commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2020-11-02 14:04:02 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.3463 (New) Package is "selinux-policy" Mon Nov 2 14:04:02 2020 rev:4 rq:844986 version:20201029 Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2020-10-23 12:20:39.572611671 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.3463/selinux-policy.changes 2020-11-02 14:04:16.436676002 +0100 @@ -1,0 +2,7 @@ +Thu Oct 29 08:47:51 UTC 2020 - Thorsten Kukuk + +- wicked.fc: add libexec directories +- Update to version 20201029 + - update container policy + +--- Old: fedora-policy.20201016.tar.bz2 New: fedora-policy.20201029.tar.bz2 Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.QK6SZM/_old 2020-11-02 14:04:18.684677710 +0100 +++ /var/tmp/diff_new_pack.QK6SZM/_new 2020-11-02 14:04:18.688677713 +0100 @@ -33,7 +33,7 @@ License:GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version:20201016 +Version:20201029 Release:0 Source: fedora-policy.%{version}.tar.bz2 Source1:selinux-policy-rpmlintrc ++ fedora-policy.20201016.tar.bz2 -> fedora-policy.20201029.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/container.te new/fedora-policy/policy/modules/contrib/container.te --- old/fedora-policy/policy/modules/contrib/container.te 2020-10-16 10:49:09.821324878 +0200 +++ new/fedora-policy/policy/modules/contrib/container.te 2020-10-29 09:07:49.792815272 +0100 @@ -1,4 +1,4 @@ -policy_module(container, 2.148.0) +policy_module(container, 2.150.0) gen_require(` class passwd rootok; ') @@ -754,7 +754,7 @@ allow container_domain self:shm create_shm_perms; allow container_domain self:socket create_socket_perms; allow container_domain self:tcp_socket create_socket_perms; -allow container_domain self:tun_socket { create_socket_perms relabelfrom relabelto }; +allow container_domain self:tun_socket { create_socket_perms relabelfrom relabelto attach_queue }; allow container_domain self:udp_socket create_socket_perms; allow container_domain self:unix_dgram_socket create_socket_perms; allow container_domain self:unix_stream_socket create_stream_socket_perms; @@ -1149,6 +1149,7 @@ container_stream_connect(container_kvm_t) dev_rw_inherited_vhost(container_kvm_t) +dev_rw_vfio_dev(container_kvm_t) corenet_rw_inherited_tun_tap_dev(container_kvm_t) corecmd_exec_shell(container_kvm_t) @@ -1158,9 +1159,12 @@ # virtiofs causes these AVC messages. kernel_mount_proc(container_kvm_t) kernel_mounton_proc(container_kvm_t) +kernel_unmount_proc(container_kvm_t) +kernel_dgram_send(container_kvm_t) files_mounton_rootfs(container_kvm_t) auth_read_passwd(container_kvm_t) +logging_send_syslog_msg(container_kvm_t) optional_policy(` qemu_entry_type(container_kvm_t) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/keepalived.te new/fedora-policy/policy/modules/contrib/keepalived.te --- old/fedora-policy/policy/modules/contrib/keepalived.te 2020-10-16 10:49:08.473324807 +0200 +++ new/fedora-policy/policy/modules/contrib/keepalived.te 2020-10-29 09:07:48.496812045 +0100 @@ -62,6 +62,7 @@ corecmd_exec_bin(keepalived_t) corecmd_exec_shell(keepalived_t) +corenet_raw_bind_generic_node(keepalived_t) corenet_tcp_connect_connlcli_port(keepalived_t) corenet_tcp_connect_http_port(keepalived_t) corenet_tcp_connect_mysqld_port(keepalived_t) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/pcp.fc new/fedora-policy/policy/modules/contrib/pcp.fc --- old/fedora-policy/policy/modules/contrib/pcp.fc 2020-10-16 10:49:08.489324808 +0200 +++ new/fedora-policy/policy/modules/contrib/pcp.fc 2020-10-29 09:07:48.512812084 +0100 @@ -20,6 +20,11 @@ /usr/libexec/pcp/bin/pmie -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0) /usr/libexec/pcp/bin/pmmgr -- gen_context(system_u:object_r:pcp_pmmgr_exec_t,s0) +/usr/libexec/pcp/lib/pmcd -- gen_context(system_u:object_r:pcp_pmcd_exec_t,s0) +/usr/libexec/pcp/lib/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0) +/usr/libexec/pcp/lib/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0) +/usr/libex
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2020-10-23 12:20:12 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.3463 (New) Package is "selinux-policy" Fri Oct 23 12:20:12 2020 rev:3 rq:842814 version:20201016 Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2020-10-07 14:18:29.829486196 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.3463/selinux-policy.changes 2020-10-23 12:20:39.572611671 +0200 @@ -1,0 +2,9 @@ +Fri Oct 16 08:50:06 UTC 2020 - Thorsten Kukuk + +- Update to version 20201016 +- Use python3 to build (fc_sort.c was replaced by fc_sort.py which + uses python3) +- Drop SELINUX=disabled, "selinux=0" kernel commandline option has + to be used instead. New default is "permissive" [bsc#1176923]. + +--- Old: fedora-policy.20200910.tar.bz2 New: fedora-policy.20201016.tar.bz2 Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.uMJA1v/_old 2020-10-23 12:20:41.580613087 +0200 +++ /var/tmp/diff_new_pack.uMJA1v/_new 2020-10-23 12:20:41.584613090 +0200 @@ -1,7 +1,7 @@ # # spec file for package selinux-policy # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,9 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + # There are almost no SUSE specific modifications available in the policy, so we utilize the # ones used by redhat and include also the SUSE specific ones (see sed statement below) %define distro redhat @@ -32,7 +33,7 @@ License:GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version:20200910 +Version:20201016 Release:0 Source: fedora-policy.%{version}.tar.bz2 Source1:selinux-policy-rpmlintrc @@ -131,7 +132,7 @@ Patch100: sedoctool.patch -Url:https://github.com/fedora-selinux/selinux-policy.git +URL:https://github.com/fedora-selinux/selinux-policy.git BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch BuildRequires: checkpolicy @@ -139,8 +140,9 @@ BuildRequires: libxml2-tools BuildRequires: m4 BuildRequires: policycoreutils -BuildRequires: python3-policycoreutils BuildRequires: policycoreutils-devel +BuildRequires: python3 +BuildRequires: python3-policycoreutils # we need selinuxenabled Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): pam-config @@ -355,6 +357,7 @@ %package sandbox Summary: SELinux policy sandbox +Group: System/Management Requires(pre): selinux-policy-targeted = %{version}-%{release} %description sandbox @@ -455,7 +458,6 @@ mkdir -p %{buildroot}%{_datadir}/selinux/packages - mkdir selinux_config for i in %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE30} %{SOURCE31} %{SOURCE32} %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE50} %{SOURCE51} %{SOURCE52} %{SOURCE91} %{SOURCE92} %{SOURCE94};do cp $i selinux_config @@ -522,11 +524,13 @@ else echo " # This file controls the state of SELinux on the system. +# SELinux can be completly disabled with the \"selinux=0\" kernel +# commandline option. +# # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=disabled +SELINUX=permissive # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. @@ -553,9 +557,7 @@ if [ "$SELINUXTYPE" = "$2" ]; then \ %{_sbindir}/setenforce 0 2> /dev/null \ if [ -s %{_sysconfdir}/selinux/config ]; then \ - sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config \ -else \ - echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config \ + sed -i 's/^SELINUX=.*/SELINUX=permissive/g' %{_sysconfdir}/selinux/config \ fi \ fi \ pam-config -d --selinux \ @@ -565,15 +567,12 @@ %postun if [ $1 = 0 ]; then %{_sbindir}/s
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2020-10-07 14:18:21 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new.4249 (New) Package is "selinux-policy" Wed Oct 7 14:18:21 2020 rev:2 rq:839873 version:20200910 Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2020-10-06 17:08:56.977415305 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new.4249/selinux-policy.changes 2020-10-07 14:18:29.829486196 +0200 @@ -1,0 +2,29 @@ +Tue Sep 10 07:16:50 UTC 2020 - Johannes Segitz + +- Update to version 20200910. Refreshed + * fix_authlogin.patch + * fix_nagios.patch + * fix_systemd.patch + * fix_usermanage.patch +- Delete suse_specific.patch, moved content into fix_selinuxutil.patch +- Cleanup of booleans-* presets + * Enabled +user_rw_noexattrfile +unconfined_chrome_sandbox_transition +unconfined_mozilla_plugin_transition +for the minimal policy + * Disabled +xserver_object_manager +for the MLS policy + * Disabled +openvpn_enable_homedirs +privoxy_connect_any +selinuxuser_direct_dri_enabled +selinuxuser_ping (aka user_ping) +squid_connect_any +telepathy_tcp_connect_generic_network_ports +for the targeted policy + Change your local config if you need them +- Build HTML version of manpages for the -devel package + +--- Old: fedora-policy.20200717.tar.bz2 suse_specific.patch New: fedora-policy.20200910.tar.bz2 Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.54yTTq/_old 2020-10-07 14:18:31.325487386 +0200 +++ /var/tmp/diff_new_pack.54yTTq/_new 2020-10-07 14:18:31.329487389 +0200 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# TODO: This turns on distro-specific policies. # There are almost no SUSE specific modifications available in the policy, so we utilize the # ones used by redhat and include also the SUSE specific ones (see sed statement below) %define distro redhat @@ -33,7 +32,7 @@ License:GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version:20200717 +Version:20200910 Release:0 Source: fedora-policy.%{version}.tar.bz2 Source1:selinux-policy-rpmlintrc @@ -65,7 +64,6 @@ Source60: selinux-policy.conf -Source90: selinux-policy-rpmlintrc Source91: Makefile.devel Source92: customizable_types #Source93: config.tgz @@ -123,7 +121,7 @@ Patch040: fix_usermanage.patch Patch041: fix_smartmon.patch Patch042: fix_geoclue.patch -Patch043: suse_specific.patch +#Patch043: suse_specific.patch Patch044: fix_authlogin.patch Patch045: fix_screen.patch Patch046: fix_unprivuser.patch @@ -154,6 +152,7 @@ # for audit2allow Recommends: python3-policycoreutils Recommends: policycoreutils-python-utils +Recommends: container-selinux %define common_params DISTRO=%{distro} UBAC=%{ubac} DIRECT_INITRC=n MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 @@ -351,7 +350,6 @@ %dir %{_datadir}/selinux/packages %dir %{_sysconfdir}/selinux %ghost %config(noreplace) %{_sysconfdir}/selinux/config -#%ghost %{_sysconfdir}/sysconfig/selinux-policy %{_tmpfilesdir}/selinux-policy.conf %{_rpmconfigdir}/macros.d/macros.selinux-policy @@ -426,7 +424,7 @@ %patch040 -p1 %patch041 -p1 %patch042 -p1 -%patch043 -p1 +#% patch043 -p1 %patch044 -p1 %patch045 -p1 %patch046 -p1 @@ -442,8 +440,6 @@ %install mkdir -p %{buildroot}%{_sysconfdir}/selinux touch %{buildroot}%{_sysconfdir}/selinux/config -#mkdir -p %{buildroot}%{_sysconfdir}/sysconfig -#touch %{buildroot}%{_sysconfdir}/sysconfig/selinux-policy mkdir -p %{buildroot}%{_tmpfilesdir} cp %{SOURCE60} %{buildroot}%{_tmpfilesdir} @@ -512,11 +508,10 @@ install -m 644 selinux_config/Makefile.devel %{buildroot}%{_datadir}/selinux/devel/Makefile install -m 644 doc/example.* %{buildroot}%{_datadir}/selinux/devel/ install -m 644 doc/policy.* %{buildroot}%{_datadir}/selinux/devel/ -#XXX what's missing for html? -#%{_bindir}/sepolicy manpage -a -p %{buildroot}%{_datadir}/man/man8/ -w -r %{buildroot} -#mkdir %{buildroot}%{_datadir}/selinux/devel/html -#mv %{buildroot}%{_datadir}/man/man8/*.html %{buildroot}%{_datadir}/selinux/devel/html -#mv %{buildroot}%{_datadir}/man/man8/style.css %{buildroot}%{_datadir}/selinux/devel/html +%{_bindir}/sepolicy manpage -a -p %{buildroot}%{_datadir}/man/man8/ -w -r %{buildroot} +mkdir %{buildroot}%{_datadir}/selinux/devel/html
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2017-12-12 21:23:44 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Tue Dec 12 21:23:44 2017 rev:29 rq:556433 version:20140730 Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2017-03-31 15:08:35.455989842 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2017-12-12 21:23:50.531900062 +0100 @@ -1,0 +2,20 @@ +Tue Dec 12 09:07:31 UTC 2017 - jseg...@suse.com + +- Added + * suse_modifications_glusterfs.patch + * suse_modifications_passenger.patch + * suse_modifications_stapserver.patch + to modify module name to make the current tools happy + +--- +Wed Nov 29 13:20:22 UTC 2017 - rbr...@suse.com + +- Repair erroneous changes introduced with %_fillupdir macro + +--- +Thu Nov 23 13:53:09 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- New: suse_modifications_glusterfs.patch suse_modifications_passenger.patch suse_modifications_stapserver.patch Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.Vk3bPt/_old 2017-12-12 21:23:52.363811628 +0100 +++ /var/tmp/diff_new_pack.Vk3bPt/_new 2017-12-12 21:23:52.367811435 +0100 @@ -16,6 +16,11 @@ # +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + # TODO: This turns on distro-specific policies. # There are almost no SUSE specific modifications available in the policy, so we utilize the # ones used by redhat and include also the SUSE specific ones (see sed statement below) @@ -200,6 +205,9 @@ Patch1009: suse_modifications_cron.patch Patch1010: suse_additions_sslh.patch Patch1011: suse_additions_obs.patch +Patch1012: suse_modifications_glusterfs.patch +Patch1013: suse_modifications_passenger.patch +Patch1014: suse_modifications_stapserver.patch Url:http://oss.tresys.com/repos/refpolicy/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -397,7 +405,7 @@ %dir %{_usr}/share/selinux %dir %{_sysconfdir}/selinux %ghost %config(noreplace) %{_sysconfdir}/selinux/config -%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} +%{_fillupdir}/sysconfig.%{name} %{_usr}/lib/tmpfiles.d/selinux-policy.conf %description @@ -419,6 +427,9 @@ %patch1009 -p1 %patch1010 -p1 %patch1011 -p1 +%patch1012 -p1 +%patch1013 -p1 +%patch1014 -p1 # base policy contrib_path=`pwd` @@ -511,8 +522,8 @@ rm -rf selinux_config # fillup sysconfig -mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates -cp %{SOURCE61} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} +mkdir -p %{buildroot}%{_fillupdir} +cp %{SOURCE61} %{buildroot}%{_fillupdir}/sysconfig.%{name} %clean ++ suse_modifications_glusterfs.patch ++ Index: serefpolicy-contrib-20140730/glusterd.te === --- serefpolicy-contrib-20140730.orig/glusterd.te 2017-12-11 17:38:13.448089663 +0100 +++ serefpolicy-contrib-20140730/glusterd.te2017-12-11 17:38:52.960730655 +0100 @@ -1,4 +1,4 @@ -policy_module(glusterfs, 1.1.2) +policy_module(glusterd, 1.1.2) ## ## ++ suse_modifications_passenger.patch ++ Index: serefpolicy-contrib-20140730/passenger.te === --- serefpolicy-contrib-20140730.orig/passenger.te 2017-12-11 17:38:13.276086872 +0100 +++ serefpolicy-contrib-20140730/passenger.te 2017-12-11 17:42:24.592161419 +0100 @@ -1,4 +1,4 @@ -policy_module(passanger, 1.1.1) +policy_module(passenger, 1.1.1) # ++ suse_modifications_stapserver.patch ++ Index: serefpolicy-contrib-20140730/stapserver.te === --- serefpolicy-contrib-20140730.orig/stapserver.te 2017-12-11 17:38:13.312087456 +0100 +++ serefpolicy-contrib-20140730/stapserver.te 2017-12-11 17:46:03.915729618 +0100 @@ -1,4 +1,4 @@ -policy_module(systemtap, 1.1.0) +policy_module(stapserver, 1.1.0) #
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2017-03-31 15:08:32 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Fri Mar 31 15:08:32 2017 rev:28 rq:482447 version:20140730 Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2015-08-27 08:57:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2017-03-31 15:08:35.455989842 +0200 @@ -1,0 +2,39 @@ +Wed Mar 15 21:50:32 UTC 2017 - mwi...@suse.com + +- POLCYVER depends both on the libsemanage/policycoreutils version + and the kernel. The former is more important for us, kernel seems + to have all necessary features in Leap 42.1 already. + +- Replaced = runtime dependencies on checkpolicy/policycoreutils + with "=". 2.5 policy is not supposed to work with 2.3 tools, + The runtime policy tools need to be same the policy was built with. + +--- +Wed Mar 15 15:16:20 UTC 2017 - mwi...@suse.com + +- Changes required by policycoreutils update to 2.5 + * lots of spec file content needs to be conditional on +policycoreutils version. + +- Specific policycoreutils 2.5 related changes: + * modules moved from /etc/selinux to /var/lib/selinux + (https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration) + * module path now includes includes priority. Users override default + policies by setting higher priority. Thus installed policy modules can be + fully verified by RPM. + * Installed modules have a different format and path. + Raw bzip2 doesn't suffice to create them any more, but we can process them + all in a single semodule -i command. + +- Policy version depends on kernel / distro version + * do not touch policy., rather fail if it's not created + +- Enabled building mls policy for Leap (not for SLES) + +- Other + * Bug: "sandbox.disabled" should be "sandbox.pp.disabled" for old policycoreutils + * Bug: (minimum) additional modules that need to be activated: postfix + (required by apache), plymouthd (required by getty) + * Cleanup: /etc -> %{sysconfdir} etc. + +--- Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.MOokgA/_old 2017-03-31 15:08:38.511557851 +0200 +++ /var/tmp/diff_new_pack.MOokgA/_new 2017-03-31 15:08:38.515557285 +0200 @@ -1,7 +1,7 @@ # # spec file for package selinux-policy # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,14 +25,100 @@ %define BUILD_DOC 1 %define BUILD_TARGETED 1 %define BUILD_MINIMUM 1 -%if 0%{suse_version} == 1315 +%if 0%{suse_version} == 1315 && 0%{is_opensuse} == 0 %define BUILD_MLS 0 %else %define BUILD_MLS 1 %endif + +%if 0%{?suse_version} >= 1330 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} >= 120200 ) +%else +%endif + +%define POLICYCOREUTILSVER %(rpm -q --qf %%{version} policycoreutils) +%define CHECKPOLICYVER %POLICYCOREUTILSVER + +%define coreutils_ge() %{lua: if (rpm.vercmp(rpm.expand("%POLICYCOREUTILSVER"), rpm.expand("%1")) >= 0) then print "1" else print "0" end } + +# conditional stuff depending on policycoreutils version +# See https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration +%if %{coreutils_ge 2.5} + +# Policy version, see https://selinuxproject.org/page/NB_PolicyType#Policy_Versions +# It depends on the kernel, but apparently more so on the libsemanage version. +%define POLICYVER 30 + +# macros calling module_store have to be defined using global, not define, and +# "lazy" evaluation +%global module_store() %{_localstatedir}/lib/selinux/%%{1} +%global policy_prio 100 +%global module_dir active/modules/%{policy_prio} +%global module_disabled() %{module_store %%{1}}/active/modules/disabled/%%{2} + +%global install_pp() \ + (cd %{buildroot}/%{_usr}/share/selinux/%1/ \ +/usr/sbin/semodule -s %%{1} -X %{policy_prio} -n -p %{buildroot} -i *.pp \ + rm -f *pp*); + +# FixMe 170315: None of these exist any more. Are they necessary? +%global files_base_pp() %nil +%global touch_file_contexts() touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local +%global files_file_contexts() %nil +%global mkdir_other() \ +%{__mkdir} -p %{buildroot}%{module_store %%1}/active/modules/disabled +%global files_other() \ +%dir %{module
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2015-08-27 08:57:14 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2015-08-12 15:13:36.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2015-08-27 08:57:15.0 +0200 @@ -1,0 +2,5 @@ +Thu Aug 13 08:14:34 UTC 2015 - jseg...@novell.com + +- fixed missing role assignment in cron_unconfined_role + +--- Other differences: -- ++ suse_modifications_cron.patch ++ --- /var/tmp/diff_new_pack.F1KW2F/_old 2015-08-27 08:57:16.0 +0200 +++ /var/tmp/diff_new_pack.F1KW2F/_new 2015-08-27 08:57:16.0 +0200 @@ -1,7 +1,7 @@ Index: serefpolicy-contrib-20140730/cron.fc === serefpolicy-contrib-20140730.orig/cron.fc 2015-06-24 10:48:23.073675837 +0200 -+++ serefpolicy-contrib-20140730/cron.fc 2015-06-24 10:48:26.477726111 +0200 +--- serefpolicy-contrib-20140730.orig/cron.fc 2015-08-13 10:13:01.320203530 +0200 serefpolicy-contrib-20140730/cron.fc 2015-08-13 10:13:01.620208372 +0200 @@ -55,6 +55,8 @@ ifdef(`distro_suse', ` /var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) /var/spool/cron/lastrun/[^/]* -- <> @@ -13,8 +13,8 @@ ifdef(`distro_debian',` Index: serefpolicy-contrib-20140730/cron.te === serefpolicy-contrib-20140730.orig/cron.te 2015-06-24 10:48:23.073675837 +0200 -+++ serefpolicy-contrib-20140730/cron.te 2015-06-24 10:48:26.477726111 +0200 +--- serefpolicy-contrib-20140730.orig/cron.te 2015-08-13 10:13:01.320203530 +0200 serefpolicy-contrib-20140730/cron.te 2015-08-13 10:13:01.620208372 +0200 @@ -841,3 +841,9 @@ tunable_policy(`cron_userdomain_transiti optional_policy(` unconfined_domain(unconfined_cronjob_t) @@ -27,8 +27,8 @@ +') Index: serefpolicy-contrib-20140730/cron.if === serefpolicy-contrib-20140730.orig/cron.if 2015-06-24 10:48:23.073675837 +0200 -+++ serefpolicy-contrib-20140730/cron.if 2015-06-24 10:48:47.318033927 +0200 +--- serefpolicy-contrib-20140730.orig/cron.if 2015-08-13 10:13:01.320203530 +0200 serefpolicy-contrib-20140730/cron.if 2015-08-13 10:14:06.153249993 +0200 @@ -158,7 +158,7 @@ interface(`cron_role',` # interface(`cron_unconfined_role',` @@ -38,7 +38,15 @@ type crond_t, user_cron_spool_t; bool cron_userdomain_transition; ') -@@ -175,7 +175,7 @@ interface(`cron_unconfined_role',` +@@ -168,14 +168,14 @@ interface(`cron_unconfined_role',` + # Declarations + # + +-role $1 types { unconfined_cronjob_t crontab_t }; ++role $1 types { unconfined_cronjob_t admin_crontab_t crontab_t }; + + ## + # # Local policy #
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2015-08-12 15:13:35 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2015-08-05 19:17:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2015-08-12 15:13:36.0 +0200 @@ -1,0 +2,6 @@ +Tue Aug 11 08:36:17 UTC 2015 - jseg...@novell.com + +- Updated suse_modifications_ipsec.patch, removed dontaudits for + ipsec_mgmt_t and granted matching permissions + +--- Other differences: -- ++ suse_modifications_ipsec.patch ++ --- /var/tmp/diff_new_pack.I7eJ6A/_old 2015-08-12 15:13:38.0 +0200 +++ /var/tmp/diff_new_pack.I7eJ6A/_new 2015-08-12 15:13:38.0 +0200 @@ -1,7 +1,7 @@ Index: serefpolicy-20140730/policy/modules/system/ipsec.te === serefpolicy-20140730.orig/policy/modules/system/ipsec.te 2015-08-05 13:56:18.127343378 +0200 -+++ serefpolicy-20140730/policy/modules/system/ipsec.te2015-08-05 15:13:33.360764030 +0200 +--- serefpolicy-20140730.orig/policy/modules/system/ipsec.te 2015-08-10 12:55:56.098645940 +0200 serefpolicy-20140730/policy/modules/system/ipsec.te2015-08-10 14:32:28.542764339 +0200 @@ -209,14 +209,18 @@ optional_policy(` # ipsec_mgmt Local policy # @@ -17,9 +17,9 @@ allow ipsec_mgmt_t self:key_socket create_socket_perms; allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms; +allow ipsec_mgmt_t self:netlink_route_socket nlmsg_write; -+allow ipsec_mgmt_t self:packet_socket { setopt create }; -+allow ipsec_mgmt_t self:socket { bind create }; -+allow ipsec_mgmt_t self:netlink_xfrm_socket { bind create }; ++allow ipsec_mgmt_t self:packet_socket { setopt create read write }; ++allow ipsec_mgmt_t self:socket { bind create read write }; ++allow ipsec_mgmt_t self:netlink_xfrm_socket { nlmsg_write write read bind create }; allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms; files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file) @@ -51,3 +51,15 @@ dev_read_rand(ipsec_mgmt_t) dev_read_urand(ipsec_mgmt_t) +@@ -297,10 +308,7 @@ dev_read_urand(ipsec_mgmt_t) + domain_use_interactive_fds(ipsec_mgmt_t) + # denials when ps tries to search /proc. Do not audit these denials. + domain_dontaudit_read_all_domains_state(ipsec_mgmt_t) +-# suppress audit messages about unnecessary socket access +-# cjp: this seems excessive +-domain_dontaudit_rw_all_udp_sockets(ipsec_mgmt_t) +-domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t) ++# domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t) + + files_read_etc_files(ipsec_mgmt_t) + files_exec_etc_files(ipsec_mgmt_t)
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2015-08-05 19:17:25 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2015-07-23 15:22:54.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2015-08-05 19:17:27.0 +0200 @@ -1,0 +2,6 @@ +Wed Aug 5 11:31:24 UTC 2015 - jseg...@novell.com + +- Added suse_modifications_ipsec.patch to grant additional privileges + to ipsec_mgmt_t + +--- New: suse_modifications_ipsec.patch Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.zi143A/_old 2015-08-05 19:17:29.0 +0200 +++ /var/tmp/diff_new_pack.zi143A/_new 2015-08-05 19:17:29.0 +0200 @@ -99,6 +99,7 @@ Patch0020: suse_modifications_unprivuser.patch Patch0021: dont_use_xmllint_in_make_conf.patch Patch0022: suse_modifications_staff.patch +Patch0023: suse_modifications_ipsec.patch # contrib patches Patch1000: policy-rawhide-contrib.patch @@ -367,6 +368,7 @@ %patch0020 -p1 %patch0021 -p1 %patch0022 -p1 +%patch0023 -p1 refpolicy_path=`pwd` cp $contrib_path/* $refpolicy_path/policy/modules/contrib # we use distro=redhat to get all the redhat modifications but we'll still need everything that is defined for suse ++ suse_modifications_ipsec.patch ++ Index: serefpolicy-20140730/policy/modules/system/ipsec.te === --- serefpolicy-20140730.orig/policy/modules/system/ipsec.te2015-08-05 13:56:18.127343378 +0200 +++ serefpolicy-20140730/policy/modules/system/ipsec.te 2015-08-05 15:13:33.360764030 +0200 @@ -209,14 +209,18 @@ optional_policy(` # ipsec_mgmt Local policy # -allow ipsec_mgmt_t self:capability { dac_override dac_read_search net_admin setpcap sys_nice sys_ptrace }; +allow ipsec_mgmt_t self:capability { dac_override dac_read_search net_admin net_raw setpcap sys_nice sys_ptrace }; dontaudit ipsec_mgmt_t self:capability sys_tty_config; -allow ipsec_mgmt_t self:process { getsched setrlimit setsched signal }; +allow ipsec_mgmt_t self:process { getsched setrlimit setsched signal setcap }; allow ipsec_mgmt_t self:unix_stream_socket { create_stream_socket_perms connectto }; allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms; allow ipsec_mgmt_t self:udp_socket create_socket_perms; allow ipsec_mgmt_t self:key_socket create_socket_perms; allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms; +allow ipsec_mgmt_t self:netlink_route_socket nlmsg_write; +allow ipsec_mgmt_t self:packet_socket { setopt create }; +allow ipsec_mgmt_t self:socket { bind create }; +allow ipsec_mgmt_t self:netlink_xfrm_socket { bind create }; allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms; files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file) @@ -231,6 +235,8 @@ logging_log_filetrans(ipsec_mgmt_t, ipse allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file manage_file_perms; files_pid_filetrans(ipsec_mgmt_t, ipsec_mgmt_var_run_t, file) filetrans_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_mgmt_var_run_t, file) +# temporary fix until the rules above work +allow ipsec_mgmt_t var_run_t:sock_file { write unlink }; manage_files_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t) manage_dirs_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t) @@ -269,6 +275,7 @@ kernel_read_software_raid_state(ipsec_mg kernel_read_kernel_sysctls(ipsec_mgmt_t) kernel_getattr_core_if(ipsec_mgmt_t) kernel_getattr_message_if(ipsec_mgmt_t) +kernel_request_load_module(ipsec_mgmt_t) domain_dontaudit_getattr_all_sockets(ipsec_mgmt_t) domain_dontaudit_getattr_all_pipes(ipsec_mgmt_t) @@ -290,6 +297,10 @@ corecmd_exec_bin(ipsec_mgmt_t) corecmd_exec_shell(ipsec_mgmt_t) corenet_tcp_connect_rndc_port(ipsec_mgmt_t) +corenet_udp_bind_dhcpc_port(ipsec_mgmt_t) +corenet_udp_bind_isakmp_port(ipsec_mgmt_t) +corenet_udp_bind_generic_node(ipsec_mgmt_t) +corenet_udp_bind_ipsecnat_port(ipsec_mgmt_t) dev_read_rand(ipsec_mgmt_t) dev_read_urand(ipsec_mgmt_t)
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2015-07-23 15:22:42 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2015-06-30 10:15:57.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2015-07-23 15:22:54.0 +0200 @@ -1,0 +2,6 @@ +Tue Jul 21 14:56:07 UTC 2015 - jseg...@novell.com + +- Minor changes for CC evaluation. Allow reading of /dev/random + and ipc_lock for dbus and dhcp + +--- Other differences: -- ++ suse_modifications_dbus.patch ++ --- /var/tmp/diff_new_pack.nXd6xO/_old 2015-07-23 15:22:56.0 +0200 +++ /var/tmp/diff_new_pack.nXd6xO/_new 2015-07-23 15:22:56.0 +0200 @@ -1,8 +1,25 @@ Index: serefpolicy-contrib-20140730/dbus.te === serefpolicy-contrib-20140730.orig/dbus.te -+++ serefpolicy-contrib-20140730/dbus.te -@@ -154,6 +154,8 @@ userdom_dontaudit_search_user_home_dirs( +--- serefpolicy-contrib-20140730.orig/dbus.te 2015-07-21 16:39:25.588407411 +0200 serefpolicy-contrib-20140730/dbus.te 2015-07-21 16:41:17.738197485 +0200 +@@ -55,7 +55,7 @@ ifdef(`enable_mls',` + # dac_override: /var/run/dbus is owned by messagebus on Debian + # cjp: dac_override should probably go in a distro_debian + allow system_dbusd_t self:capability2 block_suspend; +-allow system_dbusd_t self:capability { sys_resource dac_override setgid setpcap setuid }; ++allow system_dbusd_t self:capability { sys_resource dac_override setgid setpcap setuid ipc_lock}; + dontaudit system_dbusd_t self:capability sys_tty_config; + allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap setrlimit }; + allow system_dbusd_t self:fifo_file rw_fifo_file_perms; +@@ -87,6 +87,7 @@ kernel_read_kernel_sysctls(system_dbusd_ + kernel_stream_connect(system_dbusd_t) + + dev_read_urand(system_dbusd_t) ++dev_read_rand(system_dbusd_t) + dev_read_sysfs(system_dbusd_t) + + dev_rw_inherited_input_dev(system_dbusd_t) +@@ -154,6 +155,8 @@ userdom_dontaudit_search_user_home_dirs( userdom_home_reader(system_dbusd_t) @@ -13,8 +30,8 @@ ') Index: serefpolicy-contrib-20140730/dbus.if === serefpolicy-contrib-20140730.orig/dbus.if -+++ serefpolicy-contrib-20140730/dbus.if +--- serefpolicy-contrib-20140730.orig/dbus.if 2015-07-21 16:39:25.588407411 +0200 serefpolicy-contrib-20140730/dbus.if 2015-07-21 16:39:28.964461299 +0200 @@ -111,6 +111,26 @@ template(`dbus_role_template',` logging_send_syslog_msg($1_dbusd_t) ++ sysconfig_network_scripts.patch ++ --- /var/tmp/diff_new_pack.nXd6xO/_old 2015-07-23 15:22:56.0 +0200 +++ /var/tmp/diff_new_pack.nXd6xO/_new 2015-07-23 15:22:56.0 +0200 @@ -1,7 +1,7 @@ Index: serefpolicy-20140730/policy/modules/system/sysnetwork.fc === serefpolicy-20140730.orig/policy/modules/system/sysnetwork.fc -+++ serefpolicy-20140730/policy/modules/system/sysnetwork.fc +--- serefpolicy-20140730.orig/policy/modules/system/sysnetwork.fc 2015-07-21 16:52:51.913277147 +0200 serefpolicy-20140730/policy/modules/system/sysnetwork.fc 2015-07-21 16:52:55.461333779 +0200 @@ -11,6 +11,15 @@ ifdef(`distro_debian',` /dev/shm/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0) ') @@ -31,15 +31,15 @@ # Index: serefpolicy-20140730/policy/modules/system/sysnetwork.te === serefpolicy-20140730.orig/policy/modules/system/sysnetwork.te -+++ serefpolicy-20140730/policy/modules/system/sysnetwork.te +--- serefpolicy-20140730.orig/policy/modules/system/sysnetwork.te 2015-07-21 16:52:51.913277147 +0200 serefpolicy-20140730/policy/modules/system/sysnetwork.te 2015-07-21 16:54:15.998619244 +0200 @@ -60,7 +60,8 @@ ifdef(`distro_debian',` # # DHCP client local policy # -allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice sys_resource sys_tty_config }; +# need sys_admin to set hostname/domainname -+allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice sys_resource sys_tty_config sys_admin }; ++allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2015-06-30 10:15:56 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2015-01-29 09:57:30.0 +0100 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2015-06-30 10:15:57.0 +0200 @@ -1,0 +2,28 @@ +Wed Jun 24 08:27:30 UTC 2015 - jseg...@novell.com + +- Transition from unconfined user to cron admin type +- Allow systemd_timedated_t to talk to unconfined dbus for minimal + policy (bsc#932826) +- Allow hostnamectl to set the hostname (bsc#933764) + +--- +Wed May 20 14:05:04 UTC 2015 - jseg...@novell.com + +- Removed ability of staff_t and user_t to use svirt. Will reenable + this later on with a policy upgrade + Added suse_modifications_staff.patch + +--- +Wed Feb 25 11:38:44 UTC 2015 - jseg...@novell.com + +- Added dont_use_xmllint_in_make_conf.patch to remove xmllint usage + in make conf. This currently breaks manual builds. +- Added BuildRequires for libxml2-tools to enable xmllint checks + once the issue mentioned above is solved + +--- +Thu Jan 29 09:56:40 UTC 2015 - jseg...@novell.com + +- adjusted suse_modifications_ntp to match SUSE chroot paths + +--- New: dont_use_xmllint_in_make_conf.patch suse_modifications_staff.patch Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.J303Bz/_old 2015-06-30 10:15:59.0 +0200 +++ /var/tmp/diff_new_pack.J303Bz/_new 2015-06-30 10:15:59.0 +0200 @@ -97,6 +97,8 @@ Patch0018: suse_modifications_ssh.patch Patch0019: suse_modifications_usermanage.patch Patch0020: suse_modifications_unprivuser.patch +Patch0021: dont_use_xmllint_in_make_conf.patch +Patch0022: suse_modifications_staff.patch # contrib patches Patch1000: policy-rawhide-contrib.patch @@ -120,6 +122,7 @@ BuildRequires: bzip2 BuildRequires: checkpolicy >= %{CHECKPOLICYVER} BuildRequires: gawk +BuildRequires: libxml2-tools BuildRequires: m4 BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER} BuildRequires: policycoreutils-python >= %{POLICYCOREUTILSVER} @@ -362,6 +365,8 @@ %patch0018 -p1 %patch0019 -p1 %patch0020 -p1 +%patch0021 -p1 +%patch0022 -p1 refpolicy_path=`pwd` cp $contrib_path/* $refpolicy_path/policy/modules/contrib # we use distro=redhat to get all the redhat modifications but we'll still need everything that is defined for suse ++ dont_use_xmllint_in_make_conf.patch ++ Index: serefpolicy-20140730/Makefile === --- serefpolicy-20140730.orig/Makefile 2014-07-30 16:48:48.379896000 +0200 +++ serefpolicy-20140730/Makefile 2015-02-25 12:37:11.262844720 +0100 @@ -431,9 +431,6 @@ $(polxml): $(layerxml) $(tunxml) $(boolx $(verbose) for i in $(basename $(notdir $(layerxml))); do echo "" >> $@; cat $(tmpdir)/$$i.xml >> $@; echo "" >> $@; done $(verbose) cat $(tunxml) $(boolxml) >> $@ $(verbose) echo '' >> $@ - $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \ - $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\ - fi xml: $(polxml) ++ suse_modifications_cron.patch ++ --- /var/tmp/diff_new_pack.J303Bz/_old 2015-06-30 10:16:00.0 +0200 +++ /var/tmp/diff_new_pack.J303Bz/_new 2015-06-30 10:16:00.0 +0200 @@ -1,7 +1,7 @@ Index: serefpolicy-contrib-20140730/cron.fc === serefpolicy-contrib-20140730.orig/cron.fc -+++ serefpolicy-contrib-20140730/cron.fc +--- serefpolicy-contrib-20140730.orig/cron.fc 2015-06-24 10:48:23.073675837 +0200 serefpolicy-contrib-20140730/cron.fc 2015-06-24 10:48:26.477726111 +0200 @@ -55,6 +55,8 @@ ifdef(`distro_suse', ` /var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) /var/spool/cron/lastrun/[^/]* -- <> @@ -13,8 +13,8 @@ ifdef(`distro_debian',` Index: serefpolicy-contrib-20140730/cron.te === serefpolicy-contrib-20140730.orig/cron.te -+++ serefpolicy-contrib-20140730/cron.te +--- serefpolicy-contrib-20140730.orig/cron.te 2015-06-24 10:48:23.073675837 +
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2015-01-29 09:57:22 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2014-11-18 22:49:02.0 +0100 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2015-01-29 09:57:30.0 +0100 @@ -1,0 +2,50 @@ +Wed Jan 28 09:37:06 UTC 2015 - jseg...@novell.com + +- Added + * suse_additions_obs.patch to allow local builds by OBS + * suse_additions_sslh.patch to confine sslh +- Added suse_modifications_cron.patch to adjust crontabs contexts +- Modified suse_modifications_postfix.patch to match SUSE paths +- Modified suse_modifications_ssh.patch to bring boolean + sshd_forward_ports back +- Modified + * suse_modifications_dbus.patch + * suse_modifications_unprivuser.patch + * suse_modifications_xserver.patch + to allow users to be confined +- Added + * suse_modifications_apache.patch + * suse_modifications_ntp.patch + and modified + * suse_modifications_xserver.patch + to fix labels on startup scripts used by systemd +- Removed unused and incorrect interface dev_create_all_dev_nodes + from systemd-tmpfiles.patch +- Removed BuildRequire for selinux-policy-devel + +--- +Fri Jan 23 15:52:02 UTC 2015 - jseg...@novell.com + +- Major cleanup of the spec file + +--- +Fri Jan 23 11:44:52 UTC 2015 - jseg...@novell.com + +- removed suse_minimal_cc.patch and splitted them into + * suse_modifications_dbus.patch + * suse_modifications_policykit.patch + * suse_modifications_postfix.patch + * suse_modifications_rtkit.patch + * suse_modifications_unconfined.patch + * suse_modifications_systemd.patch + * suse_modifications_unconfineduser.patch + * suse_modifications_selinuxutil.patch + * suse_modifications_logging.patch + * suse_modifications_getty.patch + * suse_modifications_authlogin.patch + * suse_modifications_xserver.patch + * suse_modifications_ssh.patch + * suse_modifications_usermanage.patch +- Added suse_modifications_virt.patch to enable svirt on s390x + +--- Old: suse_minimal_cc.patch New: suse_additions_obs.patch suse_additions_sslh.patch suse_modifications_apache.patch suse_modifications_authlogin.patch suse_modifications_cron.patch suse_modifications_dbus.patch suse_modifications_getty.patch suse_modifications_logging.patch suse_modifications_ntp.patch suse_modifications_policykit.patch suse_modifications_postfix.patch suse_modifications_rtkit.patch suse_modifications_selinuxutil.patch suse_modifications_ssh.patch suse_modifications_systemd.patch suse_modifications_unconfined.patch suse_modifications_unconfineduser.patch suse_modifications_unprivuser.patch suse_modifications_usermanage.patch suse_modifications_virt.patch suse_modifications_xserver.patch Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.cOIqfg/_old 2015-01-29 09:57:43.0 +0100 +++ /var/tmp/diff_new_pack.cOIqfg/_new 2015-01-29 09:57:43.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package selinux-policy # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,76 +17,100 @@ # TODO: This turns on distro-specific policies. -# There are almost no SUSE specific modifications available -# in the upstream, so we utilize the ones used by redhat +# There are almost no SUSE specific modifications available in the policy, so we utilize the +# ones used by redhat and include also the SUSE specific ones (see sed statement below) %define distro redhat %define polyinstatiate n %define monolithic n -%if %{?BUILD_DOC:0}%{!?BUILD_DOC:1} %define BUILD_DOC 1 -%endif -%if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1} %define BUILD_TARGETED 1 -%endif -%if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1} %define BUILD_MINIMUM 1 -%endif %if 0%{suse_version} == 1315 %define BUILD_MLS 0 -%endif -%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} +%else %define BUILD_MLS 1 %endif %define POLICYVER 29 %define POLICYCOREUTILSVER 2.3 %define CHECKPOLICYVER 2.3 + Summary:SELinux policy configuration License:GPL-2.0+ Group: System/Managemen
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2014-11-18 22:47:09 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2014-09-19 15:45:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2014-11-18 22:49:02.0 +0100 @@ -1,0 +2,5 @@ +Sat Nov 08 19:17:00 UTC 2014 - Led + +- fix bashism in post script + +--- Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.7XT9Im/_old 2014-11-18 22:49:05.0 +0100 +++ /var/tmp/diff_new_pack.7XT9Im/_new 2014-11-18 22:49:05.0 +0100 @@ -159,7 +159,7 @@ %define makeModulesConf() \ cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \ cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \ -if [ %3 == "contrib" ];then \ +if [ "%3" = "contrib" ];then \ cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \ cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \ fi; \ @@ -283,7 +283,7 @@ if [ -e /etc/selinux/%1/.policy.sha512 ]; then \ sha512=`sha512sum /etc/selinux/%1/modules/active/policy.kern | cut -d ' ' -f 1`; \ checksha512=`cat /etc/selinux/%1/.policy.sha512`; \ - if [ "$sha512" == "$checksha512" ] ; then \ + if [ "$sha512" = "$checksha512" ] ; then \ rm /etc/selinux/%1/.rebuild; \ fi; \ fi; \ @@ -298,7 +298,7 @@ else \ touch /etc/selinux/%2/modules/active/modules/sandbox.disabled \ fi; \ -if [ "${SELINUXTYPE}" == "%2" ]; then \ +if [ "${SELINUXTYPE}" = "%2" ]; then \ if selinuxenabled; then \ load_policy; \ else \ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2014-09-19 13:56:16 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2014-09-09 18:59:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2014-09-19 15:45:21.0 +0200 @@ -1,0 +2,10 @@ +Thu Sep 18 09:06:09 UTC 2014 - jseg...@suse.com + +Redid changes done by vci...@suse.com in SLE12 package + +- disable build of MLS policy +- removed outdated description files + * Alan_Rouse-openSUSE_with_SELinux.txt + * Alan_Rouse-Policy_Development_Process.txt + +--- Old: Alan_Rouse-Policy_Development_Process.txt Alan_Rouse-openSUSE_with_SELinux.txt Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.ubmWPB/_old 2014-09-19 15:45:24.0 +0200 +++ /var/tmp/diff_new_pack.ubmWPB/_new 2014-09-19 15:45:24.0 +0200 @@ -31,6 +31,9 @@ %if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1} %define BUILD_MINIMUM 1 %endif +%if 0%{suse_version} == 1315 +%define BUILD_MLS 0 +%endif %if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} %define BUILD_MLS 1 %endif @@ -85,10 +88,6 @@ Source40: selinux-policy.sysconfig Source41: selinux-policy-rpmlintrc -# the following two files are more like a packaging documentation -Source50: Alan_Rouse-openSUSE_with_SELinux.txt -Source51: Alan_Rouse-Policy_Development_Process.txt - Url:http://oss.tresys.com/repos/refpolicy/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2014-09-09 18:59:13 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2014-09-06 12:18:34.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2014-09-09 18:59:15.0 +0200 @@ -1,0 +2,21 @@ +Mon Sep 8 09:08:19 UTC 2014 - jseg...@suse.com + +- removed remove_duplicate_filetrans_pattern_rules.patch + +--- +Fri Sep 5 11:22:02 UTC 2014 - jseg...@suse.com + +- Updated policy to include everything up until 20140730 (refpolicy and + fedora rawhide improvements). Rebased all patches that are still + necessary +- Removed permissivedomains.pp. Doesn't work with the new policy +- modified spec file so that all modifications for distro=redhat and + distro=suse will be used. +- added selinux-policy-rpmlintrc to suppress some warnings that aren't + valid for this package +- added suse_minimal_cc.patch to create a suse specific module to prevent + errors while using the minimum policy. Will rework them in the proper + places once the minimum policy is reworked to really only confine a + minimal set of domains. + +--- Old: permissivedomains.pp remove_duplicate_filetrans_pattern_rules.patch serefpolicy-3.12.1.tgz serefpolicy-contrib-3.12.1.tgz New: selinux-policy-rpmlintrc serefpolicy-20140730.tgz serefpolicy-contrib-20140730.tgz suse_minimal_cc.patch Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.BgfG6U/_old 2014-09-09 18:59:18.0 +0200 +++ /var/tmp/diff_new_pack.BgfG6U/_new 2014-09-09 18:59:18.0 +0200 @@ -35,13 +35,13 @@ %define BUILD_MLS 1 %endif %define POLICYVER 29 -%define POLICYCOREUTILSVER 2.1.14 -%define CHECKPOLICYVER 2.2 +%define POLICYCOREUTILSVER 2.3 +%define CHECKPOLICYVER 2.3 Summary:SELinux policy configuration License:GPL-2.0+ Group: System/Management Name: selinux-policy -Version:3.12.1 +Version:20140730 Release:20%{?dist} Source: serefpolicy-%{version}.tgz Patch: policy-rawhide-base.patch @@ -56,7 +56,7 @@ Patch16:useradd-netlink_selinux_socket.patch Patch17:systemd-tmpfiles.patch Patch18:label_var_run_rsyslog.patch -Patch19:remove_duplicate_filetrans_pattern_rules.patch +Patch19:suse_minimal_cc.patch Source1:modules-targeted-base.conf Source31: modules-targeted-contrib.conf @@ -80,10 +80,10 @@ Source25: users-minimum Source26: file_contexts.subs_dist Source27: selinux-policy.conf -Source28: permissivedomains.pp Source29: serefpolicy-contrib-%{version}.tgz Source30: booleans.subs_dist Source40: selinux-policy.sysconfig +Source41: selinux-policy-rpmlintrc # the following two files are more like a packaging documentation Source50: Alan_Rouse-openSUSE_with_SELinux.txt @@ -102,6 +102,7 @@ BuildRequires: policycoreutils-python >= %{POLICYCOREUTILSVER} BuildRequires: python BuildRequires: python-xml +BuildRequires: selinux-policy-devel # we need selinuxenabled Requires(post): selinux-tools Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} @@ -247,6 +248,7 @@ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/removable_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/userhelper_context \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/systemd_contexts \ %dir %{_sysconfdir}/selinux/%1/contexts/files \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ @@ -257,11 +259,7 @@ %{_sysconfdir}/selinux/%1/booleans.subs_dist \ %config %{_sysconfdir}/selinux/%1/contexts/files/media \ %dir %{_sysconfdir}/selinux/%1/contexts/users \ -%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \ -%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \ -%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \ -%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \ -%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/* %define relabel() \ . %{_sysconfd
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2014-09-06 12:18:24 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2013-12-19 12:37:22.0 +0100 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2014-09-06 12:18:34.0 +0200 @@ -1,0 +2,16 @@ +Tue Sep 2 13:31:58 UTC 2014 - vci...@suse.com + +- removed source files which were not used + * modules-minimum.conf, modules-mls.conf, modules-targeted.conf, +permissivedomains.fc, permissivedomains.if, permissivedomains.te, +seusers, seusers-mls, seusers-targeted, users_extra-mls, +users_extra-targeted + +--- +Mon Jun 2 12:08:40 UTC 2014 - vci...@suse.com + +- remove duplicate filetrans_pattern rules + * fixes build with libsepol-2.3 + * added remove_duplicate_filetrans_pattern_rules.patch + +--- Old: modules-minimum.conf modules-mls.conf modules-targeted.conf permissivedomains.fc permissivedomains.if permissivedomains.te seusers seusers-mls seusers-targeted users_extra-mls users_extra-targeted New: remove_duplicate_filetrans_pattern_rules.patch Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.9n22Cw/_old 2014-09-06 12:18:36.0 +0200 +++ /var/tmp/diff_new_pack.9n22Cw/_new 2014-09-06 12:18:36.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package selinux-policy # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -56,6 +56,7 @@ Patch16:useradd-netlink_selinux_socket.patch Patch17:systemd-tmpfiles.patch Patch18:label_var_run_rsyslog.patch +Patch19:remove_duplicate_filetrans_pattern_rules.patch Source1:modules-targeted-base.conf Source31: modules-targeted-contrib.conf @@ -346,6 +347,7 @@ %setup -n serefpolicy-contrib-%{version} -q -b 29 %patch1 -p1 %patch11 -p1 +%patch19 -p1 contrib_path=`pwd` %setup -n serefpolicy-%{version} -q cp COPYING .. ++ remove_duplicate_filetrans_pattern_rules.patch ++ diff --git a/gnome.te b/gnome.te index c6ff2a1..ac4ec2a 100644 --- a/gnome.te +++ b/gnome.te @@ -226,7 +226,6 @@ allow gkeyringd_domain gconf_home_t:dir create_dir_perms; filetrans_pattern(gkeyringd_domain, gconf_home_t, data_home_t, dir, "share") filetrans_pattern(gkeyringd_domain, gnome_home_t, gkeyringd_gnome_home_t, dir, "keyrings") filetrans_pattern(gkeyringd_domain, data_home_t, gkeyringd_gnome_home_t, dir, "keyrings") -filetrans_pattern(gkeyringd_domain, gnome_home_t, data_home_t, dir, "keyrings") manage_dirs_pattern(gkeyringd_domain, gkeyringd_tmp_t, gkeyringd_tmp_t) manage_sock_files_pattern(gkeyringd_domain, gkeyringd_tmp_t, gkeyringd_tmp_t) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2013-12-19 12:36:53 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2013-08-12 15:52:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2013-12-19 12:37:22.0 +0100 @@ -1,0 +2,20 @@ +Mon Dec 9 13:57:18 UTC 2013 - vci...@suse.com + +- enable build of mls and targeted policies +- fixes to the minimum policy: +- label /var/run/rsyslog correctly + * label_var_run_rsyslog.patch +- allow systemd-tmpfiles to create devices + * systemd-tmpfiles.patch +- add rules for sysconfig + * correctly label /dev/.sysconfig/network + * added sysconfig_network_scripts.patch +- run restorecon and fixfiles only if if selinux is enabled +- fix console login + * allow-local_login_t-read-shadow.patch +- allow rsyslog to write to xconsole + * xconsole.patch +- useradd needs to call selinux_check_access (via pam_rootok) + * useradd-netlink_selinux_socket.patch + +--- New: allow-local_login_t-read-shadow.patch label_var_run_rsyslog.patch sysconfig_network_scripts.patch systemd-tmpfiles.patch useradd-netlink_selinux_socket.patch xconsole.patch Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.5fqKUk/_old 2013-12-19 12:37:23.0 +0100 +++ /var/tmp/diff_new_pack.5fqKUk/_new 2013-12-19 12:37:23.0 +0100 @@ -23,20 +23,20 @@ %define polyinstatiate n %define monolithic n %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1} -%define BUILD_DOC 0 +%define BUILD_DOC 1 %endif %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1} %define BUILD_TARGETED 1 %endif %if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1} -%define BUILD_MINIMUM 0 +%define BUILD_MINIMUM 1 %endif %if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} %define BUILD_MLS 1 %endif %define POLICYVER 29 %define POLICYCOREUTILSVER 2.1.14 -%define CHECKPOLICYVER 2.1.12 +%define CHECKPOLICYVER 2.2 Summary:SELinux policy configuration License:GPL-2.0+ Group: System/Management @@ -50,6 +50,12 @@ Patch10:type_transition_file_class.patch Patch11:type_transition_contrib.patch Patch12:label_sysconfig.selinux-policy.patch +Patch13:sysconfig_network_scripts.patch +Patch14:allow-local_login_t-read-shadow.patch +Patch15:xconsole.patch +Patch16:useradd-netlink_selinux_socket.patch +Patch17:systemd-tmpfiles.patch +Patch18:label_var_run_rsyslog.patch Source1:modules-targeted-base.conf Source31: modules-targeted-contrib.conf @@ -111,12 +117,9 @@ %defattr(-,root,root,-) %doc COPYING %dir %{_usr}/share/selinux -#%dir %{_usr}/share/selinux/packages %dir %{_sysconfdir}/selinux %ghost %config(noreplace) %{_sysconfdir}/selinux/config -%dir %{_localstatedir}/adm/fillup-templates %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -#%ghost %{_sysconfdir}/sysconfig/selinux %{_usr}/lib/tmpfiles.d/selinux-policy.conf %package devel @@ -132,13 +135,10 @@ %files devel %defattr(-,root,root,-) -#%{_mandir}/man*/* %{_mandir}/ru/*/* %dir %{_usr}/share/selinux/devel %dir %{_usr}/share/selinux/devel/include %{_usr}/share/selinux/devel/include/* -#%dir %{_usr}/share/selinux/devel/html -#%{_usr}/share/selinux/devel/html/*html %{_usr}/share/selinux/devel/Makefile %{_usr}/share/selinux/devel/example.* @@ -148,15 +148,6 @@ Requires(pre): selinux-policy = %{version}-%{release} Requires: /usr/bin/xdg-open -%description doc -SELinux policy documentation package - -%files doc -%defattr(-,root,root,-) -%doc %{_usr}/share/doc/%{name}-%{version} -%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp -%{_usr}/share/selinux/devel/policy.* - %define makeCmds() \ make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 bare \ make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 conf \ @@ -206,7 +197,8 @@ /usr/sbin/semodule -s %1 -n -B -p %{buildroot}; \ /usr/bin/sha512sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f 1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policy.sha512; \ rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \ -rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern +rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern \
commit selinux-policy for openSUSE:Factory
Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2013-08-12 15:52:20 Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) Package is "selinux-policy" Changes: --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2013-07-12 20:57:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2013-08-12 15:52:21.0 +0200 @@ -1,0 +2,6 @@ +Mon Aug 12 02:08:15 CEST 2013 - r...@suse.de + +- fix build on factory: newer rpm does not allow to mark + non-directories as dir anymore (like symlinks in this case) + +--- Other differences: -- ++ selinux-policy.spec ++ --- /var/tmp/diff_new_pack.SOwgjx/_old 2013-08-12 15:52:22.0 +0200 +++ /var/tmp/diff_new_pack.SOwgjx/_new 2013-08-12 15:52:22.0 +0200 @@ -115,7 +115,7 @@ %dir %{_sysconfdir}/selinux %ghost %config(noreplace) %{_sysconfdir}/selinux/config %dir %{_localstatedir}/adm/fillup-templates -%dir %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} +%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} #%ghost %{_sysconfdir}/sysconfig/selinux %{_usr}/lib/tmpfiles.d/selinux-policy.conf -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org