From 863e94abf16561f2f16aea373bfc5bc4dab2c58bbbfb0cca7c621d26cf62b49b Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 10 Feb 2022 10:24:00 +0000 Subject: [PATCH 1/2] Accepting request 953118 from home:fbonazzi:branches:security:SELinux - Fix bitlbee runtime directory (bsc#1193230) * add fix_bitlbee.patch OBS-URL: https://build.opensuse.org/request/show/953118 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=125 --- fix_bitlbee.patch | 12 ++++++++++++ selinux-policy.changes | 6 ++++++ selinux-policy.spec | 1 + 3 files changed, 19 insertions(+) create mode 100644 fix_bitlbee.patch diff --git a/fix_bitlbee.patch b/fix_bitlbee.patch new file mode 100644 index 0000000..2ce1749 --- /dev/null +++ b/fix_bitlbee.patch @@ -0,0 +1,12 @@ +Index: fedora-policy-20220124/policy/modules/contrib/bitlbee.fc +=================================================================== +--- fedora-policy-20220124.orig/policy/modules/contrib/bitlbee.fc ++++ fedora-policy-20220124/policy/modules/contrib/bitlbee.fc +@@ -9,6 +9,5 @@ + + /var/log/bip.* gen_context(system_u:object_r:bitlbee_log_t,s0) + +-/var/run/bitlbee\.pid -- gen_context(system_u:object_r:bitlbee_var_run_t,s0) +-/var/run/bitlbee\.sock -s gen_context(system_u:object_r:bitlbee_var_run_t,s0) ++/var/run/bitlbee(/.*)? gen_context(system_u:object_r:bitlbee_var_run_t,s0) + /var/run/bip(/.*)? gen_context(system_u:object_r:bitlbee_var_run_t,s0) diff --git a/selinux-policy.changes b/selinux-policy.changes index d0049cd..ed9d05f 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Feb 9 16:04:09 UTC 2022 - Filippo Bonazzi + +- Fix bitlbee runtime directory (bsc#1193230) + * add fix_bitlbee.patch + ------------------------------------------------------------------- Mon Jan 24 07:33:34 UTC 2022 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index 38c8223..137b9fd 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -139,6 +139,7 @@ Patch054: fix_kernel_sysctl.patch Patch055: fix_auditd.patch Patch056: fix_wine.patch Patch057: fix_hypervkvp.patch +Patch058: fix_bitlbee.patch Patch100: sedoctool.patch From 62d16518b25ebad16fef97be4c4769828f606bf9fbf0e46a61c5bccce7aa3b2e Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 10 Feb 2022 10:25:04 +0000 Subject: [PATCH 2/2] Accepting request 953125 from home:jsegitz:branches:security:SELinux - Updated fix_cron.patch. Adjust labeling for at (bsc#1195683) OBS-URL: https://build.opensuse.org/request/show/953125 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=126 --- fix_cron.patch | 25 ++++++++++++++++++------- selinux-policy.changes | 5 +++++ 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/fix_cron.patch b/fix_cron.patch index 6f6a125..e2ccb9a 100644 --- a/fix_cron.patch +++ b/fix_cron.patch @@ -1,7 +1,7 @@ -Index: fedora-policy-20210309/policy/modules/contrib/cron.fc +Index: fedora-policy-20220124/policy/modules/contrib/cron.fc =================================================================== ---- fedora-policy-20210309.orig/policy/modules/contrib/cron.fc -+++ fedora-policy-20210309/policy/modules/contrib/cron.fc +--- fedora-policy-20220124.orig/policy/modules/contrib/cron.fc ++++ fedora-policy-20220124/policy/modules/contrib/cron.fc @@ -34,7 +34,7 @@ /var/spool/cron -d gen_context(system_u:object_r:user_cron_spool_t,s0) @@ -11,7 +11,18 @@ Index: fedora-policy-20210309/policy/modules/contrib/cron.fc /var/spool/cron/crontabs -d gen_context(system_u:object_r:cron_spool_t,s0) /var/spool/cron/crontabs/.* -- <> -@@ -69,9 +69,3 @@ ifdef(`distro_gentoo',` +@@ -55,6 +55,10 @@ ifdef(`distro_suse', ` + /var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) + /var/spool/cron/lastrun/[^/]* -- <> + /var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0) ++ ++/var/spool/atjobs -d gen_context(system_u:object_r:cron_spool_t,s0) ++/var/spool/atjobs/.SEQ -- gen_context(system_u:object_r:user_cron_spool_t,s0) ++/var/spool/atjobs/[^/]* -- <> + ') + + ifdef(`distro_debian',` +@@ -69,9 +73,3 @@ ifdef(`distro_gentoo',` /var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) /var/spool/cron/lastrun/[^/]* -- <> ') @@ -21,10 +32,10 @@ Index: fedora-policy-20210309/policy/modules/contrib/cron.fc -/var/spool/cron/lastrun/[^/]* -- <> -/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0) -') -Index: fedora-policy-20210309/policy/modules/contrib/cron.if +Index: fedora-policy-20220124/policy/modules/contrib/cron.if =================================================================== ---- fedora-policy-20210309.orig/policy/modules/contrib/cron.if -+++ fedora-policy-20210309/policy/modules/contrib/cron.if +--- fedora-policy-20220124.orig/policy/modules/contrib/cron.if ++++ fedora-policy-20220124/policy/modules/contrib/cron.if @@ -1057,7 +1057,7 @@ interface(`cron_generic_log_filetrans_lo # interface(`cron_system_spool_entrypoint',` diff --git a/selinux-policy.changes b/selinux-policy.changes index ed9d05f..971e0ba 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 10 09:04:08 UTC 2022 - Johannes Segitz + +- Updated fix_cron.patch. Adjust labeling for at (bsc#1195683) + ------------------------------------------------------------------- Wed Feb 9 16:04:09 UTC 2022 - Filippo Bonazzi