Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2022-12-14 14:10:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy"
Wed Dec 14 14:10:41 2022 rev:39 rq:1042580 version:20221019
Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2022-12-02 13:12:01.953488566 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1835/selinux-policy.changes
2022-12-14 14:10:45.895421235 +0100
@@ -1,0 +2,16 @@
+Tue Dec 13 08:36:01 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and
+ nm-priv-helper until the packaging is adjusted (bsc#1206355)
+- Update fix_chronyd.patch to allow sendto towards
+ NetworkManager_dispatcher_custom_t. Added new interface
+ networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357)
+- Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895)
+
+-------------------------------------------------------------------
+Tue Dec 6 15:02:42 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Updated fix_networkmanager.patch to allow NetworkManager to watch
+ net_conf_t (bsc#1206109)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ fix_chronyd.patch ++++++
--- /var/tmp/diff_new_pack.aIJRdx/_old 2022-12-14 14:10:48.619435246 +0100
+++ /var/tmp/diff_new_pack.aIJRdx/_new 2022-12-14 14:10:48.627435287 +0100
@@ -2,11 +2,12 @@
===================================================================
--- fedora-policy-20221019.orig/policy/modules/contrib/chronyd.te
+++ fedora-policy-20221019/policy/modules/contrib/chronyd.te
-@@ -144,6 +144,14 @@ systemd_exec_systemctl(chronyd_t)
+@@ -144,6 +144,15 @@ systemd_exec_systemctl(chronyd_t)
userdom_dgram_send(chronyd_t)
optional_policy(`
+ networkmanager_read_pid_files(chronyd_t)
++ networkmanager_dispatcher_custom_dgram_send(chronyd_t)
+')
+
+optional_policy(`
@@ -30,4 +31,31 @@
/usr/bin/chronyc -- gen_context(system_u:object_r:chronyc_exec_t,s0)
+Index: fedora-policy-20221019/policy/modules/contrib/networkmanager.if
+===================================================================
+--- fedora-policy-20221019.orig/policy/modules/contrib/networkmanager.if
++++ fedora-policy-20221019/policy/modules/contrib/networkmanager.if
+@@ -684,3 +684,22 @@ template(`networkmanager_dispatcher_plug
+
+ domtrans_pattern(NetworkManager_dispatcher_t,
NetworkManager_dispatcher_$1_script_t, NetworkManager_dispatcher_$1_t)
+ ')
++
++########################################
++## <summary>
++## Send a message to NetworkManager_dispatcher_custom
++## over a unix domain datagram socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`networkmanager_dispatcher_custom_dgram_send',`
++ gen_require(`
++ type NetworkManager_dispatcher_custom_t;
++ ')
++
++ allow $1 NetworkManager_dispatcher_custom_t:unix_dgram_socket sendto;
++')
++++++ fix_dbus.patch ++++++
--- /var/tmp/diff_new_pack.aIJRdx/_old 2022-12-14 14:10:48.663435473 +0100
+++ /var/tmp/diff_new_pack.aIJRdx/_new 2022-12-14 14:10:48.671435514 +0100
@@ -1,7 +1,7 @@
-Index: fedora-policy-20211111/policy/modules/contrib/dbus.te
+Index: fedora-policy-20221019/policy/modules/contrib/dbus.te
===================================================================
---- fedora-policy-20211111.orig/policy/modules/contrib/dbus.te
-+++ fedora-policy-20211111/policy/modules/contrib/dbus.te
+--- fedora-policy-20221019.orig/policy/modules/contrib/dbus.te
++++ fedora-policy-20221019/policy/modules/contrib/dbus.te
@@ -81,6 +81,7 @@ manage_dirs_pattern(system_dbusd_t, syst
manage_files_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
manage_sock_files_pattern(system_dbusd_t, system_dbusd_tmp_t,
system_dbusd_tmp_t)
@@ -10,4 +10,13 @@
manage_files_pattern(system_dbusd_t, system_dbusd_tmpfs_t,
system_dbusd_tmpfs_t)
manage_dirs_pattern(system_dbusd_t, system_dbusd_tmpfs_t,
system_dbusd_tmpfs_t)
+@@ -109,6 +110,8 @@ files_read_var_lib_symlinks(system_dbusd
+ files_rw_inherited_non_security_files(system_dbusd_t)
+ files_watch_usr_dirs(system_dbusd_t)
+ files_watch_var_lib_dirs(system_dbusd_t)
++# bsc#1205895
++files_watch_lib_dirs(system_dbusd_t)
+
+ fs_getattr_all_fs(system_dbusd_t)
+ fs_search_auto_mountpoints(system_dbusd_t)
++++++ fix_networkmanager.patch ++++++
--- /var/tmp/diff_new_pack.aIJRdx/_old 2022-12-14 14:10:48.755435946 +0100
+++ /var/tmp/diff_new_pack.aIJRdx/_new 2022-12-14 14:10:48.759435966 +0100
@@ -2,7 +2,15 @@
===================================================================
--- fedora-policy-20221019.orig/policy/modules/contrib/networkmanager.te
+++ fedora-policy-20221019/policy/modules/contrib/networkmanager.te
-@@ -275,6 +275,9 @@ userdom_read_home_certs(NetworkManager_t
+@@ -259,6 +259,7 @@ sysnet_search_dhcp_state(NetworkManager_
+ sysnet_manage_config(NetworkManager_t)
+ sysnet_filetrans_named_content(NetworkManager_t)
+ sysnet_filetrans_net_conf(NetworkManager_t)
++sysnet_watch_config(NetworkManager_t)
+
+ systemd_login_watch_pid_dirs(NetworkManager_t)
+ systemd_login_watch_session_dirs(NetworkManager_t)
+@@ -275,6 +276,9 @@ userdom_read_home_certs(NetworkManager_t
userdom_read_user_home_content_files(NetworkManager_t)
userdom_dgram_send(NetworkManager_t)
@@ -12,7 +20,7 @@
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(NetworkManager_t)
')
-@@ -284,6 +287,10 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -284,6 +288,10 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
@@ -23,7 +31,7 @@
avahi_domtrans(NetworkManager_t)
avahi_kill(NetworkManager_t)
avahi_signal(NetworkManager_t)
-@@ -292,6 +299,14 @@ optional_policy(`
+@@ -292,6 +300,14 @@ optional_policy(`
')
optional_policy(`
@@ -38,7 +46,7 @@
bind_domtrans(NetworkManager_t)
bind_manage_cache(NetworkManager_t)
bind_kill(NetworkManager_t)
-@@ -419,6 +434,8 @@ optional_policy(`
+@@ -419,6 +435,8 @@ optional_policy(`
nscd_kill(NetworkManager_t)
nscd_initrc_domtrans(NetworkManager_t)
nscd_systemctl(NetworkManager_t)
@@ -47,7 +55,7 @@
')
optional_policy(`
-@@ -606,6 +623,7 @@ files_manage_etc_files(NetworkManager_di
+@@ -606,6 +624,7 @@ files_manage_etc_files(NetworkManager_di
init_status(NetworkManager_dispatcher_cloud_t)
init_status(NetworkManager_dispatcher_ddclient_t)
@@ -55,7 +63,7 @@
init_append_stream_sockets(networkmanager_dispatcher_plugin)
init_ioctl_stream_sockets(networkmanager_dispatcher_plugin)
init_stream_connect(networkmanager_dispatcher_plugin)
-@@ -621,6 +639,10 @@ optional_policy(`
+@@ -621,6 +640,10 @@ optional_policy(`
')
optional_policy(`
@@ -107,4 +115,14 @@
/usr/lib/NetworkManager/dispatcher\.d/20-chrony-dhcp --
gen_context(system_u:object_r:NetworkManager_dispatcher_chronyc_script_t,s0)
/usr/lib/NetworkManager/dispatcher\.d/20-chrony-onoffline --
gen_context(system_u:object_r:NetworkManager_dispatcher_chronyc_script_t,s0)
/usr/lib/NetworkManager/dispatcher\.d/30-winbind --
gen_context(system_u:object_r:NetworkManager_dispatcher_winbind_script_t,s0)
+@@ -37,6 +38,9 @@
+
+ /usr/libexec/nm-dispatcher --
gen_context(system_u:object_r:NetworkManager_dispatcher_exec_t,s0)
+ /usr/libexec/nm-priv-helper --
gen_context(system_u:object_r:NetworkManager_priv_helper_exec_t,s0)
++# bsc#1206355
++/usr/lib/nm-dispatcher --
gen_context(system_u:object_r:NetworkManager_dispatcher_exec_t,s0)
++/usr/lib/nm-priv-helper --
gen_context(system_u:object_r:NetworkManager_priv_helper_exec_t,s0)
+
+ /usr/bin/NetworkManager --
gen_context(system_u:object_r:NetworkManager_exec_t,s0)
+ /usr/bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)
