Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2021-09-02 23:20:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy"
Thu Sep 2 23:20:08 2021 rev:17 rq:915717 version:20210716
Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2021-08-19 13:39:10.097414033 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1899/selinux-policy.changes
2021-09-02 23:20:15.676549478 +0200
@@ -1,0 +2,24 @@
+Thu Sep 2 08:45:24 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Modified fix_systemd.patch to allow systemd gpt generator access to
+ udev files (bsc#1189280)
+
+-------------------------------------------------------------------
+Fri Aug 27 13:07:54 UTC 2021 - Ales Kedroutek <ales.kedrou...@suse.com>
+
+- fix rebootmgr does not trigger the reboot properly (boo#1189878)
+ * fix managing /etc/rebootmgr.conf
+ * allow rebootmgr_t to cope with systemd and dbus messaging
+
+-------------------------------------------------------------------
+Thu Aug 26 07:37:05 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Properly label cockpit files
+- Allow wicked to communicate with network manager on DBUS (bsc#1188331)
+
+-------------------------------------------------------------------
+Mon Aug 23 15:43:28 UTC 2021 - Ales Kedroutek <ales.kedrou...@suse.com>
+
+- Added policy module for rebootmgr (jsc#SMO-28)
+
+-------------------------------------------------------------------
New:
----
rebootmgr.fc
rebootmgr.if
rebootmgr.te
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.jG0Dge/_old 2021-09-02 23:20:16.916551023 +0200
+++ /var/tmp/diff_new_pack.jG0Dge/_new 2021-09-02 23:20:16.920551028 +0200
@@ -81,6 +81,9 @@
Source126: wicked.te
Source127: wicked.if
Source128: wicked.fc
+Source129: rebootmgr.te
+Source130: rebootmgr.if
+Source131: rebootmgr.fc
Patch001: fix_djbdns.patch
Patch002: fix_dbus.patch
@@ -422,7 +425,7 @@
cp $i selinux_config
done
-for i in %{SOURCE120} %{SOURCE121} %{SOURCE122} %{SOURCE123} %{SOURCE124}
%{SOURCE125} %{SOURCE126} %{SOURCE127} %{SOURCE128}; do
+for i in %{SOURCE120} %{SOURCE121} %{SOURCE122} %{SOURCE123} %{SOURCE124}
%{SOURCE125} %{SOURCE126} %{SOURCE127} %{SOURCE128} %{SOURCE129} %{SOURCE130}
%{SOURCE131}; do
cp $i policy/modules/contrib
done
++++++ fix_cockpit.patch ++++++
--- /var/tmp/diff_new_pack.jG0Dge/_old 2021-09-02 23:20:17.064551208 +0200
+++ /var/tmp/diff_new_pack.jG0Dge/_new 2021-09-02 23:20:17.064551208 +0200
@@ -9,10 +9,10 @@
policy/modules/contrib/cockpit.te | 2 ++
1 file changed, 2 insertions(+)
-Index: fedora-policy-20210628/policy/modules/contrib/cockpit.te
+Index: fedora-policy-20210716/policy/modules/contrib/cockpit.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/contrib/cockpit.te
-+++ fedora-policy-20210628/policy/modules/contrib/cockpit.te
+--- fedora-policy-20210716.orig/policy/modules/contrib/cockpit.te
++++ fedora-policy-20210716/policy/modules/contrib/cockpit.te
@@ -51,7 +51,9 @@ can_exec(cockpit_ws_t,cockpit_session_ex
dev_read_urand(cockpit_ws_t) # for authkey
dev_read_rand(cockpit_ws_t) # for libssh
@@ -23,3 +23,25 @@
# cockpit-ws can connect to other hosts via ssh
corenet_tcp_connect_ssh_port(cockpit_ws_t)
+Index: fedora-policy-20210716/policy/modules/contrib/cockpit.fc
+===================================================================
+--- fedora-policy-20210716.orig/policy/modules/contrib/cockpit.fc
++++ fedora-policy-20210716/policy/modules/contrib/cockpit.fc
+@@ -3,12 +3,12 @@
+ /usr/lib/systemd/system/cockpit.* --
gen_context(system_u:object_r:cockpit_unit_file_t,s0)
+ /etc/systemd/system/cockpit.* --
gen_context(system_u:object_r:cockpit_unit_file_t,s0)
+
+-/usr/libexec/cockpit-ws --
gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+-/usr/libexec/cockpit-tls --
gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+-/usr/libexec/cockpit-wsinstance-factory --
gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
++/usr/lib(exec)?/cockpit-ws --
gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
++/usr/lib(exec)?/cockpit-tls --
gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
++/usr/lib(exec)?/cockpit-wsinstance-factory --
gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+
+-/usr/libexec/cockpit-session --
gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+-/usr/libexec/cockpit-ssh --
gen_context(system_u:object_r:cockpit_session_exec_t,s0)
++/usr/lib(exec)?/cockpit-session --
gen_context(system_u:object_r:cockpit_session_exec_t,s0)
++/usr/lib(exec)?/cockpit-ssh --
gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+
+ /usr/share/cockpit/motd/update-motd --
gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+
++++++ fix_systemd.patch ++++++
--- /var/tmp/diff_new_pack.jG0Dge/_old 2021-09-02 23:20:17.152551318 +0200
+++ /var/tmp/diff_new_pack.jG0Dge/_new 2021-09-02 23:20:17.156551322 +0200
@@ -1,8 +1,8 @@
-Index: fedora-policy-20210628/policy/modules/system/systemd.te
+Index: fedora-policy-20210716/policy/modules/system/systemd.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20210628/policy/modules/system/systemd.te
-@@ -347,6 +347,10 @@ userdom_manage_user_tmp_chr_files(system
+--- fedora-policy-20210716.orig/policy/modules/system/systemd.te
++++ fedora-policy-20210716/policy/modules/system/systemd.te
+@@ -352,6 +352,10 @@ userdom_manage_user_tmp_chr_files(system
xserver_dbus_chat(systemd_logind_t)
optional_policy(`
@@ -13,7 +13,7 @@
apache_read_tmp_files(systemd_logind_t)
')
-@@ -854,6 +858,10 @@ optional_policy(`
+@@ -859,6 +863,10 @@ optional_policy(`
udev_read_pid_files(systemd_hostnamed_t)
')
@@ -24,3 +24,12 @@
#######################################
#
# rfkill policy
+@@ -1097,6 +1105,8 @@ systemd_unit_file_filetrans(systemd_gpt_
+ systemd_create_unit_file_dirs(systemd_gpt_generator_t)
+ systemd_create_unit_file_lnk(systemd_gpt_generator_t)
+
++udev_read_pid_files(systemd_gpt_generator_t)
++
+ #######################################
+ #
+ # systemd_resolved domain
++++++ modules-minimum-base.conf ++++++
--- /var/tmp/diff_new_pack.jG0Dge/_old 2021-09-02 23:20:17.212551392 +0200
+++ /var/tmp/diff_new_pack.jG0Dge/_new 2021-09-02 23:20:17.212551392 +0200
@@ -412,4 +412,3 @@
# Name service cache daemon
#
nscd = module
-
++++++ modules-targeted-base.conf ++++++
--- /var/tmp/diff_new_pack.jG0Dge/_old 2021-09-02 23:20:17.304551507 +0200
+++ /var/tmp/diff_new_pack.jG0Dge/_new 2021-09-02 23:20:17.304551507 +0200
@@ -412,3 +412,10 @@
# Policy for wicked
#
wicked = module
+
+# Layer: system
+# Module: rebootmgr
+#
+# Policy for rebootmgr
+#
+rebootmgr = module
++++++ rebootmgr.fc ++++++
/usr/sbin/rebootmgrd --
gen_context(system_u:object_r:rebootmgr_exec_t,s0)
++++++ rebootmgr.if ++++++
## <summary>policy for rebootmgr</summary>
########################################
## <summary>
## Execute rebootmgr_exec_t in the rebootmgr domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`rebootmgr_domtrans',`
gen_require(`
type rebootmgr_t, rebootmgr_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, rebootmgr_exec_t, rebootmgr_t)
')
######################################
## <summary>
## Execute rebootmgr in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rebootmgr_exec',`
gen_require(`
type rebootmgr_exec_t;
')
corecmd_search_bin($1)
can_exec($1, rebootmgr_exec_t)
')
########################################
## <summary>
## Send and receive messages from
## rebootmgr over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rebootmgr_dbus_chat',`
gen_require(`
type rebootmgr_t;
class dbus send_msg;
')
allow $1 rebootmgr_t:dbus send_msg;
allow rebootmgr_t $1:dbus send_msg;
')
++++++ rebootmgr.te ++++++
policy_module(rebootmgr, 1.0.0)
########################################
#
# Declarations
#
type rebootmgr_t;
type rebootmgr_exec_t;
init_daemon_domain(rebootmgr_t, rebootmgr_exec_t)
########################################
#
# rebootmgr local policy
#
allow rebootmgr_t self:process { fork };
allow rebootmgr_t self:fifo_file rw_fifo_file_perms;
allow rebootmgr_t self:unix_stream_socket create_stream_socket_perms;
domain_use_interactive_fds(rebootmgr_t)
files_manage_etc_files(rebootmgr_t)
logging_send_syslog_msg(rebootmgr_t)
miscfiles_read_localization(rebootmgr_t)
systemd_start_power_services(rebootmgr_t)
systemd_dbus_chat_logind(rebootmgr_t)
unconfined_dbus_chat(rebootmgr_t)
optional_policy(`
dbus_system_bus_client(rebootmgr_t)
dbus_connect_system_bus(rebootmgr_t)
')
++++++ wicked.te ++++++
--- /var/tmp/diff_new_pack.jG0Dge/_old 2021-09-02 23:20:17.616551896 +0200
+++ /var/tmp/diff_new_pack.jG0Dge/_new 2021-09-02 23:20:17.616551896 +0200
@@ -494,6 +494,10 @@
virt_dbus_chat(wicked_t)
')
+optional_policy(`
+ networkmanager_dbus_chat(wicked_t)
+')
+
#tunable_policy(`use_ecryptfs_home_dirs',`
#fs_manage_ecryptfs_files(wicked_t)
#')
