diff --git a/.gitignore b/.gitignore index 9042ce3..127d5de 100644 --- a/.gitignore +++ b/.gitignore @@ -290,3 +290,5 @@ serefpolicy* /selinux-policy-ca5d52c.tar.gz /selinux-policy-contrib-0db9816.tar.gz /selinux-policy-contrib-cbece46.tar.gz +/selinux-policy-contrib-48a2c03.tar.gz +/selinux-policy-61f6126.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 13ff282..8fe94d1 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 ca5d52c773dd33e03fd01e8188bc677b60d3b8d2 +%global commit0 61f61268f8caf7741b4d429c785581037ca22e61 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 cbece4698d5d04f8b7f109b709b6e4a3ad79ef4b +%global commit1 48a2c03804e2568b3d7027d154d5d180b03818f6 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.1 -Release: 32%{?dist} +Release: 33%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -718,6 +718,85 @@ exit 0 %endif %changelog +* Thu Jun 14 2018 Lukas Vrabec - 3.14.1-33 +- Merge pull request #60 from vmojzis/rawhide +- Allow tangd_t domain stream connect to sssd +- Allow oddjob_t domain to chat with systemd via dbus +- Allow freeipmi domains to mmap sysfs files +- Fix typo in logwatch interface file +- Allow spamd_t to manage logwatch_cache_t files/dirs +- Allow dnsmasw_t domain to create own tmp files and manage mnt files +- Allow fail2ban_client_t to inherit rlimit information from parent process +- Allow nscd_t to read kernel sysctls +- Label /var/log/conman.d as conman_log_t +- Add dac_override capability to tor_t domain +- Allow certmonger_t to readwrite to user_tmp_t dirs +- Allow abrt_upload_watch_t domain to read general certs +- Allow chornyd_t read phc2sys_t shared memory +- Add several allow rules for pesign policy: +- Add setgid and setuid capabilities to mysqlfd_safe_t domain +- Add tomcat_can_network_connect_db boolean +- Update virt_use_sanlock() boolean to read sanlock state +- Add sanlock_read_state() interface +- Allow zoneminder_t to getattr of fs_t +- Allow rhsmcertd_t domain to send signull to postgresql_t domain +- Add log file type to collectd and allow corresponding access +- Allow policykit_t domain to dbus chat with dhcpc_t +- Adding new boolean keepalived_connect_any() +- Allow amanda to create own amanda_tmpfs_t files +- Allow gdomap_t domain to connect to qdomap_port_t +- Merge pull request #56 from lslebodn/selinux_child +- Merge pull request #58 from milosmalik/fb-dictd-dbus +- Merge pull request #59 from milosmalik/fb-ntop-service +- /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type +- Allow ntop_t domain to create/map various sockets/files. +- Enable the dictd to communicate via D-bus. +- Allow inetd_child process to chat via dbus with abrt +- Allow zabbix_agent_t domain to connect to redis_port_t +- Allow rhsmcertd_t domain to read xenfs_t files +- Allow zabbix_agent_t to run zabbix scripts +- Fix openvswith SELinux module +- Fix wrong path in tlp context file BZ(1586329) +- Update brltty SELinux module +- Allow rabbitmq_t domain to create own tmp files/dirs +- Allow policykit_t mmap policykit_auth_exec_t files +- Allow ipmievd_t domain to read general certs +- Add sys_ptrace capability to pcp_pmie_t domain +- Allow squid domain to exec ldconfig +- Update gpg SELinux policy module +- Allow mailman_domain to read system network state +- Allow openvswitch_t domain to read neutron state and read/write fixed disk devices +- Allow antivirus_domain to read all domain system state +- Allow targetd_t domain to red gconf_home_t files/dirs +- Label /usr/libexec/bluetooth/obexd as obexd_exec_t +- Add interface nagios_unconfined_signull() +- Fix typos in zabbix.te file +- Add missing requires +- Allow tomcat domain sends email +- Fix typo in sge policy +- Allow certmonger to sends emails +- Allow tomcat_t do mmap tomcat_tmp_t files +- Improve sge_rw_tcp_sockets interface +- Adding new interface: sge_rw_tcp_sockets() +- Update sge_execd_t domain with few rules +- Add new zabbix_run_sudo boolean +- Allow traceroute_t domain to exec bin_t binaries +- Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override +- Add new interface dev_map_sysfs() +- Allow sshd_keygen_t to execute plymouthd +- Allow systemd_networkd_t create and relabel tun sockets +- Add new interface postgresql_signull() +- Merge pull request #214 from wrabcak/fb-dhcpc +- Allow dhcpc_t creating own socket files inside /var/run/ Allow dhcpc_t creating netlink_kobject_uevent_socket, netlink_generic_socket, rawip_socket BZ(1585971) +- Allow confined users get AFS tokens +- Allow sysadm_t domain to chat via dbus +- Associate sysctl_kernel_t type with filesystem attribute +- Allow syslogd_t domain to send signull to nagios_unconfined_plugin_t +- Fix typo in netutils.te file +- Update traceroute_t domain to allow create dccp sockets +- Update ssh_keysign policy +- Allow sshd_t domain to read/write sge tcp sockets + * Wed Jun 06 2018 Lukas Vrabec - 3.14.1-32 - Add dac_override capability to sendmail_t domain diff --git a/sources b/sources index 2732a14..1e96851 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-cbece46.tar.gz) = 2cf99a881e1b0425a4a693f8f7e621d282efb68635995c17471c0145aa87d7288a0bf4e8b75358b79477d3835a04d9186a0f4afec48dfefbf252ed0ef71d8d8d -SHA512 (selinux-policy-ca5d52c.tar.gz) = 55f335133be6fcf3b0a82b5d4b2bd1f7ed2f869d263f7095c59401ff94de47fbcc2788f3be38c6e231061f4214f5586deaa9714a5d1fd50991c4d454de6398f1 -SHA512 (container-selinux.tgz) = cced1b2cfe150d87c83a62f22d378e0f98b3aa84b60b5c65ff440cbfbd39c0803b8fedf88fc14c45eb92bf525f2201e95504ffe316a60e8b38480b9f85a8fcf3 +SHA512 (selinux-policy-contrib-48a2c03.tar.gz) = dbf157503b599bbbef9fc01bd33166ae23cf2d0ebe40c4c5adcccd2e0c3b62549b1c8caf58044d693131f77e277e842be9685f1d0986ef5c7817b225b65b54aa +SHA512 (selinux-policy-61f6126.tar.gz) = 63bbb69d1e0b55c84172f283b45d54b85fda6efdd43aa7b7e7215d4840ef16a05ea58ef48a493f0c47635f14830e5d1ef0bf7417a35654b63be9d7537d2dafbc +SHA512 (container-selinux.tgz) = 18419dafa076be34d211c84ef99c9affbbd027469cf3c71c26b4acba185f80302f7a2b65f55545f1e9579d5522f43673431ace61f3dde97c6af883653ac1344b