commit selinux-policy for openSUSE:Factory

Source-Sync Wed, 30 Apr 2025 10:04:25 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2025-04-30 19:02:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "selinux-policy"

Wed Apr 30 19:02:53 2025 rev:111 rq:1273471 version:20250429

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2025-04-15 20:46:43.944220351 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.30101/selinux-policy.changes 
2025-04-30 19:03:04.291047530 +0200
@@ -1,0 +2,8 @@
+Tue Apr 29 14:43:00 UTC 2025 - cathy...@suse.com
+
+- Update to version 20250429:
+  * Allow cluster_t use NoNewPrivileges systemd hardening (bsc#1241921)
+  * allows gssd_t to read nfs symlinks (bsc#1241042)
+  * Label tpm2-measure.log with systemd_pcrlock_var_lib_t (bsc#1240887)
+
+-------------------------------------------------------------------

Old:
----
  selinux-policy-20250411.tar.xz

New:
----
  selinux-policy-20250429.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.CMrXUu/_old  2025-04-30 19:03:04.927074042 +0200
+++ /var/tmp/diff_new_pack.CMrXUu/_new  2025-04-30 19:03:04.931074209 +0200
@@ -36,7 +36,7 @@
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20250411
+Version:        20250429
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.CMrXUu/_old  2025-04-30 19:03:04.995076876 +0200
+++ /var/tmp/diff_new_pack.CMrXUu/_new  2025-04-30 19:03:04.999077043 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param 
name="changesrevision">e366edc39ad8370b702f680d376476413a5bfd98</param></service></servicedata>
+              <param 
name="changesrevision">90afc2c19f698c8bc08697d6e3f9c4461c8beedd</param></service></servicedata>
 (No newline at EOF)
 


++++++ selinux-policy-20250411.tar.xz -> selinux-policy-20250429.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250411/policy/modules/contrib/rhcs.if 
new/selinux-policy-20250429/policy/modules/contrib/rhcs.if
--- old/selinux-policy-20250411/policy/modules/contrib/rhcs.if  2025-04-11 
18:14:24.000000000 +0200
+++ new/selinux-policy-20250429/policy/modules/contrib/rhcs.if  2025-04-29 
16:42:34.000000000 +0200
@@ -24,6 +24,7 @@
        type $1_t, cluster_domain;
        type $1_exec_t;
        init_daemon_domain($1_t, $1_exec_t)
+       init_nnp_daemon_domain($1_t)
 
        type $1_tmpfs_t, cluster_tmpfs;
        files_tmpfs_file($1_tmpfs_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250411/policy/modules/contrib/rpc.te 
new/selinux-policy-20250429/policy/modules/contrib/rpc.te
--- old/selinux-policy-20250411/policy/modules/contrib/rpc.te   2025-04-11 
18:14:24.000000000 +0200
+++ new/selinux-policy-20250429/policy/modules/contrib/rpc.te   2025-04-29 
16:42:34.000000000 +0200
@@ -383,6 +383,7 @@
 fs_rw_rpc_sockets(gssd_t)
 fs_read_rpc_files(gssd_t)
 fs_read_nfsd_files(gssd_t)
+fs_read_nfsd_symlinks(gssd_t)
 fs_list_tmpfs(gssd_t)
 fs_watch_rpc_dirs(gssd_t)
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250411/policy/modules/kernel/filesystem.if 
new/selinux-policy-20250429/policy/modules/kernel/filesystem.if
--- old/selinux-policy-20250411/policy/modules/kernel/filesystem.if     
2025-04-11 18:14:24.000000000 +0200
+++ new/selinux-policy-20250429/policy/modules/kernel/filesystem.if     
2025-04-29 16:42:34.000000000 +0200
@@ -4862,6 +4862,24 @@
 
 #######################################
 ## <summary>
+##  read symlinks on an nfsd filesystem
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`fs_read_nfsd_symlinks',`
+    gen_require(`
+        type nfsd_fs_t;
+    ')
+
+    read_lnk_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
+')
+
+#######################################
+## <summary>
 ##     Read and write NFS server files.
 ## </summary>
 ## <param name="domain">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20250411/policy/modules/system/systemd.fc 
new/selinux-policy-20250429/policy/modules/system/systemd.fc
--- old/selinux-policy-20250411/policy/modules/system/systemd.fc        
2025-04-11 18:14:24.000000000 +0200
+++ new/selinux-policy-20250429/policy/modules/system/systemd.fc        
2025-04-29 16:42:34.000000000 +0200
@@ -158,6 +158,7 @@
 /run/systemd/zram-generator.conf       --      
gen_context(system_u:object_r:systemd_zram_generator_conf_t,s0)
 
 /run/log/bootchart.*   --      
gen_context(system_u:object_r:systemd_bootchart_var_run_t,s0)
+/run/log/systemd/tpm2-measure.log      --      
gen_context(system_u:object_r:systemd_pcrlock_var_lib_t,s0)
 
 /run/systemd/units(/.*)?               
gen_context(system_u:object_r:systemd_unit_file_t,s0)

commit selinux-policy for openSUSE:Factory

Reply via email to