commit selinux-policy for openSUSE:Factory

Source-Sync Wed, 26 Jan 2022 12:26:51 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2022-01-26 21:26:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.1938 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "selinux-policy"

Wed Jan 26 21:26:31 2022 rev:22 rq:948335 version:20220124

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2022-01-21 01:25:36.146512218 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1938/selinux-policy.changes  
2022-01-26 21:26:38.442134620 +0100
@@ -1,0 +2,12 @@
+Mon Jan 24 07:33:34 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Update to version 20220124. Refreshed:
+  * fix_hadoop.patch
+  * fix_init.patch
+  * fix_kernel_sysctl.patch
+  * fix_systemd.patch
+  * fix_systemd_watch.patch
+- Added fix_hypervkvp.patch to fix issues with hyperv labeling 
+  (bsc#1193987)
+
+-------------------------------------------------------------------

Old:
----
  fedora-policy-20211111.tar.bz2

New:
----
  fedora-policy-20220124.tar.bz2
  fix_hypervkvp.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.jke2qm/_old  2022-01-26 21:26:40.762118624 +0100
+++ /var/tmp/diff_new_pack.jke2qm/_new  2022-01-26 21:26:40.766118596 +0100
@@ -33,7 +33,7 @@
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20211111
+Version:        20220124
 Release:        0
 Source:         fedora-policy-%{version}.tar.bz2
 Source1:        selinux-policy-rpmlintrc
@@ -138,6 +138,7 @@
 Patch054:       fix_kernel_sysctl.patch
 Patch055:       fix_auditd.patch
 Patch056:       fix_wine.patch
+Patch057:       fix_hypervkvp.patch
 
 Patch100:       sedoctool.patch
 

++++++ fedora-policy-20211111.tar.bz2 -> fedora-policy-20220124.tar.bz2 ++++++
++++ 3071 lines of diff (skipped)

++++++ fix_hadoop.patch ++++++
--- /var/tmp/diff_new_pack.jke2qm/_old  2022-01-26 21:26:41.790111536 +0100
+++ /var/tmp/diff_new_pack.jke2qm/_new  2022-01-26 21:26:41.794111509 +0100
@@ -1,8 +1,8 @@
-Index: fedora-policy-20211111/policy/modules/roles/sysadm.te
+Index: fedora-policy-20220124/policy/modules/roles/sysadm.te
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/roles/sysadm.te
-+++ fedora-policy-20211111/policy/modules/roles/sysadm.te
-@@ -311,10 +311,6 @@ optional_policy(`
+--- fedora-policy-20220124.orig/policy/modules/roles/sysadm.te
++++ fedora-policy-20220124/policy/modules/roles/sysadm.te
+@@ -315,10 +315,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -13,10 +13,10 @@
      iotop_run(sysadm_t, sysadm_r)
  ')
  
-Index: fedora-policy-20211111/policy/modules/roles/unprivuser.te
+Index: fedora-policy-20220124/policy/modules/roles/unprivuser.te
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/roles/unprivuser.te
-+++ fedora-policy-20211111/policy/modules/roles/unprivuser.te
+--- fedora-policy-20220124.orig/policy/modules/roles/unprivuser.te
++++ fedora-policy-20220124/policy/modules/roles/unprivuser.te
 @@ -205,10 +205,6 @@ ifndef(`distro_redhat',`
        ')
  

++++++ fix_hypervkvp.patch ++++++
Index: fedora-policy-20220124/policy/modules/contrib/hypervkvp.fc
===================================================================
--- fedora-policy-20220124.orig/policy/modules/contrib/hypervkvp.fc
+++ fedora-policy-20220124/policy/modules/contrib/hypervkvp.fc
@@ -3,8 +3,10 @@
 /usr/lib/systemd/system/hypervvssd.*      --  
gen_context(system_u:object_r:hypervvssd_unit_file_t,s0)
 
 /usr/sbin/hv_kvp_daemon                --      
gen_context(system_u:object_r:hypervkvp_exec_t,s0)
+/usr/lib/hyper-v/bin/.*kvp_daemon              --      
gen_context(system_u:object_r:hypervkvp_exec_t,s0)
 /usr/sbin/hypervkvpd           --      
gen_context(system_u:object_r:hypervkvp_exec_t,s0)
 
 /usr/sbin/hypervvssd        --  
gen_context(system_u:object_r:hypervvssd_exec_t,s0)
+/usr/lib/hyper-v/bin/.*vss_daemon      --      
gen_context(system_u:object_r:hypervvssd_exec_t,s0)
 
 /var/lib/hyperv(/.*)?          
gen_context(system_u:object_r:hypervkvp_var_lib_t,s0)

++++++ fix_init.patch ++++++
--- /var/tmp/diff_new_pack.jke2qm/_old  2022-01-26 21:26:41.810111399 +0100
+++ /var/tmp/diff_new_pack.jke2qm/_new  2022-01-26 21:26:41.814111371 +0100
@@ -1,19 +1,7 @@
-Index: fedora-policy-20211111/policy/modules/system/init.if
+Index: fedora-policy-20220124/policy/modules/system/init.te
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/system/init.if
-+++ fedora-policy-20211111/policy/modules/system/init.if
-@@ -3296,6 +3296,7 @@ interface(`init_filetrans_named_content'
-       files_etc_filetrans($1, machineid_t, file, "machine-id" )
-       files_pid_filetrans($1, initctl_t, fifo_file, "fifo" )
-       init_pid_filetrans($1, systemd_unit_file_t, dir, "generator")
-+      init_pid_filetrans($1, systemd_unit_file_t, dir, "generator.late")
-       init_pid_filetrans($1, systemd_unit_file_t, dir, "system")
- ')
- 
-Index: fedora-policy-20211111/policy/modules/system/init.te
-===================================================================
---- fedora-policy-20211111.orig/policy/modules/system/init.te
-+++ fedora-policy-20211111/policy/modules/system/init.te
+--- fedora-policy-20220124.orig/policy/modules/system/init.te
++++ fedora-policy-20220124/policy/modules/system/init.te
 @@ -267,6 +267,8 @@ corecmd_exec_bin(init_t)
  corenet_all_recvfrom_netlabel(init_t)
  corenet_tcp_bind_all_ports(init_t)
@@ -47,7 +35,7 @@
      bootloader_domtrans(init_t)
  ')
  
-@@ -570,10 +578,10 @@ tunable_policy(`init_audit_control',`
+@@ -571,10 +579,10 @@ tunable_policy(`init_audit_control',`
  allow init_t self:system all_system_perms;
  allow init_t self:system module_load;
  allow init_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -60,7 +48,7 @@
  allow init_t self:netlink_selinux_socket create_socket_perms;
  allow init_t self:unix_dgram_socket lock;
  # Until systemd is fixed
-@@ -631,6 +639,7 @@ files_delete_all_spool_sockets(init_t)
+@@ -633,6 +641,7 @@ files_delete_all_spool_sockets(init_t)
  files_create_var_lib_dirs(init_t)
  files_create_var_lib_symlinks(init_t)
  files_read_var_lib_symlinks(init_t)
@@ -68,7 +56,7 @@
  files_manage_urandom_seed(init_t)
  files_list_locks(init_t)
  files_list_spool(init_t)
-@@ -667,7 +676,7 @@ fs_list_all(init_t)
+@@ -669,7 +678,7 @@ fs_list_all(init_t)
  fs_list_auto_mountpoints(init_t)
  fs_register_binary_executable_type(init_t)
  fs_relabel_tmpfs_sock_file(init_t)
@@ -77,7 +65,7 @@
  fs_relabel_cgroup_dirs(init_t)
  fs_search_cgroup_dirs(init_t)
  # for network namespaces
-@@ -723,6 +732,7 @@ systemd_write_inherited_logind_sessions_
+@@ -725,6 +734,7 @@ systemd_write_inherited_logind_sessions_
  create_sock_files_pattern(init_t, init_sock_file_type, init_sock_file_type)
  
  create_dirs_pattern(init_t, var_log_t, var_log_t)
@@ -85,7 +73,7 @@
  
  auth_use_nsswitch(init_t)
  auth_rw_login_records(init_t)
-@@ -1568,6 +1578,8 @@ optional_policy(`
+@@ -1571,6 +1581,8 @@ optional_policy(`
  
  optional_policy(`
        postfix_list_spool(initrc_t)

++++++ fix_kernel_sysctl.patch ++++++
--- /var/tmp/diff_new_pack.jke2qm/_old  2022-01-26 21:26:41.830111261 +0100
+++ /var/tmp/diff_new_pack.jke2qm/_new  2022-01-26 21:26:41.834111233 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20211111/policy/modules/kernel/files.fc
+Index: fedora-policy-20220124/policy/modules/kernel/files.fc
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/kernel/files.fc
-+++ fedora-policy-20211111/policy/modules/kernel/files.fc
+--- fedora-policy-20220124.orig/policy/modules/kernel/files.fc
++++ fedora-policy-20220124/policy/modules/kernel/files.fc
 @@ -236,6 +236,8 @@ ifdef(`distro_redhat',`
  /usr/lib/ostree-boot(/.*)?                
gen_context(system_u:object_r:usr_t,s0)
  /usr/lib/modules(/.*)/vmlinuz         --      
gen_context(system_u:object_r:usr_t,s0)
@@ -11,11 +11,11 @@
  
  /usr/doc(/.*)?/lib(/.*)?      gen_context(system_u:object_r:usr_t,s0)
  
-Index: fedora-policy-20211111/policy/modules/system/systemd.te
+Index: fedora-policy-20220124/policy/modules/system/systemd.te
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20211111/policy/modules/system/systemd.te
-@@ -1035,6 +1035,8 @@ init_stream_connect(systemd_sysctl_t)
+--- fedora-policy-20220124.orig/policy/modules/system/systemd.te
++++ fedora-policy-20220124/policy/modules/system/systemd.te
+@@ -1037,6 +1037,8 @@ init_stream_connect(systemd_sysctl_t)
  logging_send_syslog_msg(systemd_sysctl_t)
  
  systemd_read_efivarfs(systemd_sysctl_t)

++++++ fix_systemd.patch ++++++
--- /var/tmp/diff_new_pack.jke2qm/_old  2022-01-26 21:26:41.886110875 +0100
+++ /var/tmp/diff_new_pack.jke2qm/_new  2022-01-26 21:26:41.890110847 +0100
@@ -1,8 +1,8 @@
-Index: fedora-policy-20211111/policy/modules/system/systemd.te
+Index: fedora-policy-20220124/policy/modules/system/systemd.te
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20211111/policy/modules/system/systemd.te
-@@ -352,6 +352,10 @@ userdom_manage_user_tmp_chr_files(system
+--- fedora-policy-20220124.orig/policy/modules/system/systemd.te
++++ fedora-policy-20220124/policy/modules/system/systemd.te
+@@ -353,6 +353,10 @@ userdom_manage_user_tmp_chr_files(system
  xserver_dbus_chat(systemd_logind_t)
  
  optional_policy(`
@@ -13,7 +13,7 @@
        apache_read_tmp_files(systemd_logind_t)
  ')
  
-@@ -866,6 +870,10 @@ optional_policy(`
+@@ -868,6 +872,10 @@ optional_policy(`
        udev_read_pid_files(systemd_hostnamed_t)
  ')
  
@@ -24,7 +24,7 @@
  #######################################
  #
  # rfkill policy
-@@ -1109,6 +1117,8 @@ optional_policy(`
+@@ -1115,6 +1123,8 @@ optional_policy(`
        udev_read_pid_files(systemd_gpt_generator_t)
  ')
  

++++++ fix_systemd_watch.patch ++++++
--- /var/tmp/diff_new_pack.jke2qm/_old  2022-01-26 21:26:41.898110791 +0100
+++ /var/tmp/diff_new_pack.jke2qm/_new  2022-01-26 21:26:41.902110764 +0100
@@ -1,8 +1,8 @@
-Index: fedora-policy-20211111/policy/modules/system/systemd.te
+Index: fedora-policy-20220124/policy/modules/system/systemd.te
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20211111/policy/modules/system/systemd.te
-@@ -1415,6 +1415,12 @@ fstools_rw_swap_files(systemd_sleep_t)
+--- fedora-policy-20220124.orig/policy/modules/system/systemd.te
++++ fedora-policy-20220124/policy/modules/system/systemd.te
+@@ -1421,6 +1421,12 @@ fstools_rw_swap_files(systemd_sleep_t)
  storage_getattr_fixed_disk_dev(systemd_sleep_t)
  storage_getattr_removable_dev(systemd_sleep_t)

commit selinux-policy for openSUSE:Factory

Reply via email to