Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2025-03-13 15:04:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.19136 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy"
Thu Mar 13 15:04:41 2025 rev:105 rq:1252431 version:20250312
Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2025-03-11 20:44:18.331657742 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.19136/selinux-policy.changes
2025-03-13 15:04:50.286784107 +0100
@@ -1,0 +2,9 @@
+Wed Mar 12 08:31:17 UTC 2025 - cathy...@suse.com
+
+- Update to version 20250312:
+ * Label wine's windows libraries as textrel_shlib_t (bsc#1239317)
+ * Allow auth_use_pam to create /var/lib/wtmpdb (bsc#1237513)
+ * initial labeling for Hana systems
+ * allow ping to bind generic UDP nodes
+
+-------------------------------------------------------------------
Old:
----
selinux-policy-20250307.tar.xz
New:
----
selinux-policy-20250312.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.YmO6UM/_old 2025-03-13 15:04:50.902809921 +0100
+++ /var/tmp/diff_new_pack.YmO6UM/_new 2025-03-13 15:04:50.902809921 +0100
@@ -36,7 +36,7 @@
License: GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version: 20250307
+Version: 20250312
Release: 0
Source0: %{name}-%{version}.tar.xz
Source1: container.fc
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.YmO6UM/_old 2025-03-13 15:04:50.974812938 +0100
+++ /var/tmp/diff_new_pack.YmO6UM/_new 2025-03-13 15:04:50.978813106 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
- <param
name="changesrevision">8697a2379aac4bcf05ee10939d64238e10c4e4b9</param></service></servicedata>
+ <param
name="changesrevision">99cf931c4d3c525d9c63784e4674b4058d1baaaa</param></service></servicedata>
(No newline at EOF)
++++++ selinux-policy-20250307.tar.xz -> selinux-policy-20250312.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20250307/policy/modules/admin/netutils.te
new/selinux-policy-20250312/policy/modules/admin/netutils.te
--- old/selinux-policy-20250307/policy/modules/admin/netutils.te
2025-03-07 15:27:15.000000000 +0100
+++ new/selinux-policy-20250312/policy/modules/admin/netutils.te
2025-03-12 11:44:12.000000000 +0100
@@ -150,6 +150,7 @@
corenet_raw_bind_generic_node(ping_t)
corenet_tcp_sendrecv_all_ports(ping_t)
corenet_icmp_bind_generic_node(ping_t)
+corenet_udp_bind_generic_node(ping_t)
fs_dontaudit_getattr_xattr_fs(ping_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20250307/policy/modules/contrib/sap.fc
new/selinux-policy-20250312/policy/modules/contrib/sap.fc
--- old/selinux-policy-20250307/policy/modules/contrib/sap.fc 2025-03-07
15:27:15.000000000 +0100
+++ new/selinux-policy-20250312/policy/modules/contrib/sap.fc 2025-03-12
11:44:12.000000000 +0100
@@ -18,3 +18,264 @@
### work data
#/hana/data/H66(/.*)? gen_context(system_u:object_r:sap_var_lib_t,s0)
+/hana(/.*)? gen_context(system_u:object_r:usr_t,s0)
+/hana(/.*)?/.+\.so(\..*)? gen_context(system_u:object_r:lib_t,s0)
+/hana(/.*)?/cleanipc
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/fsperf
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/handlessfs
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbbackupcheck
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbbackupcheckpack
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbbackupdiag
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbbackupdiagpack
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbcompileserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbcomputeserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbcons
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbdaemon
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbdiserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbdocstore
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbdpserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbeuspack
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbgstack
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbindexserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbkeystore
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbllangc
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdblogdiag
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbltracediag
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbmdcutil
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbnameserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbnsutil
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbodbc_cons
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbpersdiag
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbpreprocessor
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbrss
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbrsutil
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbscriptserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbsdautil
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbsql
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbsqldbc_cons
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbsqlmigratorcli
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbsrvutil
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbstatisticsserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbuserstore
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbwebdispatcher
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbwlanalyzer
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbwlarchiver
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbwlpreprocessor
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbwlreplayer
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbwlviewer
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/hdbxsengine
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/icmbnd.new
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/ldappasswd
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/ldapreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/regi
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/rsecssfx
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/SAPCAR
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sapcontrol
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sapcpe
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sapgenpse
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sappfpar
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sapstart
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sapstartsrv
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sapuxuserchk
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/sldreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/hana(/.*)?/wdispmon
gen_context(system_u:object_r:sap_exec_t,s0)
+
+## SLCS tests
+/usr/sap/hostctrl/exe/sapstartsrv
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/saphostctrl
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapcontrol
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/lssap
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapdsigner
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/saphostv
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/hostexecstart
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapuxuserchk
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapuxusergetrtinfo
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/saposcol
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapacosprep
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/ldapreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/ldappasswd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sldreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapdbctrl
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapcimb
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/convertoscolfilter
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapcimc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/http.monitor
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/SAPCAR
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sapinit
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/installsapinit.sh
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/saphostexec
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/hostctrl/exe/sldreglib.so
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/R3check
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/R3ta
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/R3trans
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/SAPCAR
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ccmsping
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/cleanipc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/dipgntab
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/disp+work
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/dpmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/eg2mon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/em2mon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/emmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enq_admin
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enq_server
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enqt
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enrepserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ensmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/es2mon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/esmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/estst
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/evtd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/getsapversion
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/gwmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/gwrd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/icman
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/icmbnd.new
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/icmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ipclimits
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jcmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jcontrol
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/unpack200
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/rmid
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/keytool
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/rmiregistry
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/tnameserv
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/java
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/servertool
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/orbd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/jre/bin/pack200
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/unpack200
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/jar
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/extcheck
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/rmid
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/keytool
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/javac
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/rmiregistry
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/native2ascii
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/tnameserv
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/java
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/servertool
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/serialver
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/orbd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/jarsigner
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/javadoc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/pack200
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/javap
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/rmic
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/idlj
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/apt
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/jdb
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jkit/bin/javah
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jlaunch
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jsmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/jstart
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/krnlreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ldap_rfc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ldappasswd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ldapreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/lgtst
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/libinfo
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/mdxsvr
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/memlimits
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msclients
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msg_server
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msprot
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/niping
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rfcexec
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rscpf_db
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rsecssfx
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rslglscs
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rslgview
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rstrcscs
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rstrfile
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rstrlscs
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/rstrsscs
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapccm4x
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapccmsr
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapcontrol
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapcpe
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapevt
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapevt_rfc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapexec
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapftp
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/saphttp
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapiconv
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapkprotp
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/saplicense
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/saplikey
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapmscsa
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapparar
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sappfpar
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/saproot.sh
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/saprouter
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapstack
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapstart
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapstartsrv
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapsysinfo.sh
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapuxuserchk
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapwebdisp
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapxpg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/semd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/shmd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/showipc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sldreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ssfpkicheck
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/startrfc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/startsap
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/stopsap
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/tp
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/vmcexttimer
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/vscan_rfc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/wdispmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/R3ldctl
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/R3load
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/R3szchk
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/db4cncl
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapdbmrfc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/setdb4pwd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/igsmux_mt
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/igspw_mt
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/igswd_mt
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?hdbclient/scripts/hdbkeystore
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?hdbclient/scripts/hdbsql
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?hdbclient/rtt.sh
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?hdbclient/hdbalm
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?hdbclient/hdbalm.py
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?hdbclient/hdbclienv.sh
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/SAPCAR
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/cleanipc
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enq_admin
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enq_server
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enqt
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enrepserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/enserver
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ensmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/esmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/gwmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/gwrd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/icmbnd.new
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/krnlreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ldappasswd
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/ldapreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/lgtst
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msclients
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msg_server
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/msprot
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/niping
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapccmsr
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapcontrol
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapcpe
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapmscsa
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sappfpar
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/saprouter
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapstack
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapstart
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapstartsrv
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapuxuserchk
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sapwebdisp
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/sldreg
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap(/.*)?/exe/wdispmon
gen_context(system_u:object_r:sap_exec_t,s0)
+/usr/sap/sapservices.*
gen_context(system_u:object_r:sap_exec_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20250307/policy/modules/contrib/sap.te
new/selinux-policy-20250312/policy/modules/contrib/sap.te
--- old/selinux-policy-20250307/policy/modules/contrib/sap.te 2025-03-07
15:27:15.000000000 +0100
+++ new/selinux-policy-20250312/policy/modules/contrib/sap.te 2025-03-12
11:44:12.000000000 +0100
@@ -11,6 +11,8 @@
#manage_files_pattern(sap_unconfined_t, sap_tmp_t, sap_tmp_t)
#files_tmp_filetrans(sap_unconfined_t, sap_tmp_t, { dir file })
+libs_legacy_use_shared_libs(sap_unconfined_t)
+
optional_policy(`
unconfined_domain(sap_unconfined_t)
')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20250307/policy/modules/system/authlogin.if
new/selinux-policy-20250312/policy/modules/system/authlogin.if
--- old/selinux-policy-20250307/policy/modules/system/authlogin.if
2025-03-07 15:27:15.000000000 +0100
+++ new/selinux-policy-20250312/policy/modules/system/authlogin.if
2025-03-12 11:44:12.000000000 +0100
@@ -58,6 +58,8 @@
auth_dontaudit_read_shadow($1)
auth_read_login_records($1)
auth_append_login_records($1)
+ # fallback if wtmpdbd is not running
+ auth_create_wtmpdb($1)
auth_rw_wtmpdb_login_records($1)
auth_rw_lastlog($1)
auth_create_lastlog($1)
@@ -2085,6 +2087,27 @@
')
########################################
+## <summary>
+## Create wtmpdb directory and files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`auth_create_wtmpdb',`
+ gen_require(`
+ type wtmpdb_t;
+ ')
+
+ allow $1 wtmpdb_t:dir create_dir_perms;
+ allow $1 wtmpdb_t:file create_file_perms;
+ files_var_lib_filetrans($1, wtmpdb_t, dir, "wtmpdb")
+ files_var_lib_filetrans($1, wtmpdb_t, file, "wtmp.db")
+')
+
+########################################
## <summary>
## Use wtmpdbd varlink sockets.
## </summary>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20250307/policy/modules/system/libraries.fc
new/selinux-policy-20250312/policy/modules/system/libraries.fc
--- old/selinux-policy-20250307/policy/modules/system/libraries.fc
2025-03-07 15:27:15.000000000 +0100
+++ new/selinux-policy-20250312/policy/modules/system/libraries.fc
2025-03-12 11:44:12.000000000 +0100
@@ -168,7 +168,7 @@
/usr/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
/usr/lib/wine/.+\.so --
gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/wine/*-windows/* --
gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/wine/.+-windows/.+ --
gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libXcomp\.so.* --
gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* --
gen_context(system_u:object_r:textrel_shlib_t,s0)
