pool/swtpm
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7468cdf8a6
swtpm/1229131-fix-swtpm-selinux-policy-mismatch.patch

21 lines
845 B
Diff
Raw Normal View History

- Fix swtpm custom module (bsc#1229131) - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch - this can be removed once swtpm upstream sorts out their custom selinux module. see: https://github.com/stefanberger/swtpm/issues/885 there were a couple changes in the selinux-policy libvirt handling which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=46
2024-09-19 16:01:38 +02:00
Index: swtpm-0.9.0/src/selinux/swtpm.te
===================================================================
--- swtpm-0.9.0.orig/src/selinux/swtpm.te
+++ swtpm-0.9.0/src/selinux/swtpm.te
@@ -8,6 +8,7 @@ policy_module(swtpm, 1.0.0)
require {
type qemu_var_run_t;
type var_log_t;
+ type virt_log_t;
type virt_var_lib_t;
type virtqemud_t;
type virtqemud_tmp_t;
@@ -29,6 +30,7 @@ allow swtpm_t qemu_var_run_t:file { crea
allow swtpm_t qemu_var_run_t:dir { add_name remove_name write };
allow swtpm_t qemu_var_run_t:sock_file { create setattr unlink };
allow swtpm_t var_log_t:file open;
+allow swtpm_t virt_log_t:file open;
allow swtpm_t virt_var_lib_t:dir { add_name remove_name write };
allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write };
allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr };
Reference in New Issue Copy Permalink