Accepting request 890549 from home:jsegitz:branches:security:SELinux

- Updated fix_networkmanager.patch to allow NetworkManager to watch its configuration directories - Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207) OBS-URL: https://build.opensuse.org/request/show/890549 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=105
2021-05-05 07:01:43 +00:00 · 2021-05-05 07:01:43 +00:00 · 3b70ecf210
commit 3b70ecf210
parent 81f34f7fca
4 changed files with 40 additions and 9 deletions
--- a/fix_dovecot.patch
+++ b/fix_dovecot.patch
@ -0,0 +1,15 @@
+Index: fedora-policy-20210419/policy/modules/contrib/dovecot.fc
+===================================================================
+--- fedora-policy-20210419.orig/policy/modules/contrib/dovecot.fc
+++ fedora-policy-20210419/policy/modules/contrib/dovecot.fc
+@@ -34,6 +34,10 @@ ifdef(`distro_redhat', `
+ /usr/libexec/dovecot/dovecot-auth --	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+ ')
+ 
+/usr/lib/dovecot/auth 	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+/usr/lib/dovecot/deliver	--	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+/usr/lib/dovecot/dovecot-lda --	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+
+ #
+ # /var
+ #
--- a/fix_networkmanager.patch
+++ b/fix_networkmanager.patch
@ -1,8 +1,16 @@
-Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.te
+Index: fedora-policy-20210419/policy/modules/contrib/networkmanager.te
 ===================================================================
--- fedora-policy-20210309.orig/policy/modules/contrib/networkmanager.te
-+++ fedora-policy-20210309/policy/modules/contrib/networkmanager.te
-@@ -241,6 +241,9 @@ userdom_read_home_certs(NetworkManager_t
+--- fedora-policy-20210419.orig/policy/modules/contrib/networkmanager.te
+++ fedora-policy-20210419/policy/modules/contrib/networkmanager.te
+@@ -97,6 +97,7 @@ read_files_pattern(NetworkManager_t, Net
+ read_lnk_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
+ 
+ list_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+watch_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+ read_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+ read_lnk_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+ 
+@@ -241,6 +242,9 @@ userdom_read_home_certs(NetworkManager_t
 userdom_read_user_home_content_files(NetworkManager_t)
 userdom_dgram_send(NetworkManager_t)
 
@ -12,7 +20,7 @@ Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.te
 tunable_policy(`use_nfs_home_dirs',`
     fs_read_nfs_files(NetworkManager_t)
 ')
-@@ -258,6 +261,14 @@ optional_policy(`
+@@ -258,6 +262,14 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -27,10 +35,10 @@ Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.te
 	bind_domtrans(NetworkManager_t)
 	bind_manage_cache(NetworkManager_t)
 	bind_kill(NetworkManager_t)
-Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.if
+Index: fedora-policy-20210419/policy/modules/contrib/networkmanager.if
 ===================================================================
--- fedora-policy-20210309.orig/policy/modules/contrib/networkmanager.if
-+++ fedora-policy-20210309/policy/modules/contrib/networkmanager.if
+--- fedora-policy-20210419.orig/policy/modules/contrib/networkmanager.if
+++ fedora-policy-20210419/policy/modules/contrib/networkmanager.if
@@ -114,6 +114,24 @@ interface(`networkmanager_initrc_domtran
         init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
 ')
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Apr 27 06:30:08 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Updated fix_networkmanager.patch to allow NetworkManager to watch
+  its configuration directories
+- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)
+
 -------------------------------------------------------------------
 Mon Apr 26 07:16:10 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -121,7 +121,6 @@ Patch039:       fix_cron.patch
 Patch040:       fix_usermanage.patch
 Patch041:       fix_smartmon.patch
 Patch042:       fix_geoclue.patch
-#Patch043:       suse_specific.patch
 Patch044:       fix_authlogin.patch
 Patch045:       fix_screen.patch
 Patch046:       fix_unprivuser.patch
@ -129,6 +128,7 @@ Patch047:       fix_rpm.patch
 Patch048:       fix_apache.patch
 Patch049:       fix_nis.patch
 Patch050:       fix_libraries.patch
+Patch051:       fix_dovecot.patch

 Patch100:       sedoctool.patch

@ -435,6 +435,7 @@ exit 0
 %patch048 -p1
 %patch049 -p1
 %patch050 -p1
+%patch051 -p1

 %patch100 -p1
 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \;