From 7645ad081d5463d3ee36463fb7eaa3eeef756a35513c9f622533c7690666ac37 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Thu, 21 Sep 2023 10:14:15 +0000 Subject: [PATCH] Accepting request 1112609 from home:malikirri:branches:systemsmanagement:cockpit - Port SLE selinux bug fix from SLE Micro 5.5 * Copied selinux_libdir.patch from SLEM package OBS-URL: https://build.opensuse.org/request/show/1112609 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=147 --- cockpit.changes | 6 ++++++ cockpit.spec | 2 ++ selinux_libdir.patch | 28 ++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 selinux_libdir.patch diff --git a/cockpit.changes b/cockpit.changes index 8ce6877..d0712ac 100644 --- a/cockpit.changes +++ b/cockpit.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Sep 20 16:17:59 UTC 2023 - Miika Alikirri + +- Port SLE selinux bug fix from SLE Micro 5.5 + * Copied selinux_libdir.patch from SLEM package + ------------------------------------------------------------------- Fri Sep 8 12:53:26 UTC 2023 - Adam Majer - 300.1 diff --git a/cockpit.spec b/cockpit.spec index 8a9895e..c4e938d 100644 --- a/cockpit.spec +++ b/cockpit.spec @@ -70,6 +70,7 @@ Patch101: hide-pcp.patch Patch102: 0002-selinux-temporary-remove-setroubleshoot-section.patch # For anything based on SLES 15 codebase (including Leap, SLE Micro) Patch103: 0004-leap-gnu18-removal.patch +Patch104: selinux_libdir.patch %if 0%{?fedora} >= 38 || 0%{?rhel} >= 9 %define cockpit_enable_python 1 @@ -244,6 +245,7 @@ BuildRequires: python3-tox-current-env # For anything based on SLES 15 codebase (including Leap, SLEM) %if 0%{?suse_version} == 1500 %patch103 -p1 +%patch104 -p0 %endif cp %SOURCE1 tools/cockpit.pam diff --git a/selinux_libdir.patch b/selinux_libdir.patch new file mode 100644 index 0000000..426a11c --- /dev/null +++ b/selinux_libdir.patch @@ -0,0 +1,28 @@ +--- selinux_bak/cockpit.fc 2023-09-11 15:16:38.603758530 +0200 ++++ selinux/cockpit.fc 2023-09-12 09:03:09.539025240 +0200 +@@ -2,11 +2,25 @@ + /etc/systemd/system/cockpit.* -- gen_context(system_u:object_r:cockpit_unit_file_t,s0) + + /usr/libexec/cockpit-ws -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0) ++/usr/lib/cockpit-ws -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0) + /usr/libexec/cockpit-tls -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0) ++/usr/lib/cockpit-tls -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0) + /usr/libexec/cockpit-wsinstance-factory -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0) ++/usr/lib/cockpit-wsinstance-factory -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0) ++ ++# missing libexec transition on SLE Micro ++/usr/bin/cockpit-bridge -- gen_context(system_u:object_r:bin_t,s0) ++/usr/lib/cockpit-askpass -- gen_context(system_u:object_r:bin_t,s0) ++/usr/lib/cockpit-certificate-ensure -- gen_context(system_u:object_r:bin_t,s0) ++/usr/lib/cockpit-certificate-helper -- gen_context(system_u:object_r:bin_t,s0) ++/usr/lib/cockpit-client -- gen_context(system_u:object_r:bin_t,s0) ++/usr/lib/cockpit-desktop -- gen_context(system_u:object_r:bin_t,s0) ++/usr/lib/cockpit-pcp -- gen_context(system_u:object_r:bin_t,s0) + + /usr/libexec/cockpit-session -- gen_context(system_u:object_r:cockpit_session_exec_t,s0) ++/usr/lib/cockpit-session -- gen_context(system_u:object_r:cockpit_session_exec_t,s0) + /usr/libexec/cockpit-ssh -- gen_context(system_u:object_r:cockpit_session_exec_t,s0) ++/usr/lib/cockpit-ssh -- gen_context(system_u:object_r:cockpit_session_exec_t,s0) + + /usr/share/cockpit/motd/update-motd -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0) +