Accepting request 893763 from home:lnussel:usrmove

- allow cockpit socket to bind nodes (fix_cockpit.patch) - use %autosetup to get rid of endless patch lines OBS-URL: https://build.opensuse.org/request/show/893763 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=107
2021-05-18 07:46:13 +00:00 · 2021-05-18 07:46:13 +00:00 · d46782358c
commit d46782358c
parent 3b70ecf210
3 changed files with 37 additions and 52 deletions
--- a/fix_cockpit.patch
+++ b/fix_cockpit.patch
@ -0,0 +1,28 @@
+From d63e6cf43bfe32d53b371b6920d4c09431647ddd Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 28 Apr 2021 17:09:49 +0200
+Subject: [PATCH] cockpit: allow cockpit socket to bind nodes
+
+Looks like this setting is implicit with kerberos enabled.
+cockpit.socket fails to start if kerberos_enabled=false
+---
+ policy/modules/contrib/cockpit.te | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/policy/modules/contrib/cockpit.te b/policy/modules/contrib/cockpit.te
+index a160ca6b6..5984711fa 100644
+--- a/policy/modules/contrib/cockpit.te
+++ b/policy/modules/contrib/cockpit.te
+@@ -52,7 +52,9 @@ can_exec(cockpit_ws_t,cockpit_session_exec_t)
+ dev_read_urand(cockpit_ws_t) # for authkey
+ dev_read_rand(cockpit_ws_t)  # for libssh
+ 
+# cockpit-ws allows connections on websm port
+ corenet_tcp_bind_websm_port(cockpit_ws_t)
+corenet_tcp_bind_generic_node(cockpit_ws_t)
+ 
+ # cockpit-ws can connect to other hosts via ssh
+ corenet_tcp_connect_ssh_port(cockpit_ws_t)
+-- 
+2.26.2
+
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Apr 28 15:18:37 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
+
+- allow cockpit socket to bind nodes (fix_cockpit.patch)
+- use %autosetup to get rid of endless patch lines
+
 -------------------------------------------------------------------
 Tue Apr 27 06:30:08 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -129,6 +129,8 @@ Patch048:       fix_apache.patch
 Patch049:       fix_nis.patch
 Patch050:       fix_libraries.patch
 Patch051:       fix_dovecot.patch
+# https://github.com/cockpit-project/cockpit/pull/15758
+Patch052:       fix_cockpit.patch

 Patch100:       sedoctool.patch

@ -386,58 +388,7 @@ fi;
 exit 0

 %prep
-%setup -n fedora-policy-%{version}
-%patch001 -p1
-%patch002 -p1
-%patch003 -p1
-%patch004 -p1
-%patch005 -p1
-%patch006 -p1
-%patch007 -p1
-%patch008 -p1
-%patch009 -p1
-%patch010 -p1
-%patch011 -p1
-%patch012 -p1
-%patch013 -p1
-%patch014 -p1
-%patch016 -p1
-%patch017 -p1
-%patch018 -p1
-%patch019 -p1
-%patch020 -p1
-%patch021 -p1
-%patch022 -p1
-%patch024 -p1
-%patch025 -p1
-%patch026 -p1
-%patch027 -p1
-%patch028 -p1
-%patch029 -p1
-%patch030 -p1
-#% patch031 -p1
-%patch032 -p1
-%patch033 -p1
-%patch034 -p1
-%patch035 -p1
-%patch036 -p1
-%patch037 -p1
-%patch038 -p1
-%patch039 -p1
-%patch040 -p1
-%patch041 -p1
-%patch042 -p1
-#% patch043 -p1
-%patch044 -p1
-%patch045 -p1
-%patch046 -p1
-%patch047 -p1
-%patch048 -p1
-%patch049 -p1
-%patch050 -p1
-%patch051 -p1
-
-%patch100 -p1
+%autosetup -n fedora-policy-%{version} -p1
 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \;

 %build