From 0bda3469f423e014d457502fd8e686417efbd6cd37bfb62b0d17038553474452 Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Fri, 23 Apr 2021 11:50:03 +0000
Subject: [PATCH] Accepting request 888009 from
 home:jsegitz:branches:security:SELinux

- Transition unconfined users to ldconfig type (bsc#1183121).
  Extended fix_unconfineduser.patch

OBS-URL: https://build.opensuse.org/request/show/888009
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=101
---
 fix_unconfineduser.patch | 17 ++++++++++++++---
 selinux-policy.changes   |  6 ++++++
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/fix_unconfineduser.patch b/fix_unconfineduser.patch
index 2ab2e84..55b9dda 100644
--- a/fix_unconfineduser.patch
+++ b/fix_unconfineduser.patch
@@ -1,7 +1,7 @@
-Index: fedora-policy-20210309/policy/modules/roles/unconfineduser.te
+Index: fedora-policy-20210419/policy/modules/roles/unconfineduser.te
 ===================================================================
---- fedora-policy-20210309.orig/policy/modules/roles/unconfineduser.te
-+++ fedora-policy-20210309/policy/modules/roles/unconfineduser.te
+--- fedora-policy-20210419.orig/policy/modules/roles/unconfineduser.te
++++ fedora-policy-20210419/policy/modules/roles/unconfineduser.te
 @@ -124,6 +124,11 @@ tunable_policy(`unconfined_dyntrans_all'
      domain_dyntrans(unconfined_t)
  ')
@@ -44,3 +44,14 @@ Index: fedora-policy-20210309/policy/modules/roles/unconfineduser.te
  		bluetooth_dbus_chat(unconfined_t)
  	')
  
+@@ -311,6 +332,10 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
++	libs_run_ldconfig(unconfined_t, unconfined_r)
++')
++
++optional_policy(`
+ 	firstboot_run(unconfined_t, unconfined_r)
+ ')
+ 
diff --git a/selinux-policy.changes b/selinux-policy.changes
index 248ee11..29065f1 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Apr 23 10:50:24 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Transition unconfined users to ldconfig type (bsc#1183121).
+  Extended fix_unconfineduser.patch
+
 -------------------------------------------------------------------
 Mon Apr 19 11:37:49 UTC 2021 - Johannes Segitz <jsegitz@suse.com>