pool/selinux-policy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 714653 from home:jsegitz:branches:security:SELinux

Browse Source 
- Update to refpolicy 20190609. New modules for stubby and several
  systemd updates, including initial support for systemd --user
  sessions.
  Refreshed
  * label_var_run_rsyslog.patch
  * suse_modifications_cron.patch
  * suse_modifications_logging.patch
  * suse_modifications_ntp.patch
  * suse_modifications_usermanage.patch
  * suse_modifications_xserver.patch
  * sysconfig_network_scripts.patch

OBS-URL: https://build.opensuse.org/request/show/714653
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=72
This commit is contained in:
Vítězslav Čížek 2019-07-16 12:19:29 +00:00 committed by Git OBS Bridge
parent 177da0b45c
commit deab87434d
11 changed files with 53 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
label_var_run_rsyslog.patch
View File

@ -1,8 +1,8 @@
Index: refpolicy/policy/modules/system/logging.fc
===================================================================
--- refpolicy.orig/policy/modules/system/logging.fc 2018-11-27 11:50:10.755599120 +0100
+++ refpolicy/policy/modules/system/logging.fc 2018-11-27 11:50:32.611949480 +0100
@@ -60,6 +60,7 @@ ifdef(`distro_suse', `
--- refpolicy.orig/policy/modules/system/logging.fc 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/system/logging.fc 2019-07-11 14:31:20.605624453 +0200
@@ -62,6 +62,7 @@ ifdef(`distro_suse', `
/var/log/spooler[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
/var/log/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_run_t,mls_systemhigh)

3
refpolicy-2.20190201.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ed620dc91c4e09eee6271b373f7c61a364a82ea57bd2dc86ca1f7075304e2843
size 552750

3
refpolicy-2.20190609.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:67bd1213e9d014ada15512028bb7f35ef6610c2d209cc5117b8577474aa6147f
size 555882

15
selinux-policy.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Thu Jul 11 12:29:29 UTC 2019 - <jsegitz@suse.com>
- Update to refpolicy 20190609. New modules for stubby and several
systemd updates, including initial support for systemd --user
sessions.
Refreshed
* label_var_run_rsyslog.patch
* suse_modifications_cron.patch
* suse_modifications_logging.patch
* suse_modifications_ntp.patch
* suse_modifications_usermanage.patch
* suse_modifications_xserver.patch
* sysconfig_network_scripts.patch
-------------------------------------------------------------------
Mon Feb 4 07:59:49 UTC 2019 - jsegitz@suse.com

2
selinux-policy.spec
View File

@ -122,7 +122,7 @@ Summary: SELinux policy configuration
License: GPL-2.0-or-later
Group: System/Management
Name: selinux-policy
Version: 20190201
Version: 20190609
Release: 0
Source: https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_%{version}/refpolicy-2.%{version}.tar.bz2

16
suse_modifications_cron.patch
View File

@ -1,8 +1,8 @@
Index: refpolicy/policy/modules/services/cron.fc
===================================================================
--- refpolicy.orig/policy/modules/services/cron.fc 2018-11-27 13:46:40.344580166 +0100
+++ refpolicy/policy/modules/services/cron.fc 2018-11-27 13:47:44.725617173 +0100
@@ -68,7 +68,9 @@ ifdef(`distro_gentoo',`
--- refpolicy.orig/policy/modules/services/cron.fc 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/cron.fc 2019-07-11 14:31:20.905629406 +0200
@@ -69,7 +69,9 @@ ifdef(`distro_gentoo',`
')
ifdef(`distro_suse',`
@ -16,9 +16,9 @@ Index: refpolicy/policy/modules/services/cron.fc
')
Index: refpolicy/policy/modules/services/cron.te
===================================================================
--- refpolicy.orig/policy/modules/services/cron.te 2018-11-27 13:46:21.396274896 +0100
+++ refpolicy/policy/modules/services/cron.te 2018-11-27 13:46:40.344580166 +0100
@@ -761,3 +761,9 @@ tunable_policy(`cron_userdomain_transiti
--- refpolicy.orig/policy/modules/services/cron.te 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/cron.te 2019-07-11 14:31:20.909629472 +0200
@@ -788,3 +788,9 @@ tunable_policy(`cron_userdomain_transiti
optional_policy(`
unconfined_domain(unconfined_cronjob_t)
')
@ -30,8 +30,8 @@ Index: refpolicy/policy/modules/services/cron.te
+')
Index: refpolicy/policy/modules/services/cron.if
===================================================================
--- refpolicy.orig/policy/modules/services/cron.if 2018-11-27 13:46:40.344580166 +0100
+++ refpolicy/policy/modules/services/cron.if 2018-11-27 13:49:17.339129179 +0100
--- refpolicy.orig/policy/modules/services/cron.if 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/cron.if 2019-07-11 14:31:20.909629472 +0200
@@ -139,7 +139,7 @@ interface(`cron_role',`
#
interface(`cron_unconfined_role',`

6
suse_modifications_logging.patch
View File

@ -1,8 +1,8 @@
Index: refpolicy/policy/modules/system/logging.te
===================================================================
--- refpolicy.orig/policy/modules/system/logging.te 2018-07-01 17:02:31.000000000 +0200
+++ refpolicy/policy/modules/system/logging.te 2018-11-27 14:51:58.508861896 +0100
@@ -554,6 +554,9 @@ ifdef(`init_systemd',`
--- refpolicy.orig/policy/modules/system/logging.te 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/system/logging.te 2019-07-11 14:31:20.937629934 +0200
@@ -555,6 +555,9 @@ ifdef(`init_systemd',`
udev_read_pid_files(syslogd_t)
')

6
suse_modifications_ntp.patch
View File

@ -1,8 +1,8 @@
Index: refpolicy/policy/modules/services/ntp.fc
===================================================================
--- refpolicy.orig/policy/modules/services/ntp.fc 2018-11-27 14:54:54.495739330 +0100
+++ refpolicy/policy/modules/services/ntp.fc 2018-11-27 14:55:32.792361276 +0100
@@ -37,3 +37,13 @@
--- refpolicy.orig/policy/modules/services/ntp.fc 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/ntp.fc 2019-07-11 14:31:20.957630264 +0200
@@ -39,3 +39,13 @@
/var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
/var/log/ntpstats(/.*)? gen_context(system_u:object_r:ntpd_log_t,s0)
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)

6
suse_modifications_usermanage.patch
View File

@ -1,7 +1,7 @@
Index: refpolicy/policy/modules/admin/usermanage.te
===================================================================
--- refpolicy.orig/policy/modules/admin/usermanage.te 2019-02-01 21:03:42.000000000 +0100
+++ refpolicy/policy/modules/admin/usermanage.te 2019-02-04 09:51:12.007425927 +0100
--- refpolicy.orig/policy/modules/admin/usermanage.te 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/admin/usermanage.te 2019-07-11 14:31:20.965630396 +0200
@@ -251,6 +251,9 @@ userdom_use_unpriv_users_fds(groupadd_t)
# for when /root is the cwd
userdom_dontaudit_search_user_home_dirs(groupadd_t)
@ -12,7 +12,7 @@ Index: refpolicy/policy/modules/admin/usermanage.te
optional_policy(`
apt_use_fds(groupadd_t)
')
@@ -570,6 +573,9 @@ optional_policy(`
@@ -571,6 +574,9 @@ optional_policy(`
puppet_rw_tmp(useradd_t)
')

12
suse_modifications_xserver.patch
View File

@ -1,8 +1,8 @@
Index: refpolicy/policy/modules/services/xserver.fc
===================================================================
--- refpolicy.orig/policy/modules/services/xserver.fc 2018-06-25 01:11:14.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.fc 2018-11-27 15:03:58.228581598 +0100
@@ -76,6 +76,9 @@ HOME_DIR/\.Xauthority.* -- gen_context(s
--- refpolicy.orig/policy/modules/services/xserver.fc 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.fc 2019-07-11 14:31:20.989630792 +0200
@@ -77,6 +77,9 @@ HOME_DIR/\.Xauthority.* -- gen_context(s
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
@ -14,9 +14,9 @@ Index: refpolicy/policy/modules/services/xserver.fc
/usr/lib/xorg/Xorg\.wrap -- gen_context(system_u:object_r:xserver_exec_t,s0)
Index: refpolicy/policy/modules/services/xserver.te
===================================================================
--- refpolicy.orig/policy/modules/services/xserver.te 2018-07-01 17:02:32.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.te 2018-11-27 15:03:58.228581598 +0100
@@ -893,6 +893,17 @@ corenet_tcp_bind_vnc_port(xserver_t)
--- refpolicy.orig/policy/modules/services/xserver.te 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/services/xserver.te 2019-07-11 14:31:20.989630792 +0200
@@ -912,6 +912,17 @@ corenet_tcp_bind_vnc_port(xserver_t)
init_use_fds(xserver_t)

16
sysconfig_network_scripts.patch
View File

@ -1,7 +1,7 @@
Index: refpolicy/policy/modules/system/sysnetwork.fc
===================================================================
--- refpolicy.orig/policy/modules/system/sysnetwork.fc 2018-11-27 16:09:33.159358187 +0100
+++ refpolicy/policy/modules/system/sysnetwork.fc 2018-11-27 16:09:36.851417892 +0100
--- refpolicy.orig/policy/modules/system/sysnetwork.fc 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/system/sysnetwork.fc 2019-07-11 14:31:20.997630924 +0200
@@ -6,6 +6,15 @@ ifdef(`distro_debian',`
/dev/shm/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
')
@ -18,7 +18,7 @@ Index: refpolicy/policy/modules/system/sysnetwork.fc
#
# /etc
#
@@ -33,6 +42,10 @@ ifdef(`distro_redhat',`
@@ -34,6 +43,10 @@ ifdef(`distro_redhat',`
/etc/sysconfig/network-scripts(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
')
@ -31,8 +31,8 @@ Index: refpolicy/policy/modules/system/sysnetwork.fc
#
Index: refpolicy/policy/modules/system/sysnetwork.te
===================================================================
--- refpolicy.orig/policy/modules/system/sysnetwork.te 2018-11-27 16:09:33.163358252 +0100
+++ refpolicy/policy/modules/system/sysnetwork.te 2018-11-27 16:10:36.920389270 +0100
--- refpolicy.orig/policy/modules/system/sysnetwork.te 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/system/sysnetwork.te 2019-07-11 14:31:21.001630990 +0200
@@ -47,7 +47,8 @@ ifdef(`distro_debian',`
#
# DHCP client local policy
@ -43,7 +43,7 @@ Index: refpolicy/policy/modules/system/sysnetwork.te
dontaudit dhcpc_t self:capability { sys_ptrace sys_tty_config };
# for access("/etc/bashrc", X_OK) on Red Hat
dontaudit dhcpc_t self:capability { dac_read_search sys_module };
@@ -79,6 +80,12 @@ files_pid_filetrans(dhcpc_t, dhcpc_var_r
@@ -80,6 +81,12 @@ files_pid_filetrans(dhcpc_t, dhcpc_var_r
sysnet_manage_config(dhcpc_t)
files_etc_filetrans(dhcpc_t, net_conf_t, file)
@ -58,8 +58,8 @@ Index: refpolicy/policy/modules/system/sysnetwork.te
manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
Index: refpolicy/policy/modules/kernel/devices.fc
===================================================================
--- refpolicy.orig/policy/modules/kernel/devices.fc 2018-11-27 16:09:33.163358252 +0100
+++ refpolicy/policy/modules/kernel/devices.fc 2018-11-27 16:09:36.851417892 +0100
--- refpolicy.orig/policy/modules/kernel/devices.fc 2019-06-09 20:05:20.000000000 +0200
+++ refpolicy/policy/modules/kernel/devices.fc 2019-07-11 14:31:21.001630990 +0200
@@ -2,6 +2,7 @@
/dev -d gen_context(system_u:object_r:device_t,s0)
/dev/.* gen_context(system_u:object_r:device_t,s0)