diff --git a/.gitignore b/.gitignore index 434edf3..abe9959 100644 --- a/.gitignore +++ b/.gitignore @@ -264,3 +264,5 @@ serefpolicy* /selinux-policy-contrib-d2dd0ad.tar.gz /selinux-policy-116b85e.tar.gz /selinux-policy-contrib-7ecfe28.tar.gz +/selinux-policy-contrib-504d76b.tar.gz +/selinux-policy-154a8cf.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 9a6c689..6f699ea 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 116b85e97e58ba673c77b67766fe8807a0100a0e +%global commit0 154a8cf70407f08901f55f333e42e3b0342c9d08 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 7ecfe283d8c85cf9c6da289b9b511ab95b1d3c36 +%global commit1 504d76b257ff5bd6e89ef782eccf1ea376da0ecc %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -717,6 +717,40 @@ exit 0 %endif %changelog +* Sun Mar 25 2018 Lukas Vrabec - 3.14.1-17 +- Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795) +- Allow nagios to exec itself and mmap nagios spool files BZ(1559683) +- Allow nagios to mmap nagios config files BZ(1559683) +- Fixing Ganesha module +- Fix typo in NetworkManager module +- Fix bug in gssproxy SELinux module +- Allow abrt_t domain to mmap container_file_t files BZ(1525573) +- Allow networkmanager to be run ssh client BZ(1558441) +- Allow pcp domains to do dc override BZ(1557913) +- Dontaudit pcp_pmie_t to reaquest lost kernel module +- Allow pcp_pmcd_t to manage unpriv userdomains semaphores BZ(1554955) +- Allow httpd_t to read httpd_log_t dirs BZ(1554912) +- Allow fail2ban_t to read system network state BZ(1557752) +- Allow dac override capability to mandb_t domain BZ(1529399) +- Allow collectd_t domain to mmap collectd_var_lib_t files BZ(1556681) +- Dontaudit bug in kernel 4.16 when domains requesting loading kernel modules BZ(1555369) +- Add Domain transition from gssproxy_t to httpd_t domains BZ(1548439) +- Allow httpd_t to mmap user_home_type files if boolean httpd_read_user_content is enabled BZ(1555359) +- Allow snapperd to relabel snapperd_data_t +- Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets +- Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled +- Allow insmod_t to load modules BZ(1544189) +- Allow systemd_rfkill_t domain sys_admin capability BZ(1557595) +- Allow systemd_networkd_t to read/write tun tap devices +- Add shell_exec_t file as domain entry for init_t +- Label also /run/systemd/resolved/ as systemd_resolved_var_run_t BZ(1556862) +- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module BZ(1557347) +- Improve userdom_mmap_user_home_content_files +- Allow systemd_logind_t domain to setattributes on fixed disk devices BZ(1555414) +- Dontaudit kernel 4.16 bug when lot of domains requesting load kernel module +- Allow semanage_t domain mmap usr_t files +- Add new boolean: ssh_use_tcpd() + * Wed Mar 21 2018 Lukas Vrabec - 3.14.1-16 - Improve bluetooth_stream_socket interface to allow caller domain also send bluetooth sockets - Allow tcpd_t bind on sshd_port_t if ssh_use_tcpd() is enabled diff --git a/sources b/sources index e8758bc..f9ff8b5 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-116b85e.tar.gz) = e5b3f9ed20603e6fa3e2a4b7e50deaaf3202672a99e889194d67a6c2dfd00521fb087701551754dda5905fe81f80c7dd29ff1655c4882c26b5b9a5227198e7a6 -SHA512 (selinux-policy-contrib-7ecfe28.tar.gz) = 0dd8ad461e3442fabe3cc1b5852f512d265f6eaca6a2f62623a61ee645a1addadea4d0892b9ed6df09be6e9a3f91a103b292be14b04d2666c794a74a5017a447 -SHA512 (container-selinux.tgz) = 65467e6d7afef429a19506dcad5f904b39f5ae9e5d089b5d3cf1560f35a3107ea61f6d0bd8326c1416f1b6264c1ee84ead29e32a65993dc70a726f5fa5811d3a +SHA512 (selinux-policy-contrib-504d76b.tar.gz) = 6ee751115a09824eb099a2ae8bc14690c9833f76d00d39d4fc30e78233aeff79031b16c01895b9d04e39599eb988e578166e57cfa363bd896107676618a46418 +SHA512 (selinux-policy-154a8cf.tar.gz) = cb2d27370b8bf22e8f6dc2d7aae5531fe7013feae3cafd7981abc5719618b496524114a99d52845fa63582776f7cbeb880d83b5b520211382d8b765403124dc2 +SHA512 (container-selinux.tgz) = 1813477ab2ff031e7149fafe16baecb5a45adba35e63897bb6f7ac498347ae2aa064368616e6bc32313b05c097845d3840da2eb73d7473a6f7715f5a9e516d01