rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity

Accepting request 890550 from security:SELinux

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/890550
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=11
This commit is contained in:
Dominique Leuenberger 2021-05-07 14:45:22 +00:00 committed by Git OBS Bridge
commit 4f868ac4c7
4 changed files with 40 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
fix_dovecot.patch Normal file
View File

@ -0,0 +1,15 @@
Index: fedora-policy-20210419/policy/modules/contrib/dovecot.fc
===================================================================
--- fedora-policy-20210419.orig/policy/modules/contrib/dovecot.fc
+++ fedora-policy-20210419/policy/modules/contrib/dovecot.fc
@@ -34,6 +34,10 @@ ifdef(`distro_redhat', `
/usr/libexec/dovecot/dovecot-auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
')
+/usr/lib/dovecot/auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+/usr/lib/dovecot/deliver -- gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+/usr/lib/dovecot/dovecot-lda -- gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+
#
# /var
#

24
fix_networkmanager.patch
View File

@ -1,8 +1,16 @@
Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.te Index: fedora-policy-20210419/policy/modules/contrib/networkmanager.te
=================================================================== ===================================================================
--- fedora-policy-20210309.orig/policy/modules/contrib/networkmanager.te --- fedora-policy-20210419.orig/policy/modules/contrib/networkmanager.te
+++ fedora-policy-20210309/policy/modules/contrib/networkmanager.te +++ fedora-policy-20210419/policy/modules/contrib/networkmanager.te
@@ -241,6 +241,9 @@ userdom_read_home_certs(NetworkManager_t @@ -97,6 +97,7 @@ read_files_pattern(NetworkManager_t, Net
read_lnk_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
list_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+watch_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
read_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
read_lnk_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
@@ -241,6 +242,9 @@ userdom_read_home_certs(NetworkManager_t
userdom_read_user_home_content_files(NetworkManager_t) userdom_read_user_home_content_files(NetworkManager_t)
userdom_dgram_send(NetworkManager_t) userdom_dgram_send(NetworkManager_t)
@ -12,7 +20,7 @@ Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.te
tunable_policy(`use_nfs_home_dirs',` tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(NetworkManager_t) fs_read_nfs_files(NetworkManager_t)
') ')
@@ -258,6 +261,14 @@ optional_policy(` @@ -258,6 +262,14 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -27,10 +35,10 @@ Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.te
bind_domtrans(NetworkManager_t) bind_domtrans(NetworkManager_t)
bind_manage_cache(NetworkManager_t) bind_manage_cache(NetworkManager_t)
bind_kill(NetworkManager_t) bind_kill(NetworkManager_t)
Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.if Index: fedora-policy-20210419/policy/modules/contrib/networkmanager.if
=================================================================== ===================================================================
--- fedora-policy-20210309.orig/policy/modules/contrib/networkmanager.if --- fedora-policy-20210419.orig/policy/modules/contrib/networkmanager.if
+++ fedora-policy-20210309/policy/modules/contrib/networkmanager.if +++ fedora-policy-20210419/policy/modules/contrib/networkmanager.if
@@ -114,6 +114,24 @@ interface(`networkmanager_initrc_domtran @@ -114,6 +114,24 @@ interface(`networkmanager_initrc_domtran
init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t) init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
') ')

7
selinux-policy.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Apr 27 06:30:08 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Updated fix_networkmanager.patch to allow NetworkManager to watch
its configuration directories
- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 26 07:16:10 UTC 2021 - Johannes Segitz <jsegitz@suse.com> Mon Apr 26 07:16:10 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

3
selinux-policy.spec
View File

@ -121,7 +121,6 @@ Patch039: fix_cron.patch
Patch040: fix_usermanage.patch Patch040: fix_usermanage.patch
Patch041: fix_smartmon.patch Patch041: fix_smartmon.patch
Patch042: fix_geoclue.patch Patch042: fix_geoclue.patch
#Patch043: suse_specific.patch
Patch044: fix_authlogin.patch Patch044: fix_authlogin.patch
Patch045: fix_screen.patch Patch045: fix_screen.patch
Patch046: fix_unprivuser.patch Patch046: fix_unprivuser.patch
@ -129,6 +128,7 @@ Patch047: fix_rpm.patch
Patch048: fix_apache.patch Patch048: fix_apache.patch
Patch049: fix_nis.patch Patch049: fix_nis.patch
Patch050: fix_libraries.patch Patch050: fix_libraries.patch
Patch051: fix_dovecot.patch
Patch100: sedoctool.patch Patch100: sedoctool.patch
@ -435,6 +435,7 @@ exit 0
%patch048 -p1 %patch048 -p1
%patch049 -p1 %patch049 -p1
%patch050 -p1 %patch050 -p1
%patch051 -p1
%patch100 -p1 %patch100 -p1
find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \; find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \;