Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package swtpm for openSUSE:Factory checked in at 2024-09-20 17:09:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/swtpm (Old) and /work/SRC/openSUSE:Factory/.swtpm.new.29891 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "swtpm" Fri Sep 20 17:09:01 2024 rev:20 rq:1202016 version:0.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/swtpm/swtpm.changes 2024-08-06 09:07:23.235377234 +0200 +++ /work/SRC/openSUSE:Factory/.swtpm.new.29891/swtpm.changes 2024-09-20 17:09:37.193755664 +0200 @@ -1,0 +2,11 @@ +Thu Sep 19 10:55:54 UTC 2024 - Cathy Hu <cathy...@suse.com> + +- Fix swtpm custom module (bsc#1229131) + - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch + - this can be removed once swtpm upstream sorts out their custom selinux module. + see: https://github.com/stefanberger/swtpm/issues/885 + there were a couple changes in the selinux-policy libvirt handling + which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled + virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t + +------------------------------------------------------------------- New: ---- 1229131-fix-swtpm-selinux-policy-mismatch.patch BETA DEBUG BEGIN: New:- Fix swtpm custom module (bsc#1229131) - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch - this can be removed once swtpm upstream sorts out their custom selinux module. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ swtpm.spec ++++++ --- /var/tmp/diff_new_pack.zcgMgH/_old 2024-09-20 17:09:38.445807204 +0200 +++ /var/tmp/diff_new_pack.zcgMgH/_new 2024-09-20 17:09:38.461807862 +0200 @@ -39,6 +39,14 @@ Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source100: swtpm-rpmlintrc Patch0: swtpm-fix-build.patch +# 19-09-24 cahu bsc#1229131 +# this can be removed once swtpm upstream sorts out their custom selinux module +# see: https://github.com/stefanberger/swtpm/issues/885 +# there were a couple changes in the selinux-policy libvirt handling +# which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled +# virt_log_t instead of var_log_t. +# this patch allows swtpm_t to open the virt_log_t +Patch1: 1229131-fix-swtpm-selinux-policy-mismatch.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: expect @@ -100,7 +108,7 @@ %endif %prep -%autosetup +%autosetup -p1 %build mkdir m4 ++++++ 1229131-fix-swtpm-selinux-policy-mismatch.patch ++++++ Index: swtpm-0.9.0/src/selinux/swtpm.te =================================================================== --- swtpm-0.9.0.orig/src/selinux/swtpm.te +++ swtpm-0.9.0/src/selinux/swtpm.te @@ -8,6 +8,7 @@ policy_module(swtpm, 1.0.0) require { type qemu_var_run_t; type var_log_t; + type virt_log_t; type virt_var_lib_t; type virtqemud_t; type virtqemud_tmp_t; @@ -29,6 +30,7 @@ allow swtpm_t qemu_var_run_t:file { crea allow swtpm_t qemu_var_run_t:dir { add_name remove_name write }; allow swtpm_t qemu_var_run_t:sock_file { create setattr unlink }; allow swtpm_t var_log_t:file open; +allow swtpm_t virt_log_t:file open; allow swtpm_t virt_var_lib_t:dir { add_name remove_name write }; allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write }; allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr };
