diff --git a/fix_cockpit.patch b/fix_cockpit.patch new file mode 100644 index 0000000..ed97de0 --- /dev/null +++ b/fix_cockpit.patch @@ -0,0 +1,28 @@ +From d63e6cf43bfe32d53b371b6920d4c09431647ddd Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Wed, 28 Apr 2021 17:09:49 +0200 +Subject: [PATCH] cockpit: allow cockpit socket to bind nodes + +Looks like this setting is implicit with kerberos enabled. +cockpit.socket fails to start if kerberos_enabled=false +--- + policy/modules/contrib/cockpit.te | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/policy/modules/contrib/cockpit.te b/policy/modules/contrib/cockpit.te +index a160ca6b6..5984711fa 100644 +--- a/policy/modules/contrib/cockpit.te ++++ b/policy/modules/contrib/cockpit.te +@@ -52,7 +52,9 @@ can_exec(cockpit_ws_t,cockpit_session_exec_t) + dev_read_urand(cockpit_ws_t) # for authkey + dev_read_rand(cockpit_ws_t) # for libssh + ++# cockpit-ws allows connections on websm port + corenet_tcp_bind_websm_port(cockpit_ws_t) ++corenet_tcp_bind_generic_node(cockpit_ws_t) + + # cockpit-ws can connect to other hosts via ssh + corenet_tcp_connect_ssh_port(cockpit_ws_t) +-- +2.26.2 + diff --git a/selinux-policy.changes b/selinux-policy.changes index e63e4c5..06eeea7 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 28 15:18:37 UTC 2021 - Ludwig Nussel + +- allow cockpit socket to bind nodes (fix_cockpit.patch) +- use %autosetup to get rid of endless patch lines + ------------------------------------------------------------------- Tue Apr 27 06:30:08 UTC 2021 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index f0b2d64..cab891b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -129,6 +129,8 @@ Patch048: fix_apache.patch Patch049: fix_nis.patch Patch050: fix_libraries.patch Patch051: fix_dovecot.patch +# https://github.com/cockpit-project/cockpit/pull/15758 +Patch052: fix_cockpit.patch Patch100: sedoctool.patch @@ -386,58 +388,7 @@ fi; exit 0 %prep -%setup -n fedora-policy-%{version} -%patch001 -p1 -%patch002 -p1 -%patch003 -p1 -%patch004 -p1 -%patch005 -p1 -%patch006 -p1 -%patch007 -p1 -%patch008 -p1 -%patch009 -p1 -%patch010 -p1 -%patch011 -p1 -%patch012 -p1 -%patch013 -p1 -%patch014 -p1 -%patch016 -p1 -%patch017 -p1 -%patch018 -p1 -%patch019 -p1 -%patch020 -p1 -%patch021 -p1 -%patch022 -p1 -%patch024 -p1 -%patch025 -p1 -%patch026 -p1 -%patch027 -p1 -%patch028 -p1 -%patch029 -p1 -%patch030 -p1 -#% patch031 -p1 -%patch032 -p1 -%patch033 -p1 -%patch034 -p1 -%patch035 -p1 -%patch036 -p1 -%patch037 -p1 -%patch038 -p1 -%patch039 -p1 -%patch040 -p1 -%patch041 -p1 -%patch042 -p1 -#% patch043 -p1 -%patch044 -p1 -%patch045 -p1 -%patch046 -p1 -%patch047 -p1 -%patch048 -p1 -%patch049 -p1 -%patch050 -p1 -%patch051 -p1 - -%patch100 -p1 +%autosetup -n fedora-policy-%{version} -p1 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \; %build