Accepting request 991423 from home:cahu:branches:security:SELinux

- fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t and NetworkManager_dispatcher_custom_t to access nscd socket (bsc#1201741) OBS-URL: https://build.opensuse.org/request/show/991423 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=139
2022-07-27 15:24:55 +00:00 · 2022-07-27 15:24:55 +00:00 · 2c8b63a3f9
commit 2c8b63a3f9
parent c45601e60c
2 changed files with 22 additions and 6 deletions
--- a/fix_networkmanager.patch
+++ b/fix_networkmanager.patch
@ -1,7 +1,7 @@
-Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.te
+Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.te
 ===================================================================
--- fedora-policy-20220624.orig/policy/modules/contrib/networkmanager.te
-+++ fedora-policy-20220624/policy/modules/contrib/networkmanager.te
+--- fedora-policy-20220714.orig/policy/modules/contrib/networkmanager.te
+++ fedora-policy-20220714/policy/modules/contrib/networkmanager.te
@@ -276,6 +276,9 @@ userdom_read_home_certs(NetworkManager_t
 userdom_read_user_home_content_files(NetworkManager_t)
 userdom_dgram_send(NetworkManager_t)
@ -27,10 +27,19 @@ Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.te
 	bind_domtrans(NetworkManager_t)
 	bind_manage_cache(NetworkManager_t)
 	bind_kill(NetworkManager_t)
-Index: fedora-policy-20220624/policy/modules/contrib/networkmanager.if
+@@ -420,6 +431,8 @@ optional_policy(`
+ 	nscd_kill(NetworkManager_t)
+ 	nscd_initrc_domtrans(NetworkManager_t)
+ 	nscd_systemctl(NetworkManager_t)
+	nscd_socket_use(NetworkManager_dispatcher_tlp_t)
+	nscd_socket_use(NetworkManager_dispatcher_custom_t)
+ ')
+ 
+ optional_policy(`
+Index: fedora-policy-20220714/policy/modules/contrib/networkmanager.if
 ===================================================================
--- fedora-policy-20220624.orig/policy/modules/contrib/networkmanager.if
-+++ fedora-policy-20220624/policy/modules/contrib/networkmanager.if
+--- fedora-policy-20220714.orig/policy/modules/contrib/networkmanager.if
+++ fedora-policy-20220714/policy/modules/contrib/networkmanager.if
@@ -132,6 +132,24 @@ interface(`networkmanager_initrc_domtran
         init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
 ')
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jul 27 14:00:55 UTC 2022 - Hu <cathy.hu@suse.com>
+
+- fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t 
+  and NetworkManager_dispatcher_custom_t to access nscd socket 
+  (bsc#1201741)
+
 -------------------------------------------------------------------
 Thu Jul 14 08:44:12 UTC 2022 - Johannes Segitz <jsegitz@suse.com>