diff --git a/.gitignore b/.gitignore index 9f1210e..c67e112 100644 --- a/.gitignore +++ b/.gitignore @@ -294,3 +294,5 @@ serefpolicy* /selinux-policy-contrib-d23eef1.tar.gz /selinux-policy-003cd80.tar.gz /selinux-policy-contrib-494e26e.tar.gz +/selinux-policy-2248854.tar.gz +/selinux-policy-contrib-23a0603.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index 4fca9fe..e435aae 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 003cd803fb79dd225b523adfda9d655beedbf383 +%global commit0 2248854aed6cf995e0e8b461faf88c4f68476dbb %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 494e26e0f9a9fd1208a7e03018815211a36ee2be +%global commit1 23a0603743df50bbb47221cc79ecda5a522bb622 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 25%{?dist} +Release: 26%{?dist} License: GPLv2+ Group: System Environment/Base Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz @@ -716,6 +716,28 @@ exit 0 %endif %changelog +* Wed Jun 27 2018 Lukas Vrabec - 3.14.2-26 +- Allow psad domain to setrlimit. Allow psad domain to stream connect to dbus Allow psad domain to exec journalctl_exec_t binary +- Update cups_filetrans_named_content() to allow caller domain create ppd directory with cupsd_etc_rw_t label +- Allow abrt_t domain to write to rhsmcertd pid files +- Allow pegasus_t domain to eexec lvm binaries and allow read/write access to lvm control +- Add vhostmd_t domain to read/write to svirt images +- Update kdump_manage_kdumpctl_tmp_files() interface to allow caller domain also mmap kdumpctl_tmp_t files +- Allow sssd_t and slpad_t domains to mmap generic certs +- Allow chronyc_t domain use inherited user ttys +- Allow stapserver_t domain to mmap own tmp files +- Update nscd_dontaudit_write_sock_file() to dontaudit also stream connect to nscd_t domain +- Merge pull request #60 from vmojzis/rawhide +- Allow tangd_t domain stream connect to sssd +- Allow oddjob_t domain to chat with systemd via dbus +- Allow freeipmi domains to mmap sysfs files +- Fix typo in logwatch interface file +- Allow sysadm_t and staff_t domains to use sudo io logging +- Allow sysadm_t domain create sctp sockets +- Allow traceroute_t domain to exec bin_t binaries +- Allow systemd_passwd_agent_t domain to list sysfs Allow systemd_passwd_agent_t domain to dac_override +- Add new interface dev_map_sysfs() + * Thu Jun 14 2018 Lukas Vrabec - 3.14.2-25 - Merge pull request #60 from vmojzis/rawhide - Allow tangd_t domain stream connect to sssd diff --git a/sources b/sources index 6eb065f..ff11d72 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-003cd80.tar.gz) = 86a521f8fd96b5883713b7c34ec9b4d85d184cb7423fa54da45ea7795e2c56cec6f1b32dacd6bdce982b763fb4fdbbc81c33030dfdcf6ab74f441917213998ba -SHA512 (selinux-policy-contrib-494e26e.tar.gz) = 908df6c641973aa1c41b5a8f77dbdbe4c3956e89d647b8530c7eab119b35536de95bde0ce68b02f10bd34d056900884018613b4c1b799c1892d0524dbf007a90 -SHA512 (container-selinux.tgz) = e69868867fcef884fd695cca32b6d68a8a001173a82759cb776391ddc77fca5887b84aaa71a11bd14befc3b5082502f8b9098601322da32f38e6a383f4ae12bf +SHA512 (selinux-policy-2248854.tar.gz) = a31e440d30a9cde54352845dc1d0b0ccd218119eaaf3bd0434ac2faa4b8703bd0214b7c79464182390f3770534aa8d8b63d2564b62634a676047010058e1616c +SHA512 (selinux-policy-contrib-23a0603.tar.gz) = 9ddbdfb70f85844949bf3711bc6273b645428792ca7378385b8c3b3930142917d8d95a58408f07b00508ed123b3cc91dbfe590931b3ce1c71598499c05a2a688 +SHA512 (container-selinux.tgz) = a12ff217b28203b42fa1a438bd96a6d2ac54bc621bd30c4113007f1a6d687e63446d0a9c191a1bb5bc6e75dc875f8c5caf817c00fe8e04416138581deb3abf12