pool/swtpm
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1202016 from security

Browse Source 
- Fix swtpm custom module (bsc#1229131)
  - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
  - this can be removed once swtpm upstream sorts out their custom selinux module.
    see: https://github.com/stefanberger/swtpm/issues/885
    there were a couple changes in the selinux-policy libvirt handling
    which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
    virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t (forwarded request 1202015 from cahu)

OBS-URL: https://build.opensuse.org/request/show/1202016
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/swtpm?expand=0&rev=20
This commit is contained in:
Ana Guerrero 2024-09-20 15:09:01 +00:00 committed by Git OBS Bridge
commit 9231456bf8
3 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
1229131-fix-swtpm-selinux-policy-mismatch.patch Normal file
View File

@ -0,0 +1,20 @@
Index: swtpm-0.9.0/src/selinux/swtpm.te
===================================================================
--- swtpm-0.9.0.orig/src/selinux/swtpm.te
+++ swtpm-0.9.0/src/selinux/swtpm.te
@@ -8,6 +8,7 @@ policy_module(swtpm, 1.0.0)
require {
type qemu_var_run_t;
type var_log_t;
+ type virt_log_t;
type virt_var_lib_t;
type virtqemud_t;
type virtqemud_tmp_t;
@@ -29,6 +30,7 @@ allow swtpm_t qemu_var_run_t:file { crea
allow swtpm_t qemu_var_run_t:dir { add_name remove_name write };
allow swtpm_t qemu_var_run_t:sock_file { create setattr unlink };
allow swtpm_t var_log_t:file open;
+allow swtpm_t virt_log_t:file open;
allow swtpm_t virt_var_lib_t:dir { add_name remove_name write };
allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write };
allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr };

11
swtpm.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Thu Sep 19 10:55:54 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Fix swtpm custom module (bsc#1229131)
- Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
- this can be removed once swtpm upstream sorts out their custom selinux module.
see: https://github.com/stefanberger/swtpm/issues/885
there were a couple changes in the selinux-policy libvirt handling
which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t
-------------------------------------------------------------------
Thu Aug 1 07:23:27 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>

10
swtpm.spec
View File

@ -39,6 +39,14 @@ URL: https://github.com/stefanberger/swtpm
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source100: swtpm-rpmlintrc
Patch0: swtpm-fix-build.patch
# 19-09-24 cahu bsc#1229131
# this can be removed once swtpm upstream sorts out their custom selinux module
# see: https://github.com/stefanberger/swtpm/issues/885
# there were a couple changes in the selinux-policy libvirt handling
# which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
# virt_log_t instead of var_log_t.
# this patch allows swtpm_t to open the virt_log_t
Patch1: 1229131-fix-swtpm-selinux-policy-mismatch.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: expect
@ -100,7 +108,7 @@ This package provides the SELinux module for the Software TPM emulator.
%endif
%prep
%autosetup
%autosetup -p1
%build
mkdir m4