commit selinux-policy for openSUSE:Factory

Source-Sync Sat, 20 Dec 2025 12:47:26 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2025-12-20 21:45:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "selinux-policy"

Sat Dec 20 21:45:38 2025 rev:143 rq:1323681 version:20251219

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2025-12-18 18:29:17.708178348 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1928/selinux-policy.changes  
2025-12-20 21:46:24.606985263 +0100
@@ -1,0 +2,17 @@
+Fri Dec 19 11:11:46 UTC 2025 - Robert Frohl <[email protected]>
+
+- Update to version 20251219:
+  * Allow 'mysql-systemd-helper upgrade' to work correctly (bsc#1255024)
+
+-------------------------------------------------------------------
+Thu Dec 18 08:27:32 UTC 2025 - Johannes Segitz <[email protected]>
+
+- Save previous file contexts in /run and ensure deletion (bsc#1245303)
+
+-------------------------------------------------------------------
+Thu Dec 18 08:17:06 UTC 2025 - Cathy Hu <[email protected]>
+
+- Update to version 20251218:
+  * Allow systemd_udev_trigger_generator_t use CAP_SYS_RESOURCE (bsc#1255079)
+
+-------------------------------------------------------------------

Old:
----
  selinux-policy-20251217.tar.xz

New:
----
  selinux-policy-20251219.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.3MFUQt/_old  2025-12-20 21:46:25.655028340 +0100
+++ /var/tmp/diff_new_pack.3MFUQt/_new  2025-12-20 21:46:25.659028504 +0100
@@ -36,7 +36,7 @@
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20251217
+Version:        20251219
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.3MFUQt/_old  2025-12-20 21:46:25.767032943 +0100
+++ /var/tmp/diff_new_pack.3MFUQt/_new  2025-12-20 21:46:25.771033107 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param 
name="changesrevision">1d2ac331a0bfb952d18e25596875674b3b1f093e</param></service></servicedata>
+              <param 
name="changesrevision">b6f226e4cd6b7896a07dfb02cd7cb6fad8fa7eb5</param></service></servicedata>
 (No newline at EOF)
 


++++++ macros.selinux-policy ++++++
--- /var/tmp/diff_new_pack.3MFUQt/_old  2025-12-20 21:46:25.879037547 +0100
+++ /var/tmp/diff_new_pack.3MFUQt/_new  2025-12-20 21:46:25.883037711 +0100
@@ -28,7 +28,7 @@
 %_selinux_store_policy_path %{_selinux_store_path}/${_policytype}
 
 %_file_context_file 
%{_sysconfdir}/selinux/${SELINUXTYPE}/contexts/files/file_contexts
-%_file_context_file_pre /var/adm/update-scripts/file_contexts.pre
+%_file_context_file_pre /run/selinux-file_contexts.pre
 
 %_file_custom_defined_booleans %{_selinux_store_policy_path}/rpmbooleans.custom
 %_file_custom_defined_booleans_tmp 
%{_selinux_store_policy_path}/rpmbooleans.custom.tmp
@@ -120,10 +120,10 @@
    if [ -f %{_file_context_file_pre} ]; then \
      if [ -z "${TRANSACTIONAL_UPDATE}" ]; then \
        %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \
-       rm -f %{_file_context_file_pre} \
      else \
        touch /etc/selinux/.autorelabel \
      fi \
+     rm -f %{_file_context_file_pre} \
    fi \
 fi \
 %{nil}

++++++ selinux-policy-20251217.tar.xz -> selinux-policy-20251219.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20251217/.gitlab/merge_request_templates/default.md 
new/selinux-policy-20251219/.gitlab/merge_request_templates/default.md
--- old/selinux-policy-20251217/.gitlab/merge_request_templates/default.md      
2025-12-17 09:56:59.000000000 +0100
+++ new/selinux-policy-20251219/.gitlab/merge_request_templates/default.md      
2025-12-19 12:10:05.000000000 +0100
@@ -3,3 +3,5 @@
 - [ ] correct bug or feature id was added in the commit titles (e.g. 
bsc#12345, jsc#12345)
 - [ ] corresponding 
[upstream](https://github.com/fedora-selinux/selinux-policy) PR: TODO or N/A
   - [ ] if N/A, add a short statement why: TODO
+- [ ] verified if a backport is needed (e.g. to branches like slfo-1.2)
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20251217/policy/modules/contrib/mysql.fc 
new/selinux-policy-20251219/policy/modules/contrib/mysql.fc
--- old/selinux-policy-20251217/policy/modules/contrib/mysql.fc 2025-12-17 
09:56:59.000000000 +0100
+++ new/selinux-policy-20251219/policy/modules/contrib/mysql.fc 2025-12-19 
12:10:05.000000000 +0100
@@ -65,3 +65,6 @@
 /run/mysql(/.*)?               
gen_context(system_u:object_r:mysqld_var_run_t,s0)
 /run/mysqld(/.*)?              
gen_context(system_u:object_r:mysqld_var_run_t,s0)
 /run/mysqld/mysqlmanager.* -- 
gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
+
+# (open)SUSE-only
+/var/tmp/mysql-protected.*(/.*)?    
gen_context(system_u:object_r:mysqld_var_run_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20251217/policy/modules/contrib/mysql.te 
new/selinux-policy-20251219/policy/modules/contrib/mysql.te
--- old/selinux-policy-20251217/policy/modules/contrib/mysql.te 2025-12-17 
09:56:59.000000000 +0100
+++ new/selinux-policy-20251219/policy/modules/contrib/mysql.te 2025-12-19 
12:10:05.000000000 +0100
@@ -329,6 +329,8 @@
 
 domtrans_pattern(mysqld_systemd_helper_t, mysqld_exec_t, mysqld_t)
 
+mysql_stream_connect(mysqld_t)
+
 optional_policy(`
        unconfined_domain(mysqld_systemd_helper_t)
 ')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20251217/policy/modules/system/systemd.te 
new/selinux-policy-20251219/policy/modules/system/systemd.te
--- old/selinux-policy-20251217/policy/modules/system/systemd.te        
2025-12-17 09:56:59.000000000 +0100
+++ new/selinux-policy-20251219/policy/modules/system/systemd.te        
2025-12-19 12:10:05.000000000 +0100
@@ -1634,6 +1634,8 @@
 permissive systemd_tpm2_generator_t;
 
 ### udev trigger generator
+allow systemd_udev_trigger_generator_t self:capability sys_resource;
+
 corecmd_exec_bin(systemd_udev_trigger_generator_t)
 
 dev_list_sysfs(systemd_udev_trigger_generator_t)

commit selinux-policy for openSUSE:Factory

Reply via email to