Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2023-10-13 23:13:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.20540 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy"
Fri Oct 13 23:13:48 2023 rev:50 rq:1117140 version:20231012
Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2023-10-05 20:03:32.591558548 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.20540/selinux-policy.changes
2023-10-13 23:13:54.793366029 +0200
@@ -1,0 +2,7 @@
+Thu Oct 12 07:59:22 UTC 2023 - cathy...@suse.com
+
+- Update to version 20231012:
+ * Allow sssd_t watch permission to net_conf_t dirs (bsc#1216052)
+ * Revert fix for bsc#1205770 since it causes a regression for bsc#1214887
+
+-------------------------------------------------------------------
Old:
----
selinux-policy-20230728.tar.xz
New:
----
selinux-policy-20231012.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.xefP6q/_old 2023-10-13 23:13:55.709399254 +0200
+++ /var/tmp/diff_new_pack.xefP6q/_new 2023-10-13 23:13:55.713399400 +0200
@@ -33,7 +33,7 @@
License: GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version: 20230728
+Version: 20231012
Release: 0
Source0: %{name}-%{version}.tar.xz
Source1: container.fc
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.xefP6q/_old 2023-10-13 23:13:55.777401721 +0200
+++ /var/tmp/diff_new_pack.xefP6q/_new 2023-10-13 23:13:55.781401866 +0200
@@ -1,7 +1,7 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
- <param
name="changesrevision">e65babcf7439aad62e377165cc9aae839128416f</param></service><service
name="tar_scm">
+ <param
name="changesrevision">0624d60d3924bc66ce6247492bd633de77f061e8</param></service><service
name="tar_scm">
<param
name="url">https://github.com/containers/container-selinux.git</param>
<param
name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service><service
name="tar_scm">
<param
name="url">https://gitlab.suse.de/jsegitz/selinux-policy.git</param>
++++++ selinux-policy-20230728.tar.xz -> selinux-policy-20231012.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20230728/policy/modules/contrib/wicked.fc
new/selinux-policy-20231012/policy/modules/contrib/wicked.fc
--- old/selinux-policy-20230728/policy/modules/contrib/wicked.fc
2023-07-28 16:45:33.000000000 +0200
+++ new/selinux-policy-20231012/policy/modules/contrib/wicked.fc
2023-10-12 10:18:04.000000000 +0200
@@ -45,6 +45,3 @@
#/etc/dbus-1/system.d/org.opensuse.Network.Nanny.conf
#/etc/dbus-1/system.d/org.opensuse.Network.conf
-/etc/sysconfig/network/scripts(/.*)?
gen_context(system_u:object_r:wicked_script_t,s0)
-/etc/sysconfig/network/scripts/samba-winbindd --
gen_context(system_u:object_r:wicked_winbind_script_t,s0)
-/etc/sysconfig/network/scripts/dhcpd-restart-hook --
gen_context(system_u:object_r:wicked_dhcp_script_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20230728/policy/modules/contrib/wicked.if
new/selinux-policy-20231012/policy/modules/contrib/wicked.if
--- old/selinux-policy-20230728/policy/modules/contrib/wicked.if
2023-07-28 16:45:33.000000000 +0200
+++ new/selinux-policy-20231012/policy/modules/contrib/wicked.if
2023-10-12 10:18:04.000000000 +0200
@@ -652,27 +652,3 @@
files_etc_filetrans($1, wicked_var_lib_t, file, "state-8.xml")
files_etc_filetrans($1, wicked_var_lib_t, file, "state-9.xml")
')
-
-########################################
-## <summary>
-## Create a set of derived types for various wicked scripts
-## </summary>
-## <param name="prefix">
-## <summary>
-## The name to be used for deriving type names.
-## </summary>
-## </param>
-#
-template(`wicked_script_template',`
- gen_require(`
- attribute wicked_plugin, wicked_script;
- type wicked_t;
- ')
-
- type wicked_$1_t, wicked_plugin;
- type wicked_$1_script_t, wicked_script;
- application_domain(wicked_$1_t, wicked_$1_script_t)
- role system_r types wicked_$1_t;
-
- domtrans_pattern(wicked_t, wicked_$1_script_t, wicked_$1_t)
-')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20230728/policy/modules/contrib/wicked.te
new/selinux-policy-20231012/policy/modules/contrib/wicked.te
--- old/selinux-policy-20230728/policy/modules/contrib/wicked.te
2023-07-28 16:45:33.000000000 +0200
+++ new/selinux-policy-20231012/policy/modules/contrib/wicked.te
2023-10-12 10:18:04.000000000 +0200
@@ -33,20 +33,6 @@
type wicked_var_run_t;
files_pid_file(wicked_var_run_t)
-
-# Wicked scripts
-
-attribute wicked_plugin;
-attribute wicked_script;
-type wicked_script_t, wicked_script;
-type wicked_custom_t, wicked_plugin;
-role system_r types wicked_custom_t;
-application_domain(wicked_custom_t, wicked_script_t)
-domtrans_pattern(wicked_t, wicked_script_t, wicked_custom_t)
-
-wicked_script_template(winbind);
-wicked_script_template(dhcp);
-
#type wpa_cli_t;
#type wpa_cli_exec_t;
#init_system_domain(wpa_cli_t, wpa_cli_exec_t)
@@ -254,20 +240,6 @@
sysnet_manage_config_dirs(wicked_t)
-
-# Wicked scripts
-
-list_dirs_pattern(wicked_t, wicked_script_t, wicked_script)
-read_files_pattern(wicked_t, wicked_script_t, wicked_script)
-read_lnk_files_pattern(wicked_t, wicked_script_t, wicked_script)
-list_dirs_pattern(wicked_plugin, wicked_script_t, wicked_script_t)
-read_lnk_files_pattern(wicked_plugin, wicked_script_t, wicked_script)
-
-auth_read_passwd(wicked_plugin)
-
-corecmd_exec_bin(wicked_plugin)
-corecmd_exec_shell(wicked_winbind_t)
-
#tunable_policy(`use_nfs_home_dirs',`
# fs_read_nfs_files(wicked_t)
#')
@@ -526,26 +498,6 @@
networkmanager_dbus_chat(wicked_t)
')
-optional_policy(`
- logging_send_syslog_msg(wicked_winbind_t)
-')
-
-optional_policy(`
- sysnet_exec_ifconfig(wicked_plugin)
- sysnet_read_config(wicked_plugin)
-')
-
-optional_policy(`
- systemd_exec_systemctl(wicked_winbind_t)
- systemd_exec_systemctl(wicked_dhcp_t)
-')
-
-optional_policy(`
- samba_domtrans_smbcontrol(wicked_winbind_t)
- samba_read_config(wicked_winbind_t)
- samba_service_status(wicked_winbind_t)
-')
-
#tunable_policy(`use_ecryptfs_home_dirs',`
#fs_manage_ecryptfs_files(wicked_t)
#')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-policy-20230728/policy/modules/system/sysnetwork.if
new/selinux-policy-20231012/policy/modules/system/sysnetwork.if
--- old/selinux-policy-20230728/policy/modules/system/sysnetwork.if
2023-07-28 16:45:33.000000000 +0200
+++ new/selinux-policy-20231012/policy/modules/system/sysnetwork.if
2023-10-12 10:18:04.000000000 +0200
@@ -517,7 +517,7 @@
#######################################
## <summary>
-## Watch network config files and lnk_files.
+## Watch network config files, lnk_files and directories.
## </summary>
## <param name="domain">
## <summary>
@@ -533,6 +533,7 @@
files_search_etc($1)
allow $1 net_conf_t:file watch_file_perms;
allow $1 net_conf_t:lnk_file watch_lnk_file_perms;
+ allow $1 net_conf_t:dir watch_dir_perms;
')
#######################################
