From e785903b855fd97ef0f0528f45c0bb2ae30e2e0a99a6641fbff2e0aa330b91c1 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 29 Sep 2022 15:51:37 +0000 Subject: [PATCH] Accepting request 1007013 from home:jsegitz:branches:security:SELinux chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status OBS-URL: https://build.opensuse.org/request/show/1007013 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=148 --- fix_networkmanager.patch | 8 ++++++++ selinux-policy.changes | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/fix_networkmanager.patch b/fix_networkmanager.patch index d53de95..3553e85 100644 --- a/fix_networkmanager.patch +++ b/fix_networkmanager.patch @@ -36,6 +36,14 @@ Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.te ') optional_policy(` +@@ -602,6 +615,7 @@ files_manage_etc_files(NetworkManager_di + + init_status(NetworkManager_dispatcher_cloud_t) + init_status(NetworkManager_dispatcher_ddclient_t) ++init_status(NetworkManager_dispatcher_custom_t) + init_append_stream_sockets(networkmanager_dispatcher_plugin) + init_ioctl_stream_sockets(networkmanager_dispatcher_plugin) + init_stream_connect(networkmanager_dispatcher_plugin) Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.if =================================================================== --- fedora-policy-20220714.orig/policy/modules/contrib/networkmanager.if diff --git a/selinux-policy.changes b/selinux-policy.changes index 4c2c0ba..39dc891 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -3,7 +3,8 @@ Thu Sep 29 12:54:15 UTC 2022 - Johannes Segitz - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure - chrony helper script has proper label to be used by NetworkManager + chrony helper script has proper label to be used by NetworkManager. + Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824) -------------------------------------------------------------------