Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2020-11-02 14:04:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "selinux-policy"

Mon Nov  2 14:04:02 2020 rev:4 rq:844986 version:20201029

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2020-10-23 12:20:39.572611671 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.3463/selinux-policy.changes  
2020-11-02 14:04:16.436676002 +0100
@@ -1,0 +2,7 @@
+Thu Oct 29 08:47:51 UTC 2020 - Thorsten Kukuk <ku...@suse.com>
+
+- wicked.fc: add libexec directories
+- Update to version 20201029
+  - update container policy
+
+-------------------------------------------------------------------

Old:
----
  fedora-policy.20201016.tar.bz2

New:
----
  fedora-policy.20201029.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ selinux-policy.spec ++++++
--- /var/tmp/diff_new_pack.QK6SZM/_old  2020-11-02 14:04:18.684677710 +0100
+++ /var/tmp/diff_new_pack.QK6SZM/_new  2020-11-02 14:04:18.688677713 +0100
@@ -33,7 +33,7 @@
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20201016
+Version:        20201029
 Release:        0
 Source:         fedora-policy.%{version}.tar.bz2
 Source1:        selinux-policy-rpmlintrc

++++++ fedora-policy.20201016.tar.bz2 -> fedora-policy.20201029.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/container.te 
new/fedora-policy/policy/modules/contrib/container.te
--- old/fedora-policy/policy/modules/contrib/container.te       2020-10-16 
10:49:09.821324878 +0200
+++ new/fedora-policy/policy/modules/contrib/container.te       2020-10-29 
09:07:49.792815272 +0100
@@ -1,4 +1,4 @@
-policy_module(container, 2.148.0)
+policy_module(container, 2.150.0)
 gen_require(`
        class passwd rootok;
 ')
@@ -754,7 +754,7 @@
 allow container_domain self:shm create_shm_perms;
 allow container_domain self:socket create_socket_perms;
 allow container_domain self:tcp_socket create_socket_perms;
-allow container_domain self:tun_socket { create_socket_perms relabelfrom 
relabelto };
+allow container_domain self:tun_socket { create_socket_perms relabelfrom 
relabelto attach_queue };
 allow container_domain self:udp_socket create_socket_perms;
 allow container_domain self:unix_dgram_socket create_socket_perms;
 allow container_domain self:unix_stream_socket create_stream_socket_perms;
@@ -1149,6 +1149,7 @@
 container_stream_connect(container_kvm_t)
 
 dev_rw_inherited_vhost(container_kvm_t)
+dev_rw_vfio_dev(container_kvm_t)
 
 corenet_rw_inherited_tun_tap_dev(container_kvm_t)
 corecmd_exec_shell(container_kvm_t)
@@ -1158,9 +1159,12 @@
 # virtiofs causes these AVC messages.
 kernel_mount_proc(container_kvm_t)
 kernel_mounton_proc(container_kvm_t)
+kernel_unmount_proc(container_kvm_t)
+kernel_dgram_send(container_kvm_t)
 files_mounton_rootfs(container_kvm_t)
 
 auth_read_passwd(container_kvm_t)
+logging_send_syslog_msg(container_kvm_t)
 
 optional_policy(`
        qemu_entry_type(container_kvm_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/keepalived.te 
new/fedora-policy/policy/modules/contrib/keepalived.te
--- old/fedora-policy/policy/modules/contrib/keepalived.te      2020-10-16 
10:49:08.473324807 +0200
+++ new/fedora-policy/policy/modules/contrib/keepalived.te      2020-10-29 
09:07:48.496812045 +0100
@@ -62,6 +62,7 @@
 corecmd_exec_bin(keepalived_t)
 corecmd_exec_shell(keepalived_t)
 
+corenet_raw_bind_generic_node(keepalived_t)
 corenet_tcp_connect_connlcli_port(keepalived_t)
 corenet_tcp_connect_http_port(keepalived_t)
 corenet_tcp_connect_mysqld_port(keepalived_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/pcp.fc 
new/fedora-policy/policy/modules/contrib/pcp.fc
--- old/fedora-policy/policy/modules/contrib/pcp.fc     2020-10-16 
10:49:08.489324808 +0200
+++ new/fedora-policy/policy/modules/contrib/pcp.fc     2020-10-29 
09:07:48.512812084 +0100
@@ -20,6 +20,11 @@
 /usr/libexec/pcp/bin/pmie     --      
gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
 /usr/libexec/pcp/bin/pmmgr  --      
gen_context(system_u:object_r:pcp_pmmgr_exec_t,s0)
 
+/usr/libexec/pcp/lib/pmcd      --      
gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
+/usr/libexec/pcp/lib/pmlogger  --      
gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
+/usr/libexec/pcp/lib/pmproxy   --      
gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
+/usr/libexec/pcp/lib/pmie      --      
gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
+
 /usr/share/pcp/lib/pmie     --      
gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
 
 /usr/share/pcp/lib/pmlogger   --      
gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/rpc.fc 
new/fedora-policy/policy/modules/contrib/rpc.fc
--- old/fedora-policy/policy/modules/contrib/rpc.fc     2020-10-16 
10:49:08.509324809 +0200
+++ new/fedora-policy/policy/modules/contrib/rpc.fc     2020-10-29 
09:07:48.524812114 +0100
@@ -4,6 +4,7 @@
 # /etc
 #
 /etc/exports           --      gen_context(system_u:object_r:exports_t,s0)
+/etc/exports\.d(/.*)?          gen_context(system_u:object_r:exports_t,s0)
 /etc/rc\.d/init\.d/nfs  --     
gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
 /etc/rc\.d/init\.d/nfslock --  
gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
 /etc/rc\.d/init\.d/rpcidmapd --        
gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/squid.te 
new/fedora-policy/policy/modules/contrib/squid.te
--- old/fedora-policy/policy/modules/contrib/squid.te   2020-10-16 
10:49:08.521324809 +0200
+++ new/fedora-policy/policy/modules/contrib/squid.te   2020-10-29 
09:07:48.528812125 +0100
@@ -200,7 +200,7 @@
 ')
 
 tunable_policy(`squid_use_tproxy',`
-       allow squid_t self:capability net_admin;
+       allow squid_t self:capability { net_admin net_raw };
        corenet_sendrecv_netport_server_packets(squid_t)
        corenet_tcp_bind_netport_port(squid_t)
        corenet_tcp_sendrecv_netport_port(squid_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fedora-policy/policy/modules/system/authlogin.fc 
new/fedora-policy/policy/modules/system/authlogin.fc
--- old/fedora-policy/policy/modules/system/authlogin.fc        2020-10-16 
10:49:06.605324708 +0200
+++ new/fedora-policy/policy/modules/system/authlogin.fc        2020-10-29 
09:07:46.688807542 +0100
@@ -85,7 +85,3 @@
 /var/run/sudo(/.*)?            gen_context(system_u:object_r:pam_var_run_t,s0)
 /var/(db|adm)/sudo(/.*)?       gen_context(system_u:object_r:pam_var_run_t,s0)
 /var/lib/sudo(/.*)?    gen_context(system_u:object_r:pam_var_run_t,s0)
-
-# Allow services not running as root to write MOTD messages via symlink
-# out of /run/motd.d/. https://github.com/coreos/zincati/pull/276
-/var/run/zincati/public/motd\.d(/.*)?  
gen_context(system_u:object_r:motd_var_run_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fedora-policy/policy/modules/system/userdomain.if 
new/fedora-policy/policy/modules/system/userdomain.if
--- old/fedora-policy/policy/modules/system/userdomain.if       2020-10-16 
10:49:06.617324708 +0200
+++ new/fedora-policy/policy/modules/system/userdomain.if       2020-10-29 
09:07:46.692807551 +0100
@@ -4827,6 +4827,7 @@
     gen_require(`
         attribute unpriv_userdomain, userdomain;
     ')
+    typeattribute $1  unpriv_userdomain;
     typeattribute $1  userdomain;
 
     auth_use_nsswitch($1)



++++++ wicked.fc ++++++
--- /var/tmp/diff_new_pack.QK6SZM/_old  2020-11-02 14:04:20.420679028 +0100
+++ /var/tmp/diff_new_pack.QK6SZM/_new  2020-11-02 14:04:20.420679028 +0100
@@ -19,6 +19,7 @@
 /usr/sbin/rcwicked.*           --      
gen_context(system_u:object_r:wicked_initrc_exec_t,s0)
 
 /usr/lib/wicked/bin(/.*)?              
gen_context(system_u:object_r:wicked_exec_t,s0)
+/usr/libexec/wicked/bin(/.*)?          
gen_context(system_u:object_r:wicked_exec_t,s0)
 
 #/usr/lib64/libwicked-0.6.63.so
 



Reply via email to