ef04d6f03705cb0a837d055eed547fd23f7ef6c5f610330710a9ffc0a9e4d66891176b73adcba105964d934221c0d08c93976b6e435af94b25a46991e1d