Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2024-08-07 06:09:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy"
Wed Aug 7 06:09:59 2024 rev:68 rq:1191606 version:20240802
Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2024-08-01 22:04:12.839933601 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.7232/selinux-policy.changes
2024-08-07 06:10:20.058146349 +0200
@@ -1,0 +2,13 @@
+Fri Aug 02 13:27:55 UTC 2024 - cathy...@suse.com
+
+- Update to version 20240802:
+ * Dontaudit search of snapper grub plugin to nscd socket (bsc#1228745)
+
+-------------------------------------------------------------------
+Wed Jul 31 16:18:29 UTC 2024 - cathy...@suse.com
+
+- Update to version 20240731:
+ * Initial policy for ibft-rule-generator (bsc#1228402)
+ * Initial policy for systemd-status-mail (bsc#1228402)
+
+-------------------------------------------------------------------
Old:
----
selinux-policy-20240731.tar.xz
New:
----
selinux-policy-20240802.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.JlQsCl/_old 2024-08-07 06:10:21.850220977 +0200
+++ /var/tmp/diff_new_pack.JlQsCl/_new 2024-08-07 06:10:21.854221144 +0200
@@ -33,7 +33,7 @@
License: GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version: 20240731
+Version: 20240802
Release: 0
Source0: %{name}-%{version}.tar.xz
Source1: container.fc
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.JlQsCl/_old 2024-08-07 06:10:21.946224976 +0200
+++ /var/tmp/diff_new_pack.JlQsCl/_new 2024-08-07 06:10:21.950225142 +0200
@@ -1,7 +1,7 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
- <param
name="changesrevision">f32adf1c9ddc152eb7464c895f110c153bd7901a</param></service><service
name="tar_scm">
+ <param
name="changesrevision">0c7e4148b56766f81029d6232b7b2533afa2b719</param></service><service
name="tar_scm">
<param
name="url">https://github.com/containers/container-selinux.git</param>
<param
name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service><service
name="tar_scm">
<param
name="url">https://gitlab.suse.de/jsegitz/selinux-policy.git</param>
++++++ selinux-policy-20240731.tar.xz -> selinux-policy-20240802.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20240731/policy/modules/contrib/snapper.te
new/selinux-policy-20240802/policy/modules/contrib/snapper.te
--- old/selinux-policy-20240731/policy/modules/contrib/snapper.te
2024-07-31 13:30:12.000000000 +0200
+++ new/selinux-policy-20240802/policy/modules/contrib/snapper.te
2024-08-02 15:27:26.000000000 +0200
@@ -135,4 +135,5 @@
optional_policy(`
auth_dontaudit_read_passwd_file(snapper_grub_plugin_t)
+ nscd_dontaudit_search_pid(snapper_grub_plugin_t)
')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20240731/policy/modules/system/systemd.fc
new/selinux-policy-20240802/policy/modules/system/systemd.fc
--- old/selinux-policy-20240731/policy/modules/system/systemd.fc
2024-07-31 13:30:12.000000000 +0200
+++ new/selinux-policy-20240802/policy/modules/system/systemd.fc
2024-08-02 15:27:26.000000000 +0200
@@ -77,6 +77,7 @@
/usr/lib/systemd/systemd-network-generator --
gen_context(system_u:object_r:systemd_network_generator_exec_t,s0)
/usr/lib/systemd/system-generators/growpart-generator.sh --
gen_context(system_u:object_r:systemd_growpart_generator_exec_t,s0)
+/usr/lib/systemd/system-generators/ibft-rule-generator --
gen_context(system_u:object_r:systemd_ibft_rule_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-bless-boot-generator --
gen_context(system_u:object_r:systemd_bless_boot_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-cryptsetup-generator --
gen_context(system_u:object_r:systemd_cryptsetup_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-debug-generator --
gen_context(system_u:object_r:systemd_debug_generator_exec_t,s0)
@@ -85,6 +86,7 @@
/usr/lib/systemd/system-generators/systemd-gpt-auto-generator --
gen_context(system_u:object_r:systemd_gpt_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-rc-local-generator --
gen_context(system_u:object_r:systemd_rc_local_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-ssh-generator --
gen_context(system_u:object_r:systemd_ssh_generator_exec_t,s0)
+/usr/lib/systemd/system-generators/status-mail-generator.sh --
gen_context(system_u:object_r:systemd_status_mail_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-sysv-generator --
gen_context(system_u:object_r:systemd_sysv_generator_exec_t,s0)
/usr/lib/systemd/system-generators/systemd-tpm2-generator --
gen_context(system_u:object_r:systemd_tpm2_generator_exec_t,s0)
/usr/lib/systemd/system-generators/zram-generator --
gen_context(system_u:object_r:systemd_zram_generator_exec_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20240731/policy/modules/system/systemd.te
new/selinux-policy-20240802/policy/modules/system/systemd.te
--- old/selinux-policy-20240731/policy/modules/system/systemd.te
2024-07-31 13:30:12.000000000 +0200
+++ new/selinux-policy-20240802/policy/modules/system/systemd.te
2024-08-02 15:27:26.000000000 +0200
@@ -207,8 +207,12 @@
systemd_generator_template(systemd_gpt_generator)
# growpart-generator
systemd_generator_template(systemd_growpart_generator)
+# ibft-rule-generator
+systemd_generator_template(systemd_ibft_rule_generator)
# rc-local-generator
systemd_generator_template(systemd_rc_local_generator)
+# systemd-status-mail
+systemd_generator_template(systemd_status_mail_generator)
# ssh-generator
systemd_generator_template(systemd_ssh_generator)
# sysv-generator
@@ -1370,9 +1374,30 @@
permissive systemd_growpart_generator_t;
+### ibft-rule-generator (from open-iscsi package)
+corecmd_exec_bin(systemd_ibft_rule_generator_t)
+udev_manage_rules_files(systemd_ibft_rule_generator_t)
+
+optional_policy(`
+ # ignore #!/bin/bash reading passwd file
+ auth_dontaudit_read_passwd_file(systemd_ibft_rule_generator_t)
+')
+
+permissive systemd_ibft_rule_generator_t;
+
### systemd rc_local generator
init_exec_script_files(systemd_rc_local_generator_t)
+### status-mail generator (from os-update package)
+corecmd_exec_bin(systemd_status_mail_generator_t)
+
+optional_policy(`
+ # ignore #!/bin/bash reading passwd file
+ auth_dontaudit_read_passwd_file(systemd_status_mail_generator_t)
+')
+
+permissive systemd_status_mail_generator_t;
+
### ssh generator
allow systemd_ssh_generator_t self:vsock_socket create;
allow systemd_ssh_generator_t vsock_device_t:chr_file { read_chr_file_perms };
