diff --git a/1229131-fix-swtpm-selinux-policy-mismatch.patch b/1229131-fix-swtpm-selinux-policy-mismatch.patch new file mode 100644 index 0000000..81698c0 --- /dev/null +++ b/1229131-fix-swtpm-selinux-policy-mismatch.patch @@ -0,0 +1,20 @@ +Index: swtpm-0.9.0/src/selinux/swtpm.te +=================================================================== +--- swtpm-0.9.0.orig/src/selinux/swtpm.te ++++ swtpm-0.9.0/src/selinux/swtpm.te +@@ -8,6 +8,7 @@ policy_module(swtpm, 1.0.0) + require { + type qemu_var_run_t; + type var_log_t; ++ type virt_log_t; + type virt_var_lib_t; + type virtqemud_t; + type virtqemud_tmp_t; +@@ -29,6 +30,7 @@ allow swtpm_t qemu_var_run_t:file { crea + allow swtpm_t qemu_var_run_t:dir { add_name remove_name write }; + allow swtpm_t qemu_var_run_t:sock_file { create setattr unlink }; + allow swtpm_t var_log_t:file open; ++allow swtpm_t virt_log_t:file open; + allow swtpm_t virt_var_lib_t:dir { add_name remove_name write }; + allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write }; + allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr }; diff --git a/swtpm.changes b/swtpm.changes index 8c48bb7..1474887 100644 --- a/swtpm.changes +++ b/swtpm.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu Sep 19 10:55:54 UTC 2024 - Cathy Hu + +- Fix swtpm custom module (bsc#1229131) + - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch + - this can be removed once swtpm upstream sorts out their custom selinux module. + see: https://github.com/stefanberger/swtpm/issues/885 + there were a couple changes in the selinux-policy libvirt handling + which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled + virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t + ------------------------------------------------------------------- Thu Aug 1 07:23:27 UTC 2024 - Richard Rahl diff --git a/swtpm.spec b/swtpm.spec index 2020917..86ab28b 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -39,6 +39,14 @@ URL: https://github.com/stefanberger/swtpm Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source100: swtpm-rpmlintrc Patch0: swtpm-fix-build.patch +# 19-09-24 cahu bsc#1229131 +# this can be removed once swtpm upstream sorts out their custom selinux module +# see: https://github.com/stefanberger/swtpm/issues/885 +# there were a couple changes in the selinux-policy libvirt handling +# which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled +# virt_log_t instead of var_log_t. +# this patch allows swtpm_t to open the virt_log_t +Patch1: 1229131-fix-swtpm-selinux-policy-mismatch.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: expect @@ -100,7 +108,7 @@ This package provides the SELinux module for the Software TPM emulator. %endif %prep -%autosetup +%autosetup -p1 %build mkdir m4