commit selinux-policy for openSUSE:Factory

Sat, 17 Dec 2022 11:51:57 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2022-12-17 20:36:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "selinux-policy"

Sat Dec 17 20:36:10 2022 rev:41 rq:1043279 version:20221019

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2022-12-15 19:24:43.119890216 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.1835/selinux-policy.changes  
2022-12-17 20:36:14.996507671 +0100
@@ -1,0 +2,6 @@
+Thu Dec 15 16:11:15 UTC 2022 - Hu <cathy...@suse.com>
+
+- Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan
+  (bnc#1206445)
+
+-------------------------------------------------------------------

New:
----
  fix_ipsec.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.J1obuN/_old  2022-12-17 20:36:16.224514416 +0100
+++ /var/tmp/diff_new_pack.J1obuN/_new  2022-12-17 20:36:16.228514438 +0100
@@ -147,6 +147,7 @@
 Patch063:       fix_alsa.patch
 Patch064:       dontaudit_interface_kmod_tmpfs.patch
 Patch065:       fix_sendmail.patch
+Patch066:       fix_ipsec.patch
 
 Patch100:       sedoctool.patch
 

++++++ fix_ipsec.patch ++++++
Index: fedora-policy-20221019/policy/modules/system/ipsec.te
===================================================================
--- fedora-policy-20221019.orig/policy/modules/system/ipsec.te
+++ fedora-policy-20221019/policy/modules/system/ipsec.te
@@ -87,6 +87,7 @@ allow ipsec_t self:tcp_socket create_str
 allow ipsec_t self:udp_socket create_socket_perms;
 allow ipsec_t self:packet_socket create_socket_perms;
 allow ipsec_t self:key_socket create_socket_perms;
+allow ipsec_t self:alg_socket create_socket_perms;
 allow ipsec_t self:fifo_file read_fifo_file_perms;
 allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms 
nlmsg_write };
 allow ipsec_t self:netlink_selinux_socket create_socket_perms;
@@ -269,6 +270,7 @@ allow ipsec_mgmt_t self:unix_stream_sock
 allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
 allow ipsec_mgmt_t self:udp_socket create_socket_perms;
 allow ipsec_mgmt_t self:key_socket create_socket_perms;
+allow ipsec_mgmt_t self:alg_socket create_socket_perms;
 allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms;
 allow ipsec_mgmt_t self:netlink_xfrm_socket { create_netlink_socket_perms 
nlmsg_read };
 allow ipsec_mgmt_t self:netlink_route_socket { create_netlink_socket_perms };

Reply via email to