diff --git a/fedora-policy-20210223.tar.bz2 b/fedora-policy-20210223.tar.bz2 deleted file mode 100644 index d7b2014..0000000 --- a/fedora-policy-20210223.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:516f56e5a18c26d521edd8046ce05f9b7ce4fc3a3fcd365613fead98355ed70d -size 720664 diff --git a/fedora-policy-20210309.tar.bz2 b/fedora-policy-20210309.tar.bz2 new file mode 100644 index 0000000..73d6e7d --- /dev/null +++ b/fedora-policy-20210309.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1be28f48aa50cfd99922a255ed86a9878f721b502882b1843608c8d3a6cc3181 +size 720666 diff --git a/file_contexts.subs_dist b/file_contexts.subs_dist index 767073d..beaff36 100644 --- a/file_contexts.subs_dist +++ b/file_contexts.subs_dist @@ -14,3 +14,4 @@ /var/run/netconfig /etc /var/adm/netconfig/md5/etc /etc /var/adm/netconfig/md5/var /var +/usr/etc /etc diff --git a/fix_chronyd.patch b/fix_chronyd.patch index 5521738..e67a7cb 100644 --- a/fix_chronyd.patch +++ b/fix_chronyd.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/contrib/chronyd.te +Index: fedora-policy-20210309/policy/modules/contrib/chronyd.te =================================================================== ---- fedora-policy.orig/policy/modules/contrib/chronyd.te -+++ fedora-policy/policy/modules/contrib/chronyd.te -@@ -136,6 +136,14 @@ systemd_exec_systemctl(chronyd_t) +--- fedora-policy-20210309.orig/policy/modules/contrib/chronyd.te ++++ fedora-policy-20210309/policy/modules/contrib/chronyd.te +@@ -140,6 +140,14 @@ systemd_exec_systemctl(chronyd_t) userdom_dgram_send(chronyd_t) optional_policy(` @@ -17,10 +17,10 @@ Index: fedora-policy/policy/modules/contrib/chronyd.te cron_dgram_send(chronyd_t) ') -Index: fedora-policy/policy/modules/contrib/chronyd.fc +Index: fedora-policy-20210309/policy/modules/contrib/chronyd.fc =================================================================== ---- fedora-policy.orig/policy/modules/contrib/chronyd.fc -+++ fedora-policy/policy/modules/contrib/chronyd.fc +--- fedora-policy-20210309.orig/policy/modules/contrib/chronyd.fc ++++ fedora-policy-20210309/policy/modules/contrib/chronyd.fc @@ -6,6 +6,7 @@ /usr/sbin/chronyd -- gen_context(system_u:object_r:chronyd_exec_t,s0) diff --git a/fix_cron.patch b/fix_cron.patch index 523bc59..6f6a125 100644 --- a/fix_cron.patch +++ b/fix_cron.patch @@ -1,7 +1,7 @@ -Index: fedora-policy/policy/modules/contrib/cron.fc +Index: fedora-policy-20210309/policy/modules/contrib/cron.fc =================================================================== ---- fedora-policy.orig/policy/modules/contrib/cron.fc -+++ fedora-policy/policy/modules/contrib/cron.fc +--- fedora-policy-20210309.orig/policy/modules/contrib/cron.fc ++++ fedora-policy-20210309/policy/modules/contrib/cron.fc @@ -34,7 +34,7 @@ /var/spool/cron -d gen_context(system_u:object_r:user_cron_spool_t,s0) @@ -21,11 +21,11 @@ Index: fedora-policy/policy/modules/contrib/cron.fc -/var/spool/cron/lastrun/[^/]* -- <> -/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0) -') -Index: fedora-policy/policy/modules/contrib/cron.if +Index: fedora-policy-20210309/policy/modules/contrib/cron.if =================================================================== ---- fedora-policy.orig/policy/modules/contrib/cron.if -+++ fedora-policy/policy/modules/contrib/cron.if -@@ -1031,7 +1031,7 @@ interface(`cron_generic_log_filetrans_lo +--- fedora-policy-20210309.orig/policy/modules/contrib/cron.if ++++ fedora-policy-20210309/policy/modules/contrib/cron.if +@@ -1057,7 +1057,7 @@ interface(`cron_generic_log_filetrans_lo # interface(`cron_system_spool_entrypoint',` gen_require(` diff --git a/fix_hadoop.patch b/fix_hadoop.patch index b679cd8..901327b 100644 --- a/fix_hadoop.patch +++ b/fix_hadoop.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/roles/sysadm.te +Index: fedora-policy-20210309/policy/modules/roles/sysadm.te =================================================================== ---- fedora-policy.orig/policy/modules/roles/sysadm.te -+++ fedora-policy/policy/modules/roles/sysadm.te -@@ -293,10 +293,6 @@ optional_policy(` +--- fedora-policy-20210309.orig/policy/modules/roles/sysadm.te ++++ fedora-policy-20210309/policy/modules/roles/sysadm.te +@@ -298,10 +298,6 @@ optional_policy(` ') optional_policy(` @@ -13,10 +13,10 @@ Index: fedora-policy/policy/modules/roles/sysadm.te iotop_run(sysadm_t, sysadm_r) ') -Index: fedora-policy/policy/modules/roles/unprivuser.te +Index: fedora-policy-20210309/policy/modules/roles/unprivuser.te =================================================================== ---- fedora-policy.orig/policy/modules/roles/unprivuser.te -+++ fedora-policy/policy/modules/roles/unprivuser.te +--- fedora-policy-20210309.orig/policy/modules/roles/unprivuser.te ++++ fedora-policy-20210309/policy/modules/roles/unprivuser.te @@ -200,10 +200,6 @@ ifndef(`distro_redhat',` ') diff --git a/fix_init.patch b/fix_init.patch index f5e5d71..83ceac0 100644 --- a/fix_init.patch +++ b/fix_init.patch @@ -1,6 +1,8 @@ ---- fedora-policy/policy/modules/system/init.if 2021-02-23 14:51:08.683163653 +0100 -+++ fedora-policy/policy/modules/system/init.if 2021-02-23 15:04:46.397087937 +0100 -@@ -3242,6 +3242,7 @@ +Index: fedora-policy-20210309/policy/modules/system/init.if +=================================================================== +--- fedora-policy-20210309.orig/policy/modules/system/init.if ++++ fedora-policy-20210309/policy/modules/system/init.if +@@ -3242,6 +3242,7 @@ interface(`init_filetrans_named_content' files_etc_filetrans($1, machineid_t, file, "machine-id" ) files_pid_filetrans($1, initctl_t, fifo_file, "fifo" ) init_pid_filetrans($1, systemd_unit_file_t, dir, "generator") @@ -8,17 +10,20 @@ init_pid_filetrans($1, systemd_unit_file_t, dir, "system") ') ---- fedora-policy/policy/modules/system/init.te 2021-02-23 14:51:08.683163653 +0100 -+++ fedora-policy/policy/modules/system/init.te 2021-02-23 15:06:10.293290652 +0100 -@@ -262,6 +262,7 @@ +Index: fedora-policy-20210309/policy/modules/system/init.te +=================================================================== +--- fedora-policy-20210309.orig/policy/modules/system/init.te ++++ fedora-policy-20210309/policy/modules/system/init.te +@@ -262,6 +262,8 @@ corecmd_exec_bin(init_t) corenet_all_recvfrom_netlabel(init_t) corenet_tcp_bind_all_ports(init_t) corenet_udp_bind_all_ports(init_t) +corenet_udp_bind_generic_node(init_t) ++corenet_tcp_bind_generic_node(init_t) dev_create_all_files(init_t) dev_create_all_chr_files(init_t) -@@ -388,6 +389,7 @@ +@@ -390,6 +391,7 @@ logging_manage_audit_config(init_t) logging_create_syslog_netlink_audit_socket(init_t) logging_write_var_log_dirs(init_t) logging_manage_var_log_symlinks(init_t) @@ -26,7 +31,7 @@ seutil_read_config(init_t) seutil_read_login_config(init_t) -@@ -437,11 +439,16 @@ +@@ -439,11 +441,16 @@ ifdef(`distro_redhat',` corecmd_shell_domtrans(init_t, initrc_t) storage_raw_rw_fixed_disk(init_t) @@ -43,7 +48,7 @@ bootloader_domtrans(init_t) ') -@@ -555,10 +562,10 @@ +@@ -557,10 +564,10 @@ tunable_policy(`init_create_dirs',` allow init_t self:system all_system_perms; allow init_t self:system module_load; allow init_t self:unix_dgram_socket { create_socket_perms sendto }; @@ -56,7 +61,7 @@ allow init_t self:netlink_selinux_socket create_socket_perms; allow init_t self:unix_dgram_socket lock; # Until systemd is fixed -@@ -616,6 +623,7 @@ +@@ -618,6 +625,7 @@ files_delete_all_spool_sockets(init_t) files_create_var_lib_dirs(init_t) files_create_var_lib_symlinks(init_t) files_read_var_lib_symlinks(init_t) @@ -64,7 +69,7 @@ files_manage_urandom_seed(init_t) files_list_locks(init_t) files_list_spool(init_t) -@@ -652,7 +660,7 @@ +@@ -654,7 +662,7 @@ fs_list_all(init_t) fs_list_auto_mountpoints(init_t) fs_register_binary_executable_type(init_t) fs_relabel_tmpfs_sock_file(init_t) @@ -73,7 +78,7 @@ fs_relabel_cgroup_dirs(init_t) fs_search_cgroup_dirs(init_t) # for network namespaces -@@ -708,6 +716,7 @@ +@@ -710,6 +718,7 @@ systemd_write_inherited_logind_sessions_ create_sock_files_pattern(init_t, init_sock_file_type, init_sock_file_type) create_dirs_pattern(init_t, var_log_t, var_log_t) @@ -81,7 +86,7 @@ auth_use_nsswitch(init_t) auth_rw_login_records(init_t) -@@ -1561,6 +1570,8 @@ +@@ -1563,6 +1572,8 @@ optional_policy(` optional_policy(` postfix_list_spool(initrc_t) diff --git a/fix_iptables.patch b/fix_iptables.patch index 1e1b45f..6c71cb9 100644 --- a/fix_iptables.patch +++ b/fix_iptables.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/system/iptables.te +Index: fedora-policy-20210309/policy/modules/system/iptables.te =================================================================== ---- fedora-policy.orig/policy/modules/system/iptables.te 2020-02-19 09:36:25.440182406 +0000 -+++ fedora-policy/policy/modules/system/iptables.te 2020-02-21 12:19:23.060595602 +0000 -@@ -76,6 +76,7 @@ kernel_read_network_state(iptables_t) +--- fedora-policy-20210309.orig/policy/modules/system/iptables.te ++++ fedora-policy-20210309/policy/modules/system/iptables.te +@@ -74,6 +74,7 @@ kernel_read_network_state(iptables_t) kernel_read_kernel_sysctls(iptables_t) kernel_use_fds(iptables_t) kernel_rw_net_sysctls(iptables_t) diff --git a/fix_logging.patch b/fix_logging.patch index 95c45a7..9014ac6 100644 --- a/fix_logging.patch +++ b/fix_logging.patch @@ -1,7 +1,7 @@ -Index: fedora-policy/policy/modules/system/logging.fc +Index: fedora-policy-20210309/policy/modules/system/logging.fc =================================================================== ---- fedora-policy.orig/policy/modules/system/logging.fc -+++ fedora-policy/policy/modules/system/logging.fc +--- fedora-policy-20210309.orig/policy/modules/system/logging.fc ++++ fedora-policy-20210309/policy/modules/system/logging.fc @@ -3,6 +3,8 @@ /etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) /etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) @@ -19,11 +19,11 @@ Index: fedora-policy/policy/modules/system/logging.fc /var/run/systemd/journal/syslog -s gen_context(system_u:object_r:devlog_t,mls_systemhigh) /var/spool/audit(/.*)? gen_context(system_u:object_r:audit_spool_t,mls_systemhigh) -Index: fedora-policy/policy/modules/system/logging.if +Index: fedora-policy-20210309/policy/modules/system/logging.if =================================================================== ---- fedora-policy.orig/policy/modules/system/logging.if -+++ fedora-policy/policy/modules/system/logging.if -@@ -1686,3 +1686,22 @@ interface(`logging_dgram_send',` +--- fedora-policy-20210309.orig/policy/modules/system/logging.if ++++ fedora-policy-20210309/policy/modules/system/logging.if +@@ -1722,3 +1722,22 @@ interface(`logging_dgram_send',` allow $1 syslogd_t:unix_dgram_socket sendto; ') diff --git a/fix_networkmanager.patch b/fix_networkmanager.patch index 40b77db..6111ead 100644 --- a/fix_networkmanager.patch +++ b/fix_networkmanager.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/contrib/networkmanager.te +Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.te =================================================================== ---- fedora-policy.orig/policy/modules/contrib/networkmanager.te -+++ fedora-policy/policy/modules/contrib/networkmanager.te -@@ -236,6 +236,9 @@ userdom_read_home_certs(NetworkManager_t +--- fedora-policy-20210309.orig/policy/modules/contrib/networkmanager.te ++++ fedora-policy-20210309/policy/modules/contrib/networkmanager.te +@@ -241,6 +241,9 @@ userdom_read_home_certs(NetworkManager_t userdom_read_user_home_content_files(NetworkManager_t) userdom_dgram_send(NetworkManager_t) @@ -12,7 +12,7 @@ Index: fedora-policy/policy/modules/contrib/networkmanager.te tunable_policy(`use_nfs_home_dirs',` fs_read_nfs_files(NetworkManager_t) ') -@@ -253,6 +256,14 @@ optional_policy(` +@@ -258,6 +261,14 @@ optional_policy(` ') optional_policy(` @@ -27,10 +27,10 @@ Index: fedora-policy/policy/modules/contrib/networkmanager.te bind_domtrans(NetworkManager_t) bind_manage_cache(NetworkManager_t) bind_kill(NetworkManager_t) -Index: fedora-policy/policy/modules/contrib/networkmanager.if +Index: fedora-policy-20210309/policy/modules/contrib/networkmanager.if =================================================================== ---- fedora-policy.orig/policy/modules/contrib/networkmanager.if -+++ fedora-policy/policy/modules/contrib/networkmanager.if +--- fedora-policy-20210309.orig/policy/modules/contrib/networkmanager.if ++++ fedora-policy-20210309/policy/modules/contrib/networkmanager.if @@ -114,6 +114,24 @@ interface(`networkmanager_initrc_domtran init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t) ') diff --git a/fix_nscd.patch b/fix_nscd.patch index 1bea723..2f35b73 100644 --- a/fix_nscd.patch +++ b/fix_nscd.patch @@ -1,7 +1,7 @@ -Index: fedora-policy/policy/modules/contrib/nscd.fc +Index: fedora-policy-20210309/policy/modules/contrib/nscd.fc =================================================================== ---- fedora-policy.orig/policy/modules/contrib/nscd.fc -+++ fedora-policy/policy/modules/contrib/nscd.fc +--- fedora-policy-20210309.orig/policy/modules/contrib/nscd.fc ++++ fedora-policy-20210309/policy/modules/contrib/nscd.fc @@ -8,8 +8,10 @@ /var/log/nscd\.log.* -- gen_context(system_u:object_r:nscd_log_t,s0) @@ -14,11 +14,11 @@ Index: fedora-policy/policy/modules/contrib/nscd.fc /usr/lib/systemd/system/nscd\.service -- gen_context(system_u:object_r:nscd_unit_file_t,s0) + -Index: fedora-policy/policy/modules/contrib/nscd.te +Index: fedora-policy-20210309/policy/modules/contrib/nscd.te =================================================================== ---- fedora-policy.orig/policy/modules/contrib/nscd.te -+++ fedora-policy/policy/modules/contrib/nscd.te -@@ -127,6 +127,14 @@ userdom_dontaudit_use_unpriv_user_fds(ns +--- fedora-policy-20210309.orig/policy/modules/contrib/nscd.te ++++ fedora-policy-20210309/policy/modules/contrib/nscd.te +@@ -131,6 +131,14 @@ userdom_dontaudit_use_unpriv_user_fds(ns userdom_dontaudit_search_user_home_dirs(nscd_t) optional_policy(` diff --git a/fix_rpm.patch b/fix_rpm.patch index 6dc895d..0545aa8 100644 --- a/fix_rpm.patch +++ b/fix_rpm.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/contrib/rpm.fc +Index: fedora-policy-20210309/policy/modules/contrib/rpm.fc =================================================================== ---- fedora-policy.orig/policy/modules/contrib/rpm.fc -+++ fedora-policy/policy/modules/contrib/rpm.fc -@@ -17,6 +17,10 @@ +--- fedora-policy-20210309.orig/policy/modules/contrib/rpm.fc ++++ fedora-policy-20210309/policy/modules/contrib/rpm.fc +@@ -18,6 +18,10 @@ /usr/bin/repoquery -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/bin/zif -- gen_context(system_u:object_r:rpm_exec_t,s0) @@ -13,7 +13,7 @@ Index: fedora-policy/policy/modules/contrib/rpm.fc /usr/libexec/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/libexec/yumDBUSBackend.py -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/libexec/pegasus/pycmpiLMI_Software-cimprovagt -- gen_context(system_u:object_r:rpm_exec_t,s0) -@@ -54,6 +58,8 @@ ifdef(`distro_redhat', ` +@@ -55,6 +59,8 @@ ifdef(`distro_redhat', ` /var/cache/yum(/.*)? gen_context(system_u:object_r:rpm_var_cache_t,s0) /var/cache/dnf(/.*)? gen_context(system_u:object_r:rpm_var_cache_t,s0) @@ -22,11 +22,11 @@ Index: fedora-policy/policy/modules/contrib/rpm.fc /var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) /var/lib/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) /var/lib/rpm(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) -Index: fedora-policy/policy/modules/contrib/rpm.if +Index: fedora-policy-20210309/policy/modules/contrib/rpm.if =================================================================== ---- fedora-policy.orig/policy/modules/contrib/rpm.if -+++ fedora-policy/policy/modules/contrib/rpm.if -@@ -431,8 +431,10 @@ interface(`rpm_named_filetrans',` +--- fedora-policy-20210309.orig/policy/modules/contrib/rpm.if ++++ fedora-policy-20210309/policy/modules/contrib/rpm.if +@@ -476,8 +476,10 @@ interface(`rpm_named_filetrans',` logging_log_named_filetrans($1, rpm_log_t, file, "yum.log") logging_log_named_filetrans($1, rpm_log_t, file, "hawkey.log") logging_log_named_filetrans($1, rpm_log_t, file, "up2date") @@ -37,10 +37,10 @@ Index: fedora-policy/policy/modules/contrib/rpm.if files_var_lib_filetrans($1, rpm_var_lib_t, dir, "dnf") files_var_lib_filetrans($1, rpm_var_lib_t, dir, "yum") files_var_lib_filetrans($1, rpm_var_lib_t, dir, "rpm") -Index: fedora-policy/policy/modules/kernel/files.fc +Index: fedora-policy-20210309/policy/modules/kernel/files.fc =================================================================== ---- fedora-policy.orig/policy/modules/kernel/files.fc -+++ fedora-policy/policy/modules/kernel/files.fc +--- fedora-policy-20210309.orig/policy/modules/kernel/files.fc ++++ fedora-policy-20210309/policy/modules/kernel/files.fc @@ -67,6 +67,7 @@ ifdef(`distro_suse',` /etc/sysconfig/ipvsadm.* -- gen_context(system_u:object_r:system_conf_t,s0) /etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:system_conf_t,s0) diff --git a/fix_selinuxutil.patch b/fix_selinuxutil.patch index 41024ad..831ee7c 100644 --- a/fix_selinuxutil.patch +++ b/fix_selinuxutil.patch @@ -1,7 +1,7 @@ -Index: fedora-policy/policy/modules/system/selinuxutil.te +Index: fedora-policy-20210309/policy/modules/system/selinuxutil.te =================================================================== ---- fedora-policy.orig/policy/modules/system/selinuxutil.te 2020-02-19 09:36:25.444182470 +0000 -+++ fedora-policy/policy/modules/system/selinuxutil.te 2020-02-24 07:57:26.556813139 +0000 +--- fedora-policy-20210309.orig/policy/modules/system/selinuxutil.te ++++ fedora-policy-20210309/policy/modules/system/selinuxutil.te @@ -238,6 +238,10 @@ ifdef(`hide_broken_symptoms',` ') @@ -13,7 +13,7 @@ Index: fedora-policy/policy/modules/system/selinuxutil.te portage_dontaudit_use_fds(load_policy_t) ') -@@ -613,6 +617,10 @@ logging_send_audit_msgs(setfiles_t) +@@ -619,6 +623,10 @@ logging_send_audit_msgs(setfiles_t) logging_send_syslog_msg(setfiles_t) optional_policy(` @@ -24,10 +24,10 @@ Index: fedora-policy/policy/modules/system/selinuxutil.te cloudform_dontaudit_write_cloud_log(setfiles_t) ') -Index: fedora-policy/policy/modules/system/selinuxutil.if +Index: fedora-policy-20210309/policy/modules/system/selinuxutil.if =================================================================== ---- fedora-policy.orig/policy/modules/system/selinuxutil.if -+++ fedora-policy/policy/modules/system/selinuxutil.if +--- fedora-policy-20210309.orig/policy/modules/system/selinuxutil.if ++++ fedora-policy-20210309/policy/modules/system/selinuxutil.if @@ -777,6 +777,8 @@ interface(`seutil_dontaudit_read_config' dontaudit $1 selinux_config_t:dir search_dir_perms; diff --git a/fix_systemd.patch b/fix_systemd.patch index 75fe45b..cd39f53 100644 --- a/fix_systemd.patch +++ b/fix_systemd.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/system/systemd.te +Index: fedora-policy-20210309/policy/modules/system/systemd.te =================================================================== ---- fedora-policy.orig/policy/modules/system/systemd.te -+++ fedora-policy/policy/modules/system/systemd.te -@@ -332,6 +332,10 @@ userdom_manage_user_tmp_chr_files(system +--- fedora-policy-20210309.orig/policy/modules/system/systemd.te ++++ fedora-policy-20210309/policy/modules/system/systemd.te +@@ -347,6 +347,10 @@ userdom_manage_user_tmp_chr_files(system xserver_dbus_chat(systemd_logind_t) optional_policy(` @@ -13,8 +13,8 @@ Index: fedora-policy/policy/modules/system/systemd.te apache_read_tmp_files(systemd_logind_t) ') -@@ -828,6 +832,10 @@ optional_policy(` - dbus_connect_system_bus(systemd_hostnamed_t) +@@ -853,6 +857,10 @@ optional_policy(` + udev_read_pid_files(systemd_hostnamed_t) ') +optional_policy(` diff --git a/fix_unconfineduser.patch b/fix_unconfineduser.patch index 36ae7e1..2ab2e84 100644 --- a/fix_unconfineduser.patch +++ b/fix_unconfineduser.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/roles/unconfineduser.te +Index: fedora-policy-20210309/policy/modules/roles/unconfineduser.te =================================================================== ---- fedora-policy.orig/policy/modules/roles/unconfineduser.te -+++ fedora-policy/policy/modules/roles/unconfineduser.te -@@ -120,6 +120,11 @@ tunable_policy(`unconfined_dyntrans_all' +--- fedora-policy-20210309.orig/policy/modules/roles/unconfineduser.te ++++ fedora-policy-20210309/policy/modules/roles/unconfineduser.te +@@ -124,6 +124,11 @@ tunable_policy(`unconfined_dyntrans_all' domain_dyntrans(unconfined_t) ') @@ -14,7 +14,7 @@ Index: fedora-policy/policy/modules/roles/unconfineduser.te optional_policy(` gen_require(` type unconfined_t; -@@ -210,6 +215,10 @@ optional_policy(` +@@ -214,6 +219,10 @@ optional_policy(` ') optional_policy(` @@ -25,7 +25,7 @@ Index: fedora-policy/policy/modules/roles/unconfineduser.te chrome_role_notrans(unconfined_r, unconfined_t) tunable_policy(`unconfined_chrome_sandbox_transition',` -@@ -244,6 +253,18 @@ optional_policy(` +@@ -248,6 +257,18 @@ optional_policy(` dbus_stub(unconfined_t) optional_policy(` diff --git a/fix_unprivuser.patch b/fix_unprivuser.patch index 28f2e24..4db22cf 100644 --- a/fix_unprivuser.patch +++ b/fix_unprivuser.patch @@ -1,8 +1,8 @@ -Index: fedora-policy/policy/modules/roles/unprivuser.te +Index: fedora-policy-20210309/policy/modules/roles/unprivuser.te =================================================================== ---- fedora-policy.orig/policy/modules/roles/unprivuser.te -+++ fedora-policy/policy/modules/roles/unprivuser.te -@@ -289,6 +289,13 @@ ifndef(`distro_redhat',` +--- fedora-policy-20210309.orig/policy/modules/roles/unprivuser.te ++++ fedora-policy-20210309/policy/modules/roles/unprivuser.te +@@ -282,6 +282,13 @@ ifndef(`distro_redhat',` ') optional_policy(` diff --git a/fix_usermanage.patch b/fix_usermanage.patch index 7327373..391cc2f 100644 --- a/fix_usermanage.patch +++ b/fix_usermanage.patch @@ -1,7 +1,7 @@ -Index: fedora-policy/policy/modules/admin/usermanage.te +Index: fedora-policy-20210309/policy/modules/admin/usermanage.te =================================================================== ---- fedora-policy.orig/policy/modules/admin/usermanage.te -+++ fedora-policy/policy/modules/admin/usermanage.te +--- fedora-policy-20210309.orig/policy/modules/admin/usermanage.te ++++ fedora-policy-20210309/policy/modules/admin/usermanage.te @@ -226,6 +226,7 @@ allow groupadd_t self:unix_dgram_socket allow groupadd_t self:unix_stream_socket create_stream_socket_perms; allow groupadd_t self:unix_dgram_socket sendto; @@ -10,7 +10,7 @@ Index: fedora-policy/policy/modules/admin/usermanage.te fs_getattr_xattr_fs(groupadd_t) fs_search_auto_mountpoints(groupadd_t) -@@ -530,6 +531,7 @@ allow useradd_t self:unix_dgram_socket c +@@ -529,6 +530,7 @@ allow useradd_t self:unix_dgram_socket c allow useradd_t self:unix_stream_socket create_stream_socket_perms; allow useradd_t self:unix_dgram_socket sendto; allow useradd_t self:unix_stream_socket connectto; @@ -18,7 +18,7 @@ Index: fedora-policy/policy/modules/admin/usermanage.te manage_dirs_pattern(useradd_t, useradd_var_run_t, useradd_var_run_t) manage_files_pattern(useradd_t, useradd_var_run_t, useradd_var_run_t) -@@ -538,6 +540,8 @@ files_pid_filetrans(useradd_t, useradd_v +@@ -537,6 +539,8 @@ files_pid_filetrans(useradd_t, useradd_v # for getting the number of groups kernel_read_kernel_sysctls(useradd_t) diff --git a/selinux-policy.changes b/selinux-policy.changes index 657ce88..fa2ba64 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Fri Mar 12 10:36:06 UTC 2021 - Ales Kedroutek + +- Adjust fix_init.patch to allow systemd to do sd-listen on + tcp socket [bsc#1183177] + +------------------------------------------------------------------- +Tue Mar 9 13:39:11 UTC 2021 - Johannes Segitz + +- Update to version 20210309 +- Refreshed + * fix_systemd.patch + * fix_selinuxutil.patch + * fix_iptables.patch + * fix_init.patch + * fix_logging.patch + * fix_nscd.patch + * fix_hadoop.patch + * fix_unconfineduser.patch + * fix_chronyd.patch + * fix_networkmanager.patch + * fix_cron.patch + * fix_usermanage.patch + * fix_unprivuser.patch + * fix_rpm.patch +- Ensure that /usr/etc is labeled according to /etc rules + ------------------------------------------------------------------- Tue Feb 23 13:53:40 UTC 2021 - Thorsten Kukuk diff --git a/selinux-policy.spec b/selinux-policy.spec index 24f141a..0e9359b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -33,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20210223 +Version: 20210309 Release: 0 Source: fedora-policy-%{version}.tar.bz2 Source1: selinux-policy-rpmlintrc