From 5a087ac379bc0b4e50ef1246c98c1e747110ff9abde79c6727cf50413d1b22ba Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Mon, 26 Apr 2021 12:07:40 +0000
Subject: [PATCH] Accepting request 888474 from
 home:jsegitz:branches:security:SELinux

- Added Recommends for selinux-autorelabel (bsc#1181837)
- Prevent libreoffice fonts from changing types on every relabel
  (bsc#1185265)

OBS-URL: https://build.opensuse.org/request/show/888474
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=102
---
 fix_libraries.patch    | 13 +++++++++++++
 selinux-policy.changes |  7 +++++++
 selinux-policy.spec    |  3 +++
 3 files changed, 23 insertions(+)
 create mode 100644 fix_libraries.patch

diff --git a/fix_libraries.patch b/fix_libraries.patch
new file mode 100644
index 0000000..a6a228f
--- /dev/null
+++ b/fix_libraries.patch
@@ -0,0 +1,13 @@
+Index: fedora-policy-20210419/policy/modules/system/libraries.fc
+===================================================================
+--- fedora-policy-20210419.orig/policy/modules/system/libraries.fc
++++ fedora-policy-20210419/policy/modules/system/libraries.fc
+@@ -124,6 +124,8 @@ ifdef(`distro_redhat',`
+ 
+ /usr/(.*/)?lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
+ 
++/usr/lib/libreoffice/program/resource.* --	gen_context(system_u:object_r:lib_t,s0)
++
+ /usr/(.*/)?nvidia/.+\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ /usr/lib/(sse2/)?libfame-.*\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/selinux-policy.changes b/selinux-policy.changes
index 29065f1..98db17c 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Apr 26 07:16:10 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added Recommends for selinux-autorelabel (bsc#1181837)
+- Prevent libreoffice fonts from changing types on every relabel 
+  (bsc#1185265)
+
 -------------------------------------------------------------------
 Fri Apr 23 10:50:24 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ec2eeb2..7dcde59 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -128,6 +128,7 @@ Patch046:       fix_unprivuser.patch
 Patch047:       fix_rpm.patch
 Patch048:       fix_apache.patch
 Patch049:       fix_nis.patch
+Patch050:       fix_libraries.patch
 
 Patch100:       sedoctool.patch
 
@@ -154,6 +155,7 @@ Recommends:     selinux-tools
 Recommends:     python3-policycoreutils
 Recommends:     policycoreutils-python-utils
 Recommends:     container-selinux
+Recommends:     selinux-autorelabel
 
 %define common_params DISTRO=%{distro} UBAC=%{ubac} DIRECT_INITRC=n MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024
 
@@ -432,6 +434,7 @@ exit 0
 %patch047 -p1
 %patch048 -p1
 %patch049 -p1
+%patch050 -p1
 
 %patch100 -p1
 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \;