From 1111964e2a401f495abdc069e998ef139a3b9594 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: May 19 2020 15:52:53 +0000 Subject: * Tue May 19 2020 Zdenek Pytela - 3.14.6-14 - Allow chronyc_t domain to use nsswitch - Allow nscd_socket_use() for domains in nscd_use() unconditionally - Add allow rules for lttng-sessiond domain - Label dirsrv systemd unit files and add dirsrv_systemctl() - Allow gluster geo-replication in rsync mode - Allow nagios_plugin_domain execute programs in bin directories - Allow sys_admin capability for domain labeled systemd_bootchart_t - Split the arping path regexp to 2 lines to prevent from relabeling - Allow tcpdump sniffing offloaded (RDMA) traffic - Revert "Change arping path regexp to work around fixfiles incorrect handling" - Change arping path regexp to work around fixfiles incorrect handling - Allow read efivarfs_t files by domains executing systemctl file --- diff --git a/.gitignore b/.gitignore index 6b5e0c4..10f4823 100644 --- a/.gitignore +++ b/.gitignore @@ -460,3 +460,5 @@ serefpolicy* /selinux-policy-contrib-6db7310.tar.gz /selinux-policy-b583642.tar.gz /selinux-policy-contrib-80860a3.tar.gz +/selinux-policy-contrib-cafd506.tar.gz +/selinux-policy-6d96694.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index cb66c9b..62c20b0 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 b5836428b2a73ac6fee5fc101a630ea79095a82f +%global commit0 6d966941f05ea6148bd91886e7bf91d7ae59690c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 80860a357b13706296074de5e53362dd46887577 +%global commit1 cafd50640ad014d92e9efdc9aef3dbde638f1816 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.6 -Release: 13%{?dist} +Release: 14%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -774,6 +774,20 @@ exit 0 %endif %changelog +* Tue May 19 2020 Zdenek Pytela - 3.14.6-14 +- Allow chronyc_t domain to use nsswitch +- Allow nscd_socket_use() for domains in nscd_use() unconditionally +- Add allow rules for lttng-sessiond domain +- Label dirsrv systemd unit files and add dirsrv_systemctl() +- Allow gluster geo-replication in rsync mode +- Allow nagios_plugin_domain execute programs in bin directories +- Allow sys_admin capability for domain labeled systemd_bootchart_t +- Split the arping path regexp to 2 lines to prevent from relabeling +- Allow tcpdump sniffing offloaded (RDMA) traffic +- Revert "Change arping path regexp to work around fixfiles incorrect handling" +- Change arping path regexp to work around fixfiles incorrect handling +- Allow read efivarfs_t files by domains executing systemctl file + * Wed Apr 29 2020 Zdenek Pytela - 3.14.6-13 - Update networkmanager_read_pid_files() to allow also list_dir_perms - Update policy for NetworkManager_ssh_t diff --git a/sources b/sources index e7a5baf..76aade1 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (selinux-policy-b583642.tar.gz) = 6ba0e3a86700485d5c83b2849601a1ccc2a53dde94ce394c6f756a6a58f3173ba7595f741da4b19febc90df6fb9efd627cfddc2fdbb9474b5a2446c1c1454c4b -SHA512 (selinux-policy-contrib-80860a3.tar.gz) = d42d86bb5b75d24fb59ac7312880da31535c4971b890636be42e63bc99ff74fc8e6b184cf3ab17cfd35d0f17c9e26f928015b15e4b0d3451b512223bf22ada11 -SHA512 (container-selinux.tgz) = ccc15935ad53f5c6e955c500f7c4612e0e6544ee41647dfef13208b55edf52af0a7f652d4ec56130dc944a84f398bf6f991d2baf9bc0fb37d80cd3bee9eac6c9 +SHA512 (selinux-policy-contrib-cafd506.tar.gz) = 8ed7996e84c7c7671891601e68e6b894770458204a0bfb60cf737d4cdab9aaeef76000dd40b8dcc16b6ebf312a5bdf53133be366b0496cc1b38f73c7902bf923 +SHA512 (selinux-policy-6d96694.tar.gz) = 4c69446665068244363a80f13e6ccc4c10deb3f1b2fde7d1ee7f6ac5a3f626b111dbd70454f6176410547b8187355c1a45adcb12cf0ebfb5373d002a99bbef0c SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (container-selinux.tgz) = f6863fbbd458f8415609c051ab0033e400413000d81e58a5b928c12ebf9eefa5603357760823ffe155623670a840fcee6a91a3adae9e6b7877ea5aca03610cd2