commit selinux-policy for openSUSE:Factory

Source-Sync Wed, 26 Apr 2023 08:25:21 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2023-04-26 17:24:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "selinux-policy"

Wed Apr 26 17:24:28 2023 rev:46 rq:1082789 version:20230425

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2023-04-21 14:16:05.382270565 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1533/selinux-policy.changes  
2023-04-26 17:25:06.149532608 +0200
@@ -1,0 +2,14 @@
+Tue Apr 25 15:12:47 UTC 2023 - cathy...@suse.com
+
+- Update to version 20230425:
+  * Remove unneeded manage_dirs_pattern for lastlog_t (bsc#1210461)
+  * Add policy for wtmpdb (bsc#1210717)
+
+-------------------------------------------------------------------
+Tue Apr 25 11:29:59 UTC 2023 - cathy...@suse.com
+
+- Update to version 20230425:
+  * Add support for lastlog2 (bsc#1210461)
+  * allow the chrony client to use unallocated ttys (bsc#1210672)
+
+-------------------------------------------------------------------

Old:
----
  selinux-policy-20230420.tar.xz

New:
----
  selinux-policy-20230425.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.843S8p/_old  2023-04-26 17:25:07.013537648 +0200
+++ /var/tmp/diff_new_pack.843S8p/_new  2023-04-26 17:25:07.017537672 +0200
@@ -33,7 +33,7 @@
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20230420
+Version:        20230425
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.843S8p/_old  2023-04-26 17:25:07.101538162 +0200
+++ /var/tmp/diff_new_pack.843S8p/_new  2023-04-26 17:25:07.105538185 +0200
@@ -1,7 +1,7 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param 
name="changesrevision">ca88adc84584e150ecb8f67ec2c1dc5a29618ab9</param></service><service
 name="tar_scm">
+              <param 
name="changesrevision">41d70255c98105f4be875cbdd3f62383971dc7dd</param></service><service
 name="tar_scm">
                 <param 
name="url">https://github.com/containers/container-selinux.git</param>
               <param 
name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service></servicedata>
 (No newline at EOF)


++++++ selinux-policy-20230420.tar.xz -> selinux-policy-20230425.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20230420/policy/modules/contrib/chronyd.te 
new/selinux-policy-20230425/policy/modules/contrib/chronyd.te
--- old/selinux-policy-20230420/policy/modules/contrib/chronyd.te       
2023-04-20 12:45:40.000000000 +0200
+++ new/selinux-policy-20230425/policy/modules/contrib/chronyd.te       
2023-04-25 17:11:24.000000000 +0200
@@ -261,4 +261,5 @@
 
 optional_policy(`
        term_use_generic_ptys(chronyc_t)
+       term_use_unallocated_ttys(chronyc_t)
 ')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20230420/policy/modules/system/authlogin.fc 
new/selinux-policy-20230425/policy/modules/system/authlogin.fc
--- old/selinux-policy-20230420/policy/modules/system/authlogin.fc      
2023-04-20 12:45:40.000000000 +0200
+++ new/selinux-policy-20230425/policy/modules/system/authlogin.fc      
2023-04-25 17:11:24.000000000 +0200
@@ -71,6 +71,9 @@
 /var/lib/pam_shield(/.*)?      gen_context(system_u:object_r:var_auth_t,s0)
 /var/lib/google-authenticator(/.*)?    
gen_context(system_u:object_r:var_auth_t,s0)
 
+/var/lib/lastlog(/.*)?         gen_context(system_u:object_r:lastlog_t,s0)
+/var/lib/wtmpdb(/.*)?          gen_context(system_u:object_r:wtmp_t,s0)
+
 /var/log/btmp.*                --      
gen_context(system_u:object_r:faillog_t,s0)
 /var/log/dmesg         --      gen_context(system_u:object_r:var_log_t,s0)
 /var/log/faillog.*     --      gen_context(system_u:object_r:faillog_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20230420/policy/modules/system/authlogin.if 
new/selinux-policy-20230425/policy/modules/system/authlogin.if
--- old/selinux-policy-20230420/policy/modules/system/authlogin.if      
2023-04-20 12:45:40.000000000 +0200
+++ new/selinux-policy-20230425/policy/modules/system/authlogin.if      
2023-04-25 17:11:24.000000000 +0200
@@ -1005,7 +1005,8 @@
        ')
 
        logging_search_logs($1)
-       allow $1 lastlog_t:file { rw_file_perms lock setattr };
+
+       manage_files_pattern($1, lastlog_t, lastlog_t)
 ')
 
 #######################################
@@ -1994,8 +1995,8 @@
                type wtmp_t;
        ')
 
-       allow $1 wtmp_t:file rw_file_perms;
        logging_search_logs($1)
+       manage_files_pattern($1, wtmp_t, wtmp_t)
 ')
 
 ########################################

commit selinux-policy for openSUSE:Factory

Reply via email to