Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2021-05-20 19:24:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy" Thu May 20 19:24:24 2021 rev:12 rq:893917 version:20210419 Changes: -------- --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2021-05-07 16:45:35.296317894 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.2988/selinux-policy.changes 2021-05-20 19:24:38.902043876 +0200 @@ -1,0 +2,6 @@ +Wed Apr 28 15:18:37 UTC 2021 - Ludwig Nussel <lnus...@suse.de> + +- allow cockpit socket to bind nodes (fix_cockpit.patch) +- use %autosetup to get rid of endless patch lines + +------------------------------------------------------------------- New: ---- fix_cockpit.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ selinux-policy.spec ++++++ --- /var/tmp/diff_new_pack.qxxT03/_old 2021-05-20 19:24:39.926039676 +0200 +++ /var/tmp/diff_new_pack.qxxT03/_new 2021-05-20 19:24:39.930039659 +0200 @@ -129,6 +129,8 @@ Patch049: fix_nis.patch Patch050: fix_libraries.patch Patch051: fix_dovecot.patch +# https://github.com/cockpit-project/cockpit/pull/15758 +Patch052: fix_cockpit.patch Patch100: sedoctool.patch @@ -386,58 +388,7 @@ exit 0 %prep -%setup -n fedora-policy-%{version} -%patch001 -p1 -%patch002 -p1 -%patch003 -p1 -%patch004 -p1 -%patch005 -p1 -%patch006 -p1 -%patch007 -p1 -%patch008 -p1 -%patch009 -p1 -%patch010 -p1 -%patch011 -p1 -%patch012 -p1 -%patch013 -p1 -%patch014 -p1 -%patch016 -p1 -%patch017 -p1 -%patch018 -p1 -%patch019 -p1 -%patch020 -p1 -%patch021 -p1 -%patch022 -p1 -%patch024 -p1 -%patch025 -p1 -%patch026 -p1 -%patch027 -p1 -%patch028 -p1 -%patch029 -p1 -%patch030 -p1 -#% patch031 -p1 -%patch032 -p1 -%patch033 -p1 -%patch034 -p1 -%patch035 -p1 -%patch036 -p1 -%patch037 -p1 -%patch038 -p1 -%patch039 -p1 -%patch040 -p1 -%patch041 -p1 -%patch042 -p1 -#% patch043 -p1 -%patch044 -p1 -%patch045 -p1 -%patch046 -p1 -%patch047 -p1 -%patch048 -p1 -%patch049 -p1 -%patch050 -p1 -%patch051 -p1 - -%patch100 -p1 +%autosetup -n fedora-policy-%{version} -p1 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \; %build ++++++ fix_cockpit.patch ++++++ >From d63e6cf43bfe32d53b371b6920d4c09431647ddd Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Wed, 28 Apr 2021 17:09:49 +0200 Subject: [PATCH] cockpit: allow cockpit socket to bind nodes Looks like this setting is implicit with kerberos enabled. cockpit.socket fails to start if kerberos_enabled=false --- policy/modules/contrib/cockpit.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/contrib/cockpit.te b/policy/modules/contrib/cockpit.te index a160ca6b6..5984711fa 100644 --- a/policy/modules/contrib/cockpit.te +++ b/policy/modules/contrib/cockpit.te @@ -52,7 +52,9 @@ can_exec(cockpit_ws_t,cockpit_session_exec_t) dev_read_urand(cockpit_ws_t) # for authkey dev_read_rand(cockpit_ws_t) # for libssh +# cockpit-ws allows connections on websm port corenet_tcp_bind_websm_port(cockpit_ws_t) +corenet_tcp_bind_generic_node(cockpit_ws_t) # cockpit-ws can connect to other hosts via ssh corenet_tcp_connect_ssh_port(cockpit_ws_t) -- 2.26.2