SLFO-pool/swtpm
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main swtpm revision 63d6a98bf8ce5f196cf9db634d69d22a

Browse Source
This commit is contained in:
Adrian Schröter 2024-09-20 16:11:31 +02:00
parent 9736bcc92f
commit 9073ae6b79
3 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
1229131-fix-swtpm-selinux-policy-mismatch.patch Normal file
View File

@ -0,0 +1,20 @@
Index: swtpm-0.9.0/src/selinux/swtpm.te
===================================================================
--- swtpm-0.9.0.orig/src/selinux/swtpm.te
+++ swtpm-0.9.0/src/selinux/swtpm.te
@@ -8,6 +8,7 @@ policy_module(swtpm, 1.0.0)
require {
type qemu_var_run_t;
type var_log_t;
+ type virt_log_t;
type virt_var_lib_t;
type virtqemud_t;
type virtqemud_tmp_t;
@@ -29,6 +30,7 @@ allow swtpm_t qemu_var_run_t:file { crea
allow swtpm_t qemu_var_run_t:dir { add_name remove_name write };
allow swtpm_t qemu_var_run_t:sock_file { create setattr unlink };
allow swtpm_t var_log_t:file open;
+allow swtpm_t virt_log_t:file open;
allow swtpm_t virt_var_lib_t:dir { add_name remove_name write };
allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write };
allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr };

11
swtpm.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Thu Sep 19 10:55:54 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Fix swtpm custom module (bsc#1229131)
- Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
- this can be removed once swtpm upstream sorts out their custom selinux module.
see: https://github.com/stefanberger/swtpm/issues/885
there were a couple changes in the selinux-policy libvirt handling
which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 1 07:23:27 UTC 2024 - Richard Rahl <rrahl0@opensuse.org> Thu Aug 1 07:23:27 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>

10
swtpm.spec
View File

@ -39,6 +39,14 @@ URL: https://github.com/stefanberger/swtpm
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source100: swtpm-rpmlintrc Source100: swtpm-rpmlintrc
Patch0: swtpm-fix-build.patch Patch0: swtpm-fix-build.patch
# 19-09-24 cahu bsc#1229131
# this can be removed once swtpm upstream sorts out their custom selinux module
# see: https://github.com/stefanberger/swtpm/issues/885
# there were a couple changes in the selinux-policy libvirt handling
# which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
# virt_log_t instead of var_log_t.
# this patch allows swtpm_t to open the virt_log_t
Patch1: 1229131-fix-swtpm-selinux-policy-mismatch.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: expect BuildRequires: expect
@ -100,7 +108,7 @@ This package provides the SELinux module for the Software TPM emulator.
%endif %endif
%prep %prep
%autosetup %autosetup -p1
%build %build
mkdir m4 mkdir m4