From bccf0f816c7907fada7344d3d84be8d056afbed1 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Mar 23 2019 14:32:56 +0000 Subject: * Sat Mar 23 2019 Lukas Vrabec - 3.14.4-6 - Allow boltd_t domain to write to sysfs_t dirs BZ(1689287) - Allow fail2ban execute journalctl BZ(1689034) - Update sudodomains to make working confined users run sudo/su - Introduce new boolean unconfined_dyntrans_all. - Allow iptables_t domain to read NetworkManager state BZ(1690881) --- diff --git a/.gitignore b/.gitignore index e56c93a..1c74153 100644 --- a/.gitignore +++ b/.gitignore @@ -349,3 +349,5 @@ serefpolicy* /selinux-policy-4c00590.tar.gz /selinux-policy-b28842e.tar.gz /selinux-policy-contrib-dc92f2d.tar.gz +/selinux-policy-b78306b.tar.gz +/selinux-policy-contrib-ef0c1e0.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 5c8a7c2..390b86d 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 b28842ef918897da153800b2df47bb991250c421 +%global commit0 b78306bdff7cf7960c539477d5886e3e91c75a18 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 dc92f2da061156c3e952a6b910dc49fc47c44d25 +%global commit1 ef0c1e086e735f3a3864091e610914bc85a067dc %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.4 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -706,6 +706,13 @@ exit 0 %endif %changelog +* Sat Mar 23 2019 Lukas Vrabec - 3.14.4-6 +- Allow boltd_t domain to write to sysfs_t dirs BZ(1689287) +- Allow fail2ban execute journalctl BZ(1689034) +- Update sudodomains to make working confined users run sudo/su +- Introduce new boolean unconfined_dyntrans_all. +- Allow iptables_t domain to read NetworkManager state BZ(1690881) + * Tue Mar 19 2019 Lukas Vrabec - 3.14.4-5 - Update xen SELinux module - Improve labeling for PCP plugins diff --git a/sources b/sources index 9d0708c..a2ec60c 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-b28842e.tar.gz) = 70af099a8a0f045c4e49099f59142eb9fc5e154d1875037e281af92bf9bccf2f81ea6cec33b89c1e7aa149085aac26df631cf0a252e41ef53901ce89034ecd83 -SHA512 (selinux-policy-contrib-dc92f2d.tar.gz) = 6b2f5e4a787f9780fb45cd609b54b922863c64ed4003fcda00d6dbe35388f3620a841167e3c93ef6d48998ca19dc5c0c444530cb4bdf82262e6a5ab394e7773d -SHA512 (container-selinux.tgz) = 7844a9ae0d3f5e3e1fc5b6b190b16c33c4ed47967d65ff3e2dac5aff4a7d76e11b53974258e9b14c2b159b0f10f8f8d85cd0cb1a3dbc516033a4573bac637712 +SHA512 (selinux-policy-b78306b.tar.gz) = 475dcb354faa956eac97e611cf1b821aaf9d21b3772a7d8ea81ccd784e64514ac65ec221dade5300c08ce0b60f3104403dbb77ff1fbb92bc53f72e676b1e3917 +SHA512 (selinux-policy-contrib-ef0c1e0.tar.gz) = 7a34e4cf5d078a5443181efe6043f6a612ad0bf97c0aa80eee69e78f7c62f5a2f226619ed68e7d59eca4c2a91ccb7eea5f1b0df74aae2c884e559d1609e02250 +SHA512 (container-selinux.tgz) = 578fb3091094079c4464cc90402173809b69db2b291919b76279eacadd7a9ddd6023da5fe868e55a0268004b34237d830613ca597fbeb268f91837d2a65e702d