Accepting request 991558 from security:SELinux

OBS-URL: https://build.opensuse.org/request/show/991558 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=29
2022-07-29 14:47:11 +00:00 · 2022-07-29 14:47:11 +00:00 · 954309bfb4
commit 954309bfb4
parent 9a0c018a4e
4 changed files with 42 additions and 6 deletions
--- a/fix_cloudform.patch
+++ b/fix_cloudform.patch
@ -0,0 +1,13 @@
+Index: fedora-policy/policy/modules/contrib/cloudform.te
+===================================================================
+--- cloudform.te	2022-07-18 14:06:56.735383426 +0200
+++ cloudform.te.new	2022-07-18 14:07:36.003069544 +0200
+@@ -81,6 +81,8 @@
+ 
+ init_dbus_chat(cloud_init_t)
+ 
+snapper_dbus_chat(cloud_init_t)
+
+ kernel_read_network_state(cloud_init_t)
+ 
+ corenet_tcp_connect_http_port(cloud_init_t)
--- a/fix_networkmanager.patch
+++ b/fix_networkmanager.patch
@ -1,7 +1,7 @@
-Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.te
+Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.te
 ===================================================================
--- fedora-policy-20220624.orig/policy/modules/contrib/networkmanager.te
-+++ fedora-policy-20220624/policy/modules/contrib/networkmanager.te
+--- fedora-policy-20220714.orig/policy/modules/contrib/networkmanager.te
+++ fedora-policy-20220714/policy/modules/contrib/networkmanager.te
@@ -276,6 +276,9 @@ userdom_read_home_certs(NetworkManager_t
 userdom_read_user_home_content_files(NetworkManager_t)
 userdom_dgram_send(NetworkManager_t)
@ -27,10 +27,19 @@ Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.te
 	bind_domtrans(NetworkManager_t)
 	bind_manage_cache(NetworkManager_t)
 	bind_kill(NetworkManager_t)
-Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.if
+@@ -420,6 +431,8 @@ optional_policy(`
+ 	nscd_kill(NetworkManager_t)
+ 	nscd_initrc_domtrans(NetworkManager_t)
+ 	nscd_systemctl(NetworkManager_t)
+	nscd_socket_use(NetworkManager_dispatcher_tlp_t)
+	nscd_socket_use(NetworkManager_dispatcher_custom_t)
+ ')
+ 
+ optional_policy(`
+Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.if
 ===================================================================
--- fedora-policy-20220624.orig/policy/modules/contrib/networkmanager.if
-+++ fedora-policy-20220624/policy/modules/contrib/networkmanager.if
+--- fedora-policy-20220714.orig/policy/modules/contrib/networkmanager.if
+++ fedora-policy-20220714/policy/modules/contrib/networkmanager.if
@@ -132,6 +132,24 @@ interface(`networkmanager_initrc_domtran
         init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
 ')
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Jul 27 14:00:55 UTC 2022 - Hu <cathy.hu@suse.com>
+
+- fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t 
+  and NetworkManager_dispatcher_custom_t to access nscd socket 
+  (bsc#1201741)
+
+-------------------------------------------------------------------
+Thu Jul 26 10:50:21 UTC 2022 - Zdenek Kubala <zkubala@suse.com>
+
+- Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper 
+  (bnc#201015)
+
 -------------------------------------------------------------------
 Thu Jul 14 08:44:12 UTC 2022 - Johannes Segitz <jsegitz@suse.com>

--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -142,6 +142,7 @@ Patch058:       fix_bitlbee.patch
 Patch059:       systemd_domain_dyntrans_type.patch
 Patch060:       fix_dnsmasq.patch
 Patch061:       fix_userdomain.patch
+Patch062:       fix_cloudform.patch

 Patch100:       sedoctool.patch