Accepting request 1075435 from home:jsegitz:branches:security:SELinux

- Update to version 2.206.0: * Allow unconfined domains to transition to container_runtime_t * Allow container domains to transition to install_t * Allow avirt_sandbox_domain to manage container_file_t types * Allow containers to watch sysfs_t directories * Allow spc_t to transption to rpm_script_t * Add support to new user_namespace access check * Smaller permission changes for container_init_t - Drop spc.patch, is now included OBS-URL: https://build.opensuse.org/request/show/1075435 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=27
2023-03-30 07:03:23 +00:00 · 2023-03-30 07:03:23 +00:00 · 1d09fb5b55
commit 1d09fb5b55
parent 25cd1634d4
5 changed files with 17 additions and 20 deletions
--- a/container-selinux.changes
+++ b/container-selinux.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Mar 29 13:04:36 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 2.206.0:
+  * Allow unconfined domains to transition to container_runtime_t 
+  * Allow container domains to transition to install_t  
+  * Allow avirt_sandbox_domain to manage container_file_t types 
+  * Allow containers to watch sysfs_t directories 
+  * Allow spc_t to transption to rpm_script_t 
+  * Add support to new user_namespace access check 
+  * Smaller permission changes for container_init_t
+- Drop spc.patch, is now included
+
 -------------------------------------------------------------------
 Mon Jan 16 12:47:34 UTC 2023 - Frederic Crozat <fcrozat@suse.com>

--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -26,14 +26,12 @@
 # Version of SELinux we were using
 %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
 Name:           container-selinux
-Version:        2.198.0
+Version:        2.206.0
 Release:        0
 Summary:        SELinux policies for container runtimes
 License:        GPL-2.0-only
 URL:            https://github.com/containers/container-selinux
 Source0:        https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
-# https://github.com/containers/container-selinux/pull/199, can be dropped after this is included
-Patch0:         spc.patch
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
 Requires:       selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
@ -49,7 +47,6 @@ SELinux policy modules for use with container runtimes.

 %prep
 %setup -q
-%patch0 -p1

 %build
 %make_build
--- a/spc.patch
+++ b/spc.patch
@ -1,13 +0,0 @@
-Index: container-selinux-2.188.0/container.te
-===================================================================
--- container-selinux-2.188.0.orig/container.te
-+++ container-selinux-2.188.0/container.te
-@@ -675,6 +675,8 @@ init_dbus_chat(spc_t)
- optional_policy(`
- 	systemd_dbus_chat_machined(spc_t)
- 	systemd_dbus_chat_logind(spc_t)
-+	systemd_dbus_chat_timedated(spc_t)
-+	systemd_dbus_chat_localed(spc_t)
- ')
- 
- optional_policy(`
--- a/v2.198.0.tar.gz
+++ b/v2.198.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c17a834d33eb4826c935208a7a20e91e194a7409033b92ef1dce579de877900f
-size 28323
--- a/v2.206.0.tar.gz
+++ b/v2.206.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8a79b0150a28ff321113bde70d41bd1d31ef9fb482c2d9b46cc67b7d67cc8393
+size 28400