commit selinux-policy for openSUSE:Factory

Source-Sync Sat, 22 Feb 2025 10:22:46 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2025-02-22 19:04:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.1873 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "selinux-policy"

Sat Feb 22 19:04:23 2025 rev:101 rq:1247652 version:20250221

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2025-02-19 15:59:03.617353244 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1873/selinux-policy.changes  
2025-02-22 19:04:25.793484949 +0100
@@ -1,0 +2,8 @@
+Fri Feb 21 13:36:08 UTC 2025 - cathy...@suse.com
+
+- Update to version 20250221:
+  * Allow named_filetrans_domain filetrans raid/mdadm named content 
(bsc#1236807)
+  * Grant privoxy_t the sys_chroot capability (bsc#1237375)
+  * Allow init_t nnp_transition to tor_t (bsc#1237375)
+
+-------------------------------------------------------------------

Old:
----
  selinux-policy-20250218.tar.xz

New:
----
  selinux-policy-20250221.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.ocuvyu/_old  2025-02-22 19:04:26.481513602 +0100
+++ /var/tmp/diff_new_pack.ocuvyu/_new  2025-02-22 19:04:26.485513768 +0100
@@ -36,7 +36,7 @@
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20250218
+Version:        20250221
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.ocuvyu/_old  2025-02-22 19:04:26.561516933 +0100
+++ /var/tmp/diff_new_pack.ocuvyu/_new  2025-02-22 19:04:26.565517099 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param 
name="changesrevision">70418ef1f7748991f0ad21870a0e4c64346bf127</param></service></servicedata>
+              <param 
name="changesrevision">30b33a66b3f7fb713a1a2923e52e0a58ecf9f613</param></service></servicedata>
 (No newline at EOF)
 


++++++ selinux-policy-20250218.tar.xz -> selinux-policy-20250221.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250218/policy/modules/contrib/privoxy.te 
new/selinux-policy-20250221/policy/modules/contrib/privoxy.te
--- old/selinux-policy-20250218/policy/modules/contrib/privoxy.te       
2025-02-18 13:39:46.000000000 +0100
+++ new/selinux-policy-20250221/policy/modules/contrib/privoxy.te       
2025-02-21 14:32:20.000000000 +0100
@@ -34,7 +34,7 @@
 # Local Policy
 #
 
-allow privoxy_t self:capability { setgid setuid };
+allow privoxy_t self:capability { setgid setuid sys_chroot};
 dontaudit privoxy_t self:capability sys_tty_config;
 allow privoxy_t self:tcp_socket { accept listen };
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250218/policy/modules/contrib/raid.if 
new/selinux-policy-20250221/policy/modules/contrib/raid.if
--- old/selinux-policy-20250218/policy/modules/contrib/raid.if  2025-02-18 
13:39:46.000000000 +0100
+++ new/selinux-policy-20250221/policy/modules/contrib/raid.if  2025-02-21 
14:32:20.000000000 +0100
@@ -203,11 +203,13 @@
 interface(`raid_filetrans_named_content',`
        gen_require(`
                type mdadm_conf_t;
+               type mdadm_var_run_t;
        ')
 
     files_etc_filetrans($1, mdadm_conf_t, file, "mdadm.conf")
     files_etc_filetrans($1, mdadm_conf_t, file, "mdadm.conf.anacbak")
     files_etc_filetrans($1, mdadm_conf_t, dir, "mdadm.conf.d")
+    files_pid_filetrans($1, mdadm_var_run_t, dir, "mdadm")
 ')
 
 ########################################
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250218/policy/modules/contrib/tor.te 
new/selinux-policy-20250221/policy/modules/contrib/tor.te
--- old/selinux-policy-20250218/policy/modules/contrib/tor.te   2025-02-18 
13:39:46.000000000 +0100
+++ new/selinux-policy-20250221/policy/modules/contrib/tor.te   2025-02-21 
14:32:20.000000000 +0100
@@ -30,6 +30,7 @@
 type tor_t;
 type tor_exec_t;
 init_daemon_domain(tor_t, tor_exec_t)
+init_nnp_daemon_domain(tor_t)
 
 type tor_etc_t;
 files_config_file(tor_etc_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250218/policy/modules/kernel/domain.te 
new/selinux-policy-20250221/policy/modules/kernel/domain.te
--- old/selinux-policy-20250218/policy/modules/kernel/domain.te 2025-02-18 
13:39:46.000000000 +0100
+++ new/selinux-policy-20250221/policy/modules/kernel/domain.te 2025-02-21 
14:32:20.000000000 +0100
@@ -359,6 +359,10 @@
 ')
 
 optional_policy(`
+    raid_filetrans_named_content(named_filetrans_domain)
+')
+
+optional_policy(`
        snapper_filetrans_named_content(named_filetrans_domain)
 ')

commit selinux-policy for openSUSE:Factory

Reply via email to