Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2021-07-12 01:24:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy" Mon Jul 12 01:24:43 2021 rev:14 rq:904732 version:20210419 Changes: -------- --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2021-05-23 23:30:31.508757088 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.2625/selinux-policy.changes 2021-07-12 01:24:55.789280564 +0200 @@ -1,0 +2,7 @@ +Tue Jul 6 13:55:19 UTC 2021 - Alberto Planas Dominguez <apla...@suse.com> + +- Add tabrmd SELinux modules from upstream (bsc#1187925) + https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux +- Automatic spec-cleaner to fix ordering and misaligned spaces + +------------------------------------------------------------------- New: ---- tabrmd.fc tabrmd.if tabrmd.te ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ selinux-policy.spec ++++++ --- /var/tmp/diff_new_pack.glBkRt/_old 2021-07-12 01:24:57.209269646 +0200 +++ /var/tmp/diff_new_pack.glBkRt/_new 2021-07-12 01:24:57.209269646 +0200 @@ -81,6 +81,9 @@ Source126: wicked.te Source127: wicked.if Source128: wicked.fc +Source129: tabrmd.te +Source130: tabrmd.if +Source131: tabrmd.fc Patch001: fix_djbdns.patch Patch002: fix_dbus.patch @@ -156,8 +159,8 @@ Recommends: selinux-tools # for audit2allow Recommends: python3-policycoreutils -Recommends: policycoreutils-python-utils Recommends: container-selinux +Recommends: policycoreutils-python-utils Recommends: selinux-autorelabel %define common_params DISTRO=%{distro} UBAC=%{ubac} DIRECT_INITRC=n MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 @@ -421,7 +424,7 @@ cp $i selinux_config done -for i in %{SOURCE120} %{SOURCE121} %{SOURCE122} %{SOURCE123} %{SOURCE124} %{SOURCE125} %{SOURCE126} %{SOURCE127} %{SOURCE128}; do +for i in %{SOURCE120} %{SOURCE121} %{SOURCE122} %{SOURCE123} %{SOURCE124} %{SOURCE125} %{SOURCE126} %{SOURCE127} %{SOURCE128} %{SOURCE129} %{SOURCE130} %{SOURCE131}; do cp $i policy/modules/contrib done ++++++ modules-targeted-base.conf ++++++ --- /var/tmp/diff_new_pack.glBkRt/_old 2021-07-12 01:24:57.533267155 +0200 +++ /var/tmp/diff_new_pack.glBkRt/_new 2021-07-12 01:24:57.537267125 +0200 @@ -412,3 +412,10 @@ # Policy for wicked # wicked = module + +# Layer: contrib +# Module: tabrmd +# +# Policy for tabrmd +# +tabrmd = module ++++++ tabrmd.fc ++++++ /usr/sbin/tpm2-abrmd -- gen_context(system_u:object_r:tabrmd_exec_t,s0) /usr/local/sbin/tpm2-abrmd -- gen_context(system_u:object_r:tabrmd_exec_t,s0) ++++++ tabrmd.te ++++++ policy_module(tabrmd, 0.0.2) ######################################## # # Declarations # gen_tunable(`tabrmd_connect_all_unreserved', false) type tabrmd_t; type tabrmd_exec_t; init_daemon_domain(tabrmd_t, tabrmd_exec_t) allow tabrmd_t self:unix_dgram_socket { create_socket_perms }; dev_rw_tpm(tabrmd_t) logging_send_syslog_msg(tabrmd_t) sysnet_dns_name_resolve(tabrmd_t) optional_policy(` dbus_stub() dbus_system_domain(tabrmd_t, tabrmd_exec_t) allow system_dbusd_t tabrmd_t:unix_stream_socket rw_stream_socket_perms; fwupd_dbus_chat(tabrmd_t) ') tunable_policy(`tabrmd_connect_all_unreserved',` corenet_tcp_connect_all_unreserved_ports(tabrmd_t) ')