pool/selinux-policy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
99 Commits 1 Branch 0 Tags 6.1 MiB
d97aac754e
Commit Graph

74 Commits

Author SHA256 Message Date
Johannes Segitz
d97aac754e OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=182 2023-04-20 11:18:16 +00:00
Johannes Segitz
572a533f73 Accepting request 1080814 from home:jsegitz:branches:security:SELinux 
- Update to version 20230420:
  * libzypp creates temporary files in /var/adm/mount. Label it with
    rpm_var_cache_t to prevent wrong labels in /var/cache/zypp
  * only use rsync_exec_t for the rsync server, not for the client
    (bsc#1209890)
  * properly label sshd-gen-keys-start to ensure ssh host keys have proper
    labels after creation
  * Allow dovecot-deliver write to the main process runtime fifo files
  * Allow dmidecode write to cloud-init tmp files
  * Allow chronyd send a message to cloud-init over a datagram socket
  * Allow cloud-init domain transition to insights-client domain
  * Allow mongodb read filesystem sysctls
  * Allow mongodb read network sysctls
  * Allow accounts-daemon read generic systemd unit lnk files
  * Allow blueman watch generic device dirs
  * Allow nm-dispatcher tlp plugin create tlp dirs
  * Allow systemd-coredump mounton /usr
  * Allow rabbitmq to read network sysctls
  * Allow certmonger dbus chat with the cron system domain
  * Allow geoclue read network sysctls
  * Allow geoclue watch the /etc directory
  * Allow logwatch_mail_t read network sysctls
  * allow systemd_resolved_t to bind to all nodes (bsc#1200182)
  * Allow insights-client read all sysctls
  * Allow passt manage qemu pid sock files
  * Allow sssd read accountsd fifo files
  * Add support for the passt_t domain
  * Allow virtd_t and svirt_t work with passt
  * Add new interfaces in the virt module
  * Add passt interfaces defined conditionally

OBS-URL: https://build.opensuse.org/request/show/1080814
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=181
 2023-04-20 11:04:43 +00:00
Johannes Segitz
4bd800106f Accepting request 1073586 from home:jsegitz:branches:security:SELinux 
- Update to version 20230321:
  * make kernel_t unconfined again

OBS-URL: https://build.opensuse.org/request/show/1073586
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=178
 2023-03-21 15:56:46 +00:00
Johannes Segitz
0f3ba0a5f9 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=177 2023-03-17 11:20:02 +00:00
Johannes Segitz
a019d5e5d8 process easier in general. Updated README.Update 
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=176
 2023-03-17 11:19:42 +00:00
Johannes Segitz
00949e479d Accepting request 1072556 from home:jsegitz:branches:security:SELinux_final 
OBS-URL: https://build.opensuse.org/request/show/1072556
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=175
 2023-03-17 10:46:53 +00:00
Johannes Segitz
5e0b3ff876 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=174 2023-02-24 10:32:16 +00:00
Johannes Segitz
330c32dde1 Accepting request 1065970 from home:cahu:branches:security:SELinux 
- Complete packaging rework: Move policy to git repository and
  only use tar_scm obs service to refresh from there: 
  https://gitlab.suse.de/selinux/selinux-policy
  Please use `osc service manualrun` to update this OBS package to the 
  newest git version.
  * Added README.Update describing how to update this package
  * Added _service file that pulls from selinux-policy and 
    upstream container-selinux and tars them
  * Adapted selinux-policy.spec to build selinux-policy with
    container-selinux
  * Removed update.sh as no longer needed
  * Removed suse specific modules as they are now covered by git commits
    * packagekit.te packagekit.if packagekit.fc
    * rebootmgr.te rebootmgr.if rebootmgr.fc
    * rtorrent.te rtorrent.if rtorrent.fc
    * wicked.te wicked.if wicked.fc
  * Removed *.patch as they are now covered by git commits:
    * distro_suse_to_distro_redhat.patch
    * dontaudit_interface_kmod_tmpfs.patch
    * fix_accountsd.patch
    * fix_alsa.patch
    * fix_apache.patch
    * fix_auditd.patch
    * fix_authlogin.patch
    * fix_automount.patch
    * fix_bitlbee.patch
    * fix_chronyd.patch
    * fix_cloudform.patch
    * fix_colord.patch
    * fix_corecommand.patch
    * fix_cron.patch
    * fix_dbus.patch
    * fix_djbdns.patch
    * fix_dnsmasq.patch
    * fix_dovecot.patch
    * fix_entropyd.patch
    * fix_firewalld.patch
    * fix_fwupd.patch
    * fix_geoclue.patch
    * fix_hypervkvp.patch
    * fix_init.patch
    * fix_ipsec.patch
    * fix_iptables.patch
    * fix_irqbalance.patch
    * fix_java.patch
    * fix_kernel.patch
    * fix_kernel_sysctl.patch
    * fix_libraries.patch
    * fix_locallogin.patch
    * fix_logging.patch
    * fix_logrotate.patch
    * fix_mcelog.patch
    * fix_miscfiles.patch
    * fix_nagios.patch
    * fix_networkmanager.patch
    * fix_nis.patch
    * fix_nscd.patch
    * fix_ntp.patch
    * fix_openvpn.patch
    * fix_postfix.patch
    * fix_rpm.patch
    * fix_rtkit.patch
    * fix_screen.patch
    * fix_selinuxutil.patch
    * fix_sendmail.patch
    * fix_smartmon.patch
    * fix_snapper.patch
    * fix_sslh.patch
    * fix_sysnetwork.patch
    * fix_systemd.patch
    * fix_systemd_watch.patch
    * fix_thunderbird.patch
    * fix_unconfined.patch
    * fix_unconfineduser.patch
    * fix_unprivuser.patch
    * fix_userdomain.patch
    * fix_usermanage.patch
    * fix_wine.patch
    * fix_xserver.patch
    * sedoctool.patch
    * systemd_domain_dyntrans_type.patch

OBS-URL: https://build.opensuse.org/request/show/1065970
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=173
 2023-02-16 07:31:19 +00:00
Johannes Segitz
2c0c138859 Accepting request 1063441 from home:jsegitz:branches:security:SELinux 
- Update to version 20230206. Refreshed:
  * fix_entropyd.patch
  * fix_networkmanager.patch
  * fix_systemd_watch.patch
  * fix_unconfineduser.patch
- Updated fix_kernel.patch to allow kernel_t access to xdm state. This is
  necessary as plymouth doesn't run in it's own domain in early boot

OBS-URL: https://build.opensuse.org/request/show/1063441
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=172
 2023-02-06 15:32:26 +00:00
Johannes Segitz
c4556003bf Accepting request 1061575 from home:jsegitz:branches:security:SELinux 
- Update to version 20230125. Refreshed:
  * distro_suse_to_distro_redhat.patch
  * fix_dnsmasq.patch
  * fix_init.patch
  * fix_ipsec.patch
  * fix_kernel_sysctl.patch
  * fix_logging.patch
  * fix_rpm.patch
  * fix_selinuxutil.patch
  * fix_systemd_watch.patch
  * fix_userdomain.patch
- More flexible lib(exec) matching in fix_fwupd.patch
- Removed sys_admin for systemd_gpt_generator_t in fix_systemd.patch
- Dropped fix_container.patch, is now upstream
- Added fix_entropyd.patch
  * Added new interface entropyd_semaphore_filetrans to properly transfer
    semaphore created during early boot. That doesn't work yet, so work
    around with next item
  * Allow reading tempfs files
- Added fix_kernel.patch. Added modutils_execute_kmod_tmpfs_files interace
  to allow kmod_tmpfs_t files to be executed. Necessary for firewalld
- Added fix_rtkit.patch to fix labeling of binary
- Modified fix_ntp.patch:
  * Proper labeling for start-ntpd
  * Fixed label rules for chroot path
  * Temporarily allow dac_override for ntpd_t (bsc#1207577)
  * Add interface ntp_manage_pid_files to allow management of pid
    files
- Updated fix_networkmanager.patch to allow managing ntp pid files

OBS-URL: https://build.opensuse.org/request/show/1061575
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=171
 2023-01-27 14:51:33 +00:00
Johannes Segitz
8beb2b3f3b Accepting request 1057912 from home:jsegitz:branches:security:SELinux 
- Add fix_container.patch to allow privileged containers to use
  timedatectl (bsc#1207054)

OBS-URL: https://build.opensuse.org/request/show/1057912
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=168
 2023-01-12 07:15:59 +00:00
Johannes Segitz
411b89e9ec Accepting request 1043182 from home:cahu:branches:security:SELinux 
- Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan
  (bnc#1206445)

OBS-URL: https://build.opensuse.org/request/show/1043182
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=166
 2022-12-16 07:55:17 +00:00
Johannes Segitz
48d925e070 Accepting request 1042948 from home:jsegitz:branches:security:SELinux 
- Add fix_sendmail.patch 
  * fix context of custom sendmail startup helper
  * fix context of /var/run/sendmail and add necessary rules to manage
    content in there

OBS-URL: https://build.opensuse.org/request/show/1042948
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=163
 2022-12-14 15:43:48 +00:00
Johannes Segitz
b66c2b8ce6 Accepting request 1035580 from home:jsegitz:branches:security:SELinux 
- Update to version 20221019. Refreshed:
  * distro_suse_to_distro_redhat.patch
  * fix_apache.patch
  * fix_chronyd.patch
  * fix_cron.patch
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_rpm.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch
  * fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
  for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
  queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus

OBS-URL: https://build.opensuse.org/request/show/1035580
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=155
 2022-11-14 08:27:42 +00:00
OBS User buildservice-autocommit
124e8026e4 Updating link to change in openSUSE:Factory/selinux-policy revision 35 
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=74bbc58f85e33fdb068953a18504e591
 2022-10-24 09:13:01 +00:00
Johannes Segitz
71b9302857 Accepting request 1030151 from home:jsegitz:branches:security:SELinux 
- Update to version 20221019. Refreshed:
  * distro_suse_to_distro_redhat.patch
  * fix_apache.patch
  * fix_chronyd.patch
  * fix_cron.patch
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_rpm.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch
  * fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
  for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
  queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus

OBS-URL: https://build.opensuse.org/request/show/1030151
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=153
 2022-10-20 12:00:31 +00:00
Johannes Segitz
46df3a4a90 Accepting request 1007183 from home:jsegitz:branches:security:SELinux 
- Updated quilt couldn't unpack tarball. This will cause ongoing issues
  so drop the sed statement in the %prep section and add 
  distro_suse_to_distro_redhat.patch to add the necessary changes
  via a patch

OBS-URL: https://build.opensuse.org/request/show/1007183
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=150
 2022-09-30 08:11:19 +00:00
Johannes Segitz
f2882ce2e3 Accepting request 999336 from home:kukuk:branches:security:SELinux 
- Move SUSE directory from manual page section to html docu

OBS-URL: https://build.opensuse.org/request/show/999336
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=144
 2022-09-02 07:11:53 +00:00
Johannes Segitz
bb74e8e79e Accepting request 991528 from home:djz88:branches:security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/991528
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=140
 2022-07-28 13:16:02 +00:00
Johannes Segitz
c45601e60c Accepting request 989142 from home:jsegitz:branches:security:SELinux 
- Update to version 20220714. Refreshed:
  * fix_init.patch
  * fix_systemd_watch.patch

OBS-URL: https://build.opensuse.org/request/show/989142
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=137
 2022-07-14 11:30:19 +00:00
Johannes Segitz
80bdcc2619 Accepting request 988924 from home:jsegitz:branches:security:SELinux 
- Update fix_systemd.patch to add sys_admin systemd_gpt_generator_t
  (bsc#1200911)

- postfix: Label PID files and some helpers correctly (bsc#1197242)

- Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984)

OBS-URL: https://build.opensuse.org/request/show/988924
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=134
 2022-07-13 08:15:29 +00:00
Johannes Segitz
a7283c99d6 Accepting request 984855 from home:jsegitz:branches:security:SELinux 
- Update to version 20220624. Refreshed:
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_logging.patch
  * fix_networkmanager.patch
  * fix_unprivuser.patch
  Dropped fix_hadoop.patch, not necessary anymore
* Updated fix_locallogin.patch to allow accesses for nss-systemd 
  (bsc#1199630)

OBS-URL: https://build.opensuse.org/request/show/984855
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=132
 2022-06-24 09:40:15 +00:00
Johannes Segitz
11a4df6bd1 Accepting request 978296 from home:jsegitz:branches:security:SELinux 
- Update to version 20220520 to pass stricter 3.4 toolchain checks

OBS-URL: https://build.opensuse.org/request/show/978296
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=130
 2022-05-20 14:53:12 +00:00
Johannes Segitz
0ae8014c7e Accepting request 978251 from home:jsegitz:branches:security:SELinux_3.3 
- Update to version 20220428. Refreshed:
  * fix_apache.patch
  * fix_hadoop.patch
  * fix_init.patch
  * fix_iptables.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unprivuser.patch
  * fix_usermanage.patch
  * fix_wine.patch

OBS-URL: https://build.opensuse.org/request/show/978251
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=129
 2022-05-20 09:46:20 +00:00
Johannes Segitz
c6e85fecc6 Accepting request 978218 from home:jsegitz:branches:security:SELinux_3.3 
- Add fix_dnsmasq.patch to fix problems with virtualization on Microos
  (bsc#1199518)

- Modified fix_init.patch to allow init to setup contrained environment
  for accountsservice. This needs a better, more general solution
  (bsc#1197610)

- Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition.
  This happens in certain boot conditions (bsc#1182500)
- Changed fix_unconfineduser.patch to not transition into ldconfig_t
  from unconfined_t (bsc#1197169)

OBS-URL: https://build.opensuse.org/request/show/978218
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=128
 2022-05-20 07:36:43 +00:00
Johannes Segitz
d6ac89f53f Accepting request 955626 from home:kwk:branches:security:SELinux 
- use %license tag for COPYING file

OBS-URL: https://build.opensuse.org/request/show/955626
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=127
 2022-02-17 13:51:31 +00:00
Johannes Segitz
863e94abf1 Accepting request 953118 from home:fbonazzi:branches:security:SELinux 
- Fix bitlbee runtime directory (bsc#1193230)
  * add fix_bitlbee.patch

OBS-URL: https://build.opensuse.org/request/show/953118
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=125
 2022-02-10 10:24:00 +00:00
Johannes Segitz
321f539d0b Accepting request 948331 from home:jsegitz:branches:security:SELinux 
- Update to version 20220124. Refreshed:
  * fix_hadoop.patch
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
- Added fix_hypervkvp.patch to fix issues with hyperv labeling 
  (bsc#1193987)

OBS-URL: https://build.opensuse.org/request/show/948331
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=124
 2022-01-24 08:43:41 +00:00
Johannes Segitz
445c681f20 Accepting request 947457 from home:jsegitz:branches:security:SELinux 
- Allow colord to use systemd hardenings (bsc#1194631)

OBS-URL: https://build.opensuse.org/request/show/947457
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=123
 2022-01-19 15:57:54 +00:00
Johannes Segitz
3e76bf7c4f Accepting request 930934 from home:jsegitz:branches:security:SELinux 
- Update to version 20211111. Refreshed:
  * fix_dbus.patch
  * fix_systemd.patch
  * fix_authlogin.patch
  * fix_auditd.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_chronyd.patch
  * fix_unconfineduser.patch
  * fix_unconfined.patch
  * fix_firewalld.patch
  * fix_init.patch
  * fix_xserver.patch
  * fix_logging.patch
  * fix_hadoop.patch

OBS-URL: https://build.opensuse.org/request/show/930934
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=122
 2021-11-11 16:01:20 +00:00
Johannes Segitz
a54d31d04f Accepting request 927719 from home:msmeissn:branches:security:SELinux 
- fix_wine.patch: give Wine .dll same context as .so (bsc#1191976)

OBS-URL: https://build.opensuse.org/request/show/927719
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=121
 2021-10-28 08:41:11 +00:00
Johannes Segitz
569b406914 Accepting request 922219 from home:ematsumiya:branches:security:SELinux 
- Fix auditd service start with systemd hardening directives (boo#1190918)
  * add fix_auditd.patch

OBS-URL: https://build.opensuse.org/request/show/922219
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=120
 2021-09-30 06:48:59 +00:00
Johannes Segitz
87ac70638e Accepting request 914043 from home:akedroutek:branches:security:SELinux 
- Added policy module for rebootmgr (jsc#SMO-28)

OBS-URL: https://build.opensuse.org/request/show/914043
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=116
 2021-08-24 14:50:15 +00:00
Ales Kedroutek
e9e2930221 Accepting request 912846 from home:lnussel:usrmove 
- Allow systemd-sysctl to read kernel specific sysctl.conf
  (fix_kernel_sysctl.patch, boo#1184804)

OBS-URL: https://build.opensuse.org/request/show/912846
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=115
 2021-08-18 10:42:18 +00:00
Johannes Segitz
fdc38c861f Accepting request 911222 from home:lnussel:branches:security:SELinux 
- Fix quoting in postInstall macro

OBS-URL: https://build.opensuse.org/request/show/911222
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=114
 2021-08-11 12:31:49 +00:00
Johannes Segitz
72477b3ac5 Accepting request 909369 from home:jsegitz:branches:security:SELinux 
- Update to version 20210716
- Remove interfaces for container module before building the package
  (bsc#1188184)
- Updated
  * fix_init.patch
  * fix_systemd_watch.patch
  to adapt to upstream changes

- Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing
  here

- Update to version 20210419
- Dropped fix_gift.patch, module was removed
- Updated wicked.te to removed dropped interface
- Refreshed:
  * fix_cockpit.patch
  * fix_hadoop.patch
  * fix_init.patch
  * fix_logging.patch
  * fix_logrotate.patch
  * fix_networkmanager.patch
  * fix_nscd.patch
  * fix_rpm.patch
  * fix_selinuxutil.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_thunderbird.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch

OBS-URL: https://build.opensuse.org/request/show/909369
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=113
 2021-07-30 09:07:13 +00:00
Johannes Segitz
0b03ae6097 Accepting request 904546 from home:aplanas:branches:security:SELinux 
- Add tabrmd SELinux modules from upstream (bsc#1187925)
  https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux
- Automatic spec-cleaner to fix ordering and misaligned spaces

OBS-URL: https://build.opensuse.org/request/show/904546
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=112
 2021-07-08 09:30:22 +00:00
Johannes Segitz
b8952f6e0d Accepting request 894639 from home:lnussel:branches:systemsmanagement:cockpit 
- allow systemd to watch /usr, /usr/lib, /etc, /etc/pki as we have path units
  that trigger on changes in those.
- own /usr/share/selinux/packages/$SELINUXTYPE/ and
  /var/lib/selinux/$SELINUXTYPE/active/modules/* to allow packages to install
  files there

OBS-URL: https://build.opensuse.org/request/show/894639
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=108
 2021-05-20 15:02:09 +00:00
Johannes Segitz
d46782358c Accepting request 893763 from home:lnussel:usrmove 
- allow cockpit socket to bind nodes (fix_cockpit.patch)
- use %autosetup to get rid of endless patch lines

OBS-URL: https://build.opensuse.org/request/show/893763
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=107
 2021-05-18 07:46:13 +00:00
Johannes Segitz
3b70ecf210 Accepting request 890549 from home:jsegitz:branches:security:SELinux 
- Updated fix_networkmanager.patch to allow NetworkManager to watch
  its configuration directories
- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)

OBS-URL: https://build.opensuse.org/request/show/890549
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=105
 2021-05-05 07:01:43 +00:00
Johannes Segitz
5a087ac379 Accepting request 888474 from home:jsegitz:branches:security:SELinux 
- Added Recommends for selinux-autorelabel (bsc#1181837)
- Prevent libreoffice fonts from changing types on every relabel 
  (bsc#1185265)

OBS-URL: https://build.opensuse.org/request/show/888474
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=102
 2021-04-26 12:07:40 +00:00
Johannes Segitz
8ca14f4905 Accepting request 886700 from home:jsegitz:branches:security:SELinux 
- Update to version 20210419
- Refreshed:
  * fix_dbus.patch
  * fix_hadoop.patch
  * fix_init.patch
  * fix_unprivuser.patch

OBS-URL: https://build.opensuse.org/request/show/886700
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=99
 2021-04-19 13:39:08 +00:00
Johannes Segitz
21d0a40c65 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=96 2021-03-12 07:59:19 +00:00
Johannes Segitz
8c9c1d2173 Accepting request 874817 from home:kukuk:selinux 
- Update to version 20210223
- Change name of tar file to a more common schema to allow
  parallel installation of several source versions
- Adjust fix_init.patch

OBS-URL: https://build.opensuse.org/request/show/874817
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=94
 2021-02-24 13:12:28 +00:00
Ales Kedroutek
0ebcd6f872 Accepting request 862245 from home:kukuk:selinux 
- Update to version 20210111
  - Drop fix_policykit.patch (integrated upstream)
  - Adjust fix_iptables.patch
  - update container policy

OBS-URL: https://build.opensuse.org/request/show/862245
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=92
 2021-01-11 12:17:10 +00:00
Johannes Segitz
4877d5cafa Accepting request 844783 from home:kukuk:selinux 
- wicked.fc: add libexec directories
- Update to version 20201029
  - update container policy

OBS-URL: https://build.opensuse.org/request/show/844783
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=88
 2020-10-30 08:59:42 +00:00
Johannes Segitz
4477ef8a3c Accepting request 842070 from home:kukuk:selinux 
- Update to version 20201016
- Use python3 to build (fc_sort.c was replaced by fc_sort.py which
  uses python3)
- Drop SELINUX=disabled, "selinux=0" kernel commandline option has
  to be used instead. New default is "permissive" [bsc#1176923].

OBS-URL: https://build.opensuse.org/request/show/842070
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=86
 2020-10-20 12:57:14 +00:00
Johannes Segitz
6fa6803f18 Accepting request 833509 from home:jsegitz:branches:security:SELinux 
- Update to version 20200910. Refreshed
  * fix_authlogin.patch
  * fix_nagios.patch
  * fix_systemd.patch
  * fix_usermanage.patch
- Delete suse_specific.patch, moved content into fix_selinuxutil.patch
- Cleanup of booleans-* presets
  * Enabled
    user_rw_noexattrfile
    unconfined_chrome_sandbox_transition
    unconfined_mozilla_plugin_transition
    for the minimal policy
  * Disabled
    xserver_object_manager
    for the MLS policy
  * Disabled
    openvpn_enable_homedirs
    privoxy_connect_any
    selinuxuser_direct_dri_enabled
    selinuxuser_ping (aka user_ping)
    squid_connect_any
    telepathy_tcp_connect_generic_network_ports
    for the targeted policy
  Change your local config if you need them
- Build HTML version of manpages for the -devel package

OBS-URL: https://build.opensuse.org/request/show/833509
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=83
 2020-09-10 15:07:50 +00:00
Johannes Segitz
7a2750f7a0 Accepting request 831657 from home:jsegitz:branches:security:SELinux 
- Drop BuildRequires for python, python-xml. It's not needed anymore

OBS-URL: https://build.opensuse.org/request/show/831657
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=82
 2020-09-03 11:35:20 +00:00
Johannes Segitz
83bae1c6b9 Accepting request 831126 from home:jsegitz:branches:security:SELinux 
- Drop fix_dbus.patch_orig, was included by accident
- Drop segenxml_interpreter.patch, not used anymore

OBS-URL: https://build.opensuse.org/request/show/831126
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=81
 2020-09-01 13:35:46 +00:00