Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2023-04-26 17:24:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy" Wed Apr 26 17:24:28 2023 rev:46 rq:1082789 version:20230425 Changes: -------- --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2023-04-21 14:16:05.382270565 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1533/selinux-policy.changes 2023-04-26 17:25:06.149532608 +0200 @@ -1,0 +2,14 @@ +Tue Apr 25 15:12:47 UTC 2023 - cathy...@suse.com + +- Update to version 20230425: + * Remove unneeded manage_dirs_pattern for lastlog_t (bsc#1210461) + * Add policy for wtmpdb (bsc#1210717) + +------------------------------------------------------------------- +Tue Apr 25 11:29:59 UTC 2023 - cathy...@suse.com + +- Update to version 20230425: + * Add support for lastlog2 (bsc#1210461) + * allow the chrony client to use unallocated ttys (bsc#1210672) + +------------------------------------------------------------------- Old: ---- selinux-policy-20230420.tar.xz New: ---- selinux-policy-20230425.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ selinux-policy.spec ++++++ --- /var/tmp/diff_new_pack.843S8p/_old 2023-04-26 17:25:07.013537648 +0200 +++ /var/tmp/diff_new_pack.843S8p/_new 2023-04-26 17:25:07.017537672 +0200 @@ -33,7 +33,7 @@ License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20230420 +Version: 20230425 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: container.fc ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.843S8p/_old 2023-04-26 17:25:07.101538162 +0200 +++ /var/tmp/diff_new_pack.843S8p/_new 2023-04-26 17:25:07.105538185 +0200 @@ -1,7 +1,7 @@ <servicedata> <service name="tar_scm"> <param name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param> - <param name="changesrevision">ca88adc84584e150ecb8f67ec2c1dc5a29618ab9</param></service><service name="tar_scm"> + <param name="changesrevision">41d70255c98105f4be875cbdd3f62383971dc7dd</param></service><service name="tar_scm"> <param name="url">https://github.com/containers/container-selinux.git</param> <param name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service></servicedata> (No newline at EOF) ++++++ selinux-policy-20230420.tar.xz -> selinux-policy-20230425.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/selinux-policy-20230420/policy/modules/contrib/chronyd.te new/selinux-policy-20230425/policy/modules/contrib/chronyd.te --- old/selinux-policy-20230420/policy/modules/contrib/chronyd.te 2023-04-20 12:45:40.000000000 +0200 +++ new/selinux-policy-20230425/policy/modules/contrib/chronyd.te 2023-04-25 17:11:24.000000000 +0200 @@ -261,4 +261,5 @@ optional_policy(` term_use_generic_ptys(chronyc_t) + term_use_unallocated_ttys(chronyc_t) ') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/selinux-policy-20230420/policy/modules/system/authlogin.fc new/selinux-policy-20230425/policy/modules/system/authlogin.fc --- old/selinux-policy-20230420/policy/modules/system/authlogin.fc 2023-04-20 12:45:40.000000000 +0200 +++ new/selinux-policy-20230425/policy/modules/system/authlogin.fc 2023-04-25 17:11:24.000000000 +0200 @@ -71,6 +71,9 @@ /var/lib/pam_shield(/.*)? gen_context(system_u:object_r:var_auth_t,s0) /var/lib/google-authenticator(/.*)? gen_context(system_u:object_r:var_auth_t,s0) +/var/lib/lastlog(/.*)? gen_context(system_u:object_r:lastlog_t,s0) +/var/lib/wtmpdb(/.*)? gen_context(system_u:object_r:wtmp_t,s0) + /var/log/btmp.* -- gen_context(system_u:object_r:faillog_t,s0) /var/log/dmesg -- gen_context(system_u:object_r:var_log_t,s0) /var/log/faillog.* -- gen_context(system_u:object_r:faillog_t,s0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/selinux-policy-20230420/policy/modules/system/authlogin.if new/selinux-policy-20230425/policy/modules/system/authlogin.if --- old/selinux-policy-20230420/policy/modules/system/authlogin.if 2023-04-20 12:45:40.000000000 +0200 +++ new/selinux-policy-20230425/policy/modules/system/authlogin.if 2023-04-25 17:11:24.000000000 +0200 @@ -1005,7 +1005,8 @@ ') logging_search_logs($1) - allow $1 lastlog_t:file { rw_file_perms lock setattr }; + + manage_files_pattern($1, lastlog_t, lastlog_t) ') ####################################### @@ -1994,8 +1995,8 @@ type wtmp_t; ') - allow $1 wtmp_t:file rw_file_perms; logging_search_logs($1) + manage_files_pattern($1, wtmp_t, wtmp_t) ') ########################################