diff --git a/.gitignore b/.gitignore index abe9959..92128ac 100644 --- a/.gitignore +++ b/.gitignore @@ -266,3 +266,5 @@ serefpolicy* /selinux-policy-contrib-7ecfe28.tar.gz /selinux-policy-contrib-504d76b.tar.gz /selinux-policy-154a8cf.tar.gz +/selinux-policy-01924d8.tar.gz +/selinux-policy-contrib-1255203.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 185c412..e7d9079 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 154a8cf70407f08901f55f333e42e3b0342c9d08 +%global commit0 01924d88be61f3e27e247848a94c855fe00569dd %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 504d76b257ff5bd6e89ef782eccf1ea376da0ecc +%global commit1 1255203e38764839fa90a34f43de98f81278756a %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 18%{?dist} +Release: 19%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -717,6 +717,19 @@ exit 0 %endif %changelog +* Thu Mar 29 2018 Lukas Vrabec - 3.14.1-19 +- Allow accountsd_t domain to dac override BZ(1561304) +- Allow cockpit_ws_t domain to read system state BZ(1561053) +- Allow postfix_map_t domain to use inherited user ptys BZ(1561295) +- Allow abrt_dump_oops_t domain dac override BZ(1561467) +- Allow l2tpd_t domain to run stream connect for sssd_t BZ(1561755) +- Allow crontab domains to do dac override +- Allow snapperd_t domain to unmount fs_t filesystems +- Allow pcp processes to read fixed_disk devices BZ(1560816) +- Allow unconfined and confined users to use dccp sockets +- Allow systemd to manage bpf dirs/files +- Allow traceroute_t to create dccp_sockets + * Mon Mar 26 2018 Lukas Vrabec - 3.14.1-18 Fedora Atomic host using for temp files /sysroot/tmp patch, we should label same as /tmp adding file context equivalence BZ(1559531) diff --git a/sources b/sources index f9ff8b5..5dcf9a8 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-504d76b.tar.gz) = 6ee751115a09824eb099a2ae8bc14690c9833f76d00d39d4fc30e78233aeff79031b16c01895b9d04e39599eb988e578166e57cfa363bd896107676618a46418 -SHA512 (selinux-policy-154a8cf.tar.gz) = cb2d27370b8bf22e8f6dc2d7aae5531fe7013feae3cafd7981abc5719618b496524114a99d52845fa63582776f7cbeb880d83b5b520211382d8b765403124dc2 -SHA512 (container-selinux.tgz) = 1813477ab2ff031e7149fafe16baecb5a45adba35e63897bb6f7ac498347ae2aa064368616e6bc32313b05c097845d3840da2eb73d7473a6f7715f5a9e516d01 +SHA512 (selinux-policy-01924d8.tar.gz) = c8ebdee9ac293216059e06100cb4c1c3d4f8db0e9bb27a4eeccf3f760a99e0bc77e159cfb56247b58bbe743f8ebda2fc8c73c4fe2182646d81d3dae4651419f8 +SHA512 (selinux-policy-contrib-1255203.tar.gz) = 5d3db6f6417d5d2197afad616e65baac4d32e01825410d190841e15cef63f3c4e2cd799d0407e86662eddf3ae79b80e1ea41e6408562a7466e662b910798ccd6 +SHA512 (container-selinux.tgz) = df8c701d4e56f30162d252b0370c7a7c4c608a05136240010d0b94765cc2bbd3861abfc4304da14d8a9d704a4f69c914daa7dcecedbbc0e63f056d93b92d254b