diff --git a/.gitignore b/.gitignore index dcba72a..26d0cf8 100644 --- a/.gitignore +++ b/.gitignore @@ -287,3 +287,5 @@ serefpolicy* /selinux-policy-2df0978.tar.gz /selinux-policy-bf47bbe.tar.gz /selinux-policy-contrib-317ccb3.tar.gz +/selinux-policy-ca5d52c.tar.gz +/selinux-policy-contrib-0db9816.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index a913812..702928e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 bf47bbe0a26b17ac78beac584a9f7d4c73da7476 +%global commit0 ca5d52c773dd33e03fd01e8188bc677b60d3b8d2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 317ccb36c9ba5e726b16bdf8a20e5fd03746e2d7 +%global commit1 0db98169e618d5745f2f57520760f68ddf7f590d %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 30%{?dist} +Release: 31%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -718,6 +718,46 @@ exit 0 %endif %changelog +* Wed Jun 06 2018 Lukas Vrabec - 3.14.1-31 +- Fix typo in authconfig policy +- Update ctdb domain to support gNFS setup +- Allow authconfig_t dbus chat with policykit +- Allow lircd_t domain to read system state +- Revert "Allow fsdaemon_t do send emails BZ(1582701)" +- Typo in uuidd policy +- Allow tangd_t domain read certs +- Allow vpnc_t domain to read configfs_t files/dirs BZ(1583107) +- Allow vpnc_t domain to read generic certs BZ(1583100) +- Label /var/lib/phpMyAdmin directory as httpd_sys_rw_content_t BZ(1584811) +- Allow NetworkManager_ssh_t domain to be system dbud client +- Allow virt_qemu_ga_t read utmp +- Add capability dac_override to system_mail_t domain +- Update uuidd policy to reflect last changes from base branch +- Add cap dac_override to procmail_t domain +- Allow sendmail to mmap etc_aliases_t files BZ(1578569) +- Add new interface dbus_read_pid_sock_files() +- Allow mpd_t domain read config_home files if mpd_enable_homedirs boolean will be enabled +- Allow fsdaemon_t do send emails BZ(1582701) +- Allow firewalld_t domain to request kernel module BZ(1573501) +- Allow chronyd_t domain to send send msg via dgram socket BZ(1584757) +- Add sys_admin capability to fprint_t SELinux domain +- Allow cyrus_t domain to create own files under /var/run BZ(1582885) +- Allow cachefiles_kernel_t domain to have capability dac_override +- Update policy for ypserv_t domain +- Allow zebra_t domain to bind on tcp/udp ports labeled as qpasa_agent_port_t +- Allow cyrus to have dac_override capability +- Dontaudit action when abrt-hook-ccpp is writing to nscd sockets +- Fix homedir polyinstantion under mls +- Fixed typo in init.if file +- Allow systemd to remove generic tmpt files BZ(1583144) +- Update init_named_socket_activation() interface to also allow systemd create objects in /var/run with proper label during socket activation +- Allow systemd-networkd and systemd-resolved services read system-dbusd socket BZ(1579075) +- Fix typo in authlogin SELinux security module +- Allod nsswitch_domain attribute to be system dbusd client BZ(1584632) +- Allow audisp_t domain to mmap audisp_exec_t binary +- Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file +- Label tcp/udp ports 2612 as qpasa_agetn_port_t + * Sat May 26 2018 Lukas Vrabec - 3.14.1-30 - Add dac_override to exim policy BZ(1574303) - Fix typo in conntrackd.fc file diff --git a/sources b/sources index 44c652d..d460428 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-bf47bbe.tar.gz) = 9b05b84df5d17b5ae9feaad97cdee9c38722d0c4345e1c264904758f53d762af6b233c872140ac11d844ff18a342750a2a3c32c74d31d2895e4654dfcb441b13 -SHA512 (selinux-policy-contrib-317ccb3.tar.gz) = fc5e2b031aecf36feb8f2cc6f77e16e60817e214d45e916847be738154f339ad1c9a7b7c28db8c86f48ac552946de7ce5d25a988dffdd7b0873a33ecdf0b6293 -SHA512 (container-selinux.tgz) = bd50cef89fe9844169449b4dd626986f30e23575aef297096b551eb06be2ab7a44f87c9ffa236a2fec30ebeea4022ef5d519b7d44bd4050d3b7b5230dd98e549 +SHA512 (selinux-policy-ca5d52c.tar.gz) = 55f335133be6fcf3b0a82b5d4b2bd1f7ed2f869d263f7095c59401ff94de47fbcc2788f3be38c6e231061f4214f5586deaa9714a5d1fd50991c4d454de6398f1 +SHA512 (selinux-policy-contrib-0db9816.tar.gz) = 04ba0fd066f1f6241d3a2250f0d5405e4f4e9f87477bf56dc0d374a2f35d7c748949aee23469c0933e2800543373cf52476df4b8b8b77ed3b75e6d0c97635f4e +SHA512 (container-selinux.tgz) = f24a0b00da10a5f7f28174e8d8ec3ce2bdcd61b94ff9203eead0890fbcecda09125c5da7c29e2db43f042b411f4f86b6786b10b497c0450e8e457a8de420b54d