From f46ad9aabe199200d96c2491720b6ea9642c367f10a22cc772a7741bfe3d2ad3 Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Thu, 1 Dec 2022 07:07:05 +0000
Subject: [PATCH] Accepting request 1039192 from
 home:fbonazzi:branches:security:SELinux

- Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434)
- Drop fix_irqbalance.patch: superseded by upstream

OBS-URL: https://build.opensuse.org/request/show/1039192
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=159
---
 fix_irqbalance.patch   | 23 ++++++++++-------------
 selinux-policy.changes | 10 ++++++++++
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/fix_irqbalance.patch b/fix_irqbalance.patch
index c4b3952..3760aa3 100644
--- a/fix_irqbalance.patch
+++ b/fix_irqbalance.patch
@@ -1,16 +1,13 @@
-Index: fedora-policy/policy/modules/contrib/irqbalance.te
+Index: fedora-policy-20221019/policy/modules/contrib/irqbalance.te
 ===================================================================
---- fedora-policy.orig/policy/modules/contrib/irqbalance.te
-+++ fedora-policy/policy/modules/contrib/irqbalance.te
-@@ -29,8 +29,11 @@ allow irqbalance_t self:udp_socket creat
+--- fedora-policy-20221019.orig/policy/modules/contrib/irqbalance.te
++++ fedora-policy-20221019/policy/modules/contrib/irqbalance.te
+@@ -24,7 +24,7 @@ files_pid_file(irqbalance_var_run_t)
+ allow irqbalance_t self:capability { setpcap net_admin };
+ dontaudit irqbalance_t self:capability sys_tty_config;
+ allow irqbalance_t self:process { getcap getsched setcap signal_perms };
+-allow irqbalance_t self:udp_socket create_socket_perms;
++allow irqbalance_t self:{udp_socket netlink_generic_socket} create_socket_perms;
+ 
  manage_dirs_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
  manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
- manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
-+manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
- files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, { dir file sock_file })
- 
-+init_nnp_daemon_domain(irqbalance_t)
-+
- kernel_read_network_state(irqbalance_t)
- kernel_read_system_state(irqbalance_t)
- kernel_read_kernel_sysctls(irqbalance_t)
diff --git a/selinux-policy.changes b/selinux-policy.changes
index 11c7ec3..d6c8d64 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Nov 30 19:28:58 UTC 2022 - Filippo Bonazzi <filippo.bonazzi@suse.com>
+
+- Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434)
+
+-------------------------------------------------------------------
+Wed Nov 30 19:08:33 UTC 2022 - Filippo Bonazzi <filippo.bonazzi@suse.com>
+
+- Drop fix_irqbalance.patch: superseded by upstream
+
 -------------------------------------------------------------------
 Thu Nov 24 13:40:16 UTC 2022 - Hu <cathy.hu@suse.com>