commit selinux-policy for openSUSE:Factory

Source-Sync Sat, 21 Feb 2026 12:01:26 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2026-02-21 21:00:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "selinux-policy"

Sat Feb 21 21:00:44 2026 rev:149 rq:1333937 version:20260219

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2026-02-06 19:02:26.380150007 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1977/selinux-policy.changes  
2026-02-21 21:01:04.222700245 +0100
@@ -1,0 +2,18 @@
+Thu Feb 19 12:50:52 UTC 2026 - Cathy Hu <[email protected]>
+
+- Update to version 20260219:
+  * Allow syslog_t access ISC dhcpd /dev/log socket (bsc#1255725)
+  * Update rules for snapper sdbootutil plugin (bsc#1257624)
+  * privoxy: account for openSUSE chroot configuration (bsc#1237375)
+  * Fix gitlab-ci throwing false warnings
+  * Add diffutils explicitly to .gitlab-ci
+  * Fix gitlab CI
+
+-------------------------------------------------------------------
+Tue Feb 17 12:55:43 UTC 2026 - Cathy Hu <[email protected]>
+
+- Fix hash in _servicedata
+  - was: a1c0fcdf4397f03534deaa8a4596b9da7f2bb674
+  - should be: ecd7927a3d5f06cff0b645b4146d355fede80922
+
+-------------------------------------------------------------------

Old:
----
  selinux-policy-20260203.tar.xz

New:
----
  selinux-policy-20260219.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.S007tt/_old  2026-02-21 21:01:05.618757479 +0100
+++ /var/tmp/diff_new_pack.S007tt/_new  2026-02-21 21:01:05.622757643 +0100
@@ -36,7 +36,7 @@
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20260203
+Version:        20260219
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.S007tt/_old  2026-02-21 21:01:05.702760923 +0100
+++ /var/tmp/diff_new_pack.S007tt/_new  2026-02-21 21:01:05.706761086 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param 
name="changesrevision">a1c0fcdf4397f03534deaa8a4596b9da7f2bb674</param></service></servicedata>
+              <param 
name="changesrevision">901bdb1cb7753b844e764b2dbf8687db1459b735</param></service></servicedata>
 (No newline at EOF)
 


++++++ selinux-policy-20260203.tar.xz -> selinux-policy-20260219.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-policy-20260203/.gitlab-ci.yml 
new/selinux-policy-20260219/.gitlab-ci.yml
--- old/selinux-policy-20260203/.gitlab-ci.yml  2026-02-03 10:55:18.000000000 
+0100
+++ new/selinux-policy-20260219/.gitlab-ci.yml  2026-02-19 13:50:04.000000000 
+0100
@@ -28,6 +28,8 @@
 rpmbuild:
     stage: rpmbuild
     script:
+        - zypper ar -p 98 
https://download.opensuse.org/repositories/security:/SELinux/openSUSE_Factory/ 
selinux
+        - zypper --non-interactive --gpg-auto-import-keys dup --from selinux 
--allow-vendor-change
         # Install dependencies
         - zypper install -y wget rpm-build python-rpm-macros
         # Download the source RPM
@@ -55,7 +57,7 @@
     stage: test
     script:
         - set +e
-        - zypper --non-interactive --quiet install qemu-img qemu-x86 rpm-devel 
wget
+        - zypper --non-interactive --quiet install qemu-img qemu-x86 rpm-devel 
wget diffutils
         - bash test/test.sh
     allow_failure:
         exit_codes:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20260203/policy/modules/contrib/privoxy.fc 
new/selinux-policy-20260219/policy/modules/contrib/privoxy.fc
--- old/selinux-policy-20260203/policy/modules/contrib/privoxy.fc       
2026-02-03 10:55:18.000000000 +0100
+++ new/selinux-policy-20260219/policy/modules/contrib/privoxy.fc       
2026-02-19 13:50:04.000000000 +0100
@@ -7,3 +7,10 @@
 /var/log/privoxy(/.*)? gen_context(system_u:object_r:privoxy_log_t,s0)
 
 /run/privoxy\.pid      --      
gen_context(system_u:object_r:privoxy_var_run_t,s0)
+
+# openSUSE privoxy chroot configuration
+# privoxy.service runs privoxy --chroot under /var/lib/privoxy
+/var/lib/privoxy/log(/.*)?                     
gen_context(system_u:object_r:privoxy_log_t,s0)
+/var/lib/privoxy/run(/.*)?                     
gen_context(system_u:object_r:privoxy_var_run_t,s0)
+/var/lib/privoxy/etc(/.*)?                     
gen_context(system_u:object_r:etc_t,s0)
+/var/lib/privoxy/etc/[^/]*\.action     --      
gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20260203/policy/modules/contrib/snapper.te 
new/selinux-policy-20260219/policy/modules/contrib/snapper.te
--- old/selinux-policy-20260203/policy/modules/contrib/snapper.te       
2026-02-03 10:55:18.000000000 +0100
+++ new/selinux-policy-20260219/policy/modules/contrib/snapper.te       
2026-02-19 13:50:04.000000000 +0100
@@ -207,6 +207,7 @@
 files_manage_isid_type_dirs(snapper_sdbootutil_plugin_t)
 files_manage_isid_type_symlinks(snapper_sdbootutil_plugin_t)
 
+dev_getattr_loop_control(snapper_sdbootutil_plugin_t)
 dev_list_sysfs(snapper_sdbootutil_plugin_t)
 dev_read_sysfs(snapper_sdbootutil_plugin_t)
 dev_rw_tpm(snapper_sdbootutil_plugin_t)
@@ -227,6 +228,7 @@
 
 fs_getattr_all_fs(snapper_sdbootutil_plugin_t)
 fs_getattr_all_files(snapper_sdbootutil_plugin_t)
+fs_manage_dos_dirs(snapper_sdbootutil_plugin_t)
 fs_manage_dos_files(snapper_sdbootutil_plugin_t)
 fs_manage_efivarfs_files(snapper_sdbootutil_plugin_t)
 fstools_domtrans(snapper_sdbootutil_plugin_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-policy-20260203/policy/modules/system/logging.te 
new/selinux-policy-20260219/policy/modules/system/logging.te
--- old/selinux-policy-20260203/policy/modules/system/logging.te        
2026-02-03 10:55:18.000000000 +0100
+++ new/selinux-policy-20260219/policy/modules/system/logging.te        
2026-02-19 13:50:04.000000000 +0100
@@ -673,6 +673,11 @@
 fs_list_cgroup_dirs(syslogd_t)
 fs_cgroup_write_memory_pressure(syslogd_t)
 
+# (open)SUSE only: /etc/sysconfig/syslog
+# defines an additional syslog socket for ISC dhcpd.
+# Can be dropped, when ISC dhcpd is removed
+sysnet_search_dhcp_state(syslogd_t)
+
 miscfiles_manage_generic_cert_files(syslogd_t)
 
 mls_file_write_all_levels(syslogd_t) # Need to be able to write to /var/run/ 
and /var/log directories
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-policy-20260203/test/testscript 
new/selinux-policy-20260219/test/testscript
--- old/selinux-policy-20260203/test/testscript 2026-02-03 10:55:18.000000000 
+0100
+++ new/selinux-policy-20260219/test/testscript 2026-02-19 13:50:04.000000000 
+0100
@@ -32,7 +32,7 @@
     journalctl -b | grep -e avc -e denied || echo "<no matches>" | tee 
$2/journal
 
     print 36 "## Checking for AVCs and SELinux errors with ausearch..."
-    ausearch -m avc,user_avc,selinux_err,user_selinux_err | tee $2/ausearch
+    ausearch -m avc,user_avc,selinux_err,user_selinux_err |& tee $2/ausearch
 
     print 36 "## Looking for unconfined services..."
     ps -eo label,command | grep -v "/bin/bash /usr/bin/selinux-test\|ps -eo 
label,command\|grep unconfined" | grep unconfined || echo "<no matches>" | tee 
$2/unconfined

commit selinux-policy for openSUSE:Factory

Reply via email to