selinux-policy/fix_irqbalance.patch

Index: fedora-policy/policy/modules/contrib/irqbalance.te
===================================================================
--- fedora-policy.orig/policy/modules/contrib/irqbalance.te
+++ fedora-policy/policy/modules/contrib/irqbalance.te
@@ -25,8 +25,12 @@ dontaudit irqbalance_t self:capability s
 allow irqbalance_t self:process { getcap getsched setcap signal_perms };
 allow irqbalance_t self:udp_socket create_socket_perms;
 
+manage_dirs_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
 manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
-files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)
+manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
+files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, { dir file sock_file })
+
+init_nnp_daemon_domain(irqbalance_t)
 
 kernel_read_network_state(irqbalance_t)
 kernel_read_system_state(irqbalance_t)
Accepting request 781805 from home:jsegitz:branches:security:SELinux - Update to version 20200219 Refreshed fix_hadoop.patch Updated * fix_dbus.patch * fix_hadoop.patch * fix_nscd.patch * fix_xserver.patch Renamed postfix_paths.patch to fix_postfix.patch Added * fix_init.patch * fix_locallogin.patch * fix_policykit.patch * fix_iptables.patch * fix_irqbalance.patch * fix_ntp.patch * fix_fwupd.patch * fix_firewalld.patch * fix_logrotate.patch * fix_selinuxutil.patch * fix_corecommand.patch * fix_snapper.patch * fix_systemd.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * xdm_entrypoint_pam.patch - Removed modules minimum_temp_fixes and targeted_temp_fixes from the corresponding policies - Reduced default module list of minimum policy by removing OBS-URL: https://build.opensuse.org/request/show/781805 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=74 2020-03-05 11:13:59 +01:00			`Index: fedora-policy/policy/modules/contrib/irqbalance.te`
			`===================================================================`
Accepting request 785956 from home:jsegitz:branches:security:SELinux - New patches: * fix_accountsd.patch * fix_automount.patch * fix_colord.patch * fix_mcelog.patch * fix_sslh.patch * fix_nagios.patch * fix_openvpn.patch * fix_cron.patch * fix_usermanage.patch * fix_smartmon.patch * fix_geoclue.patch * suse_specific.patch Default systems should now work without selinuxuser_execmod - Removed xdm_entrypoint_pam.patch, necessary change is in fix_unconfineduser.patch - Enable SUSE specific settings again OBS-URL: https://build.opensuse.org/request/show/785956 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=75 2020-03-17 15:46:20 +01:00			`--- fedora-policy.orig/policy/modules/contrib/irqbalance.te`
			`+++ fedora-policy/policy/modules/contrib/irqbalance.te`
			`@@ -25,8 +25,12 @@ dontaudit irqbalance_t self:capability s`
			`allow irqbalance_t self:process { getcap getsched setcap signal_perms };`
			`allow irqbalance_t self:udp_socket create_socket_perms;`
Accepting request 781805 from home:jsegitz:branches:security:SELinux - Update to version 20200219 Refreshed fix_hadoop.patch Updated * fix_dbus.patch * fix_hadoop.patch * fix_nscd.patch * fix_xserver.patch Renamed postfix_paths.patch to fix_postfix.patch Added * fix_init.patch * fix_locallogin.patch * fix_policykit.patch * fix_iptables.patch * fix_irqbalance.patch * fix_ntp.patch * fix_fwupd.patch * fix_firewalld.patch * fix_logrotate.patch * fix_selinuxutil.patch * fix_corecommand.patch * fix_snapper.patch * fix_systemd.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * xdm_entrypoint_pam.patch - Removed modules minimum_temp_fixes and targeted_temp_fixes from the corresponding policies - Reduced default module list of minimum policy by removing OBS-URL: https://build.opensuse.org/request/show/781805 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=74 2020-03-05 11:13:59 +01:00
Accepting request 785956 from home:jsegitz:branches:security:SELinux - New patches: * fix_accountsd.patch * fix_automount.patch * fix_colord.patch * fix_mcelog.patch * fix_sslh.patch * fix_nagios.patch * fix_openvpn.patch * fix_cron.patch * fix_usermanage.patch * fix_smartmon.patch * fix_geoclue.patch * suse_specific.patch Default systems should now work without selinuxuser_execmod - Removed xdm_entrypoint_pam.patch, necessary change is in fix_unconfineduser.patch - Enable SUSE specific settings again OBS-URL: https://build.opensuse.org/request/show/785956 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=75 2020-03-17 15:46:20 +01:00			`+manage_dirs_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)`
			`manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)`
			`-files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)`
			`+manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)`
			`+files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, { dir file sock_file })`
Accepting request 781805 from home:jsegitz:branches:security:SELinux - Update to version 20200219 Refreshed fix_hadoop.patch Updated * fix_dbus.patch * fix_hadoop.patch * fix_nscd.patch * fix_xserver.patch Renamed postfix_paths.patch to fix_postfix.patch Added * fix_init.patch * fix_locallogin.patch * fix_policykit.patch * fix_iptables.patch * fix_irqbalance.patch * fix_ntp.patch * fix_fwupd.patch * fix_firewalld.patch * fix_logrotate.patch * fix_selinuxutil.patch * fix_corecommand.patch * fix_snapper.patch * fix_systemd.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * xdm_entrypoint_pam.patch - Removed modules minimum_temp_fixes and targeted_temp_fixes from the corresponding policies - Reduced default module list of minimum policy by removing OBS-URL: https://build.opensuse.org/request/show/781805 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=74 2020-03-05 11:13:59 +01:00			`+`
Accepting request 785956 from home:jsegitz:branches:security:SELinux - New patches: * fix_accountsd.patch * fix_automount.patch * fix_colord.patch * fix_mcelog.patch * fix_sslh.patch * fix_nagios.patch * fix_openvpn.patch * fix_cron.patch * fix_usermanage.patch * fix_smartmon.patch * fix_geoclue.patch * suse_specific.patch Default systems should now work without selinuxuser_execmod - Removed xdm_entrypoint_pam.patch, necessary change is in fix_unconfineduser.patch - Enable SUSE specific settings again OBS-URL: https://build.opensuse.org/request/show/785956 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=75 2020-03-17 15:46:20 +01:00			`+init_nnp_daemon_domain(irqbalance_t)`

Accepting request 781805 from home:jsegitz:branches:security:SELinux - Update to version 20200219 Refreshed fix_hadoop.patch Updated * fix_dbus.patch * fix_hadoop.patch * fix_nscd.patch * fix_xserver.patch Renamed postfix_paths.patch to fix_postfix.patch Added * fix_init.patch * fix_locallogin.patch * fix_policykit.patch * fix_iptables.patch * fix_irqbalance.patch * fix_ntp.patch * fix_fwupd.patch * fix_firewalld.patch * fix_logrotate.patch * fix_selinuxutil.patch * fix_corecommand.patch * fix_snapper.patch * fix_systemd.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * xdm_entrypoint_pam.patch - Removed modules minimum_temp_fixes and targeted_temp_fixes from the corresponding policies - Reduced default module list of minimum policy by removing OBS-URL: https://build.opensuse.org/request/show/781805 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=74 2020-03-05 11:13:59 +01:00			`kernel_read_network_state(irqbalance_t)`
			`kernel_read_system_state(irqbalance_t)`