From 177da0b45c39dd10ec1b34b47c0dc0986a962121cd5c30163b8224b152e14956 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Tue, 5 Feb 2019 10:31:52 +0000 Subject: [PATCH] Accepting request 671813 from home:jsegitz:branches:security:SELinux - Update to refpolicy 20190201. New modules for chromium, hostapd, and sigrok and minor fixes for existing modules. Refreshed suse_modifications_usermanage.patch OBS-URL: https://build.opensuse.org/request/show/671813 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=71 --- refpolicy-2.20180701.tar.bz2 | 3 --- refpolicy-2.20190201.tar.bz2 | 3 +++ selinux-policy.changes | 7 +++++++ selinux-policy.spec | 2 +- suse_modifications_usermanage.patch | 10 +++++----- 5 files changed, 16 insertions(+), 9 deletions(-) delete mode 100644 refpolicy-2.20180701.tar.bz2 create mode 100644 refpolicy-2.20190201.tar.bz2 diff --git a/refpolicy-2.20180701.tar.bz2 b/refpolicy-2.20180701.tar.bz2 deleted file mode 100644 index f06dd85..0000000 --- a/refpolicy-2.20180701.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dca99ee829b41f216474170c0e38aae99b01a0406a841bdc7347b49aa24f6c7d -size 753050 diff --git a/refpolicy-2.20190201.tar.bz2 b/refpolicy-2.20190201.tar.bz2 new file mode 100644 index 0000000..d797823 --- /dev/null +++ b/refpolicy-2.20190201.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ed620dc91c4e09eee6271b373f7c61a364a82ea57bd2dc86ca1f7075304e2843 +size 552750 diff --git a/selinux-policy.changes b/selinux-policy.changes index 82773d7..1db77ab 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Feb 4 07:59:49 UTC 2019 - jsegitz@suse.com + +- Update to refpolicy 20190201. New modules for chromium, hostapd, + and sigrok and minor fixes for existing modules. + Refreshed suse_modifications_usermanage.patch + ------------------------------------------------------------------- Wed Nov 28 15:18:28 UTC 2018 - jsegitz@suse.com diff --git a/selinux-policy.spec b/selinux-policy.spec index eeb46f1..5fb1a78 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -122,7 +122,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20180701 +Version: 20190201 Release: 0 Source: https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_%{version}/refpolicy-2.%{version}.tar.bz2 diff --git a/suse_modifications_usermanage.patch b/suse_modifications_usermanage.patch index 4f7a678..7edfc42 100644 --- a/suse_modifications_usermanage.patch +++ b/suse_modifications_usermanage.patch @@ -1,7 +1,7 @@ Index: refpolicy/policy/modules/admin/usermanage.te =================================================================== ---- refpolicy.orig/policy/modules/admin/usermanage.te 2018-02-15 22:52:31.000000000 +0100 -+++ refpolicy/policy/modules/admin/usermanage.te 2018-11-27 15:03:05.555740143 +0100 +--- refpolicy.orig/policy/modules/admin/usermanage.te 2019-02-01 21:03:42.000000000 +0100 ++++ refpolicy/policy/modules/admin/usermanage.te 2019-02-04 09:51:12.007425927 +0100 @@ -251,6 +251,9 @@ userdom_use_unpriv_users_fds(groupadd_t) # for when /root is the cwd userdom_dontaudit_search_user_home_dirs(groupadd_t) @@ -10,9 +10,9 @@ Index: refpolicy/policy/modules/admin/usermanage.te +allow groupadd_t var_run_t:sock_file write; + optional_policy(` - dpkg_use_fds(groupadd_t) - dpkg_rw_pipes(groupadd_t) -@@ -550,6 +553,9 @@ optional_policy(` + apt_use_fds(groupadd_t) + ') +@@ -570,6 +573,9 @@ optional_policy(` puppet_rw_tmp(useradd_t) ')