From a8b7954413b1518e3e59c413a79f28d6f2d06d81755ace4abf8f46ec3fd7eeb6 Mon Sep 17 00:00:00 2001 From: Hu Date: Wed, 6 Mar 2024 10:50:11 +0000 Subject: [PATCH 1/4] Accepting request 1154878 from home:cahu:branches:security:SELinux - Update to version 20240304: * Allow ssh-keygen to use the libica crypto module (bsc#1220373) OBS-URL: https://build.opensuse.org/request/show/1154878 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=210 --- _servicedata | 2 +- selinux-policy-20240205.tar.xz | 3 --- selinux-policy-20240304.tar.xz | 3 +++ selinux-policy.changes | 6 ++++++ selinux-policy.spec | 2 +- 5 files changed, 11 insertions(+), 5 deletions(-) delete mode 100644 selinux-policy-20240205.tar.xz create mode 100644 selinux-policy-20240304.tar.xz diff --git a/_servicedata b/_servicedata index b95dbdd..820089c 100644 --- a/_servicedata +++ b/_servicedata @@ -1,7 +1,7 @@ https://gitlab.suse.de/selinux/selinux-policy.git - e17843ad685ede6b0ba9a2571bf3199e56408f83 + d57bce03b6438ce83cff950e29feee874ac3de39 https://github.com/containers/container-selinux.git 07b3034f6d9625ab84508a2f46515d8ff79b4204 https://gitlab.suse.de/jsegitz/selinux-policy.git diff --git a/selinux-policy-20240205.tar.xz b/selinux-policy-20240205.tar.xz deleted file mode 100644 index 815d239..0000000 --- a/selinux-policy-20240205.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4352abee42d51bd6d340b155e0363c101fed4cce8fa6b8799aa6786e570fd3d5 -size 794716 diff --git a/selinux-policy-20240304.tar.xz b/selinux-policy-20240304.tar.xz new file mode 100644 index 0000000..3d42408 --- /dev/null +++ b/selinux-policy-20240304.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:58003675f056c59579f355ef83487bfd5245ce251aff0a26d8e16aaf046db60e +size 766752 diff --git a/selinux-policy.changes b/selinux-policy.changes index ae75860..836d38b 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Mar 04 16:19:28 UTC 2024 - cathy.hu@suse.com + +- Update to version 20240304: + * Allow ssh-keygen to use the libica crypto module (bsc#1220373) + ------------------------------------------------------------------- Mon Feb 05 15:48:02 UTC 2024 - cathy.hu@suse.com diff --git a/selinux-policy.spec b/selinux-policy.spec index b1f5deb..2b37ce9 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -33,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20240205 +Version: 20240304 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: container.fc From 00cf593a94e134ffb35df9fab228ea8cc859d891f176d357c33b276ad7c57f80 Mon Sep 17 00:00:00 2001 From: Hu Date: Thu, 7 Mar 2024 09:31:38 +0000 Subject: [PATCH 2/4] Accepting request 1155628 from home:cahu:branches:security:SELinux - Update to version 20240306: * Replace init domtrans rule for confined users to allow exec init * Update dbus_role_template() to allow user service status * Allow polkit status all systemd services * Allow setroubleshootd create and use inherited io_uring * Allow load_policy read and write generic ptys OBS-URL: https://build.opensuse.org/request/show/1155628 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=211 --- _servicedata | 2 +- selinux-policy-20240304.tar.xz | 3 --- selinux-policy-20240306.tar.xz | 3 +++ selinux-policy.changes | 10 ++++++++++ selinux-policy.spec | 2 +- 5 files changed, 15 insertions(+), 5 deletions(-) delete mode 100644 selinux-policy-20240304.tar.xz create mode 100644 selinux-policy-20240306.tar.xz diff --git a/_servicedata b/_servicedata index 820089c..c610ab7 100644 --- a/_servicedata +++ b/_servicedata @@ -1,7 +1,7 @@ https://gitlab.suse.de/selinux/selinux-policy.git - d57bce03b6438ce83cff950e29feee874ac3de39 + fc6571e7a0aaee52e87c32836d51bf9ee3c21e9f https://github.com/containers/container-selinux.git 07b3034f6d9625ab84508a2f46515d8ff79b4204 https://gitlab.suse.de/jsegitz/selinux-policy.git diff --git a/selinux-policy-20240304.tar.xz b/selinux-policy-20240304.tar.xz deleted file mode 100644 index 3d42408..0000000 --- a/selinux-policy-20240304.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:58003675f056c59579f355ef83487bfd5245ce251aff0a26d8e16aaf046db60e -size 766752 diff --git a/selinux-policy-20240306.tar.xz b/selinux-policy-20240306.tar.xz new file mode 100644 index 0000000..ae2ce79 --- /dev/null +++ b/selinux-policy-20240306.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af0dc14e850efe743fa46d99aadf060cd0fd5ddcb0f1d84ae55a520ff9b1d59a +size 766840 diff --git a/selinux-policy.changes b/selinux-policy.changes index 836d38b..f13789d 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Mar 06 15:41:20 UTC 2024 - cathy.hu@suse.com + +- Update to version 20240306: + * Replace init domtrans rule for confined users to allow exec init + * Update dbus_role_template() to allow user service status + * Allow polkit status all systemd services + * Allow setroubleshootd create and use inherited io_uring + * Allow load_policy read and write generic ptys + ------------------------------------------------------------------- Mon Mar 04 16:19:28 UTC 2024 - cathy.hu@suse.com diff --git a/selinux-policy.spec b/selinux-policy.spec index 2b37ce9..af16280 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -33,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20240304 +Version: 20240306 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: container.fc From 12c8b54f47086a8d9b70b8dd3b45b7291fb6eb944bc10bee23ffe57fe7b66c87 Mon Sep 17 00:00:00 2001 From: Hu Date: Fri, 8 Mar 2024 09:17:10 +0000 Subject: [PATCH 3/4] Accepting request 1156292 from home:cahu:branches:security:SELinux - Update to version 20240308: * Support /bin/alts in the policy (bsc#1217530) * Revert "Allow virtnetworkd_t to execute bin_t (bsc#1216903)" OBS-URL: https://build.opensuse.org/request/show/1156292 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=212 --- _servicedata | 2 +- modules-targeted-contrib.conf | 7 +++++++ selinux-policy-20240306.tar.xz | 3 --- selinux-policy-20240308.tar.xz | 3 +++ selinux-policy.changes | 7 +++++++ selinux-policy.spec | 2 +- 6 files changed, 19 insertions(+), 5 deletions(-) delete mode 100644 selinux-policy-20240306.tar.xz create mode 100644 selinux-policy-20240308.tar.xz diff --git a/_servicedata b/_servicedata index c610ab7..bdb45c7 100644 --- a/_servicedata +++ b/_servicedata @@ -1,7 +1,7 @@ https://gitlab.suse.de/selinux/selinux-policy.git - fc6571e7a0aaee52e87c32836d51bf9ee3c21e9f + 40720d5f295f1c473fec312f85fe9c056700ecb6 https://github.com/containers/container-selinux.git 07b3034f6d9625ab84508a2f46515d8ff79b4204 https://gitlab.suse.de/jsegitz/selinux-policy.git diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf index 8b9db04..a5c495c 100644 --- a/modules-targeted-contrib.conf +++ b/modules-targeted-contrib.conf @@ -2761,3 +2761,10 @@ nvme_stas = module # coreos_installer # coreos_installer = module + +## Layer: contrib +## Module: libalternatives +## +## libalternatives +## +libalternatives = module diff --git a/selinux-policy-20240306.tar.xz b/selinux-policy-20240306.tar.xz deleted file mode 100644 index ae2ce79..0000000 --- a/selinux-policy-20240306.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:af0dc14e850efe743fa46d99aadf060cd0fd5ddcb0f1d84ae55a520ff9b1d59a -size 766840 diff --git a/selinux-policy-20240308.tar.xz b/selinux-policy-20240308.tar.xz new file mode 100644 index 0000000..ed4922d --- /dev/null +++ b/selinux-policy-20240308.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:05abd3ff91e571ef29004bd0dc406e1457d34bb7160889bfcb050c87e543a03a +size 767032 diff --git a/selinux-policy.changes b/selinux-policy.changes index f13789d..a247576 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Mar 08 09:05:08 UTC 2024 - cathy.hu@suse.com + +- Update to version 20240308: + * Support /bin/alts in the policy (bsc#1217530) + * Revert "Allow virtnetworkd_t to execute bin_t (bsc#1216903)" + ------------------------------------------------------------------- Wed Mar 06 15:41:20 UTC 2024 - cathy.hu@suse.com diff --git a/selinux-policy.spec b/selinux-policy.spec index af16280..bdbfb18 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -33,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20240306 +Version: 20240308 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: container.fc From 46446abef73c912ae1c0035cc7c959d0e908d9d38238bb19a0610a24eab1cf7c Mon Sep 17 00:00:00 2001 From: Hu Date: Wed, 13 Mar 2024 11:09:43 +0000 Subject: [PATCH 4/4] Accepting request 1157597 from home:cahu:branches:security:SELinux - Update to version 20240313: * Assign alts_exec_t to files_type OBS-URL: https://build.opensuse.org/request/show/1157597 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=213 --- _servicedata | 2 +- selinux-policy-20240308.tar.xz | 3 --- selinux-policy-20240313.tar.xz | 3 +++ selinux-policy.changes | 6 ++++++ selinux-policy.spec | 2 +- 5 files changed, 11 insertions(+), 5 deletions(-) delete mode 100644 selinux-policy-20240308.tar.xz create mode 100644 selinux-policy-20240313.tar.xz diff --git a/_servicedata b/_servicedata index bdb45c7..f0e8c4c 100644 --- a/_servicedata +++ b/_servicedata @@ -1,7 +1,7 @@ https://gitlab.suse.de/selinux/selinux-policy.git - 40720d5f295f1c473fec312f85fe9c056700ecb6 + 45f14b8b76e738bbd167b44362388814a95c498e https://github.com/containers/container-selinux.git 07b3034f6d9625ab84508a2f46515d8ff79b4204 https://gitlab.suse.de/jsegitz/selinux-policy.git diff --git a/selinux-policy-20240308.tar.xz b/selinux-policy-20240308.tar.xz deleted file mode 100644 index ed4922d..0000000 --- a/selinux-policy-20240308.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:05abd3ff91e571ef29004bd0dc406e1457d34bb7160889bfcb050c87e543a03a -size 767032 diff --git a/selinux-policy-20240313.tar.xz b/selinux-policy-20240313.tar.xz new file mode 100644 index 0000000..364ea0d --- /dev/null +++ b/selinux-policy-20240313.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1802736a244af3491e2ae68f65e96a01e7276a396f0889b6ce264c8a098984e8 +size 767076 diff --git a/selinux-policy.changes b/selinux-policy.changes index a247576..d020999 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 13 11:02:43 UTC 2024 - cathy.hu@suse.com + +- Update to version 20240313: + * Assign alts_exec_t to files_type + ------------------------------------------------------------------- Fri Mar 08 09:05:08 UTC 2024 - cathy.hu@suse.com diff --git a/selinux-policy.spec b/selinux-policy.spec index bdbfb18..2431312 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -33,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20240308 +Version: 20240313 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: container.fc