Accepting request 1073586 from home:jsegitz:branches:security:SELinux

- Update to version 20230321: * make kernel_t unconfined again OBS-URL: https://build.opensuse.org/request/show/1073586 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=178
2023-03-21 15:56:46 +00:00 · 2023-03-21 15:56:46 +00:00 · 4bd800106f
commit 4bd800106f
parent 0f3ba0a5f9
6 changed files with 20 additions and 6 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://gitlab.suse.de/selinux/selinux-policy.git</param>
-              <param name="changesrevision">3fa3ee463c968e6001607a3d25edc2f9971824d7</param></service><service name="tar_scm">
+              <param name="changesrevision">0140f0a3f8dbf17ddbd0adb6c8fc7eb23511ba2f</param></service><service name="tar_scm">
                <param name="url">https://github.com/containers/container-selinux.git</param>
              <param name="changesrevision">07b3034f6d9625ab84508a2f46515d8ff79b4204</param></service></servicedata>
--- a/container.te
+++ b/container.te
@ -1,4 +1,4 @@
-policy_module(container, 2.204.0)
+policy_module(container, 2.205.0)

 gen_require(`
 	class passwd rootok;
@ -1414,3 +1414,11 @@ optional_policy(`
 	allow syslogd_t container_runtime_tmpfs_t:file { read write };
 	logging_send_syslog_msg(container_runtime_t)
 ')
+
+
+manage_dirs_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_lnk_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_chr_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_blk_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_sock_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
--- a/selinux-policy-20230316.tar.xz
+++ b/selinux-policy-20230316.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4b5384b23b8bf5fe9cbd1b3da67c54a08c99b029b65b2005f345951b8763fd8a
-size 752624
--- a/selinux-policy-20230321.tar.xz
+++ b/selinux-policy-20230321.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aca29203873cc2fdec23e233e89e56471f06c7b7fa02ed29fa3978e85b994e04
+size 752588
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Mar 21 15:37:23 UTC 2023 - jsegitz@suse.com
+
+- Update to version 20230321:
+  * make kernel_t unconfined again
+
 -------------------------------------------------------------------
 Thu Mar 16 15:43:19 UTC 2023 - jsegitz@suse.com

--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -33,7 +33,7 @@ Summary:        SELinux policy configuration
 License:        GPL-2.0-or-later
 Group:          System/Management
 Name:           selinux-policy
-Version:        20230316
+Version:        20230321
 Release:        0
 Source0:        %{name}-%{version}.tar.xz
 Source1:        container.fc