Accepting request 1112609 from home:malikirri:branches:systemsmanagement:cockpit

- Port SLE selinux bug fix from SLE Micro 5.5 * Copied selinux_libdir.patch from SLEM package OBS-URL: https://build.opensuse.org/request/show/1112609 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=147
2023-09-21 10:14:15 +00:00 · 2023-09-21 10:14:15 +00:00 · 7645ad081d
commit 7645ad081d
parent 4d4ce55c9d
3 changed files with 36 additions and 0 deletions
--- a/cockpit.changes
+++ b/cockpit.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Sep 20 16:17:59 UTC 2023 - Miika Alikirri <miika.alikirri@suse.com>
+
+- Port SLE selinux bug fix from SLE Micro 5.5
+  * Copied selinux_libdir.patch from SLEM package
+
 -------------------------------------------------------------------
 Fri Sep  8 12:53:26 UTC 2023 - Adam Majer <adam.majer@suse.de> - 300.1

--- a/cockpit.spec
+++ b/cockpit.spec
@ -70,6 +70,7 @@ Patch101:       hide-pcp.patch
 Patch102:       0002-selinux-temporary-remove-setroubleshoot-section.patch
 # For anything based on SLES 15 codebase (including Leap, SLE Micro)
 Patch103:       0004-leap-gnu18-removal.patch
+Patch104:       selinux_libdir.patch

 %if 0%{?fedora} >= 38 || 0%{?rhel} >= 9
 %define cockpit_enable_python 1
@ -244,6 +245,7 @@ BuildRequires:  python3-tox-current-env
 # For anything based on SLES 15 codebase (including Leap, SLEM)
 %if 0%{?suse_version} == 1500
 %patch103 -p1
+%patch104 -p0
 %endif

 cp %SOURCE1 tools/cockpit.pam
--- a/selinux_libdir.patch
+++ b/selinux_libdir.patch
@ -0,0 +1,28 @@
+--- selinux_bak/cockpit.fc	2023-09-11 15:16:38.603758530 +0200
+++ selinux/cockpit.fc	2023-09-12 09:03:09.539025240 +0200
+@@ -2,11 +2,25 @@
+ /etc/systemd/system/cockpit.*	--	gen_context(system_u:object_r:cockpit_unit_file_t,s0)
+ 
+ /usr/libexec/cockpit-ws		--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+/usr/lib/cockpit-ws		--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+ /usr/libexec/cockpit-tls	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+/usr/lib/cockpit-tls	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+ /usr/libexec/cockpit-wsinstance-factory	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+/usr/lib/cockpit-wsinstance-factory	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+
+# missing libexec transition on SLE Micro
+/usr/bin/cockpit-bridge			--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/cockpit-askpass		--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/cockpit-certificate-ensure	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/cockpit-certificate-helper	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/cockpit-client			--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/cockpit-desktop		--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/cockpit-pcp			--	gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/libexec/cockpit-session	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+/usr/lib/cockpit-session	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+ /usr/libexec/cockpit-ssh	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+/usr/lib/cockpit-ssh	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+ 
+ /usr/share/cockpit/motd/update-motd    -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+