Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2021-08-19 13:39:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "selinux-policy" Thu Aug 19 13:39:01 2021 rev:16 rq:912873 version:20210716 Changes: -------- --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2021-08-02 12:04:46.097659882 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1899/selinux-policy.changes 2021-08-19 13:39:10.097414033 +0200 @@ -1,0 +2,11 @@ +Tue Aug 17 16:03:08 UTC 2021 - Ludwig Nussel <lnus...@suse.de> + +- Allow systemd-sysctl to read kernel specific sysctl.conf + (fix_kernel_sysctl.patch, boo#1184804) + +------------------------------------------------------------------- +Tue Aug 10 08:31:16 UTC 2021 - Ludwig Nussel <lnus...@suse.de> + +- Fix quoting in postInstall macro + +------------------------------------------------------------------- New: ---- fix_kernel_sysctl.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ selinux-policy.spec ++++++ --- /var/tmp/diff_new_pack.suBM0i/_old 2021-08-19 13:39:11.249412548 +0200 +++ /var/tmp/diff_new_pack.suBM0i/_new 2021-08-19 13:39:11.253412543 +0200 @@ -131,6 +131,8 @@ # https://github.com/cockpit-project/cockpit/pull/15758 Patch052: fix_cockpit.patch Patch053: fix_systemd_watch.patch +# kernel specific sysctl.conf (boo#1184804) +Patch054: fix_kernel_sysctl.patch Patch100: sedoctool.patch @@ -304,9 +306,9 @@ %define postInstall() \ . %{_sysconfdir}/selinux/config; \ -if [ -e %{_sysconfdir}/selinux/%%2/.rebuild ]; then \ - rm %{_sysconfdir}/selinux/%%2/.rebuild; \ - /usr/sbin/semodule -B -n -s %%2; \ +if [ -e %{_sysconfdir}/selinux/%2/.rebuild ]; then \ + rm %{_sysconfdir}/selinux/%2/.rebuild; \ + /usr/sbin/semodule -B -n -s %2; \ fi; \ if [ -n "${TRANSACTIONAL_UPDATE}" ]; then \ touch /etc/selinux/.autorelabel \ ++++++ fix_kernel_sysctl.patch ++++++ Index: fedora-policy-20210716/policy/modules/kernel/files.fc =================================================================== --- fedora-policy-20210716.orig/policy/modules/kernel/files.fc +++ fedora-policy-20210716/policy/modules/kernel/files.fc @@ -236,6 +236,8 @@ ifdef(`distro_redhat',` /usr/lib/ostree-boot(/.*)? gen_context(system_u:object_r:usr_t,s0) /usr/lib/modules(/.*)/vmlinuz -- gen_context(system_u:object_r:usr_t,s0) /usr/lib/modules(/.*)/initramfs.img -- gen_context(system_u:object_r:usr_t,s0) +/usr/lib/modules(/.*)/sysctl.conf -- gen_context(system_u:object_r:usr_t,s0) +/usr/lib/modules(/.*)/System.map -- gen_context(system_u:object_r:system_map_t,s0) /usr/doc(/.*)?/lib(/.*)? gen_context(system_u:object_r:usr_t,s0) Index: fedora-policy-20210716/policy/modules/system/systemd.te =================================================================== --- fedora-policy-20210716.orig/policy/modules/system/systemd.te +++ fedora-policy-20210716/policy/modules/system/systemd.te @@ -1027,6 +1027,8 @@ init_stream_connect(systemd_sysctl_t) logging_send_syslog_msg(systemd_sysctl_t) systemd_read_efivarfs(systemd_sysctl_t) +# kernel specific sysctl.conf may be in modules dir +allow systemd_sysctl_t modules_object_t:dir search; ####################################### #
