diff --git a/fedora-policy.20201029.tar.bz2 b/fedora-policy.20201029.tar.bz2 deleted file mode 100644 index a5666d7..0000000 --- a/fedora-policy.20201029.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e62dbd68d35cf894627b3d409523de8ea4e57c95c68c5fb20162b02cd57f365a -size 716344 diff --git a/fedora-policy.20210111.tar.bz2 b/fedora-policy.20210111.tar.bz2 new file mode 100644 index 0000000..3c7fc75 --- /dev/null +++ b/fedora-policy.20210111.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6b79293eb39ccccb68464902cae1a2665522dee82c70323d58e78fca05a1ee8b +size 717105 diff --git a/fix_iptables.patch b/fix_iptables.patch index 5100015..1e1b45f 100644 --- a/fix_iptables.patch +++ b/fix_iptables.patch @@ -2,8 +2,8 @@ Index: fedora-policy/policy/modules/system/iptables.te =================================================================== --- fedora-policy.orig/policy/modules/system/iptables.te 2020-02-19 09:36:25.440182406 +0000 +++ fedora-policy/policy/modules/system/iptables.te 2020-02-21 12:19:23.060595602 +0000 -@@ -76,6 +76,7 @@ kernel_read_kernel_sysctls(iptables_t) - kernel_read_usermodehelper_state(iptables_t) +@@ -76,6 +76,7 @@ kernel_read_network_state(iptables_t) + kernel_read_kernel_sysctls(iptables_t) kernel_use_fds(iptables_t) kernel_rw_net_sysctls(iptables_t) +kernel_rw_pipes(iptables_t) diff --git a/fix_policykit.patch b/fix_policykit.patch deleted file mode 100644 index 1ce0185..0000000 --- a/fix_policykit.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: fedora-policy/policy/modules/contrib/policykit.te -=================================================================== ---- fedora-policy.orig/policy/modules/contrib/policykit.te 2020-02-21 13:28:23.080385220 +0000 -+++ fedora-policy/policy/modules/contrib/policykit.te 2020-02-21 13:31:09.023086041 +0000 -@@ -98,6 +98,8 @@ userdom_getattr_all_users(policykit_t) - userdom_read_all_users_state(policykit_t) - userdom_dontaudit_search_admin_dir(policykit_t) - -+policykit_dbus_chat(policykit_t) -+ - optional_policy(` - dbus_system_domain(policykit_t, policykit_exec_t) - diff --git a/selinux-policy.changes b/selinux-policy.changes index 0d0a5fa..e2f5648 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jan 11 09:29:18 UTC 2021 - Thorsten Kukuk + +- Update to version 20210111 + - Drop fix_policykit.patch (integrated upstream) + - Adjust fix_iptables.patch + - update container policy + ------------------------------------------------------------------- Tue Nov 10 08:52:35 UTC 2020 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index 394776c..71d3648 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,7 +1,7 @@ # # spec file for package selinux-policy # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20201029 +Version: 20210111 Release: 0 Source: fedora-policy.%{version}.tar.bz2 Source1: selinux-policy-rpmlintrc @@ -96,7 +96,6 @@ Patch011: fix_xserver.patch Patch012: fix_miscfiles.patch Patch013: fix_init.patch Patch014: fix_locallogin.patch -Patch015: fix_policykit.patch Patch016: fix_iptables.patch Patch017: fix_irqbalance.patch Patch018: fix_ntp.patch @@ -400,7 +399,6 @@ exit 0 %patch012 -p1 %patch013 -p1 %patch014 -p1 -%patch015 -p1 %patch016 -p1 %patch017 -p1 %patch018 -p1 diff --git a/update.sh b/update.sh index b08321d..7af332b 100644 --- a/update.sh +++ b/update.sh @@ -4,21 +4,19 @@ date=$(date '+%Y%m%d') echo Update to $date -rm -rf fedora-policy container-selinux selinux-policy-contrib +rm -rf fedora-policy container-selinux git clone --depth 1 https://github.com/fedora-selinux/selinux-policy.git -git clone --depth 1 https://github.com/fedora-selinux/selinux-policy-contrib.git git clone --depth 1 https://github.com/containers/container-selinux.git mv selinux-policy fedora-policy rm -rf fedora-policy/.git* -mv selinux-policy-contrib/* fedora-policy/policy/modules/contrib/ mv container-selinux/container.* fedora-policy/policy/modules/contrib/ rm -f fedora-policy.$date.tar* tar cf fedora-policy.$date.tar fedora-policy bzip2 fedora-policy.$date.tar -rm -rf fedora-policy container-selinux selinux-policy-contrib +rm -rf fedora-policy container-selinux sed -i -e "s/^Version:.*/Version: $date/" selinux-policy.spec