Accepting request 893763 from home:lnussel:usrmove

- allow cockpit socket to bind nodes (fix_cockpit.patch) - use %autosetup to get rid of endless patch lines OBS-URL: https://build.opensuse.org/request/show/893763 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=107
2021-05-18 07:46:13 +00:00 · 2021-05-18 07:46:13 +00:00 · d46782358c
commit d46782358c
parent 3b70ecf210
3 changed files with 37 additions and 52 deletions
--- a/fix_cockpit.patch
+++ b/fix_cockpit.patch
@ -0,0 +1,28 @@
 From d63e6cf43bfe32d53b371b6920d4c09431647ddd Mon Sep 17 00:00:00 2001
 From: Ludwig Nussel <ludwig.nussel@suse.de>
 Date: Wed, 28 Apr 2021 17:09:49 +0200
 Subject: [PATCH] cockpit: allow cockpit socket to bind nodes
 Looks like this setting is implicit with kerberos enabled.
 cockpit.socket fails to start if kerberos_enabled=false
 ---
 policy/modules/contrib/cockpit.te | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/policy/modules/contrib/cockpit.te b/policy/modules/contrib/cockpit.te
 index a160ca6b6..5984711fa 100644
 --- a/policy/modules/contrib/cockpit.te
 +++ b/policy/modules/contrib/cockpit.te
@@ -52,7 +52,9 @@ can_exec(cockpit_ws_t,cockpit_session_exec_t)
 dev_read_urand(cockpit_ws_t) # for authkey
 dev_read_rand(cockpit_ws_t)  # for libssh
 +# cockpit-ws allows connections on websm port
 corenet_tcp_bind_websm_port(cockpit_ws_t)
 +corenet_tcp_bind_generic_node(cockpit_ws_t)
 # cockpit-ws can connect to other hosts via ssh
 corenet_tcp_connect_ssh_port(cockpit_ws_t)
 -- 
 2.26.2
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Wed Apr 28 15:18:37 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
 - allow cockpit socket to bind nodes (fix_cockpit.patch)
 - use %autosetup to get rid of endless patch lines
 -------------------------------------------------------------------
 Tue Apr 27 06:30:08 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -129,6 +129,8 @@ Patch048:       fix_apache.patch
 Patch049:       fix_nis.patch
 Patch050:       fix_libraries.patch
 Patch051:       fix_dovecot.patch
 # https://github.com/cockpit-project/cockpit/pull/15758
 Patch052:       fix_cockpit.patch
 Patch100:       sedoctool.patch
@ -386,58 +388,7 @@ fi;
 exit 0
 %prep
-%setup -n fedora-policy-%{version}
+%autosetup -n fedora-policy-%{version} -p1
 %patch001 -p1
 %patch002 -p1
 %patch003 -p1
 %patch004 -p1
 %patch005 -p1
 %patch006 -p1
 %patch007 -p1
 %patch008 -p1
 %patch009 -p1
 %patch010 -p1
 %patch011 -p1
 %patch012 -p1
 %patch013 -p1
 %patch014 -p1
 %patch016 -p1
 %patch017 -p1
 %patch018 -p1
 %patch019 -p1
 %patch020 -p1
 %patch021 -p1
 %patch022 -p1
 %patch024 -p1
 %patch025 -p1
 %patch026 -p1
 %patch027 -p1
 %patch028 -p1
 %patch029 -p1
 %patch030 -p1
 #% patch031 -p1
 %patch032 -p1
 %patch033 -p1
 %patch034 -p1
 %patch035 -p1
 %patch036 -p1
 %patch037 -p1
 %patch038 -p1
 %patch039 -p1
 %patch040 -p1
 %patch041 -p1
 %patch042 -p1
 #% patch043 -p1
 %patch044 -p1
 %patch045 -p1
 %patch046 -p1
 %patch047 -p1
 %patch048 -p1
 %patch049 -p1
 %patch050 -p1
 %patch051 -p1
 %patch100 -p1
 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \;
 %build