commit selinux-policy for openSUSE:Factory

Thu, 29 Apr 2021 13:44:40 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2021-04-29 22:44:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.1947 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "selinux-policy"

Thu Apr 29 22:44:23 2021 rev:10 rq:888543 version:20210419

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2021-04-22 18:04:22.734544739 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1947/selinux-policy.changes  
2021-04-29 22:44:27.456283957 +0200
@@ -1,0 +2,13 @@
+Mon Apr 26 07:16:10 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added Recommends for selinux-autorelabel (bsc#1181837)
+- Prevent libreoffice fonts from changing types on every relabel 
+  (bsc#1185265). Added fix_libraries.patch
+
+-------------------------------------------------------------------
+Fri Apr 23 10:50:24 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Transition unconfined users to ldconfig type (bsc#1183121).
+  Extended fix_unconfineduser.patch
+
+-------------------------------------------------------------------

New:
----
  fix_libraries.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.xI9YDY/_old  2021-04-29 22:44:28.516279228 +0200
+++ /var/tmp/diff_new_pack.xI9YDY/_new  2021-04-29 22:44:28.520279210 +0200
@@ -128,6 +128,7 @@
 Patch047:       fix_rpm.patch
 Patch048:       fix_apache.patch
 Patch049:       fix_nis.patch
+Patch050:       fix_libraries.patch
 
 Patch100:       sedoctool.patch
 
@@ -154,6 +155,7 @@
 Recommends:     python3-policycoreutils
 Recommends:     policycoreutils-python-utils
 Recommends:     container-selinux
+Recommends:     selinux-autorelabel
 
 %define common_params DISTRO=%{distro} UBAC=%{ubac} DIRECT_INITRC=n 
MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024
 
@@ -432,6 +434,7 @@
 %patch047 -p1
 %patch048 -p1
 %patch049 -p1
+%patch050 -p1
 
 %patch100 -p1
 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \;

++++++ fix_libraries.patch ++++++
Index: fedora-policy-20210419/policy/modules/system/libraries.fc
===================================================================
--- fedora-policy-20210419.orig/policy/modules/system/libraries.fc
+++ fedora-policy-20210419/policy/modules/system/libraries.fc
@@ -124,6 +124,8 @@ ifdef(`distro_redhat',`
 
 /usr/(.*/)?lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* 
gen_context(system_u:object_r:ld_so_t,s0)
 
+/usr/lib/libreoffice/program/resource.* --     
gen_context(system_u:object_r:lib_t,s0)
+
 /usr/(.*/)?nvidia/.+\.so(\..*)?                --      
gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 /usr/lib/(sse2/)?libfame-.*\.so.*      --      
gen_context(system_u:object_r:textrel_shlib_t,s0)
++++++ fix_unconfineduser.patch ++++++
--- /var/tmp/diff_new_pack.xI9YDY/_old  2021-04-29 22:44:28.764278124 +0200
+++ /var/tmp/diff_new_pack.xI9YDY/_new  2021-04-29 22:44:28.764278124 +0200
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210309/policy/modules/roles/unconfineduser.te
+Index: fedora-policy-20210419/policy/modules/roles/unconfineduser.te
 ===================================================================
---- fedora-policy-20210309.orig/policy/modules/roles/unconfineduser.te
-+++ fedora-policy-20210309/policy/modules/roles/unconfineduser.te
+--- fedora-policy-20210419.orig/policy/modules/roles/unconfineduser.te
++++ fedora-policy-20210419/policy/modules/roles/unconfineduser.te
 @@ -124,6 +124,11 @@ tunable_policy(`unconfined_dyntrans_all'
      domain_dyntrans(unconfined_t)
  ')
@@ -44,3 +44,14 @@
                bluetooth_dbus_chat(unconfined_t)
        ')
  
+@@ -311,6 +332,10 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
++      libs_run_ldconfig(unconfined_t, unconfined_r)
++')
++
++optional_policy(`
+       firstboot_run(unconfined_t, unconfined_r)
+ ')
+

Reply via email to