From 23c83e5de52d31990737a5aed54ceac03262f358cd783062cc6b30ac45385145 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 2 Sep 2021 09:14:04 +0000 Subject: [PATCH] Accepting request 915716 from home:jsegitz:branches:security:SELinux - Modified fix_systemd.patch to allow systemd gpt generator access to udev files (bsc#1189280) OBS-URL: https://build.opensuse.org/request/show/915716 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=119 --- fix_systemd.patch | 19 ++++++++++++++----- selinux-policy.changes | 6 ++++++ 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/fix_systemd.patch b/fix_systemd.patch index 02f834e..bdab982 100644 --- a/fix_systemd.patch +++ b/fix_systemd.patch @@ -1,8 +1,8 @@ -Index: fedora-policy-20210628/policy/modules/system/systemd.te +Index: fedora-policy-20210716/policy/modules/system/systemd.te =================================================================== ---- fedora-policy-20210628.orig/policy/modules/system/systemd.te -+++ fedora-policy-20210628/policy/modules/system/systemd.te -@@ -347,6 +347,10 @@ userdom_manage_user_tmp_chr_files(system +--- fedora-policy-20210716.orig/policy/modules/system/systemd.te ++++ fedora-policy-20210716/policy/modules/system/systemd.te +@@ -352,6 +352,10 @@ userdom_manage_user_tmp_chr_files(system xserver_dbus_chat(systemd_logind_t) optional_policy(` @@ -13,7 +13,7 @@ Index: fedora-policy-20210628/policy/modules/system/systemd.te apache_read_tmp_files(systemd_logind_t) ') -@@ -854,6 +858,10 @@ optional_policy(` +@@ -859,6 +863,10 @@ optional_policy(` udev_read_pid_files(systemd_hostnamed_t) ') @@ -24,3 +24,12 @@ Index: fedora-policy-20210628/policy/modules/system/systemd.te ####################################### # # rfkill policy +@@ -1097,6 +1105,8 @@ systemd_unit_file_filetrans(systemd_gpt_ + systemd_create_unit_file_dirs(systemd_gpt_generator_t) + systemd_create_unit_file_lnk(systemd_gpt_generator_t) + ++udev_read_pid_files(systemd_gpt_generator_t) ++ + ####################################### + # + # systemd_resolved domain diff --git a/selinux-policy.changes b/selinux-policy.changes index 40d5a02..7f72bd1 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Sep 2 08:45:24 UTC 2021 - Johannes Segitz + +- Modified fix_systemd.patch to allow systemd gpt generator access to + udev files (bsc#1189280) + ------------------------------------------------------------------- Fri Aug 27 13:07:54 UTC 2021 - Ales Kedroutek