cockpit/0001-selinux-allow-login-to-read-motd-file.patch

commit fc0e3304732a9aaff1487833342d5fc8ea26ce04
Author: Ludwig Nussel <ludwig.nussel@suse.de>
Date:   Fri Aug 6 15:11:23 2021 +0200

    selinux: allow login to read motd file

diff --git a/selinux/cockpit.te b/selinux/cockpit.te
index 73242aaa1..72db3c1dc 100644
--- a/selinux/cockpit.te
+++ b/selinux/cockpit.te
@@ -181,3 +181,11 @@ optional_policy(`
 optional_policy(`
 	unconfined_domtrans(cockpit_session_t)
 ')
+
+# login may read motd file through pam
+optional_policy(`
+    gen_require(`
+        type local_login_t;
+    ')
+    cockpit_read_pid_files(local_login_t)
+')
- new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=82 2022-01-28 15:57:18 +01:00			`commit fc0e3304732a9aaff1487833342d5fc8ea26ce04`
			`Author: Ludwig Nussel <ludwig.nussel@suse.de>`
			`Date: Fri Aug 6 15:11:23 2021 +0200`
Accepting request 911217 from home:lnussel:branches:systemsmanagement:cockpit - new version 250 https://cockpit-project.org/blog/cockpit-250.html - fix pam_motd selinux denial (0001-selinux-allow-login-to-read-motd-file.patch) OBS-URL: https://build.opensuse.org/request/show/911217 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=80 2021-08-10 11:08:23 +02:00
- new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=82 2022-01-28 15:57:18 +01:00			`selinux: allow login to read motd file`
Accepting request 911217 from home:lnussel:branches:systemsmanagement:cockpit - new version 250 https://cockpit-project.org/blog/cockpit-250.html - fix pam_motd selinux denial (0001-selinux-allow-login-to-read-motd-file.patch) OBS-URL: https://build.opensuse.org/request/show/911217 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=80 2021-08-10 11:08:23 +02:00
			`diff --git a/selinux/cockpit.te b/selinux/cockpit.te`
- new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=82 2022-01-28 15:57:18 +01:00			`index 73242aaa1..72db3c1dc 100644`
Accepting request 911217 from home:lnussel:branches:systemsmanagement:cockpit - new version 250 https://cockpit-project.org/blog/cockpit-250.html - fix pam_motd selinux denial (0001-selinux-allow-login-to-read-motd-file.patch) OBS-URL: https://build.opensuse.org/request/show/911217 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=80 2021-08-10 11:08:23 +02:00			`--- a/selinux/cockpit.te`
			`+++ b/selinux/cockpit.te`
- new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=82 2022-01-28 15:57:18 +01:00			@@ -181,3 +181,11 @@ optional_policy(`
Accepting request 911217 from home:lnussel:branches:systemsmanagement:cockpit - new version 250 https://cockpit-project.org/blog/cockpit-250.html - fix pam_motd selinux denial (0001-selinux-allow-login-to-read-motd-file.patch) OBS-URL: https://build.opensuse.org/request/show/911217 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=80 2021-08-10 11:08:23 +02:00			optional_policy(`
			`unconfined_domtrans(cockpit_session_t)`
			`')`
			`+`
			`+# login may read motd file through pam`
			+optional_policy(`
			+ gen_require(`
			`+ type local_login_t;`
			`+ ')`
			`+ cockpit_read_pid_files(local_login_t)`
			`+')`