Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rke2-selinux for openSUSE:Factory
checked in at 2023-06-14 16:29:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rke2-selinux (Old)
and /work/SRC/openSUSE:Factory/.rke2-selinux.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rke2-selinux"
Wed Jun 14 16:29:31 2023 rev:2 rq:1092919 version:0.14.stable.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/rke2-selinux/rke2-selinux.changes
2023-05-31 21:54:42.697081348 +0200
+++ /work/SRC/openSUSE:Factory/.rke2-selinux.new.15902/rke2-selinux.changes
2023-06-14 16:30:57.215063537 +0200
@@ -1,0 +2,12 @@
+Tue Jun 13 11:08:42 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.14.stable.1:
+ * Add DAC_OVERRIDE cap to iscsid_t (#45)
+
+-------------------------------------------------------------------
+Tue Jun 13 11:07:39 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.13.stable.1:
+ * Remove snapshot filetranspatterns for all policies (#44)
+
+-------------------------------------------------------------------
Old:
----
rke2-selinux-0.12.stable.1.obscpio
New:
----
rke2-selinux-0.14.stable.1.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rke2-selinux.spec ++++++
--- /var/tmp/diff_new_pack.gfMHPs/_old 2023-06-14 16:30:58.419070938 +0200
+++ /var/tmp/diff_new_pack.gfMHPs/_new 2023-06-14 16:30:58.423070963 +0200
@@ -35,7 +35,7 @@
%define container_policyver 2.164.2-1.1
Name: rke2-selinux
-Version: 0.12.stable.1
+Version: 0.14.stable.1
Release: 0
Summary: SELinux policy module for rke2
++++++ _service ++++++
--- /var/tmp/diff_new_pack.gfMHPs/_old 2023-06-14 16:30:58.467071234 +0200
+++ /var/tmp/diff_new_pack.gfMHPs/_new 2023-06-14 16:30:58.471071258 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/rancher/rke2-selinux</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.12.stable.1</param>
+ <param name="revision">v0.14.stable.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.gfMHPs/_old 2023-06-14 16:30:58.499071430 +0200
+++ /var/tmp/diff_new_pack.gfMHPs/_new 2023-06-14 16:30:58.503071455 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/rancher/rke2-selinux</param>
- <param
name="changesrevision">e9cd59fd367185c3bcf6210e4ffe28a278b0c237</param></service></servicedata>
+ <param
name="changesrevision">1cc12f2c13e07308d68706d4fce4876c7885b741</param></service></servicedata>
(No newline at EOF)
++++++ rke2-selinux-0.12.stable.1.obscpio -> rke2-selinux-0.14.stable.1.obscpio
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/centos7/rke2.if
new/rke2-selinux-0.14.stable.1/policy/centos7/rke2.if
--- old/rke2-selinux-0.12.stable.1/policy/centos7/rke2.if 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/centos7/rke2.if 2023-06-06
20:04:20.000000000 +0200
@@ -11,9 +11,10 @@
type container_var_lib_t;
type container_var_run_t;
type var_lib_t;
+ type var_log_t;
')
- container_filetrans_named_content($1)
+ #container_filetrans_named_content($1)
files_pid_filetrans($1, container_var_run_t, dir, "rke2")
filetrans_pattern($1, container_var_lib_t, container_runtime_exec_t, dir,
"data")
filetrans_pattern($1, container_runtime_exec_t, container_config_t, dir,
"charts")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/centos7/rke2.te
new/rke2-selinux-0.14.stable.1/policy/centos7/rke2.te
--- old/rke2-selinux-0.12.stable.1/policy/centos7/rke2.te 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/centos7/rke2.te 2023-06-06
20:04:20.000000000 +0200
@@ -1,7 +1,8 @@
policy_module(rke2, 1.0.0)
gen_require(`
- type container_runtime_t, iptables_t, spc_t, unconfined_service_t;
+ type container_runtime_t, iptables_t, spc_t, unconfined_service_t,
iscsid_t;
+ class capability dac_override;
class bpf { map_create map_read map_write prog_load prog_run };
')
rke2_filetrans_named_content(container_runtime_t)
@@ -26,3 +27,9 @@
##########
fs_list_cgroup_dirs(iptables_t)
allow spc_t self:bpf { map_create map_read map_write prog_load prog_run };
+
+#########################
+# Longhorn ISCSID_T FIX #
+#########################
+# https://github.com/longhorn/longhorn/issues/5627#issuecomment-1577498183
+allow iscsid_t self:capability dac_override;
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/rke2-selinux-0.12.stable.1/policy/centos8/rke2-selinux.spec
new/rke2-selinux-0.14.stable.1/policy/centos8/rke2-selinux.spec
--- old/rke2-selinux-0.12.stable.1/policy/centos8/rke2-selinux.spec
2023-05-25 22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/centos8/rke2-selinux.spec
2023-06-06 20:04:20.000000000 +0200
@@ -18,7 +18,7 @@
restorecon -R /var/run/flannel
%define selinux_policyver 3.13.1-252
-%define container_policyver 2.191.0-1
+%define container_policyver 2.167.0-1
%define container_policy_epoch 2
Name: rke2-selinux
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/centos8/rke2.if
new/rke2-selinux-0.14.stable.1/policy/centos8/rke2.if
--- old/rke2-selinux-0.12.stable.1/policy/centos8/rke2.if 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/centos8/rke2.if 2023-06-06
20:04:20.000000000 +0200
@@ -12,9 +12,9 @@
type container_var_run_t;
type container_kvm_var_run_t;
type var_lib_t;
+ type var_log_t;
')
-
- container_filetrans_named_content($1)
+ #container_filetrans_named_content($1)
files_pid_filetrans($1, container_var_run_t, dir, "rke2")
filetrans_pattern($1, container_var_lib_t, container_runtime_exec_t, dir,
"data")
filetrans_pattern($1, container_runtime_exec_t, container_config_t, dir,
"charts")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/centos8/rke2.te
new/rke2-selinux-0.14.stable.1/policy/centos8/rke2.te
--- old/rke2-selinux-0.12.stable.1/policy/centos8/rke2.te 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/centos8/rke2.te 2023-06-06
20:04:20.000000000 +0200
@@ -1,7 +1,8 @@
policy_module(rke2, 1.0.0)
gen_require(`
- type container_runtime_t, unconfined_service_t;
+ type container_runtime_t, unconfined_service_t, iscsid_t;
+ class capability dac_override;
')
rke2_filetrans_named_content(container_runtime_t)
rke2_filetrans_named_content(unconfined_service_t)
@@ -19,3 +20,9 @@
container_manage_lib_dirs(rke2_service_db_t)
container_manage_lib_files(rke2_service_db_t)
allow rke2_service_db_t container_var_lib_t:file { map };
+
+#########################
+# Longhorn ISCSID_T FIX #
+#########################
+# https://github.com/longhorn/longhorn/issues/5627#issuecomment-1577498183
+allow iscsid_t self:capability dac_override;
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/centos9/rke2.if
new/rke2-selinux-0.14.stable.1/policy/centos9/rke2.if
--- old/rke2-selinux-0.12.stable.1/policy/centos9/rke2.if 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/centos9/rke2.if 2023-06-06
20:04:20.000000000 +0200
@@ -12,9 +12,10 @@
type container_var_run_t;
type container_kvm_var_run_t;
type var_lib_t;
+ type var_log_t;
')
- container_filetrans_named_content($1)
+ #container_filetrans_named_content($1)
files_pid_filetrans($1, container_var_run_t, dir, "rke2")
filetrans_pattern($1, container_var_lib_t, container_runtime_exec_t, dir,
"data")
filetrans_pattern($1, container_runtime_exec_t, container_config_t, dir,
"charts")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/centos9/rke2.te
new/rke2-selinux-0.14.stable.1/policy/centos9/rke2.te
--- old/rke2-selinux-0.12.stable.1/policy/centos9/rke2.te 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/centos9/rke2.te 2023-06-06
20:04:20.000000000 +0200
@@ -1,7 +1,8 @@
policy_module(rke2, 1.0.0)
gen_require(`
- type container_runtime_t, unconfined_service_t;
+ type container_runtime_t, unconfined_service_t, iscsid_t;
+ class capability dac_override;
')
rke2_filetrans_named_content(container_runtime_t)
rke2_filetrans_named_content(unconfined_service_t)
@@ -19,3 +20,9 @@
container_manage_lib_dirs(rke2_service_db_t)
container_manage_lib_files(rke2_service_db_t)
allow rke2_service_db_t container_var_lib_t:file { map };
+
+#########################
+# Longhorn ISCSID_T FIX #
+#########################
+# https://github.com/longhorn/longhorn/issues/5627#issuecomment-1577498183
+allow iscsid_t self:capability dac_override;
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/microos/rke2.if
new/rke2-selinux-0.14.stable.1/policy/microos/rke2.if
--- old/rke2-selinux-0.12.stable.1/policy/microos/rke2.if 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/microos/rke2.if 2023-06-06
20:04:20.000000000 +0200
@@ -12,9 +12,10 @@
type container_var_run_t;
type container_kvm_var_run_t;
type var_lib_t;
+ type var_log_t;
')
- container_filetrans_named_content($1)
+ #container_filetrans_named_content($1)
files_pid_filetrans($1, container_var_run_t, dir, "rke2")
filetrans_pattern($1, container_var_lib_t, container_runtime_exec_t, dir,
"data")
filetrans_pattern($1, container_runtime_exec_t, container_config_t, dir,
"charts")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/microos/rke2.te
new/rke2-selinux-0.14.stable.1/policy/microos/rke2.te
--- old/rke2-selinux-0.12.stable.1/policy/microos/rke2.te 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/microos/rke2.te 2023-06-06
20:04:20.000000000 +0200
@@ -1,7 +1,8 @@
policy_module(rke2, 1.0.0)
gen_require(`
- type container_runtime_t, unconfined_service_t;
+ type container_runtime_t, unconfined_service_t, iscsid_t;
+ class capability dac_override;
')
rke2_filetrans_named_content(container_runtime_t)
rke2_filetrans_named_content(unconfined_service_t)
@@ -19,3 +20,9 @@
container_manage_lib_dirs(rke2_service_db_t)
container_manage_lib_files(rke2_service_db_t)
allow rke2_service_db_t container_var_lib_t:file { map };
+
+#########################
+# Longhorn ISCSID_T FIX #
+#########################
+# https://github.com/longhorn/longhorn/issues/5627#issuecomment-1577498183
+allow iscsid_t self:capability dac_override;
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/slemicro/rke2.if
new/rke2-selinux-0.14.stable.1/policy/slemicro/rke2.if
--- old/rke2-selinux-0.12.stable.1/policy/slemicro/rke2.if 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/slemicro/rke2.if 2023-06-06
20:04:20.000000000 +0200
@@ -12,9 +12,10 @@
type container_var_run_t;
type container_kvm_var_run_t;
type var_lib_t;
+ type var_log_t;
')
- container_filetrans_named_content($1)
+ #container_filetrans_named_content($1)
files_pid_filetrans($1, container_var_run_t, dir, "rke2")
filetrans_pattern($1, container_var_lib_t, container_runtime_exec_t, dir,
"data")
filetrans_pattern($1, container_runtime_exec_t, container_config_t, dir,
"charts")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rke2-selinux-0.12.stable.1/policy/slemicro/rke2.te
new/rke2-selinux-0.14.stable.1/policy/slemicro/rke2.te
--- old/rke2-selinux-0.12.stable.1/policy/slemicro/rke2.te 2023-05-25
22:08:30.000000000 +0200
+++ new/rke2-selinux-0.14.stable.1/policy/slemicro/rke2.te 2023-06-06
20:04:20.000000000 +0200
@@ -1,7 +1,8 @@
policy_module(rke2, 1.0.0)
gen_require(`
- type container_runtime_t, unconfined_service_t;
+ type container_runtime_t, unconfined_service_t, iscsid_t;
+ class capability dac_override;
')
rke2_filetrans_named_content(container_runtime_t)
rke2_filetrans_named_content(unconfined_service_t)
@@ -19,3 +20,9 @@
container_manage_lib_dirs(rke2_service_db_t)
container_manage_lib_files(rke2_service_db_t)
allow rke2_service_db_t container_var_lib_t:file { map };
+
+#########################
+# Longhorn ISCSID_T FIX #
+#########################
+# https://github.com/longhorn/longhorn/issues/5627#issuecomment-1577498183
+allow iscsid_t self:capability dac_override;
\ No newline at end of file
++++++ rke2-selinux.obsinfo ++++++
--- /var/tmp/diff_new_pack.gfMHPs/_old 2023-06-14 16:30:58.631072242 +0200
+++ /var/tmp/diff_new_pack.gfMHPs/_new 2023-06-14 16:30:58.635072266 +0200
@@ -1,5 +1,5 @@
name: rke2-selinux
-version: 0.12.stable.1
-mtime: 1685045310
-commit: e9cd59fd367185c3bcf6210e4ffe28a278b0c237
+version: 0.14.stable.1
+mtime: 1686074660
+commit: 1cc12f2c13e07308d68706d4fce4876c7885b741
