rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity

Accepting request 1039252 from security:SELinux

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1039252
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=38
This commit is contained in:
Dominique Leuenberger 2022-12-02 12:12:00 +00:00 committed by Git OBS Bridge
commit d47fb333dd
2 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
fix_irqbalance.patch
View File

@ -1,16 +1,13 @@
Index: fedora-policy/policy/modules/contrib/irqbalance.te
Index: fedora-policy-20221019/policy/modules/contrib/irqbalance.te
===================================================================
--- fedora-policy.orig/policy/modules/contrib/irqbalance.te
+++ fedora-policy/policy/modules/contrib/irqbalance.te
@@ -29,8 +29,11 @@ allow irqbalance_t self:udp_socket creat
--- fedora-policy-20221019.orig/policy/modules/contrib/irqbalance.te
+++ fedora-policy-20221019/policy/modules/contrib/irqbalance.te
@@ -24,7 +24,7 @@ files_pid_file(irqbalance_var_run_t)
allow irqbalance_t self:capability { setpcap net_admin };
dontaudit irqbalance_t self:capability sys_tty_config;
allow irqbalance_t self:process { getcap getsched setcap signal_perms };
-allow irqbalance_t self:udp_socket create_socket_perms;
+allow irqbalance_t self:{udp_socket netlink_generic_socket} create_socket_perms;
manage_dirs_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
+manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, { dir file sock_file })
+init_nnp_daemon_domain(irqbalance_t)
+
kernel_read_network_state(irqbalance_t)
kernel_read_system_state(irqbalance_t)
kernel_read_kernel_sysctls(irqbalance_t)

10
selinux-policy.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Nov 30 19:28:58 UTC 2022 - Filippo Bonazzi <filippo.bonazzi@suse.com>
- Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434)
-------------------------------------------------------------------
Wed Nov 30 19:08:33 UTC 2022 - Filippo Bonazzi <filippo.bonazzi@suse.com>
- Drop fix_irqbalance.patch: superseded by upstream
-------------------------------------------------------------------
Thu Nov 24 13:40:16 UTC 2022 - Hu <cathy.hu@suse.com>