c4065f
* Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
|
@@ -351,3 +351,6 @@ serefpolicy*
|
|
|
351
351
|
/selinux-policy-contrib-dc92f2d.tar.gz
|
|
352
352
|
/selinux-policy-b78306b.tar.gz
|
|
353
353
|
/selinux-policy-contrib-ef0c1e0.tar.gz
|
|
354
|
+
/macro-expander
|
|
355
|
+
/selinux-policy-549ed43.tar.gz
|
|
356
|
+
/selinux-policy-contrib-e753aa8.tar.gz
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# github repo with selinux-policy base sources
|
|
2
2
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
|
3
|
-
%global commit0
|
|
3
|
+
%global commit0 549ed432e0e7c6348687e3737aa29fd6e91f6e74
|
|
4
4
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
|
5
5
|
|
|
6
6
|
# github repo with selinux-policy contrib sources
|
|
7
7
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
|
8
|
-
%global commit1
|
|
8
|
+
%global commit1 e753aa82ec360bb2715ef2cc8b00eeb1719e1c26
|
|
9
9
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
|
10
10
|
|
|
11
11
|
%define distro redhat
|
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
Summary: SELinux policy configuration
|
|
30
30
|
Name: selinux-policy
|
|
31
31
|
Version: 3.14.4
|
|
32
|
-
Release:
|
|
32
|
+
Release: 7%{?dist}
|
|
33
33
|
License: GPLv2+
|
|
34
34
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
|
35
35
|
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
|
@@ -714,6 +714,44 @@ exit 0
|
|
|
714
714
|
%endif
|
|
715
715
|
|
|
716
716
|
%changelog
|
|
717
|
+
* Wed Apr 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-7
|
|
718
|
+
- Allow fontconfig file transition for xguest_u user
|
|
719
|
+
- Add gnome_filetrans_fontconfig_home_content interface
|
|
720
|
+
- Add permissions needed by systemd's machinectl shell/login
|
|
721
|
+
- Update SELinux policy for xen services
|
|
722
|
+
- Add dac_override capability for kdumpctl_t process domain
|
|
723
|
+
- Allow chronyd_t domain to exec shell
|
|
724
|
+
- Fix varnisncsa typo
|
|
725
|
+
- Allow init start freenx-server BZ(1678025)
|
|
726
|
+
- Create logrotate_use_fusefs boolean
|
|
727
|
+
- Add tcpd_wrapped_domain for telnetd BZ(1676940)
|
|
728
|
+
- Allow tcpd bind to services ports BZ(1676940)
|
|
729
|
+
- Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run with proper label mysqld_var_run_t
|
|
730
|
+
- Make shell_exec_t type as entrypoint for vmtools_unconfined_t.
|
|
731
|
+
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
|
|
732
|
+
- Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
|
|
733
|
+
- Allow esmtp access .esmtprc BZ(1691149)
|
|
734
|
+
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy-contrib into rawhide
|
|
735
|
+
- Allow tlp_t domain to read nvme block devices BZ(1692154)
|
|
736
|
+
- Add support for smart card authentication in cockpit BZ(1690444)
|
|
737
|
+
- Add permissions needed by systemd's machinectl shell/login
|
|
738
|
+
- Allow kmod_t domain to mmap modules_dep_t files.
|
|
739
|
+
- Allow systemd_machined_t dac_override capability BZ(1670787)
|
|
740
|
+
- Update modutils_read_module_deps_files() interface to also allow mmap module_deps_t files
|
|
741
|
+
- Allow unconfined_domain_type to use bpf tools BZ(1694115)
|
|
742
|
+
- Revert "Allow unconfined_domain_type to use bpf tools BZ(1694115)"
|
|
743
|
+
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
|
|
744
|
+
- Allow unconfined_domain_type to use bpf tools BZ(1694115)
|
|
745
|
+
- Allow init_t read mnt_t symlinks BZ(1637070)
|
|
746
|
+
- Update dev_filetrans_all_named_dev() interface
|
|
747
|
+
- Allow xdm_t domain to execmod temp files BZ(1686675)
|
|
748
|
+
- Revert "Allow xdm_t domain to create own tmp files BZ(1686675)"
|
|
749
|
+
- Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582)
|
|
750
|
+
- Allow confined users labeled as staff_t to run iptables.
|
|
751
|
+
- Merge branch 'rawhide' of github.com:fedora-selinux/selinux-policy into rawhide
|
|
752
|
+
- Allow xdm_t domain to create own tmp files BZ(1686675)
|
|
753
|
+
- Add miscfiles_dontaudit_map_generic_certs interface.
|
|
754
|
+
|
|
717
755
|
* Sat Mar 23 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-6
|
|
718
756
|
- Allow boltd_t domain to write to sysfs_t dirs BZ(1689287)
|
|
719
757
|
- Allow fail2ban execute journalctl BZ(1689034)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
-
SHA512 (
|
|
2
|
-
SHA512 (selinux-policy-
|
|
3
|
-
SHA512 (
|
|
1
|
+
SHA512 (macro-expander) = b4f26e7ed6c32b3d7b3f1244e549a0e68cb387ab5276c4f4e832a9a6b74b08bea2234e8064549d47d1b272dbd22ef0f7c6b94cd307cc31ab872f9b68206021b2
|
|
2
|
+
SHA512 (selinux-policy-549ed43.tar.gz) = 79d87904709dd9ffda8b230e0c9921b7928550ab8d1ac23088035d5765eac2bda189b3f1905c005ce92a97c539d78e78f3d5c6b1f2b43481744044439c50ae22
|
|
3
|
+
SHA512 (selinux-policy-contrib-e753aa8.tar.gz) = 29eb4d653d3bcb1d0210bec9bc3aec360b2ca6f84049d6fa12fdaf30bff0fe55cb337e7018988db4feb42c0b1dedad9de7e39eb3372a75e4dbdeccb1f9d3feb1
|
|
4
|
+
SHA512 (container-selinux.tgz) = b4677836f52d49ad2d2f24e201005ffdce6eebc3d967c357acc147cb5b2eeb493b649b01912c92b5ba8046c05cbeba7c7dbefc2b018fac9435bced5fbf04b5ba
|