diff --git a/selinux-policy.spec b/selinux-policy.spec index 766641b..ae414eb 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,11 +1,11 @@ # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 35f00c192427aff18892b9f1f150ee35b885f84a +%global commit0 5181cbd448c7aea433aad45675befadda96002e2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 2664b0adafc3a35769ae5294cf9ecdf3fda47e1a +%global commit1 992defd63683a26684dbbca3e4d1d652cd340f00 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -29,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 18%{?dist} +Release: 19%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -706,6 +706,20 @@ exit 0 %endif %changelog +* Tue Jan 29 2019 Lukas Vrabec - 3.14.3-19 +- Add new xdp_socket class +- Update dbus_role_template interface to allow userdomains to accept data from userdomain dbus domains +- Allow boltd_t domain to read cache_home_t files BZ(1669911) +- Allow winbind_t domain to check for existence of processes labeled as systemd_hostnamed_t BZ(1669912) +- Allow gpg_agent_t to create own tmpfs dirs and sockets +- Allow openvpn_t domain to manage vpnc pidfiles BZ(1667572) +- Add multiple interfaces for vpnc interface file +- Label /var/run/fcgiwrap dir as httpd_var_run_t BZ(1655702) +- In MongoDB 3.4.16, 3.6.6, 4.0.0 and later, mongod reads netstat info from proc and stores it in its diagnostic system (FTDC). See: https://jira.mongodb.org/browse/SERVER-31400 This means that we need to adjust the policy so that the mongod process is allowed to open and read /proc/net/netstat, which typically has symlinks (e.g. /proc/net/snmp). +- Allow gssd_t domain to manage kernel keyrings of every domain. +- Revert "Allow gssd_t domain to read/write kernel keyrings of every domain." +- Allow plymouthd_t search efivarfs directory BZ(1664143) + * Tue Jan 15 2019 Lukas Vrabec - 3.14.3-18 - Allow plymouthd_t search efivarfs directory BZ(1664143) - Allow arpwatch send e-mail notifications BZ(1657327) diff --git a/sources b/sources index 1d382b8..def2f73 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (selinux-policy-contrib-2664b0a.tar.gz) = 2365ccf4220f12a123d09b5c00fc4c6c0cde9f724d3907e37b1f11ad15dcd7aff5ac3322d3196148e67fcd77208fddca662de140d7980bcf74db84693e61fc81 -SHA512 (selinux-policy-35f00c1.tar.gz) = 78aaa591881139fbd6a23670b039a489c33199366e42b4a1f47b8853c162c90b0cd2b2c399463ffcdf266ac526ca78a1232cbe411e31741fdf5336cdd9ca1f6b -SHA512 (container-selinux.tgz) = 045eefcf7226eea45a19cbfab64bdab4588bf7ac3ee4ff8d62084f12d813b8c4437d33da48288a44912a88ec2f7af90c00fbbaf50dd8fbed50f883b696b615fd +SHA512 (selinux-policy-5181cbd.tar.gz) = e9b3310fcd57e83789d9a052bf9b9ed3ba30298712c0eb20689d2a172ce6eff89f17eba11a7c7fb1b0eda3ef11ac76d7c6cd6b85c88618e973d4e114d8d56d1f +SHA512 (selinux-policy-contrib-992defd.tar.gz) = e5e487dc051183af132e5a009f4dfb1daee222106301ada9de952f43cee2eb4eba07bb2294229f15f176e5f59d267b5b132899ad838fe135355735c7a687a1f9 +SHA512 (container-selinux.tgz) = 563741e82819ea25bc67150a6ce8e1f5a6a16725648c4ab4dcabe03bc3725f088640ad2a7df610c42dbf2477d5bf4039f73c01ba9b8d118576448153192c766d