diff --git a/container-selinux.tgz b/container-selinux.tgz index 9b56a87..6075220 100644 Binary files a/container-selinux.tgz and b/container-selinux.tgz differ diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index ebae6c5..bc47c9a 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -589,7 +589,7 @@ index 058d908..ee0c559 100644 +') + diff --git a/abrt.te b/abrt.te -index eb50f07..def23ab 100644 +index eb50f07..47b757a 100644 --- a/abrt.te +++ b/abrt.te @@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1) @@ -838,11 +838,11 @@ index eb50f07..def23ab 100644 +logging_send_syslog_msg(abrt_t) +logging_stream_connect_syslog(abrt_t) +logging_read_syslog_pid(abrt_t) -+ + +auth_use_nsswitch(abrt_t) + +init_read_utmp(abrt_t) - ++ +miscfiles_read_generic_certs(abrt_t) miscfiles_read_public_files(abrt_t) +miscfiles_dontaudit_access_check_cert(abrt_t) @@ -870,7 +870,7 @@ index eb50f07..def23ab 100644 ') optional_policy(` -@@ -222,6 +255,32 @@ optional_policy(` +@@ -222,6 +255,36 @@ optional_policy(` ') optional_policy(` @@ -886,6 +886,10 @@ index eb50f07..def23ab 100644 +') + +optional_policy(` ++ mta_send_mail(abrt_t) ++') ++ ++optional_policy(` + mcelog_read_log(abrt_t) +') + @@ -903,7 +907,7 @@ index eb50f07..def23ab 100644 policykit_domtrans_auth(abrt_t) policykit_read_lib(abrt_t) policykit_read_reload(abrt_t) -@@ -234,15 +293,22 @@ optional_policy(` +@@ -234,15 +297,22 @@ optional_policy(` ') optional_policy(` @@ -926,7 +930,7 @@ index eb50f07..def23ab 100644 optional_policy(` sendmail_domtrans(abrt_t) ') -@@ -253,9 +319,21 @@ optional_policy(` +@@ -253,9 +323,21 @@ optional_policy(` sosreport_delete_tmp_files(abrt_t) ') @@ -949,7 +953,7 @@ index eb50f07..def23ab 100644 # allow abrt_handle_event_t self:fifo_file rw_fifo_file_perms; -@@ -266,9 +344,13 @@ tunable_policy(`abrt_handle_event',` +@@ -266,9 +348,13 @@ tunable_policy(`abrt_handle_event',` can_exec(abrt_t, abrt_handle_event_exec_t) ') @@ -964,7 +968,7 @@ index eb50f07..def23ab 100644 # allow abrt_helper_t self:capability { chown setgid sys_nice }; -@@ -281,6 +363,7 @@ manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t) +@@ -281,6 +367,7 @@ manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t) manage_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t) manage_lnk_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t) files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir }) @@ -972,7 +976,7 @@ index eb50f07..def23ab 100644 read_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t) read_lnk_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t) -@@ -289,15 +372,20 @@ corecmd_read_all_executables(abrt_helper_t) +@@ -289,15 +376,20 @@ corecmd_read_all_executables(abrt_helper_t) domain_read_all_domains_state(abrt_helper_t) @@ -993,7 +997,7 @@ index eb50f07..def23ab 100644 userdom_dontaudit_read_user_home_content_files(abrt_helper_t) userdom_dontaudit_read_user_tmp_files(abrt_helper_t) dev_dontaudit_read_all_blk_files(abrt_helper_t) -@@ -305,11 +393,25 @@ ifdef(`hide_broken_symptoms',` +@@ -305,11 +397,25 @@ ifdef(`hide_broken_symptoms',` dev_dontaudit_write_all_chr_files(abrt_helper_t) dev_dontaudit_write_all_blk_files(abrt_helper_t) fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t) @@ -1020,7 +1024,7 @@ index eb50f07..def23ab 100644 # allow abrt_retrace_coredump_t self:fifo_file rw_fifo_file_perms; -@@ -327,10 +429,12 @@ corecmd_exec_shell(abrt_retrace_coredump_t) +@@ -327,10 +433,12 @@ corecmd_exec_shell(abrt_retrace_coredump_t) dev_read_urand(abrt_retrace_coredump_t) @@ -1034,7 +1038,7 @@ index eb50f07..def23ab 100644 optional_policy(` rpm_exec(abrt_retrace_coredump_t) rpm_dontaudit_manage_db(abrt_retrace_coredump_t) -@@ -343,10 +447,11 @@ optional_policy(` +@@ -343,10 +451,11 @@ optional_policy(` ####################################### # @@ -1048,7 +1052,7 @@ index eb50f07..def23ab 100644 allow abrt_retrace_worker_t self:fifo_file rw_fifo_file_perms; domtrans_pattern(abrt_retrace_worker_t, abrt_retrace_coredump_exec_t, abrt_retrace_coredump_t) -@@ -365,38 +470,80 @@ corecmd_exec_shell(abrt_retrace_worker_t) +@@ -365,38 +474,80 @@ corecmd_exec_shell(abrt_retrace_worker_t) dev_read_urand(abrt_retrace_worker_t) @@ -1133,7 +1137,7 @@ index eb50f07..def23ab 100644 ####################################### # -@@ -404,25 +551,60 @@ logging_read_generic_logs(abrt_dump_oops_t) +@@ -404,25 +555,60 @@ logging_read_generic_logs(abrt_dump_oops_t) # allow abrt_watch_log_t self:fifo_file rw_fifo_file_perms; @@ -1196,7 +1200,7 @@ index eb50f07..def23ab 100644 ') ####################################### -@@ -430,10 +612,7 @@ tunable_policy(`abrt_upload_watch_anon_write',` +@@ -430,10 +616,7 @@ tunable_policy(`abrt_upload_watch_anon_write',` # Global local policy # diff --git a/selinux-policy.spec b/selinux-policy.spec index 2eb887c..ed5d497 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 242%{?dist} +Release: 243%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -682,6 +682,9 @@ exit 0 %endif %changelog +* Thu Mar 02 2017 Lukas Vrabec - 3.13.1-243 +- Allow abrt_t to send mails. + * Mon Feb 27 2017 Lukas Vrabec - 3.13.1-242 - Add radius_use_jit boolean - Allow nfsd_t domain to create sysctls_rpc_t files