From 954309bfb4173d9c7721109e5ff81be2e8c9a87eb05dba07882e7f605f2f9e2b Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Fri, 29 Jul 2022 14:47:11 +0000 Subject: [PATCH] Accepting request 991558 from security:SELinux OBS-URL: https://build.opensuse.org/request/show/991558 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=29 --- fix_cloudform.patch | 13 +++++++++++++ fix_networkmanager.patch | 21 +++++++++++++++------ selinux-policy.changes | 13 +++++++++++++ selinux-policy.spec | 1 + 4 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 fix_cloudform.patch diff --git a/fix_cloudform.patch b/fix_cloudform.patch new file mode 100644 index 0000000..cac7161 --- /dev/null +++ b/fix_cloudform.patch @@ -0,0 +1,13 @@ +Index: fedora-policy/policy/modules/contrib/cloudform.te +=================================================================== +--- cloudform.te 2022-07-18 14:06:56.735383426 +0200 ++++ cloudform.te.new 2022-07-18 14:07:36.003069544 +0200 +@@ -81,6 +81,8 @@ + + init_dbus_chat(cloud_init_t) + ++snapper_dbus_chat(cloud_init_t) ++ + kernel_read_network_state(cloud_init_t) + + corenet_tcp_connect_http_port(cloud_init_t) diff --git a/fix_networkmanager.patch b/fix_networkmanager.patch index 1a58fe3..1db6e5c 100644 --- a/fix_networkmanager.patch +++ b/fix_networkmanager.patch @@ -1,7 +1,7 @@ -Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.te +Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.te =================================================================== ---- fedora-policy-20220624.orig/policy/modules/contrib/networkmanager.te -+++ fedora-policy-20220624/policy/modules/contrib/networkmanager.te +--- fedora-policy-20220714.orig/policy/modules/contrib/networkmanager.te ++++ fedora-policy-20220714/policy/modules/contrib/networkmanager.te @@ -276,6 +276,9 @@ userdom_read_home_certs(NetworkManager_t userdom_read_user_home_content_files(NetworkManager_t) userdom_dgram_send(NetworkManager_t) @@ -27,10 +27,19 @@ Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.te bind_domtrans(NetworkManager_t) bind_manage_cache(NetworkManager_t) bind_kill(NetworkManager_t) -Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.if +@@ -420,6 +431,8 @@ optional_policy(` + nscd_kill(NetworkManager_t) + nscd_initrc_domtrans(NetworkManager_t) + nscd_systemctl(NetworkManager_t) ++ nscd_socket_use(NetworkManager_dispatcher_tlp_t) ++ nscd_socket_use(NetworkManager_dispatcher_custom_t) + ') + + optional_policy(` +Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.if =================================================================== ---- fedora-policy-20220624.orig/policy/modules/contrib/networkmanager.if -+++ fedora-policy-20220624/policy/modules/contrib/networkmanager.if +--- fedora-policy-20220714.orig/policy/modules/contrib/networkmanager.if ++++ fedora-policy-20220714/policy/modules/contrib/networkmanager.if @@ -132,6 +132,24 @@ interface(`networkmanager_initrc_domtran init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t) ') diff --git a/selinux-policy.changes b/selinux-policy.changes index f3789d1..df20c31 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Jul 27 14:00:55 UTC 2022 - Hu + +- fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t + and NetworkManager_dispatcher_custom_t to access nscd socket + (bsc#1201741) + +------------------------------------------------------------------- +Thu Jul 26 10:50:21 UTC 2022 - Zdenek Kubala + +- Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper + (bnc#201015) + ------------------------------------------------------------------- Thu Jul 14 08:44:12 UTC 2022 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index de1a77b..6837667 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -142,6 +142,7 @@ Patch058: fix_bitlbee.patch Patch059: systemd_domain_dyntrans_type.patch Patch060: fix_dnsmasq.patch Patch061: fix_userdomain.patch +Patch062: fix_cloudform.patch Patch100: sedoctool.patch