Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2021-11-15 15:26:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy"
Mon Nov 15 15:26:00 2021 rev:20 rq:930935 version:20211111
Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2021-10-30 23:14:33.699095299 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1890/selinux-policy.changes
2021-11-15 15:27:30.713842175 +0100
@@ -1,0 +2,19 @@
+Thu Nov 11 14:21:47 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Update to version 20211111. Refreshed:
+ * fix_dbus.patch
+ * fix_systemd.patch
+ * fix_authlogin.patch
+ * fix_auditd.patch
+ * fix_kernel_sysctl.patch
+ * fix_networkmanager.patch
+ * fix_chronyd.patch
+ * fix_unconfineduser.patch
+ * fix_unconfined.patch
+ * fix_firewalld.patch
+ * fix_init.patch
+ * fix_xserver.patch
+ * fix_logging.patch
+ * fix_hadoop.patch
+
+-------------------------------------------------------------------
Old:
----
fedora-policy-20210716.tar.bz2
New:
----
fedora-policy-20211111.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:32.197842591 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:32.201842592 +0100
@@ -33,7 +33,7 @@
License: GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version: 20210716
+Version: 20211111
Release: 0
Source: fedora-policy-%{version}.tar.bz2
Source1: selinux-policy-rpmlintrc
++++++ fedora-policy-20210716.tar.bz2 -> fedora-policy-20211111.tar.bz2 ++++++
++++ 2901 lines of diff (skipped)
++++++ fix_auditd.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.125842851 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.125842851 +0100
@@ -1,6 +1,8 @@
---- a/policy/modules/system/logging.if
-+++ b/policy/modules/system/logging.if
-@@ -430,6 +430,7 @@ interface(`logging_manage_audit_config',
+Index: fedora-policy-20211111/policy/modules/system/logging.if
+===================================================================
+--- fedora-policy-20211111.orig/policy/modules/system/logging.if
++++ fedora-policy-20211111/policy/modules/system/logging.if
+@@ -431,6 +431,7 @@ interface(`logging_manage_audit_config',
files_search_etc($1)
manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
++++++ fix_authlogin.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.133842853 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.133842853 +0100
@@ -1,10 +1,10 @@
-Index: fedora-policy/policy/modules/system/authlogin.fc
+Index: fedora-policy-20211111/policy/modules/system/authlogin.fc
===================================================================
---- fedora-policy.orig/policy/modules/system/authlogin.fc
-+++ fedora-policy/policy/modules/system/authlogin.fc
-@@ -49,6 +49,7 @@ ifdef(`distro_gentoo', `
- /usr/sbin/validate -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
-
+--- fedora-policy-20211111.orig/policy/modules/system/authlogin.fc
++++ fedora-policy-20211111/policy/modules/system/authlogin.fc
+@@ -56,6 +56,7 @@ ifdef(`distro_gentoo', `
+ /usr/libexec/chkpwd/tcb_chkpwd --
gen_context(system_u:object_r:chkpwd_exec_t,s0)
+ /usr/libexec/chkpwd/tcb_updpwd --
gen_context(system_u:object_r:updpwd_exec_t,s0)
/usr/libexec/utempter/utempter --
gen_context(system_u:object_r:utempter_exec_t,s0)
+/usr/lib/utempter/utempter --
gen_context(system_u:object_r:utempter_exec_t,s0)
++++++ fix_chronyd.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.145842856 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.145842856 +0100
@@ -1,8 +1,8 @@
-Index: fedora-policy-20210309/policy/modules/contrib/chronyd.te
+Index: fedora-policy-20211111/policy/modules/contrib/chronyd.te
===================================================================
---- fedora-policy-20210309.orig/policy/modules/contrib/chronyd.te
-+++ fedora-policy-20210309/policy/modules/contrib/chronyd.te
-@@ -140,6 +140,14 @@ systemd_exec_systemctl(chronyd_t)
+--- fedora-policy-20211111.orig/policy/modules/contrib/chronyd.te
++++ fedora-policy-20211111/policy/modules/contrib/chronyd.te
+@@ -141,6 +141,14 @@ systemd_exec_systemctl(chronyd_t)
userdom_dgram_send(chronyd_t)
optional_policy(`
@@ -17,10 +17,10 @@
cron_dgram_send(chronyd_t)
')
-Index: fedora-policy-20210309/policy/modules/contrib/chronyd.fc
+Index: fedora-policy-20211111/policy/modules/contrib/chronyd.fc
===================================================================
---- fedora-policy-20210309.orig/policy/modules/contrib/chronyd.fc
-+++ fedora-policy-20210309/policy/modules/contrib/chronyd.fc
+--- fedora-policy-20211111.orig/policy/modules/contrib/chronyd.fc
++++ fedora-policy-20211111/policy/modules/contrib/chronyd.fc
@@ -6,6 +6,7 @@
/usr/sbin/chronyd -- gen_context(system_u:object_r:chronyd_exec_t,s0)
++++++ fix_dbus.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.161842861 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.161842861 +0100
@@ -1,10 +1,10 @@
-Index: fedora-policy-20210419/policy/modules/contrib/dbus.te
+Index: fedora-policy-20211111/policy/modules/contrib/dbus.te
===================================================================
---- fedora-policy-20210419.orig/policy/modules/contrib/dbus.te
-+++ fedora-policy-20210419/policy/modules/contrib/dbus.te
-@@ -80,6 +80,7 @@ read_lnk_files_pattern(system_dbusd_t, d
- manage_dirs_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
+--- fedora-policy-20211111.orig/policy/modules/contrib/dbus.te
++++ fedora-policy-20211111/policy/modules/contrib/dbus.te
+@@ -81,6 +81,7 @@ manage_dirs_pattern(system_dbusd_t, syst
manage_files_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
+ manage_sock_files_pattern(system_dbusd_t, system_dbusd_tmp_t,
system_dbusd_tmp_t)
files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { dir file sock_file
})
+allow system_dbusd_t system_dbusd_tmp_t:file execute;
++++++ fix_firewalld.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.173842864 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.173842864 +0100
@@ -1,8 +1,8 @@
-Index: fedora-policy/policy/modules/contrib/firewalld.te
+Index: fedora-policy-20211111/policy/modules/contrib/firewalld.te
===================================================================
---- fedora-policy.orig/policy/modules/contrib/firewalld.te 2020-02-24
08:16:03.798820784 +0000
-+++ fedora-policy/policy/modules/contrib/firewalld.te 2020-02-24
08:18:03.164764310 +0000
-@@ -129,6 +129,7 @@ optional_policy(`
+--- fedora-policy-20211111.orig/policy/modules/contrib/firewalld.te
++++ fedora-policy-20211111/policy/modules/contrib/firewalld.te
+@@ -131,6 +131,7 @@ optional_policy(`
')
optional_policy(`
@@ -10,10 +10,10 @@
iptables_domtrans(firewalld_t)
iptables_read_var_run(firewalld_t)
')
-Index: fedora-policy/policy/modules/system/iptables.if
+Index: fedora-policy-20211111/policy/modules/system/iptables.if
===================================================================
---- fedora-policy.orig/policy/modules/system/iptables.if 2020-02-19
09:36:25.440182406 +0000
-+++ fedora-policy/policy/modules/system/iptables.if 2020-02-24
08:17:53.076600108 +0000
+--- fedora-policy-20211111.orig/policy/modules/system/iptables.if
++++ fedora-policy-20211111/policy/modules/system/iptables.if
@@ -2,6 +2,25 @@
########################################
++++++ fix_hadoop.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.185842868 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.185842868 +0100
@@ -1,8 +1,8 @@
-Index: fedora-policy-20210628/policy/modules/roles/sysadm.te
+Index: fedora-policy-20211111/policy/modules/roles/sysadm.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/roles/sysadm.te
-+++ fedora-policy-20210628/policy/modules/roles/sysadm.te
-@@ -295,10 +295,6 @@ optional_policy(`
+--- fedora-policy-20211111.orig/policy/modules/roles/sysadm.te
++++ fedora-policy-20211111/policy/modules/roles/sysadm.te
+@@ -311,10 +311,6 @@ optional_policy(`
')
optional_policy(`
@@ -13,10 +13,10 @@
iotop_run(sysadm_t, sysadm_r)
')
-Index: fedora-policy-20210628/policy/modules/roles/unprivuser.te
+Index: fedora-policy-20211111/policy/modules/roles/unprivuser.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/roles/unprivuser.te
-+++ fedora-policy-20210628/policy/modules/roles/unprivuser.te
+--- fedora-policy-20211111.orig/policy/modules/roles/unprivuser.te
++++ fedora-policy-20211111/policy/modules/roles/unprivuser.te
@@ -205,10 +205,6 @@ ifndef(`distro_redhat',`
')
++++++ fix_init.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.193842870 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.197842871 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210716/policy/modules/system/init.if
+Index: fedora-policy-20211111/policy/modules/system/init.if
===================================================================
---- fedora-policy-20210716.orig/policy/modules/system/init.if
-+++ fedora-policy-20210716/policy/modules/system/init.if
+--- fedora-policy-20211111.orig/policy/modules/system/init.if
++++ fedora-policy-20211111/policy/modules/system/init.if
@@ -3296,6 +3296,7 @@ interface(`init_filetrans_named_content'
files_etc_filetrans($1, machineid_t, file, "machine-id" )
files_pid_filetrans($1, initctl_t, fifo_file, "fifo" )
@@ -10,10 +10,10 @@
init_pid_filetrans($1, systemd_unit_file_t, dir, "system")
')
-Index: fedora-policy-20210716/policy/modules/system/init.te
+Index: fedora-policy-20211111/policy/modules/system/init.te
===================================================================
---- fedora-policy-20210716.orig/policy/modules/system/init.te
-+++ fedora-policy-20210716/policy/modules/system/init.te
+--- fedora-policy-20211111.orig/policy/modules/system/init.te
++++ fedora-policy-20211111/policy/modules/system/init.te
@@ -267,6 +267,8 @@ corecmd_exec_bin(init_t)
corenet_all_recvfrom_netlabel(init_t)
corenet_tcp_bind_all_ports(init_t)
@@ -23,7 +23,7 @@
dev_create_all_files(init_t)
dev_create_all_chr_files(init_t)
-@@ -391,6 +393,7 @@ logging_manage_audit_config(init_t)
+@@ -394,6 +396,7 @@ logging_manage_audit_config(init_t)
logging_create_syslog_netlink_audit_socket(init_t)
logging_write_var_log_dirs(init_t)
logging_manage_var_log_symlinks(init_t)
@@ -31,7 +31,7 @@
seutil_read_config(init_t)
seutil_read_login_config(init_t)
-@@ -441,10 +444,15 @@ ifdef(`distro_redhat',`
+@@ -444,10 +447,15 @@ ifdef(`distro_redhat',`
corecmd_shell_domtrans(init_t, initrc_t)
storage_raw_rw_fixed_disk(init_t)
@@ -47,7 +47,7 @@
bootloader_domtrans(init_t)
')
-@@ -562,10 +570,10 @@ tunable_policy(`init_audit_control',`
+@@ -570,10 +578,10 @@ tunable_policy(`init_audit_control',`
allow init_t self:system all_system_perms;
allow init_t self:system module_load;
allow init_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -60,7 +60,7 @@
allow init_t self:netlink_selinux_socket create_socket_perms;
allow init_t self:unix_dgram_socket lock;
# Until systemd is fixed
-@@ -623,6 +631,7 @@ files_delete_all_spool_sockets(init_t)
+@@ -631,6 +639,7 @@ files_delete_all_spool_sockets(init_t)
files_create_var_lib_dirs(init_t)
files_create_var_lib_symlinks(init_t)
files_read_var_lib_symlinks(init_t)
@@ -68,7 +68,7 @@
files_manage_urandom_seed(init_t)
files_list_locks(init_t)
files_list_spool(init_t)
-@@ -659,7 +668,7 @@ fs_list_all(init_t)
+@@ -667,7 +676,7 @@ fs_list_all(init_t)
fs_list_auto_mountpoints(init_t)
fs_register_binary_executable_type(init_t)
fs_relabel_tmpfs_sock_file(init_t)
@@ -77,7 +77,7 @@
fs_relabel_cgroup_dirs(init_t)
fs_search_cgroup_dirs(init_t)
# for network namespaces
-@@ -715,6 +724,7 @@ systemd_write_inherited_logind_sessions_
+@@ -723,6 +732,7 @@ systemd_write_inherited_logind_sessions_
create_sock_files_pattern(init_t, init_sock_file_type, init_sock_file_type)
create_dirs_pattern(init_t, var_log_t, var_log_t)
@@ -85,7 +85,7 @@
auth_use_nsswitch(init_t)
auth_rw_login_records(init_t)
-@@ -1556,6 +1566,8 @@ optional_policy(`
+@@ -1568,6 +1578,8 @@ optional_policy(`
optional_policy(`
postfix_list_spool(initrc_t)
++++++ fix_kernel_sysctl.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.209842874 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.209842874 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210716/policy/modules/kernel/files.fc
+Index: fedora-policy-20211111/policy/modules/kernel/files.fc
===================================================================
---- fedora-policy-20210716.orig/policy/modules/kernel/files.fc
-+++ fedora-policy-20210716/policy/modules/kernel/files.fc
+--- fedora-policy-20211111.orig/policy/modules/kernel/files.fc
++++ fedora-policy-20211111/policy/modules/kernel/files.fc
@@ -236,6 +236,8 @@ ifdef(`distro_redhat',`
/usr/lib/ostree-boot(/.*)?
gen_context(system_u:object_r:usr_t,s0)
/usr/lib/modules(/.*)/vmlinuz --
gen_context(system_u:object_r:usr_t,s0)
@@ -11,11 +11,11 @@
/usr/doc(/.*)?/lib(/.*)? gen_context(system_u:object_r:usr_t,s0)
-Index: fedora-policy-20210716/policy/modules/system/systemd.te
+Index: fedora-policy-20211111/policy/modules/system/systemd.te
===================================================================
---- fedora-policy-20210716.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20210716/policy/modules/system/systemd.te
-@@ -1027,6 +1027,8 @@ init_stream_connect(systemd_sysctl_t)
+--- fedora-policy-20211111.orig/policy/modules/system/systemd.te
++++ fedora-policy-20211111/policy/modules/system/systemd.te
+@@ -1035,6 +1035,8 @@ init_stream_connect(systemd_sysctl_t)
logging_send_syslog_msg(systemd_sysctl_t)
systemd_read_efivarfs(systemd_sysctl_t)
++++++ fix_logging.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.221842878 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.221842878 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210628/policy/modules/system/logging.fc
+Index: fedora-policy-20211111/policy/modules/system/logging.fc
===================================================================
---- fedora-policy-20210628.orig/policy/modules/system/logging.fc
-+++ fedora-policy-20210628/policy/modules/system/logging.fc
+--- fedora-policy-20211111.orig/policy/modules/system/logging.fc
++++ fedora-policy-20211111/policy/modules/system/logging.fc
@@ -3,6 +3,8 @@
/etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
@@ -19,11 +19,11 @@
/var/run/systemd/journal/syslog -s
gen_context(system_u:object_r:devlog_t,mls_systemhigh)
/var/spool/audit(/.*)?
gen_context(system_u:object_r:audit_spool_t,mls_systemhigh)
-Index: fedora-policy-20210628/policy/modules/system/logging.if
+Index: fedora-policy-20211111/policy/modules/system/logging.if
===================================================================
---- fedora-policy-20210628.orig/policy/modules/system/logging.if
-+++ fedora-policy-20210628/policy/modules/system/logging.if
-@@ -1782,3 +1782,22 @@ interface(`logging_dgram_send',`
+--- fedora-policy-20211111.orig/policy/modules/system/logging.if
++++ fedora-policy-20211111/policy/modules/system/logging.if
+@@ -1787,3 +1787,22 @@ interface(`logging_dgram_send',`
allow $1 syslogd_t:unix_dgram_socket sendto;
')
++++++ fix_networkmanager.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.237842882 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.241842884 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210628/policy/modules/contrib/networkmanager.te
+Index: fedora-policy-20211111/policy/modules/contrib/networkmanager.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/contrib/networkmanager.te
-+++ fedora-policy-20210628/policy/modules/contrib/networkmanager.te
+--- fedora-policy-20211111.orig/policy/modules/contrib/networkmanager.te
++++ fedora-policy-20211111/policy/modules/contrib/networkmanager.te
@@ -243,6 +243,9 @@ userdom_read_home_certs(NetworkManager_t
userdom_read_user_home_content_files(NetworkManager_t)
userdom_dgram_send(NetworkManager_t)
@@ -27,11 +27,11 @@
bind_domtrans(NetworkManager_t)
bind_manage_cache(NetworkManager_t)
bind_kill(NetworkManager_t)
-Index: fedora-policy-20210628/policy/modules/contrib/networkmanager.if
+Index: fedora-policy-20211111/policy/modules/contrib/networkmanager.if
===================================================================
---- fedora-policy-20210628.orig/policy/modules/contrib/networkmanager.if
-+++ fedora-policy-20210628/policy/modules/contrib/networkmanager.if
-@@ -114,6 +114,24 @@ interface(`networkmanager_initrc_domtran
+--- fedora-policy-20211111.orig/policy/modules/contrib/networkmanager.if
++++ fedora-policy-20211111/policy/modules/contrib/networkmanager.if
+@@ -132,6 +132,24 @@ interface(`networkmanager_initrc_domtran
init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
')
++++++ fix_systemd.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.273842893 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.273842893 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210716/policy/modules/system/systemd.te
+Index: fedora-policy-20211111/policy/modules/system/systemd.te
===================================================================
---- fedora-policy-20210716.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20210716/policy/modules/system/systemd.te
+--- fedora-policy-20211111.orig/policy/modules/system/systemd.te
++++ fedora-policy-20211111/policy/modules/system/systemd.te
@@ -352,6 +352,10 @@ userdom_manage_user_tmp_chr_files(system
xserver_dbus_chat(systemd_logind_t)
@@ -13,7 +13,7 @@
apache_read_tmp_files(systemd_logind_t)
')
-@@ -859,6 +863,10 @@ optional_policy(`
+@@ -866,6 +870,10 @@ optional_policy(`
udev_read_pid_files(systemd_hostnamed_t)
')
@@ -24,9 +24,9 @@
#######################################
#
# rfkill policy
-@@ -1097,6 +1105,8 @@ systemd_unit_file_filetrans(systemd_gpt_
- systemd_create_unit_file_dirs(systemd_gpt_generator_t)
- systemd_create_unit_file_lnk(systemd_gpt_generator_t)
+@@ -1109,6 +1117,8 @@ optional_policy(`
+ udev_read_pid_files(systemd_gpt_generator_t)
+ ')
+udev_read_pid_files(systemd_gpt_generator_t)
+
++++++ fix_systemd_watch.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.281842894 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.281842894 +0100
@@ -1,10 +1,10 @@
-Index: fedora-policy-20210716/policy/modules/system/systemd.te
+Index: fedora-policy-20211111/policy/modules/system/systemd.te
===================================================================
---- fedora-policy-20210716.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20210716/policy/modules/system/systemd.te
-@@ -1396,6 +1396,12 @@ fstools_rw_swap_files(systemd_sleep_t)
- # systemd-sleep needs to getattr swap partitions
+--- fedora-policy-20211111.orig/policy/modules/system/systemd.te
++++ fedora-policy-20211111/policy/modules/system/systemd.te
+@@ -1415,6 +1415,12 @@ fstools_rw_swap_files(systemd_sleep_t)
storage_getattr_fixed_disk_dev(systemd_sleep_t)
+ storage_getattr_removable_dev(systemd_sleep_t)
+#######################################
+#
++++++ fix_unconfined.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.289842897 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.293842898 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210628/policy/modules/system/unconfined.te
+Index: fedora-policy-20211111/policy/modules/system/unconfined.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/system/unconfined.te
-+++ fedora-policy-20210628/policy/modules/system/unconfined.te
+--- fedora-policy-20211111.orig/policy/modules/system/unconfined.te
++++ fedora-policy-20211111/policy/modules/system/unconfined.te
@@ -1,5 +1,10 @@
policy_module(unconfined, 3.5.0)
@@ -13,7 +13,7 @@
########################################
#
# Declarations
-@@ -41,3 +46,6 @@ optional_policy(`
+@@ -39,3 +44,6 @@ optional_policy(`
optional_policy(`
container_runtime_domtrans(unconfined_service_t)
')
++++++ fix_unconfineduser.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.301842900 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.301842900 +0100
@@ -1,8 +1,8 @@
-Index: fedora-policy-20210628/policy/modules/roles/unconfineduser.te
+Index: fedora-policy-20211111/policy/modules/roles/unconfineduser.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/roles/unconfineduser.te
-+++ fedora-policy-20210628/policy/modules/roles/unconfineduser.te
-@@ -126,6 +126,11 @@ tunable_policy(`unconfined_dyntrans_all'
+--- fedora-policy-20211111.orig/policy/modules/roles/unconfineduser.te
++++ fedora-policy-20211111/policy/modules/roles/unconfineduser.te
+@@ -122,6 +122,11 @@ tunable_policy(`unconfined_dyntrans_all'
domain_dyntrans(unconfined_t)
')
@@ -14,7 +14,7 @@
optional_policy(`
gen_require(`
type unconfined_t;
-@@ -212,6 +217,10 @@ optional_policy(`
+@@ -208,6 +213,10 @@ optional_policy(`
')
optional_policy(`
@@ -25,7 +25,7 @@
chrome_role_notrans(unconfined_r, unconfined_t)
tunable_policy(`unconfined_chrome_sandbox_transition',`
-@@ -246,6 +255,18 @@ optional_policy(`
+@@ -242,6 +251,18 @@ optional_policy(`
dbus_stub(unconfined_t)
optional_policy(`
@@ -44,7 +44,7 @@
bluetooth_dbus_chat(unconfined_t)
')
-@@ -309,6 +330,10 @@ optional_policy(`
+@@ -305,6 +326,10 @@ optional_policy(`
')
optional_policy(`
++++++ fix_xserver.patch ++++++
--- /var/tmp/diff_new_pack.wh23vf/_old 2021-11-15 15:27:33.317842904 +0100
+++ /var/tmp/diff_new_pack.wh23vf/_new 2021-11-15 15:27:33.317842904 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210628/policy/modules/services/xserver.fc
+Index: fedora-policy-20211111/policy/modules/services/xserver.fc
===================================================================
---- fedora-policy-20210628.orig/policy/modules/services/xserver.fc
-+++ fedora-policy-20210628/policy/modules/services/xserver.fc
+--- fedora-policy-20211111.orig/policy/modules/services/xserver.fc
++++ fedora-policy-20211111/policy/modules/services/xserver.fc
@@ -71,6 +71,7 @@ HOME_DIR/\.dmrc.* -- gen_context(system_
/etc/X11/[wxg]dm/Xsession --
gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/X11/wdm(/.*)? gen_context(system_u:object_r:xdm_rw_etc_t,s0)
@@ -18,7 +18,7 @@
/usr/bin/gpe-dm --
gen_context(system_u:object_r:xdm_exec_t,s0)
/usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
/usr/bin/razor-lightdm-.* -- gen_context(system_u:object_r:xdm_exec_t,s0)
-@@ -136,6 +138,7 @@ HOME_DIR/\.dmrc.* -- gen_context(system_
+@@ -137,6 +139,7 @@ HOME_DIR/\.dmrc.* -- gen_context(system_
/usr/X11R6/lib/X11/xkb -d
gen_context(system_u:object_r:xkb_var_lib_t,s0)
/usr/X11R6/lib/X11/xkb/.* -- gen_context(system_u:object_r:xkb_var_lib_t,s0)
@@ -26,10 +26,10 @@
ifndef(`distro_debian',`
/usr/var/[xgkw]dm(/.*)?
gen_context(system_u:object_r:xserver_log_t,s0)
')
-Index: fedora-policy-20210628/policy/modules/services/xserver.te
+Index: fedora-policy-20211111/policy/modules/services/xserver.te
===================================================================
---- fedora-policy-20210628.orig/policy/modules/services/xserver.te
-+++ fedora-policy-20210628/policy/modules/services/xserver.te
+--- fedora-policy-20211111.orig/policy/modules/services/xserver.te
++++ fedora-policy-20211111/policy/modules/services/xserver.te
@@ -473,6 +473,10 @@ userdom_delete_user_home_content_files(x
userdom_signull_unpriv_users(xdm_t)
userdom_dontaudit_read_admin_home_lnk_files(xdm_t)
