c4065f * Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7

Authored and Committed by Lukas Vrabec 5 years ago
    * Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
    - Allow fontconfig file transition for xguest_u user
    - Add gnome_filetrans_fontconfig_home_content interface
    - Add permissions needed by systemd's machinectl shell/login
    - Update SELinux policy for xen services
    - Add dac_override capability for kdumpctl_t process domain
    - Allow chronyd_t domain to exec shell
    - Fix varnisncsa typo
    - Allow init start freenx-server BZ(1678025)
    - Create logrotate_use_fusefs boolean
    - Add tcpd_wrapped_domain for telnetd BZ(1676940)
    - Allow tcpd bind to services ports BZ(1676940)
    - Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t
    - Make shell_exec_t type as entrypoint for vmtools_unconfined_t.
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
    - Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
    - Allow esmtp access .esmtprc BZ(1691149)
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
    - Allow tlp_t domain to read nvme block devices BZ(1692154)
    - Add support for smart card authentication in cockpit BZ(1690444)
    - Add permissions needed by systemd's machinectl shell/login
    - Allow kmod_t domain to mmap modules_dep_t files.
    - Allow systemd_machined_t dac_override capability BZ(1670787)
    - Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files
    - Allow unconfined_domain_type to use bpf tools BZ(1694115)
    - Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)"
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
    - Allow unconfined_domain_type to use bpf tools BZ(1694115)
    - Allow init_t read mnt_t symlinks BZ(1637070)
    - Update dev_filetrans_all_named_dev() interface
    - Allow xdm_t domain to execmod temp files BZ(1686675)
    - Revert "Allow xdm_t domain to create own tmp files BZ(1686675)"
    - Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582)
    - Allow confined users labeled as staff_t to run iptables.
    - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
    - Allow xdm_t domain to create own tmp files BZ(1686675)
    - Add miscfiles_dontaudit_map_generic_certs interface.
    
        
file modified
+3 -0
.gitignore CHANGED
@@ -351,3 +351,6 @@ serefpolicy*
351
351
/selinux-policy-contrib-dc92f2d.tar.gz
352
352
/selinux-policy-b78306b.tar.gz
353
353
/selinux-policy-contrib-ef0c1e0.tar.gz
354
+ /macro-expander
355
+ /selinux-policy-549ed43.tar.gz
356
+ /selinux-policy-contrib-e753aa8.tar.gz
file modified
+41 -3
selinux-policy.spec CHANGED
@@ -1,11 +1,11 @@
1
1
# github repo with selinux-policy base sources
2
2
%global git0 https://github.com/fedora-selinux/selinux-policy
3
- %global commit0 b78306bdff7cf7960c539477d5886e3e91c75a18
3
+ %global commit0 549ed432e0e7c6348687e3737aa29fd6e91f6e74
4
4
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
5
5
6
6
# github repo with selinux-policy contrib sources
7
7
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
8
- %global commit1 ef0c1e086e735f3a3864091e610914bc85a067dc
8
+ %global commit1 e753aa82ec360bb2715ef2cc8b00eeb1719e1c26
9
9
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
10
10
11
11
%define distro redhat
@@ -29,7 +29,7 @@
29
29
Summary: SELinux policy configuration
30
30
Name: selinux-policy
31
31
Version: 3.14.4
32
- Release: 6%{?dist}
32
+ Release: 7%{?dist}
33
33
License: GPLv2+
34
34
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
35
35
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -714,6 +714,44 @@ exit 0
714
714
%endif
715
715
716
716
%changelog
717
+ * Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
718
+ - Allow fontconfig file transition for xguest_u user
719
+ - Add gnome_filetrans_fontconfig_home_content interface
720
+ - Add permissions needed by systemd's machinectl shell/login
721
+ - Update SELinux policy for xen services
722
+ - Add dac_override capability for kdumpctl_t process domain
723
+ - Allow chronyd_t domain to exec shell
724
+ - Fix varnisncsa typo
725
+ - Allow init start freenx-server BZ(1678025)
726
+ - Create logrotate_use_fusefs boolean
727
+ - Add tcpd_wrapped_domain for telnetd BZ(1676940)
728
+ - Allow tcpd bind to services ports BZ(1676940)
729
+ - Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t
730
+ - Make shell_exec_t type as entrypoint for vmtools_unconfined_t.
731
+ - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
732
+ - Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
733
+ - Allow esmtp access .esmtprc BZ(1691149)
734
+ - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
735
+ - Allow tlp_t domain to read nvme block devices BZ(1692154)
736
+ - Add support for smart card authentication in cockpit BZ(1690444)
737
+ - Add permissions needed by systemd's machinectl shell/login
738
+ - Allow kmod_t domain to mmap modules_dep_t files.
739
+ - Allow systemd_machined_t dac_override capability BZ(1670787)
740
+ - Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files
741
+ - Allow unconfined_domain_type to use bpf tools BZ(1694115)
742
+ - Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)"
743
+ - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
744
+ - Allow unconfined_domain_type to use bpf tools BZ(1694115)
745
+ - Allow init_t read mnt_t symlinks BZ(1637070)
746
+ - Update dev_filetrans_all_named_dev() interface
747
+ - Allow xdm_t domain to execmod temp files BZ(1686675)
748
+ - Revert "Allow xdm_t domain to create own tmp files BZ(1686675)"
749
+ - Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582)
750
+ - Allow confined users labeled as staff_t to run iptables.
751
+ - Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
752
+ - Allow xdm_t domain to create own tmp files BZ(1686675)
753
+ - Add miscfiles_dontaudit_map_generic_certs interface.
754
+
717
755
* Sat Mar 23 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-6
718
756
- Allow boltd_t domain to write to sysfs_t dirs BZ(1689287)
719
757
- Allow fail2ban execute journalctl BZ(1689034)
file modified
+4 -3
sources CHANGED
@@ -1,3 +1,4 @@
1
- SHA512 (selinux-policy-b78306b.tar.gz) = 475dcb354faa956eac97e611cf1b821aaf9d21b3772a7d8ea81ccd784e64514ac65ec221dade5300c08ce0b60f3104403dbb77ff1fbb92bc53f72e676b1e3917
2
- SHA512 (selinux-policy-contrib-ef0c1e0.tar.gz) = 7a34e4cf5d078a5443181efe6043f6a612ad0bf97c0aa80eee69e78f7c62f5a2f226619ed68e7d59eca4c2a91ccb7eea5f1b0df74aae2c884e559d1609e02250
3
- SHA512 (container-selinux.tgz) = 578fb3091094079c4464cc90402173809b69db2b291919b76279eacadd7a9ddd6023da5fe868e55a0268004b34237d830613ca597fbeb268f91837d2a65e702d
1
+ SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
2
+ SHA512 (selinux-policy-549ed43.tar.gz) = 79d87904709dd9ffda8b230e0c9921b7928550ab8d1ac23088035d5765eac2bda189b3f1905c005ce92a97c539d78e78f3d5c6b1f2b43481744044439c50ae22
3
+ SHA512 (selinux-policy-contrib-e753aa8.tar.gz) = 29eb4d653d3bcb1d0210bec9bc3aec360b2ca6f84049d6fa12fdaf30bff0fe55cb337e7018988db4feb42c0b1dedad9de7e39eb3372a75e4dbdeccb1f9d3feb1
4
+ SHA512 (container-selinux.tgz) = b4677836f52d49ad2d2f24e201005ffdce6eebc3d967c357acc147cb5b2eeb493b649b01912c92b5ba8046c05cbeba7c7dbefc2b018fac9435bced5fbf04b5ba