Accepting request 1199629 from security:SELinux

- Update to version 20240905:
  * Allow coreos-installer-generator manage mdadm_conf_t files
  * Allow setsebool_t relabel selinux data files
  * Allow virtqemud relabelfrom virtqemud_var_run_t dirs
  * Use better escape method for "interface"
  * Allow init and systemd-logind to inherit fds from sshd
  * Allow systemd-ssh-generator read sysctl files
  * Sync modules.conf with Fedora targeted modules
  * Allow virtqemud relabel user tmp files and socket files
  * Add missing sys_chroot capability to groupadd policy
  * Label /run/libvirt/qemu/channel with virtqemud_var_run_t
  * Allow virtqemud relabelfrom also for file and sock_file
  * Add virt_create_log() and virt_write_log() interfaces
  - Sync modules-targeted-contrib.conf with Fedora targeted modules.conf

OBS-URL: https://build.opensuse.org/request/show/1199629
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=78

_servicedata

@@ -1,7 +1,7 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param name="changesrevision">0140d0b27b86fd51342e156ed4750c27fd7a7e12</param></service><service name="tar_scm">
+              <param name="changesrevision">48af429a1e0c001269e8f1e0cf4f677e74cfce46</param></service><service name="tar_scm">
                 <param name="url">https://github.com/containers/container-selinux.git</param>
               <param name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service><service name="tar_scm">
                 <param name="url">https://gitlab.suse.de/jsegitz/selinux-policy.git</param>

modules-targeted-contrib.conf

@@ -40,13 +40,6 @@ aiccu = module
 # 
 aide = module
  
-# Layer: services
-# Module: ajaxterm
-#
-# Web Based Terminal
-# 
-ajaxterm = module
-
 # Layer: admin
 # Module: alsa
 #
@@ -117,13 +110,6 @@ arpwatch = module
 # 
 asterisk = module
 
-# Layer: contrib
-# Module: authconfig
-#
-# Authorization configuration tool
-# 
-authconfig = module
-
 # Layer: services
 # Module: automount
 #
@@ -208,13 +194,6 @@ brctl = module
 # 
 bugzilla = module
 
-# Layer: services
-# Module: bumblebee
-#
-# Support NVIDIA Optimus technology under Linux
-#
-bumblebee = module
-
 # Layer: services
 # Module: cachefilesd
 #
@@ -531,13 +510,6 @@ dhcp = module
 # 
 dictd = module
 
-# Layer: services
-# Module: dirsrv-admin
-#
-#  An 309 directory admin server
-# 
-dirsrv-admin = module
-
 # Layer: services
 # Module: dirsrv
 #
@@ -1049,13 +1021,6 @@ memcached = module
 # 
 milter = module
 
-# Layer: services
-# Module: mip6d
-#
-# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation
-#
-mip6d = module
-
 # Layer: services
 # Module: mock
 #
@@ -1367,13 +1332,6 @@ pegasus = module
 # 
 pingd = module
 
-# Layer: services
-# Module: piranha
-#
-# piranha - various tools to administer and configure the Linux Virtual Server
-#
-piranha = module
-
 # Layer: contrib
 # Module: pkcs
 #  
@@ -1780,13 +1738,6 @@ sensord =  module
 # 
 setroubleshoot = module
 
-# Layer: services
-# Module: sge
-# 
-#  policy for grindengine MPI jobs
-#
-sge = module
-
 # Layer: admin
 # Module: shorewall
 #
@@ -2115,13 +2066,6 @@ vhostmd = module
 # 
 virt = module
 
-# Layer: services
-# Module: virt_supplementary
-#
-# non-libvirt virtualization libraries
-#
-virt_supplementary = module
-
 # Layer: apps
 # Module: vhostmd
 #
@@ -2262,13 +2206,6 @@ mandb = module
 #
 pki = module
 
-# Layer: services
-# Module: smsd
-#
-# policy for smsd
-#
-smsd = module
-
 # Layer: contrib
 # Module: pesign
 #
@@ -2381,13 +2318,6 @@ minissdpd = module
 #
 freeipmi = module
 
-# Layer: contrib
-# Module: mirrormanager
-# 
-# mirrormanager policy
-#
-mirrormanager = module
-
 # Layer: contrib
 # Module: snapper 
 # 
@@ -2446,21 +2376,6 @@ mongodb = module
 
 iotop = module
 
-# Layer: contrib
-# Module: kmscon
-#
-# kmscon policy
-#
-
-kmscon = module
-
-# Layer: contrib
-# Module: naemon
-#
-# naemon policy
-#
-naemon = module
-
 # Layer: contrib
 # Module: brltty
 #
@@ -2496,13 +2411,6 @@ cinder = module
 #
 linuxptp = module
 
-# Layer: contrib
-# Module: rolekit
-#
-# rolekit policy
-#
-rolekit = module
-
 # Layer: contrib
 # Module: targetd
 #
@@ -2524,13 +2432,6 @@ hsqldb = module
 #
 blkmapd = module
 
-# Layer: contrib
-# Module: pkcs11proxyd
-#
-# pkcs11proxyd policy
-#
-pkcs11proxyd = module
-
 # Layer: contrib
 # Module: ipmievd
 #
@@ -2559,13 +2460,6 @@ fwupd = module
 #
 lttng-tools = module
 
-# Layer: contrib
-# Module: rkt
-#
-# CLI for running app containers
-#
-rkt = module
-
 # Layer: contrib
 # Module: opendnssec
 #
@@ -2636,13 +2530,6 @@ boltd = module
 #
 kpatch = module
 
-# Layer: contrib
-# Module: timedatex
-#
-# timedatex
-#
-timedatex = module
-
 # Layer: contrib
 # Module: rrdcached
 #
@@ -2671,6 +2558,13 @@ ica = module
 #
 fedoratp = module
 
+# Layer: contrib
+# Module: insights_client
+#
+# insights_client
+#
+insights_client = module
+
 # Layer: contrib
 # Module: stalld
 #
@@ -2692,10 +2586,24 @@ rhcd = module
 #
 wireguard = module
 
+# Layer: contrib
+# Module: mptcpd
+#
+# mptcpd
+#
+mptcpd = module
+
+# Layer: contrib
+# Module: rshim
+#
+# rshim
+#
+rshim = module
+
 # Layer: contrib
 # Module: keyutils
 #
-#  keyutils - Linux Key Management Utilities
+# keyutils
 #
 keyutils = module
 
@@ -2741,12 +2649,12 @@ fdo = module
 #
 qatlib = module
 
-# Layer: contrib
+# Layer: services
-# Module: afterburn
+# Module: virt_supplementary
 #
-# afterburn
+# non-libvirt virtualization libraries
 #
-afterburn = module
+virt_supplementary = module
 
 # Layer: contrib
 # Module: nvme_stas
@@ -2762,6 +2670,13 @@ nvme_stas = module
 #
 coreos_installer = module
 
+# Layer: contrib
+# Module: afterburn
+#
+# afterburn
+#
+afterburn = module
+
 ## Layer: contrib
 ## Module: libalternatives
 ##

selinux-policy-20240903.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9e71cf5778a240e5d9a2943dfe3b8fbed66cb2784cad237eb973c05e8d14fa0b
-size 774348

selinux-policy-20240905.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35937b0e06b34b49166c909cb9ab9bf8c6a19bc45c51b005f7274cb02bb4f0b0
+size 774260

selinux-policy.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Thu Sep 05 14:12:24 UTC 2024 - filippo.bonazzi@suse.com
+
+- Update to version 20240905:
+  * Allow coreos-installer-generator manage mdadm_conf_t files
+  * Allow setsebool_t relabel selinux data files
+  * Allow virtqemud relabelfrom virtqemud_var_run_t dirs
+  * Use better escape method for "interface"
+  * Allow init and systemd-logind to inherit fds from sshd
+  * Allow systemd-ssh-generator read sysctl files
+  * Sync modules.conf with Fedora targeted modules
+  * Allow virtqemud relabel user tmp files and socket files
+  * Add missing sys_chroot capability to groupadd policy
+  * Label /run/libvirt/qemu/channel with virtqemud_var_run_t
+  * Allow virtqemud relabelfrom also for file and sock_file
+  * Add virt_create_log() and virt_write_log() interfaces
+
+  - Sync modules-targeted-contrib.conf with Fedora targeted modules.conf
+
 -------------------------------------------------------------------
 Wed Sep  4 13:07:52 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
 

selinux-policy.spec

@@ -36,7 +36,7 @@ Summary:        SELinux policy configuration
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20240903
+Version:        20240905
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc