Accepting request 862245 from home:kukuk:selinux

- Update to version 20210111 - Drop fix_policykit.patch (integrated upstream) - Adjust fix_iptables.patch - update container policy OBS-URL: https://build.opensuse.org/request/show/862245 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=92
2021-01-11 12:17:10 +00:00 · 2021-01-11 12:17:10 +00:00 · 0ebcd6f872
commit 0ebcd6f872
parent cc07b260a6
7 changed files with 17 additions and 26 deletions
--- a/fedora-policy.20201029.tar.bz2
+++ b/fedora-policy.20201029.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e62dbd68d35cf894627b3d409523de8ea4e57c95c68c5fb20162b02cd57f365a
-size 716344
--- a/fedora-policy.20210111.tar.bz2
+++ b/fedora-policy.20210111.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b79293eb39ccccb68464902cae1a2665522dee82c70323d58e78fca05a1ee8b
+size 717105
--- a/fix_iptables.patch
+++ b/fix_iptables.patch
@ -2,8 +2,8 @@ Index: fedora-policy/policy/modules/system/iptables.te
 ===================================================================
 --- fedora-policy.orig/policy/modules/system/iptables.te	2020-02-19 09:36:25.440182406 +0000
 +++ fedora-policy/policy/modules/system/iptables.te	2020-02-21 12:19:23.060595602 +0000
-@@ -76,6 +76,7 @@ kernel_read_kernel_sysctls(iptables_t)
- kernel_read_usermodehelper_state(iptables_t)
+@@ -76,6 +76,7 @@ kernel_read_network_state(iptables_t)
+ kernel_read_kernel_sysctls(iptables_t)
 kernel_use_fds(iptables_t)
 kernel_rw_net_sysctls(iptables_t)
 +kernel_rw_pipes(iptables_t)
--- a/fix_policykit.patch
+++ b/fix_policykit.patch
@ -1,13 +0,0 @@
-Index: fedora-policy/policy/modules/contrib/policykit.te
-===================================================================
--- fedora-policy.orig/policy/modules/contrib/policykit.te	2020-02-21 13:28:23.080385220 +0000
-+++ fedora-policy/policy/modules/contrib/policykit.te	2020-02-21 13:31:09.023086041 +0000
-@@ -98,6 +98,8 @@ userdom_getattr_all_users(policykit_t)
- userdom_read_all_users_state(policykit_t)
- userdom_dontaudit_search_admin_dir(policykit_t)
- 
-+policykit_dbus_chat(policykit_t)
-+
- optional_policy(`
- 	dbus_system_domain(policykit_t, policykit_exec_t)
- 
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jan 11 09:29:18 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
+
+- Update to version 20210111
+  - Drop fix_policykit.patch (integrated upstream)
+  - Adjust fix_iptables.patch
+  - update container policy
+
 -------------------------------------------------------------------
 Tue Nov 10 08:52:35 UTC 2020 - Johannes Segitz <jsegitz@suse.com>

--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,7 +1,7 @@
 #
 # spec file for package selinux-policy
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -33,7 +33,7 @@ Summary:        SELinux policy configuration
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20201029
+Version:        20210111
 Release:        0
 Source:         fedora-policy.%{version}.tar.bz2
 Source1:        selinux-policy-rpmlintrc
@ -96,7 +96,6 @@ Patch011:       fix_xserver.patch
 Patch012:       fix_miscfiles.patch
 Patch013:       fix_init.patch
 Patch014:       fix_locallogin.patch
-Patch015:       fix_policykit.patch
 Patch016:       fix_iptables.patch
 Patch017:       fix_irqbalance.patch
 Patch018:       fix_ntp.patch
@ -400,7 +399,6 @@ exit 0
 %patch012 -p1
 %patch013 -p1
 %patch014 -p1
-%patch015 -p1
 %patch016 -p1
 %patch017 -p1
 %patch018 -p1
--- a/update.sh
+++ b/update.sh
@ -4,21 +4,19 @@ date=$(date '+%Y%m%d')

 echo Update to $date

-rm -rf fedora-policy container-selinux selinux-policy-contrib
+rm -rf fedora-policy container-selinux

 git clone --depth 1 https://github.com/fedora-selinux/selinux-policy.git
-git clone --depth 1 https://github.com/fedora-selinux/selinux-policy-contrib.git
 git clone --depth 1 https://github.com/containers/container-selinux.git

 mv selinux-policy fedora-policy
 rm -rf fedora-policy/.git*
-mv selinux-policy-contrib/* fedora-policy/policy/modules/contrib/
 mv container-selinux/container.* fedora-policy/policy/modules/contrib/

 rm -f fedora-policy.$date.tar*
 tar cf fedora-policy.$date.tar fedora-policy
 bzip2 fedora-policy.$date.tar
-rm -rf fedora-policy container-selinux selinux-policy-contrib
+rm -rf fedora-policy container-selinux

 sed -i -e "s/^Version:.*/Version:        $date/" selinux-policy.spec