commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2020-11-02 14:04:02
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.3463 (New)
Package is "selinux-policy"
Mon Nov 2 14:04:02 2020 rev:4 rq:844986 version:20201029
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2020-10-23 12:20:39.572611671 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.3463/selinux-policy.changes
2020-11-02 14:04:16.436676002 +0100
@@ -1,0 +2,7 @@
+Thu Oct 29 08:47:51 UTC 2020 - Thorsten Kukuk
+
+- wicked.fc: add libexec directories
+- Update to version 20201029
+ - update container policy
+
+---
Old:
fedora-policy.20201016.tar.bz2
New:
fedora-policy.20201029.tar.bz2
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.QK6SZM/_old 2020-11-02 14:04:18.684677710 +0100
+++ /var/tmp/diff_new_pack.QK6SZM/_new 2020-11-02 14:04:18.688677713 +0100
@@ -33,7 +33,7 @@
License:GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version:20201016
+Version:20201029
Release:0
Source: fedora-policy.%{version}.tar.bz2
Source1:selinux-policy-rpmlintrc
++ fedora-policy.20201016.tar.bz2 -> fedora-policy.20201029.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/container.te
new/fedora-policy/policy/modules/contrib/container.te
--- old/fedora-policy/policy/modules/contrib/container.te 2020-10-16
10:49:09.821324878 +0200
+++ new/fedora-policy/policy/modules/contrib/container.te 2020-10-29
09:07:49.792815272 +0100
@@ -1,4 +1,4 @@
-policy_module(container, 2.148.0)
+policy_module(container, 2.150.0)
gen_require(`
class passwd rootok;
')
@@ -754,7 +754,7 @@
allow container_domain self:shm create_shm_perms;
allow container_domain self:socket create_socket_perms;
allow container_domain self:tcp_socket create_socket_perms;
-allow container_domain self:tun_socket { create_socket_perms relabelfrom
relabelto };
+allow container_domain self:tun_socket { create_socket_perms relabelfrom
relabelto attach_queue };
allow container_domain self:udp_socket create_socket_perms;
allow container_domain self:unix_dgram_socket create_socket_perms;
allow container_domain self:unix_stream_socket create_stream_socket_perms;
@@ -1149,6 +1149,7 @@
container_stream_connect(container_kvm_t)
dev_rw_inherited_vhost(container_kvm_t)
+dev_rw_vfio_dev(container_kvm_t)
corenet_rw_inherited_tun_tap_dev(container_kvm_t)
corecmd_exec_shell(container_kvm_t)
@@ -1158,9 +1159,12 @@
# virtiofs causes these AVC messages.
kernel_mount_proc(container_kvm_t)
kernel_mounton_proc(container_kvm_t)
+kernel_unmount_proc(container_kvm_t)
+kernel_dgram_send(container_kvm_t)
files_mounton_rootfs(container_kvm_t)
auth_read_passwd(container_kvm_t)
+logging_send_syslog_msg(container_kvm_t)
optional_policy(`
qemu_entry_type(container_kvm_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/keepalived.te
new/fedora-policy/policy/modules/contrib/keepalived.te
--- old/fedora-policy/policy/modules/contrib/keepalived.te 2020-10-16
10:49:08.473324807 +0200
+++ new/fedora-policy/policy/modules/contrib/keepalived.te 2020-10-29
09:07:48.496812045 +0100
@@ -62,6 +62,7 @@
corecmd_exec_bin(keepalived_t)
corecmd_exec_shell(keepalived_t)
+corenet_raw_bind_generic_node(keepalived_t)
corenet_tcp_connect_connlcli_port(keepalived_t)
corenet_tcp_connect_http_port(keepalived_t)
corenet_tcp_connect_mysqld_port(keepalived_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fedora-policy/policy/modules/contrib/pcp.fc
new/fedora-policy/policy/modules/contrib/pcp.fc
--- old/fedora-policy/policy/modules/contrib/pcp.fc 2020-10-16
10:49:08.489324808 +0200
+++ new/fedora-policy/policy/modules/contrib/pcp.fc 2020-10-29
09:07:48.512812084 +0100
@@ -20,6 +20,11 @@
/usr/libexec/pcp/bin/pmie --
gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
/usr/libexec/pcp/bin/pmmgr --
gen_context(system_u:object_r:pcp_pmmgr_exec_t,s0)
+/usr/libexec/pcp/lib/pmcd --
gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
+/usr/libexec/pcp/lib/pmlogger --
gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
+/usr/libexec/pcp/lib/pmproxy --
gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
+/usr/libex
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2020-10-23 12:20:12
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.3463 (New)
Package is "selinux-policy"
Fri Oct 23 12:20:12 2020 rev:3 rq:842814 version:20201016
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2020-10-07 14:18:29.829486196 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.3463/selinux-policy.changes
2020-10-23 12:20:39.572611671 +0200
@@ -1,0 +2,9 @@
+Fri Oct 16 08:50:06 UTC 2020 - Thorsten Kukuk
+
+- Update to version 20201016
+- Use python3 to build (fc_sort.c was replaced by fc_sort.py which
+ uses python3)
+- Drop SELINUX=disabled, "selinux=0" kernel commandline option has
+ to be used instead. New default is "permissive" [bsc#1176923].
+
+---
Old:
fedora-policy.20200910.tar.bz2
New:
fedora-policy.20201016.tar.bz2
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.uMJA1v/_old 2020-10-23 12:20:41.580613087 +0200
+++ /var/tmp/diff_new_pack.uMJA1v/_new 2020-10-23 12:20:41.584613090 +0200
@@ -1,7 +1,7 @@
#
# spec file for package selinux-policy
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,9 +12,10 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
+
# There are almost no SUSE specific modifications available in the policy, so
we utilize the
# ones used by redhat and include also the SUSE specific ones (see sed
statement below)
%define distro redhat
@@ -32,7 +33,7 @@
License:GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version:20200910
+Version:20201016
Release:0
Source: fedora-policy.%{version}.tar.bz2
Source1:selinux-policy-rpmlintrc
@@ -131,7 +132,7 @@
Patch100: sedoctool.patch
-Url:https://github.com/fedora-selinux/selinux-policy.git
+URL:https://github.com/fedora-selinux/selinux-policy.git
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
BuildRequires: checkpolicy
@@ -139,8 +140,9 @@
BuildRequires: libxml2-tools
BuildRequires: m4
BuildRequires: policycoreutils
-BuildRequires: python3-policycoreutils
BuildRequires: policycoreutils-devel
+BuildRequires: python3
+BuildRequires: python3-policycoreutils
# we need selinuxenabled
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): pam-config
@@ -355,6 +357,7 @@
%package sandbox
Summary: SELinux policy sandbox
+Group: System/Management
Requires(pre): selinux-policy-targeted = %{version}-%{release}
%description sandbox
@@ -455,7 +458,6 @@
mkdir -p %{buildroot}%{_datadir}/selinux/packages
-
mkdir selinux_config
for i in %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14}
%{SOURCE15} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE30} %{SOURCE31}
%{SOURCE32} %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE50} %{SOURCE51}
%{SOURCE52} %{SOURCE91} %{SOURCE92} %{SOURCE94};do
cp $i selinux_config
@@ -522,11 +524,13 @@
else
echo "
# This file controls the state of SELinux on the system.
+# SELinux can be completly disabled with the \"selinux=0\" kernel
+# commandline option.
+#
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
-# disabled - No SELinux policy is loaded.
-SELINUX=disabled
+SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are
protected.
@@ -553,9 +557,7 @@
if [ "$SELINUXTYPE" = "$2" ]; then \
%{_sbindir}/setenforce 0 2> /dev/null \
if [ -s %{_sysconfdir}/selinux/config ]; then \
- sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config \
-else \
- echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config \
+ sed -i 's/^SELINUX=.*/SELINUX=permissive/g'
%{_sysconfdir}/selinux/config \
fi \
fi \
pam-config -d --selinux \
@@ -565,15 +567,12 @@
%postun
if [ $1 = 0 ]; then
%{_sbindir}/s
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2020-10-07 14:18:21
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new.4249 (New)
Package is "selinux-policy"
Wed Oct 7 14:18:21 2020 rev:2 rq:839873 version:20200910
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2020-10-06 17:08:56.977415305 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new.4249/selinux-policy.changes
2020-10-07 14:18:29.829486196 +0200
@@ -1,0 +2,29 @@
+Tue Sep 10 07:16:50 UTC 2020 - Johannes Segitz
+
+- Update to version 20200910. Refreshed
+ * fix_authlogin.patch
+ * fix_nagios.patch
+ * fix_systemd.patch
+ * fix_usermanage.patch
+- Delete suse_specific.patch, moved content into fix_selinuxutil.patch
+- Cleanup of booleans-* presets
+ * Enabled
+user_rw_noexattrfile
+unconfined_chrome_sandbox_transition
+unconfined_mozilla_plugin_transition
+for the minimal policy
+ * Disabled
+xserver_object_manager
+for the MLS policy
+ * Disabled
+openvpn_enable_homedirs
+privoxy_connect_any
+selinuxuser_direct_dri_enabled
+selinuxuser_ping (aka user_ping)
+squid_connect_any
+telepathy_tcp_connect_generic_network_ports
+for the targeted policy
+ Change your local config if you need them
+- Build HTML version of manpages for the -devel package
+
+---
Old:
fedora-policy.20200717.tar.bz2
suse_specific.patch
New:
fedora-policy.20200910.tar.bz2
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.54yTTq/_old 2020-10-07 14:18:31.325487386 +0200
+++ /var/tmp/diff_new_pack.54yTTq/_new 2020-10-07 14:18:31.329487389 +0200
@@ -15,7 +15,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# TODO: This turns on distro-specific policies.
# There are almost no SUSE specific modifications available in the policy, so
we utilize the
# ones used by redhat and include also the SUSE specific ones (see sed
statement below)
%define distro redhat
@@ -33,7 +32,7 @@
License:GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
-Version:20200717
+Version:20200910
Release:0
Source: fedora-policy.%{version}.tar.bz2
Source1:selinux-policy-rpmlintrc
@@ -65,7 +64,6 @@
Source60: selinux-policy.conf
-Source90: selinux-policy-rpmlintrc
Source91: Makefile.devel
Source92: customizable_types
#Source93: config.tgz
@@ -123,7 +121,7 @@
Patch040: fix_usermanage.patch
Patch041: fix_smartmon.patch
Patch042: fix_geoclue.patch
-Patch043: suse_specific.patch
+#Patch043: suse_specific.patch
Patch044: fix_authlogin.patch
Patch045: fix_screen.patch
Patch046: fix_unprivuser.patch
@@ -154,6 +152,7 @@
# for audit2allow
Recommends: python3-policycoreutils
Recommends: policycoreutils-python-utils
+Recommends: container-selinux
%define common_params DISTRO=%{distro} UBAC=%{ubac} DIRECT_INITRC=n
MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024
@@ -351,7 +350,6 @@
%dir %{_datadir}/selinux/packages
%dir %{_sysconfdir}/selinux
%ghost %config(noreplace) %{_sysconfdir}/selinux/config
-#%ghost %{_sysconfdir}/sysconfig/selinux-policy
%{_tmpfilesdir}/selinux-policy.conf
%{_rpmconfigdir}/macros.d/macros.selinux-policy
@@ -426,7 +424,7 @@
%patch040 -p1
%patch041 -p1
%patch042 -p1
-%patch043 -p1
+#% patch043 -p1
%patch044 -p1
%patch045 -p1
%patch046 -p1
@@ -442,8 +440,6 @@
%install
mkdir -p %{buildroot}%{_sysconfdir}/selinux
touch %{buildroot}%{_sysconfdir}/selinux/config
-#mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
-#touch %{buildroot}%{_sysconfdir}/sysconfig/selinux-policy
mkdir -p %{buildroot}%{_tmpfilesdir}
cp %{SOURCE60} %{buildroot}%{_tmpfilesdir}
@@ -512,11 +508,10 @@
install -m 644 selinux_config/Makefile.devel
%{buildroot}%{_datadir}/selinux/devel/Makefile
install -m 644 doc/example.* %{buildroot}%{_datadir}/selinux/devel/
install -m 644 doc/policy.* %{buildroot}%{_datadir}/selinux/devel/
-#XXX what's missing for html?
-#%{_bindir}/sepolicy manpage -a -p %{buildroot}%{_datadir}/man/man8/ -w -r
%{buildroot}
-#mkdir %{buildroot}%{_datadir}/selinux/devel/html
-#mv %{buildroot}%{_datadir}/man/man8/*.html
%{buildroot}%{_datadir}/selinux/devel/html
-#mv %{buildroot}%{_datadir}/man/man8/style.css
%{buildroot}%{_datadir}/selinux/devel/html
+%{_bindir}/sepolicy manpage -a -p %{buildroot}%{_datadir}/man/man8/ -w -r
%{buildroot}
+mkdir %{buildroot}%{_datadir}/selinux/devel/html
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2017-12-12 21:23:44
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Tue Dec 12 21:23:44 2017 rev:29 rq:556433 version:20140730
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2017-03-31 15:08:35.455989842 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2017-12-12 21:23:50.531900062 +0100
@@ -1,0 +2,20 @@
+Tue Dec 12 09:07:31 UTC 2017 - jseg...@suse.com
+
+- Added
+ * suse_modifications_glusterfs.patch
+ * suse_modifications_passenger.patch
+ * suse_modifications_stapserver.patch
+ to modify module name to make the current tools happy
+
+---
+Wed Nov 29 13:20:22 UTC 2017 - rbr...@suse.com
+
+- Repair erroneous changes introduced with %_fillupdir macro
+
+---
+Thu Nov 23 13:53:09 UTC 2017 - rbr...@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+ %_fillupdir macro (boo#1069468)
+
+---
New:
suse_modifications_glusterfs.patch
suse_modifications_passenger.patch
suse_modifications_stapserver.patch
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.Vk3bPt/_old 2017-12-12 21:23:52.363811628 +0100
+++ /var/tmp/diff_new_pack.Vk3bPt/_new 2017-12-12 21:23:52.367811435 +0100
@@ -16,6 +16,11 @@
#
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+ %define _fillupdir /var/adm/fillup-templates
+%endif
+
# TODO: This turns on distro-specific policies.
# There are almost no SUSE specific modifications available in the policy, so
we utilize the
# ones used by redhat and include also the SUSE specific ones (see sed
statement below)
@@ -200,6 +205,9 @@
Patch1009: suse_modifications_cron.patch
Patch1010: suse_additions_sslh.patch
Patch1011: suse_additions_obs.patch
+Patch1012: suse_modifications_glusterfs.patch
+Patch1013: suse_modifications_passenger.patch
+Patch1014: suse_modifications_stapserver.patch
Url:http://oss.tresys.com/repos/refpolicy/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -397,7 +405,7 @@
%dir %{_usr}/share/selinux
%dir %{_sysconfdir}/selinux
%ghost %config(noreplace) %{_sysconfdir}/selinux/config
-%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
+%{_fillupdir}/sysconfig.%{name}
%{_usr}/lib/tmpfiles.d/selinux-policy.conf
%description
@@ -419,6 +427,9 @@
%patch1009 -p1
%patch1010 -p1
%patch1011 -p1
+%patch1012 -p1
+%patch1013 -p1
+%patch1014 -p1
# base policy
contrib_path=`pwd`
@@ -511,8 +522,8 @@
rm -rf selinux_config
# fillup sysconfig
-mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
-cp %{SOURCE61}
%{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
+mkdir -p %{buildroot}%{_fillupdir}
+cp %{SOURCE61} %{buildroot}%{_fillupdir}/sysconfig.%{name}
%clean
++ suse_modifications_glusterfs.patch ++
Index: serefpolicy-contrib-20140730/glusterd.te
===
--- serefpolicy-contrib-20140730.orig/glusterd.te 2017-12-11
17:38:13.448089663 +0100
+++ serefpolicy-contrib-20140730/glusterd.te2017-12-11 17:38:52.960730655
+0100
@@ -1,4 +1,4 @@
-policy_module(glusterfs, 1.1.2)
+policy_module(glusterd, 1.1.2)
##
##
++ suse_modifications_passenger.patch ++
Index: serefpolicy-contrib-20140730/passenger.te
===
--- serefpolicy-contrib-20140730.orig/passenger.te 2017-12-11
17:38:13.276086872 +0100
+++ serefpolicy-contrib-20140730/passenger.te 2017-12-11 17:42:24.592161419
+0100
@@ -1,4 +1,4 @@
-policy_module(passanger, 1.1.1)
+policy_module(passenger, 1.1.1)
#
++ suse_modifications_stapserver.patch ++
Index: serefpolicy-contrib-20140730/stapserver.te
===
--- serefpolicy-contrib-20140730.orig/stapserver.te 2017-12-11
17:38:13.312087456 +0100
+++ serefpolicy-contrib-20140730/stapserver.te 2017-12-11 17:46:03.915729618
+0100
@@ -1,4 +1,4 @@
-policy_module(systemtap, 1.1.0)
+policy_module(stapserver, 1.1.0)
#
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2017-03-31 15:08:32
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Fri Mar 31 15:08:32 2017 rev:28 rq:482447 version:20140730
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2015-08-27 08:57:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2017-03-31 15:08:35.455989842 +0200
@@ -1,0 +2,39 @@
+Wed Mar 15 21:50:32 UTC 2017 - mwi...@suse.com
+
+- POLCYVER depends both on the libsemanage/policycoreutils version
+ and the kernel. The former is more important for us, kernel seems
+ to have all necessary features in Leap 42.1 already.
+
+- Replaced = runtime dependencies on checkpolicy/policycoreutils
+ with "=". 2.5 policy is not supposed to work with 2.3 tools,
+ The runtime policy tools need to be same the policy was built with.
+
+---
+Wed Mar 15 15:16:20 UTC 2017 - mwi...@suse.com
+
+- Changes required by policycoreutils update to 2.5
+ * lots of spec file content needs to be conditional on
+policycoreutils version.
+
+- Specific policycoreutils 2.5 related changes:
+ * modules moved from /etc/selinux to /var/lib/selinux
+ (https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration)
+ * module path now includes includes priority. Users override default
+ policies by setting higher priority. Thus installed policy modules can be
+ fully verified by RPM.
+ * Installed modules have a different format and path.
+ Raw bzip2 doesn't suffice to create them any more, but we can process them
+ all in a single semodule -i command.
+
+- Policy version depends on kernel / distro version
+ * do not touch policy., rather fail if it's not created
+
+- Enabled building mls policy for Leap (not for SLES)
+
+- Other
+ * Bug: "sandbox.disabled" should be "sandbox.pp.disabled" for old
policycoreutils
+ * Bug: (minimum) additional modules that need to be activated: postfix
+ (required by apache), plymouthd (required by getty)
+ * Cleanup: /etc -> %{sysconfdir} etc.
+
+---
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.MOokgA/_old 2017-03-31 15:08:38.511557851 +0200
+++ /var/tmp/diff_new_pack.MOokgA/_new 2017-03-31 15:08:38.515557285 +0200
@@ -1,7 +1,7 @@
#
# spec file for package selinux-policy
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,14 +25,100 @@
%define BUILD_DOC 1
%define BUILD_TARGETED 1
%define BUILD_MINIMUM 1
-%if 0%{suse_version} == 1315
+%if 0%{suse_version} == 1315 && 0%{is_opensuse} == 0
%define BUILD_MLS 0
%else
%define BUILD_MLS 1
%endif
+
+%if 0%{?suse_version} >= 1330 || ( 0%{?suse_version} == 1315 &&
0%{?sle_version} >= 120200 )
+%else
+%endif
+
+%define POLICYCOREUTILSVER %(rpm -q --qf %%{version} policycoreutils)
+%define CHECKPOLICYVER %POLICYCOREUTILSVER
+
+%define coreutils_ge() %{lua: if
(rpm.vercmp(rpm.expand("%POLICYCOREUTILSVER"), rpm.expand("%1")) >= 0) then
print "1" else print "0" end }
+
+# conditional stuff depending on policycoreutils version
+# See https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration
+%if %{coreutils_ge 2.5}
+
+# Policy version, see
https://selinuxproject.org/page/NB_PolicyType#Policy_Versions
+# It depends on the kernel, but apparently more so on the libsemanage version.
+%define POLICYVER 30
+
+# macros calling module_store have to be defined using global, not define, and
+# "lazy" evaluation
+%global module_store() %{_localstatedir}/lib/selinux/%%{1}
+%global policy_prio 100
+%global module_dir active/modules/%{policy_prio}
+%global module_disabled() %{module_store %%{1}}/active/modules/disabled/%%{2}
+
+%global install_pp() \
+ (cd %{buildroot}/%{_usr}/share/selinux/%1/ \
+/usr/sbin/semodule -s %%{1} -X %{policy_prio} -n -p %{buildroot} -i
*.pp \
+ rm -f *pp*);
+
+# FixMe 170315: None of these exist any more. Are they necessary?
+%global files_base_pp() %nil
+%global touch_file_contexts() touch
%{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local
+%global files_file_contexts() %nil
+%global mkdir_other() \
+%{__mkdir} -p %{buildroot}%{module_store %%1}/active/modules/disabled
+%global files_other() \
+%dir %{module
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2015-08-27 08:57:14
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2015-08-12 15:13:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2015-08-27 08:57:15.0 +0200
@@ -1,0 +2,5 @@
+Thu Aug 13 08:14:34 UTC 2015 - jseg...@novell.com
+
+- fixed missing role assignment in cron_unconfined_role
+
+---
Other differences:
--
++ suse_modifications_cron.patch ++
--- /var/tmp/diff_new_pack.F1KW2F/_old 2015-08-27 08:57:16.0 +0200
+++ /var/tmp/diff_new_pack.F1KW2F/_new 2015-08-27 08:57:16.0 +0200
@@ -1,7 +1,7 @@
Index: serefpolicy-contrib-20140730/cron.fc
===
serefpolicy-contrib-20140730.orig/cron.fc 2015-06-24 10:48:23.073675837
+0200
-+++ serefpolicy-contrib-20140730/cron.fc 2015-06-24 10:48:26.477726111
+0200
+--- serefpolicy-contrib-20140730.orig/cron.fc 2015-08-13 10:13:01.320203530
+0200
serefpolicy-contrib-20140730/cron.fc 2015-08-13 10:13:01.620208372
+0200
@@ -55,6 +55,8 @@ ifdef(`distro_suse', `
/var/spool/cron/lastrun -d
gen_context(system_u:object_r:crond_tmp_t,s0)
/var/spool/cron/lastrun/[^/]* -- <>
@@ -13,8 +13,8 @@
ifdef(`distro_debian',`
Index: serefpolicy-contrib-20140730/cron.te
===
serefpolicy-contrib-20140730.orig/cron.te 2015-06-24 10:48:23.073675837
+0200
-+++ serefpolicy-contrib-20140730/cron.te 2015-06-24 10:48:26.477726111
+0200
+--- serefpolicy-contrib-20140730.orig/cron.te 2015-08-13 10:13:01.320203530
+0200
serefpolicy-contrib-20140730/cron.te 2015-08-13 10:13:01.620208372
+0200
@@ -841,3 +841,9 @@ tunable_policy(`cron_userdomain_transiti
optional_policy(`
unconfined_domain(unconfined_cronjob_t)
@@ -27,8 +27,8 @@
+')
Index: serefpolicy-contrib-20140730/cron.if
===
serefpolicy-contrib-20140730.orig/cron.if 2015-06-24 10:48:23.073675837
+0200
-+++ serefpolicy-contrib-20140730/cron.if 2015-06-24 10:48:47.318033927
+0200
+--- serefpolicy-contrib-20140730.orig/cron.if 2015-08-13 10:13:01.320203530
+0200
serefpolicy-contrib-20140730/cron.if 2015-08-13 10:14:06.153249993
+0200
@@ -158,7 +158,7 @@ interface(`cron_role',`
#
interface(`cron_unconfined_role',`
@@ -38,7 +38,15 @@
type crond_t, user_cron_spool_t;
bool cron_userdomain_transition;
')
-@@ -175,7 +175,7 @@ interface(`cron_unconfined_role',`
+@@ -168,14 +168,14 @@ interface(`cron_unconfined_role',`
+ # Declarations
+ #
+
+-role $1 types { unconfined_cronjob_t crontab_t };
++role $1 types { unconfined_cronjob_t admin_crontab_t crontab_t };
+
+ ##
+ #
# Local policy
#
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2015-08-12 15:13:35
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2015-08-05 19:17:27.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2015-08-12 15:13:36.0 +0200
@@ -1,0 +2,6 @@
+Tue Aug 11 08:36:17 UTC 2015 - jseg...@novell.com
+
+- Updated suse_modifications_ipsec.patch, removed dontaudits for
+ ipsec_mgmt_t and granted matching permissions
+
+---
Other differences:
--
++ suse_modifications_ipsec.patch ++
--- /var/tmp/diff_new_pack.I7eJ6A/_old 2015-08-12 15:13:38.0 +0200
+++ /var/tmp/diff_new_pack.I7eJ6A/_new 2015-08-12 15:13:38.0 +0200
@@ -1,7 +1,7 @@
Index: serefpolicy-20140730/policy/modules/system/ipsec.te
===
serefpolicy-20140730.orig/policy/modules/system/ipsec.te 2015-08-05
13:56:18.127343378 +0200
-+++ serefpolicy-20140730/policy/modules/system/ipsec.te2015-08-05
15:13:33.360764030 +0200
+--- serefpolicy-20140730.orig/policy/modules/system/ipsec.te 2015-08-10
12:55:56.098645940 +0200
serefpolicy-20140730/policy/modules/system/ipsec.te2015-08-10
14:32:28.542764339 +0200
@@ -209,14 +209,18 @@ optional_policy(`
# ipsec_mgmt Local policy
#
@@ -17,9 +17,9 @@
allow ipsec_mgmt_t self:key_socket create_socket_perms;
allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms;
+allow ipsec_mgmt_t self:netlink_route_socket nlmsg_write;
-+allow ipsec_mgmt_t self:packet_socket { setopt create };
-+allow ipsec_mgmt_t self:socket { bind create };
-+allow ipsec_mgmt_t self:netlink_xfrm_socket { bind create };
++allow ipsec_mgmt_t self:packet_socket { setopt create read write };
++allow ipsec_mgmt_t self:socket { bind create read write };
++allow ipsec_mgmt_t self:netlink_xfrm_socket { nlmsg_write write read bind
create };
allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file)
@@ -51,3 +51,15 @@
dev_read_rand(ipsec_mgmt_t)
dev_read_urand(ipsec_mgmt_t)
+@@ -297,10 +308,7 @@ dev_read_urand(ipsec_mgmt_t)
+ domain_use_interactive_fds(ipsec_mgmt_t)
+ # denials when ps tries to search /proc. Do not audit these denials.
+ domain_dontaudit_read_all_domains_state(ipsec_mgmt_t)
+-# suppress audit messages about unnecessary socket access
+-# cjp: this seems excessive
+-domain_dontaudit_rw_all_udp_sockets(ipsec_mgmt_t)
+-domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t)
++# domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t)
+
+ files_read_etc_files(ipsec_mgmt_t)
+ files_exec_etc_files(ipsec_mgmt_t)
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2015-08-05 19:17:25
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2015-07-23 15:22:54.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2015-08-05 19:17:27.0 +0200
@@ -1,0 +2,6 @@
+Wed Aug 5 11:31:24 UTC 2015 - jseg...@novell.com
+
+- Added suse_modifications_ipsec.patch to grant additional privileges
+ to ipsec_mgmt_t
+
+---
New:
suse_modifications_ipsec.patch
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.zi143A/_old 2015-08-05 19:17:29.0 +0200
+++ /var/tmp/diff_new_pack.zi143A/_new 2015-08-05 19:17:29.0 +0200
@@ -99,6 +99,7 @@
Patch0020: suse_modifications_unprivuser.patch
Patch0021: dont_use_xmllint_in_make_conf.patch
Patch0022: suse_modifications_staff.patch
+Patch0023: suse_modifications_ipsec.patch
# contrib patches
Patch1000: policy-rawhide-contrib.patch
@@ -367,6 +368,7 @@
%patch0020 -p1
%patch0021 -p1
%patch0022 -p1
+%patch0023 -p1
refpolicy_path=`pwd`
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
# we use distro=redhat to get all the redhat modifications but we'll still
need everything that is defined for suse
++ suse_modifications_ipsec.patch ++
Index: serefpolicy-20140730/policy/modules/system/ipsec.te
===
--- serefpolicy-20140730.orig/policy/modules/system/ipsec.te2015-08-05
13:56:18.127343378 +0200
+++ serefpolicy-20140730/policy/modules/system/ipsec.te 2015-08-05
15:13:33.360764030 +0200
@@ -209,14 +209,18 @@ optional_policy(`
# ipsec_mgmt Local policy
#
-allow ipsec_mgmt_t self:capability { dac_override dac_read_search net_admin
setpcap sys_nice sys_ptrace };
+allow ipsec_mgmt_t self:capability { dac_override dac_read_search net_admin
net_raw setpcap sys_nice sys_ptrace };
dontaudit ipsec_mgmt_t self:capability sys_tty_config;
-allow ipsec_mgmt_t self:process { getsched setrlimit setsched signal };
+allow ipsec_mgmt_t self:process { getsched setrlimit setsched signal setcap };
allow ipsec_mgmt_t self:unix_stream_socket { create_stream_socket_perms
connectto };
allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
allow ipsec_mgmt_t self:udp_socket create_socket_perms;
allow ipsec_mgmt_t self:key_socket create_socket_perms;
allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms;
+allow ipsec_mgmt_t self:netlink_route_socket nlmsg_write;
+allow ipsec_mgmt_t self:packet_socket { setopt create };
+allow ipsec_mgmt_t self:socket { bind create };
+allow ipsec_mgmt_t self:netlink_xfrm_socket { bind create };
allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file)
@@ -231,6 +235,8 @@ logging_log_filetrans(ipsec_mgmt_t, ipse
allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file manage_file_perms;
files_pid_filetrans(ipsec_mgmt_t, ipsec_mgmt_var_run_t, file)
filetrans_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_mgmt_var_run_t, file)
+# temporary fix until the rules above work
+allow ipsec_mgmt_t var_run_t:sock_file { write unlink };
manage_files_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t)
manage_dirs_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t)
@@ -269,6 +275,7 @@ kernel_read_software_raid_state(ipsec_mg
kernel_read_kernel_sysctls(ipsec_mgmt_t)
kernel_getattr_core_if(ipsec_mgmt_t)
kernel_getattr_message_if(ipsec_mgmt_t)
+kernel_request_load_module(ipsec_mgmt_t)
domain_dontaudit_getattr_all_sockets(ipsec_mgmt_t)
domain_dontaudit_getattr_all_pipes(ipsec_mgmt_t)
@@ -290,6 +297,10 @@ corecmd_exec_bin(ipsec_mgmt_t)
corecmd_exec_shell(ipsec_mgmt_t)
corenet_tcp_connect_rndc_port(ipsec_mgmt_t)
+corenet_udp_bind_dhcpc_port(ipsec_mgmt_t)
+corenet_udp_bind_isakmp_port(ipsec_mgmt_t)
+corenet_udp_bind_generic_node(ipsec_mgmt_t)
+corenet_udp_bind_ipsecnat_port(ipsec_mgmt_t)
dev_read_rand(ipsec_mgmt_t)
dev_read_urand(ipsec_mgmt_t)
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2015-07-23 15:22:42
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2015-06-30 10:15:57.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2015-07-23 15:22:54.0 +0200
@@ -1,0 +2,6 @@
+Tue Jul 21 14:56:07 UTC 2015 - jseg...@novell.com
+
+- Minor changes for CC evaluation. Allow reading of /dev/random
+ and ipc_lock for dbus and dhcp
+
+---
Other differences:
--
++ suse_modifications_dbus.patch ++
--- /var/tmp/diff_new_pack.nXd6xO/_old 2015-07-23 15:22:56.0 +0200
+++ /var/tmp/diff_new_pack.nXd6xO/_new 2015-07-23 15:22:56.0 +0200
@@ -1,8 +1,25 @@
Index: serefpolicy-contrib-20140730/dbus.te
===
serefpolicy-contrib-20140730.orig/dbus.te
-+++ serefpolicy-contrib-20140730/dbus.te
-@@ -154,6 +154,8 @@ userdom_dontaudit_search_user_home_dirs(
+--- serefpolicy-contrib-20140730.orig/dbus.te 2015-07-21 16:39:25.588407411
+0200
serefpolicy-contrib-20140730/dbus.te 2015-07-21 16:41:17.738197485
+0200
+@@ -55,7 +55,7 @@ ifdef(`enable_mls',`
+ # dac_override: /var/run/dbus is owned by messagebus on Debian
+ # cjp: dac_override should probably go in a distro_debian
+ allow system_dbusd_t self:capability2 block_suspend;
+-allow system_dbusd_t self:capability { sys_resource dac_override setgid
setpcap setuid };
++allow system_dbusd_t self:capability { sys_resource dac_override setgid
setpcap setuid ipc_lock};
+ dontaudit system_dbusd_t self:capability sys_tty_config;
+ allow system_dbusd_t self:process { getattr getsched signal_perms setpgid
getcap setcap setrlimit };
+ allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
+@@ -87,6 +87,7 @@ kernel_read_kernel_sysctls(system_dbusd_
+ kernel_stream_connect(system_dbusd_t)
+
+ dev_read_urand(system_dbusd_t)
++dev_read_rand(system_dbusd_t)
+ dev_read_sysfs(system_dbusd_t)
+
+ dev_rw_inherited_input_dev(system_dbusd_t)
+@@ -154,6 +155,8 @@ userdom_dontaudit_search_user_home_dirs(
userdom_home_reader(system_dbusd_t)
@@ -13,8 +30,8 @@
')
Index: serefpolicy-contrib-20140730/dbus.if
===
serefpolicy-contrib-20140730.orig/dbus.if
-+++ serefpolicy-contrib-20140730/dbus.if
+--- serefpolicy-contrib-20140730.orig/dbus.if 2015-07-21 16:39:25.588407411
+0200
serefpolicy-contrib-20140730/dbus.if 2015-07-21 16:39:28.964461299
+0200
@@ -111,6 +111,26 @@ template(`dbus_role_template',`
logging_send_syslog_msg($1_dbusd_t)
++ sysconfig_network_scripts.patch ++
--- /var/tmp/diff_new_pack.nXd6xO/_old 2015-07-23 15:22:56.0 +0200
+++ /var/tmp/diff_new_pack.nXd6xO/_new 2015-07-23 15:22:56.0 +0200
@@ -1,7 +1,7 @@
Index: serefpolicy-20140730/policy/modules/system/sysnetwork.fc
===
serefpolicy-20140730.orig/policy/modules/system/sysnetwork.fc
-+++ serefpolicy-20140730/policy/modules/system/sysnetwork.fc
+--- serefpolicy-20140730.orig/policy/modules/system/sysnetwork.fc
2015-07-21 16:52:51.913277147 +0200
serefpolicy-20140730/policy/modules/system/sysnetwork.fc 2015-07-21
16:52:55.461333779 +0200
@@ -11,6 +11,15 @@ ifdef(`distro_debian',`
/dev/shm/network(/.*)?
gen_context(system_u:object_r:net_conf_t,s0)
')
@@ -31,15 +31,15 @@
#
Index: serefpolicy-20140730/policy/modules/system/sysnetwork.te
===
serefpolicy-20140730.orig/policy/modules/system/sysnetwork.te
-+++ serefpolicy-20140730/policy/modules/system/sysnetwork.te
+--- serefpolicy-20140730.orig/policy/modules/system/sysnetwork.te
2015-07-21 16:52:51.913277147 +0200
serefpolicy-20140730/policy/modules/system/sysnetwork.te 2015-07-21
16:54:15.998619244 +0200
@@ -60,7 +60,8 @@ ifdef(`distro_debian',`
#
# DHCP client local policy
#
-allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw
net_bind_service setpcap sys_nice sys_resource sys_tty_config };
+# need sys_admin to set hostname/domainname
-+allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw
net_bind_service setpcap sys_nice sys_resource sys_tty_config sys_admin };
++allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw
net_bind_service setpcap sys_nice
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2015-06-30 10:15:56
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2015-01-29 09:57:30.0 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2015-06-30 10:15:57.0 +0200
@@ -1,0 +2,28 @@
+Wed Jun 24 08:27:30 UTC 2015 - jseg...@novell.com
+
+- Transition from unconfined user to cron admin type
+- Allow systemd_timedated_t to talk to unconfined dbus for minimal
+ policy (bsc#932826)
+- Allow hostnamectl to set the hostname (bsc#933764)
+
+---
+Wed May 20 14:05:04 UTC 2015 - jseg...@novell.com
+
+- Removed ability of staff_t and user_t to use svirt. Will reenable
+ this later on with a policy upgrade
+ Added suse_modifications_staff.patch
+
+---
+Wed Feb 25 11:38:44 UTC 2015 - jseg...@novell.com
+
+- Added dont_use_xmllint_in_make_conf.patch to remove xmllint usage
+ in make conf. This currently breaks manual builds.
+- Added BuildRequires for libxml2-tools to enable xmllint checks
+ once the issue mentioned above is solved
+
+---
+Thu Jan 29 09:56:40 UTC 2015 - jseg...@novell.com
+
+- adjusted suse_modifications_ntp to match SUSE chroot paths
+
+---
New:
dont_use_xmllint_in_make_conf.patch
suse_modifications_staff.patch
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.J303Bz/_old 2015-06-30 10:15:59.0 +0200
+++ /var/tmp/diff_new_pack.J303Bz/_new 2015-06-30 10:15:59.0 +0200
@@ -97,6 +97,8 @@
Patch0018: suse_modifications_ssh.patch
Patch0019: suse_modifications_usermanage.patch
Patch0020: suse_modifications_unprivuser.patch
+Patch0021: dont_use_xmllint_in_make_conf.patch
+Patch0022: suse_modifications_staff.patch
# contrib patches
Patch1000: policy-rawhide-contrib.patch
@@ -120,6 +122,7 @@
BuildRequires: bzip2
BuildRequires: checkpolicy >= %{CHECKPOLICYVER}
BuildRequires: gawk
+BuildRequires: libxml2-tools
BuildRequires: m4
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
BuildRequires: policycoreutils-python >= %{POLICYCOREUTILSVER}
@@ -362,6 +365,8 @@
%patch0018 -p1
%patch0019 -p1
%patch0020 -p1
+%patch0021 -p1
+%patch0022 -p1
refpolicy_path=`pwd`
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
# we use distro=redhat to get all the redhat modifications but we'll still
need everything that is defined for suse
++ dont_use_xmllint_in_make_conf.patch ++
Index: serefpolicy-20140730/Makefile
===
--- serefpolicy-20140730.orig/Makefile 2014-07-30 16:48:48.379896000 +0200
+++ serefpolicy-20140730/Makefile 2015-02-25 12:37:11.262844720 +0100
@@ -431,9 +431,6 @@ $(polxml): $(layerxml) $(tunxml) $(boolx
$(verbose) for i in $(basename $(notdir $(layerxml))); do echo "" >> $@; cat $(tmpdir)/$$i.xml >> $@; echo "" >> $@; done
$(verbose) cat $(tunxml) $(boolxml) >> $@
$(verbose) echo '' >> $@
- $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
- $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd)
$@ ;\
- fi
xml: $(polxml)
++ suse_modifications_cron.patch ++
--- /var/tmp/diff_new_pack.J303Bz/_old 2015-06-30 10:16:00.0 +0200
+++ /var/tmp/diff_new_pack.J303Bz/_new 2015-06-30 10:16:00.0 +0200
@@ -1,7 +1,7 @@
Index: serefpolicy-contrib-20140730/cron.fc
===
serefpolicy-contrib-20140730.orig/cron.fc
-+++ serefpolicy-contrib-20140730/cron.fc
+--- serefpolicy-contrib-20140730.orig/cron.fc 2015-06-24 10:48:23.073675837
+0200
serefpolicy-contrib-20140730/cron.fc 2015-06-24 10:48:26.477726111
+0200
@@ -55,6 +55,8 @@ ifdef(`distro_suse', `
/var/spool/cron/lastrun -d
gen_context(system_u:object_r:crond_tmp_t,s0)
/var/spool/cron/lastrun/[^/]* -- <>
@@ -13,8 +13,8 @@
ifdef(`distro_debian',`
Index: serefpolicy-contrib-20140730/cron.te
===
serefpolicy-contrib-20140730.orig/cron.te
-+++ serefpolicy-contrib-20140730/cron.te
+--- serefpolicy-contrib-20140730.orig/cron.te 2015-06-24 10:48:23.073675837
+
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2015-01-29 09:57:22
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2014-11-18 22:49:02.0 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2015-01-29 09:57:30.0 +0100
@@ -1,0 +2,50 @@
+Wed Jan 28 09:37:06 UTC 2015 - jseg...@novell.com
+
+- Added
+ * suse_additions_obs.patch to allow local builds by OBS
+ * suse_additions_sslh.patch to confine sslh
+- Added suse_modifications_cron.patch to adjust crontabs contexts
+- Modified suse_modifications_postfix.patch to match SUSE paths
+- Modified suse_modifications_ssh.patch to bring boolean
+ sshd_forward_ports back
+- Modified
+ * suse_modifications_dbus.patch
+ * suse_modifications_unprivuser.patch
+ * suse_modifications_xserver.patch
+ to allow users to be confined
+- Added
+ * suse_modifications_apache.patch
+ * suse_modifications_ntp.patch
+ and modified
+ * suse_modifications_xserver.patch
+ to fix labels on startup scripts used by systemd
+- Removed unused and incorrect interface dev_create_all_dev_nodes
+ from systemd-tmpfiles.patch
+- Removed BuildRequire for selinux-policy-devel
+
+---
+Fri Jan 23 15:52:02 UTC 2015 - jseg...@novell.com
+
+- Major cleanup of the spec file
+
+---
+Fri Jan 23 11:44:52 UTC 2015 - jseg...@novell.com
+
+- removed suse_minimal_cc.patch and splitted them into
+ * suse_modifications_dbus.patch
+ * suse_modifications_policykit.patch
+ * suse_modifications_postfix.patch
+ * suse_modifications_rtkit.patch
+ * suse_modifications_unconfined.patch
+ * suse_modifications_systemd.patch
+ * suse_modifications_unconfineduser.patch
+ * suse_modifications_selinuxutil.patch
+ * suse_modifications_logging.patch
+ * suse_modifications_getty.patch
+ * suse_modifications_authlogin.patch
+ * suse_modifications_xserver.patch
+ * suse_modifications_ssh.patch
+ * suse_modifications_usermanage.patch
+- Added suse_modifications_virt.patch to enable svirt on s390x
+
+---
Old:
suse_minimal_cc.patch
New:
suse_additions_obs.patch
suse_additions_sslh.patch
suse_modifications_apache.patch
suse_modifications_authlogin.patch
suse_modifications_cron.patch
suse_modifications_dbus.patch
suse_modifications_getty.patch
suse_modifications_logging.patch
suse_modifications_ntp.patch
suse_modifications_policykit.patch
suse_modifications_postfix.patch
suse_modifications_rtkit.patch
suse_modifications_selinuxutil.patch
suse_modifications_ssh.patch
suse_modifications_systemd.patch
suse_modifications_unconfined.patch
suse_modifications_unconfineduser.patch
suse_modifications_unprivuser.patch
suse_modifications_usermanage.patch
suse_modifications_virt.patch
suse_modifications_xserver.patch
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.cOIqfg/_old 2015-01-29 09:57:43.0 +0100
+++ /var/tmp/diff_new_pack.cOIqfg/_new 2015-01-29 09:57:43.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package selinux-policy
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,76 +17,100 @@
# TODO: This turns on distro-specific policies.
-# There are almost no SUSE specific modifications available
-# in the upstream, so we utilize the ones used by redhat
+# There are almost no SUSE specific modifications available in the policy, so
we utilize the
+# ones used by redhat and include also the SUSE specific ones (see sed
statement below)
%define distro redhat
%define polyinstatiate n
%define monolithic n
-%if %{?BUILD_DOC:0}%{!?BUILD_DOC:1}
%define BUILD_DOC 1
-%endif
-%if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
%define BUILD_TARGETED 1
-%endif
-%if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1}
%define BUILD_MINIMUM 1
-%endif
%if 0%{suse_version} == 1315
%define BUILD_MLS 0
-%endif
-%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
+%else
%define BUILD_MLS 1
%endif
%define POLICYVER 29
%define POLICYCOREUTILSVER 2.3
%define CHECKPOLICYVER 2.3
+
Summary:SELinux policy configuration
License:GPL-2.0+
Group: System/Managemen
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2014-11-18 22:47:09
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2014-09-19 15:45:21.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2014-11-18 22:49:02.0 +0100
@@ -1,0 +2,5 @@
+Sat Nov 08 19:17:00 UTC 2014 - Led
+
+- fix bashism in post script
+
+---
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.7XT9Im/_old 2014-11-18 22:49:05.0 +0100
+++ /var/tmp/diff_new_pack.7XT9Im/_new 2014-11-18 22:49:05.0 +0100
@@ -159,7 +159,7 @@
%define makeModulesConf() \
cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \
cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \
-if [ %3 == "contrib" ];then \
+if [ "%3" = "contrib" ];then \
cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \
cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \
fi; \
@@ -283,7 +283,7 @@
if [ -e /etc/selinux/%1/.policy.sha512 ]; then \
sha512=`sha512sum /etc/selinux/%1/modules/active/policy.kern | cut -d
' ' -f 1`; \
checksha512=`cat /etc/selinux/%1/.policy.sha512`; \
- if [ "$sha512" == "$checksha512" ] ; then \
+ if [ "$sha512" = "$checksha512" ] ; then \
rm /etc/selinux/%1/.rebuild; \
fi; \
fi; \
@@ -298,7 +298,7 @@
else \
touch /etc/selinux/%2/modules/active/modules/sandbox.disabled \
fi; \
-if [ "${SELINUXTYPE}" == "%2" ]; then \
+if [ "${SELINUXTYPE}" = "%2" ]; then \
if selinuxenabled; then \
load_policy; \
else \
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2014-09-19 13:56:16
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2014-09-09 18:59:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2014-09-19 15:45:21.0 +0200
@@ -1,0 +2,10 @@
+Thu Sep 18 09:06:09 UTC 2014 - jseg...@suse.com
+
+Redid changes done by vci...@suse.com in SLE12 package
+
+- disable build of MLS policy
+- removed outdated description files
+ * Alan_Rouse-openSUSE_with_SELinux.txt
+ * Alan_Rouse-Policy_Development_Process.txt
+
+---
Old:
Alan_Rouse-Policy_Development_Process.txt
Alan_Rouse-openSUSE_with_SELinux.txt
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.ubmWPB/_old 2014-09-19 15:45:24.0 +0200
+++ /var/tmp/diff_new_pack.ubmWPB/_new 2014-09-19 15:45:24.0 +0200
@@ -31,6 +31,9 @@
%if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1}
%define BUILD_MINIMUM 1
%endif
+%if 0%{suse_version} == 1315
+%define BUILD_MLS 0
+%endif
%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
%define BUILD_MLS 1
%endif
@@ -85,10 +88,6 @@
Source40: selinux-policy.sysconfig
Source41: selinux-policy-rpmlintrc
-# the following two files are more like a packaging documentation
-Source50: Alan_Rouse-openSUSE_with_SELinux.txt
-Source51: Alan_Rouse-Policy_Development_Process.txt
-
Url:http://oss.tresys.com/repos/refpolicy/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2014-09-09 18:59:13
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2014-09-06 12:18:34.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2014-09-09 18:59:15.0 +0200
@@ -1,0 +2,21 @@
+Mon Sep 8 09:08:19 UTC 2014 - jseg...@suse.com
+
+- removed remove_duplicate_filetrans_pattern_rules.patch
+
+---
+Fri Sep 5 11:22:02 UTC 2014 - jseg...@suse.com
+
+- Updated policy to include everything up until 20140730 (refpolicy and
+ fedora rawhide improvements). Rebased all patches that are still
+ necessary
+- Removed permissivedomains.pp. Doesn't work with the new policy
+- modified spec file so that all modifications for distro=redhat and
+ distro=suse will be used.
+- added selinux-policy-rpmlintrc to suppress some warnings that aren't
+ valid for this package
+- added suse_minimal_cc.patch to create a suse specific module to prevent
+ errors while using the minimum policy. Will rework them in the proper
+ places once the minimum policy is reworked to really only confine a
+ minimal set of domains.
+
+---
Old:
permissivedomains.pp
remove_duplicate_filetrans_pattern_rules.patch
serefpolicy-3.12.1.tgz
serefpolicy-contrib-3.12.1.tgz
New:
selinux-policy-rpmlintrc
serefpolicy-20140730.tgz
serefpolicy-contrib-20140730.tgz
suse_minimal_cc.patch
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.BgfG6U/_old 2014-09-09 18:59:18.0 +0200
+++ /var/tmp/diff_new_pack.BgfG6U/_new 2014-09-09 18:59:18.0 +0200
@@ -35,13 +35,13 @@
%define BUILD_MLS 1
%endif
%define POLICYVER 29
-%define POLICYCOREUTILSVER 2.1.14
-%define CHECKPOLICYVER 2.2
+%define POLICYCOREUTILSVER 2.3
+%define CHECKPOLICYVER 2.3
Summary:SELinux policy configuration
License:GPL-2.0+
Group: System/Management
Name: selinux-policy
-Version:3.12.1
+Version:20140730
Release:20%{?dist}
Source: serefpolicy-%{version}.tgz
Patch: policy-rawhide-base.patch
@@ -56,7 +56,7 @@
Patch16:useradd-netlink_selinux_socket.patch
Patch17:systemd-tmpfiles.patch
Patch18:label_var_run_rsyslog.patch
-Patch19:remove_duplicate_filetrans_pattern_rules.patch
+Patch19:suse_minimal_cc.patch
Source1:modules-targeted-base.conf
Source31: modules-targeted-contrib.conf
@@ -80,10 +80,10 @@
Source25: users-minimum
Source26: file_contexts.subs_dist
Source27: selinux-policy.conf
-Source28: permissivedomains.pp
Source29: serefpolicy-contrib-%{version}.tgz
Source30: booleans.subs_dist
Source40: selinux-policy.sysconfig
+Source41: selinux-policy-rpmlintrc
# the following two files are more like a packaging documentation
Source50: Alan_Rouse-openSUSE_with_SELinux.txt
@@ -102,6 +102,7 @@
BuildRequires: policycoreutils-python >= %{POLICYCOREUTILSVER}
BuildRequires: python
BuildRequires: python-xml
+BuildRequires: selinux-policy-devel
# we need selinuxenabled
Requires(post): selinux-tools
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@@ -247,6 +248,7 @@
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/removable_context \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/userhelper_context \
+%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/systemd_contexts \
%dir %{_sysconfdir}/selinux/%1/contexts/files \
%verify(not md5 size mtime)
%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
%verify(not md5 size mtime)
%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
@@ -257,11 +259,7 @@
%{_sysconfdir}/selinux/%1/booleans.subs_dist \
%config %{_sysconfdir}/selinux/%1/contexts/files/media \
%dir %{_sysconfdir}/selinux/%1/contexts/users \
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
+%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/*
%define relabel() \
. %{_sysconfd
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2014-09-06 12:18:24
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2013-12-19 12:37:22.0 +0100
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2014-09-06 12:18:34.0 +0200
@@ -1,0 +2,16 @@
+Tue Sep 2 13:31:58 UTC 2014 - vci...@suse.com
+
+- removed source files which were not used
+ * modules-minimum.conf, modules-mls.conf, modules-targeted.conf,
+permissivedomains.fc, permissivedomains.if, permissivedomains.te,
+seusers, seusers-mls, seusers-targeted, users_extra-mls,
+users_extra-targeted
+
+---
+Mon Jun 2 12:08:40 UTC 2014 - vci...@suse.com
+
+- remove duplicate filetrans_pattern rules
+ * fixes build with libsepol-2.3
+ * added remove_duplicate_filetrans_pattern_rules.patch
+
+---
Old:
modules-minimum.conf
modules-mls.conf
modules-targeted.conf
permissivedomains.fc
permissivedomains.if
permissivedomains.te
seusers
seusers-mls
seusers-targeted
users_extra-mls
users_extra-targeted
New:
remove_duplicate_filetrans_pattern_rules.patch
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.9n22Cw/_old 2014-09-06 12:18:36.0 +0200
+++ /var/tmp/diff_new_pack.9n22Cw/_new 2014-09-06 12:18:36.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package selinux-policy
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -56,6 +56,7 @@
Patch16:useradd-netlink_selinux_socket.patch
Patch17:systemd-tmpfiles.patch
Patch18:label_var_run_rsyslog.patch
+Patch19:remove_duplicate_filetrans_pattern_rules.patch
Source1:modules-targeted-base.conf
Source31: modules-targeted-contrib.conf
@@ -346,6 +347,7 @@
%setup -n serefpolicy-contrib-%{version} -q -b 29
%patch1 -p1
%patch11 -p1
+%patch19 -p1
contrib_path=`pwd`
%setup -n serefpolicy-%{version} -q
cp COPYING ..
++ remove_duplicate_filetrans_pattern_rules.patch ++
diff --git a/gnome.te b/gnome.te
index c6ff2a1..ac4ec2a 100644
--- a/gnome.te
+++ b/gnome.te
@@ -226,7 +226,6 @@ allow gkeyringd_domain gconf_home_t:dir create_dir_perms;
filetrans_pattern(gkeyringd_domain, gconf_home_t, data_home_t, dir, "share")
filetrans_pattern(gkeyringd_domain, gnome_home_t, gkeyringd_gnome_home_t, dir,
"keyrings")
filetrans_pattern(gkeyringd_domain, data_home_t, gkeyringd_gnome_home_t, dir,
"keyrings")
-filetrans_pattern(gkeyringd_domain, gnome_home_t, data_home_t, dir, "keyrings")
manage_dirs_pattern(gkeyringd_domain, gkeyringd_tmp_t, gkeyringd_tmp_t)
manage_sock_files_pattern(gkeyringd_domain, gkeyringd_tmp_t, gkeyringd_tmp_t)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2013-12-19 12:36:53
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2013-08-12 15:52:21.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2013-12-19 12:37:22.0 +0100
@@ -1,0 +2,20 @@
+Mon Dec 9 13:57:18 UTC 2013 - vci...@suse.com
+
+- enable build of mls and targeted policies
+- fixes to the minimum policy:
+- label /var/run/rsyslog correctly
+ * label_var_run_rsyslog.patch
+- allow systemd-tmpfiles to create devices
+ * systemd-tmpfiles.patch
+- add rules for sysconfig
+ * correctly label /dev/.sysconfig/network
+ * added sysconfig_network_scripts.patch
+- run restorecon and fixfiles only if if selinux is enabled
+- fix console login
+ * allow-local_login_t-read-shadow.patch
+- allow rsyslog to write to xconsole
+ * xconsole.patch
+- useradd needs to call selinux_check_access (via pam_rootok)
+ * useradd-netlink_selinux_socket.patch
+
+---
New:
allow-local_login_t-read-shadow.patch
label_var_run_rsyslog.patch
sysconfig_network_scripts.patch
systemd-tmpfiles.patch
useradd-netlink_selinux_socket.patch
xconsole.patch
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.5fqKUk/_old 2013-12-19 12:37:23.0 +0100
+++ /var/tmp/diff_new_pack.5fqKUk/_new 2013-12-19 12:37:23.0 +0100
@@ -23,20 +23,20 @@
%define polyinstatiate n
%define monolithic n
%if %{?BUILD_DOC:0}%{!?BUILD_DOC:1}
-%define BUILD_DOC 0
+%define BUILD_DOC 1
%endif
%if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
%define BUILD_TARGETED 1
%endif
%if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1}
-%define BUILD_MINIMUM 0
+%define BUILD_MINIMUM 1
%endif
%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
%define BUILD_MLS 1
%endif
%define POLICYVER 29
%define POLICYCOREUTILSVER 2.1.14
-%define CHECKPOLICYVER 2.1.12
+%define CHECKPOLICYVER 2.2
Summary:SELinux policy configuration
License:GPL-2.0+
Group: System/Management
@@ -50,6 +50,12 @@
Patch10:type_transition_file_class.patch
Patch11:type_transition_contrib.patch
Patch12:label_sysconfig.selinux-policy.patch
+Patch13:sysconfig_network_scripts.patch
+Patch14:allow-local_login_t-read-shadow.patch
+Patch15:xconsole.patch
+Patch16:useradd-netlink_selinux_socket.patch
+Patch17:systemd-tmpfiles.patch
+Patch18:label_var_run_rsyslog.patch
Source1:modules-targeted-base.conf
Source31: modules-targeted-contrib.conf
@@ -111,12 +117,9 @@
%defattr(-,root,root,-)
%doc COPYING
%dir %{_usr}/share/selinux
-#%dir %{_usr}/share/selinux/packages
%dir %{_sysconfdir}/selinux
%ghost %config(noreplace) %{_sysconfdir}/selinux/config
-%dir %{_localstatedir}/adm/fillup-templates
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
-#%ghost %{_sysconfdir}/sysconfig/selinux
%{_usr}/lib/tmpfiles.d/selinux-policy.conf
%package devel
@@ -132,13 +135,10 @@
%files devel
%defattr(-,root,root,-)
-#%{_mandir}/man*/*
%{_mandir}/ru/*/*
%dir %{_usr}/share/selinux/devel
%dir %{_usr}/share/selinux/devel/include
%{_usr}/share/selinux/devel/include/*
-#%dir %{_usr}/share/selinux/devel/html
-#%{_usr}/share/selinux/devel/html/*html
%{_usr}/share/selinux/devel/Makefile
%{_usr}/share/selinux/devel/example.*
@@ -148,15 +148,6 @@
Requires(pre): selinux-policy = %{version}-%{release}
Requires: /usr/bin/xdg-open
-%description doc
-SELinux policy documentation package
-
-%files doc
-%defattr(-,root,root,-)
-%doc %{_usr}/share/doc/%{name}-%{version}
-%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
-%{_usr}/share/selinux/devel/policy.*
-
%define makeCmds() \
make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3
MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 bare \
make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3
MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 conf \
@@ -206,7 +197,8 @@
/usr/sbin/semodule -s %1 -n -B -p %{buildroot}; \
/usr/bin/sha512sum
%{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f
1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policy.sha512; \
rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \
-rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern
+rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern \
commit selinux-policy for openSUSE:Factory
Hello community,
here is the log from the commit of package selinux-policy for openSUSE:Factory
checked in at 2013-08-12 15:52:20
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
and /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
Package is "selinux-policy"
Changes:
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes
2013-07-12 20:57:51.0 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes
2013-08-12 15:52:21.0 +0200
@@ -1,0 +2,6 @@
+Mon Aug 12 02:08:15 CEST 2013 - r...@suse.de
+
+- fix build on factory: newer rpm does not allow to mark
+ non-directories as dir anymore (like symlinks in this case)
+
+---
Other differences:
--
++ selinux-policy.spec ++
--- /var/tmp/diff_new_pack.SOwgjx/_old 2013-08-12 15:52:22.0 +0200
+++ /var/tmp/diff_new_pack.SOwgjx/_new 2013-08-12 15:52:22.0 +0200
@@ -115,7 +115,7 @@
%dir %{_sysconfdir}/selinux
%ghost %config(noreplace) %{_sysconfdir}/selinux/config
%dir %{_localstatedir}/adm/fillup-templates
-%dir %{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
+%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
#%ghost %{_sysconfdir}/sysconfig/selinux
%{_usr}/lib/tmpfiles.d/selinux-policy.conf
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
