From f9eb198b554413b7b00f1681608f3b09fcea5441f80b368b10af07d7f2b8da78 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Fri, 17 Jul 2020 14:00:13 +0000 Subject: [PATCH] Accepting request 821528 from home:jsegitz:branches:security:SELinux - Update to version 20200717. Refreshed * fix_fwupd.patch * fix_hadoop.patch * fix_init.patch * fix_irqbalance.patch * fix_logrotate.patch * fix_nagios.patch * fix_networkmanager.patch * fix_postfix.patch * fix_sysnetwork.patch * fix_systemd.patch * fix_thunderbird.patch * fix_unconfined.patch * fix_unprivuser.patch * selinux-policy.spec - Added update.sh to make updating easier - Updated fix_unconfineduser.patch to allow unconfined_dbusd_t access to accountsd dbus - New patch: * fix_nis.patch - Updated patches: * fix_postfix.patch: Transition is done in distribution specific script OBS-URL: https://build.opensuse.org/request/show/821528 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=77 --- fedora-policy.20200219.tar.bz2 | 3 --- fedora-policy.20200717.tar.bz2 | 3 +++ fix_fwupd.patch | 6 +++--- fix_hadoop.patch | 12 ++++++------ fix_init.patch | 14 +++++++------- fix_irqbalance.patch | 16 +++++++--------- fix_logrotate.patch | 6 +++--- fix_nagios.patch | 2 +- fix_networkmanager.patch | 4 ++-- fix_nis.patch | 12 ++++++++++++ fix_postfix.patch | 7 ++++--- fix_sysnetwork.patch | 8 ++++---- fix_systemd.patch | 4 ++-- fix_thunderbird.patch | 6 +++--- fix_unconfined.patch | 4 ++-- fix_unconfineduser.patch | 6 +++++- fix_unprivuser.patch | 2 +- selinux-policy.changes | 30 ++++++++++++++++++++++++++++++ selinux-policy.spec | 4 +++- update.sh | 25 +++++++++++++++++++++++++ 20 files changed, 123 insertions(+), 51 deletions(-) delete mode 100644 fedora-policy.20200219.tar.bz2 create mode 100644 fedora-policy.20200717.tar.bz2 create mode 100644 fix_nis.patch create mode 100644 update.sh diff --git a/fedora-policy.20200219.tar.bz2 b/fedora-policy.20200219.tar.bz2 deleted file mode 100644 index 258bc73..0000000 --- a/fedora-policy.20200219.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:62cd90fa977ee00fd42a249690e13ad8fb87de95d06a1f12e86d05695544844d -size 735114 diff --git a/fedora-policy.20200717.tar.bz2 b/fedora-policy.20200717.tar.bz2 new file mode 100644 index 0000000..69fa9bc --- /dev/null +++ b/fedora-policy.20200717.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9cce9137b42c72c260c989e8a35153681b4fda9c9bcabda80816393683cd0304 +size 752394 diff --git a/fix_fwupd.patch b/fix_fwupd.patch index 0a069b7..30bc0ae 100644 --- a/fix_fwupd.patch +++ b/fix_fwupd.patch @@ -1,7 +1,7 @@ Index: fedora-policy/policy/modules/contrib/fwupd.fc =================================================================== ---- fedora-policy.orig/policy/modules/contrib/fwupd.fc 2020-02-19 09:36:31.784283432 +0000 -+++ fedora-policy/policy/modules/contrib/fwupd.fc 2020-02-21 14:24:21.739179426 +0000 +--- fedora-policy.orig/policy/modules/contrib/fwupd.fc ++++ fedora-policy/policy/modules/contrib/fwupd.fc @@ -4,6 +4,7 @@ /etc/pki/(fwupd|fwupd-metadata)(/.*)? gen_context(system_u:object_r:fwupd_cert_t,s0) @@ -9,4 +9,4 @@ Index: fedora-policy/policy/modules/contrib/fwupd.fc +/usr/lib/fwupd/fwupd -- gen_context(system_u:object_r:fwupd_exec_t,s0) /var/cache/app-info(/.*)? gen_context(system_u:object_r:fwupd_cache_t,s0) - + /var/cache/fwupd(/.*)? gen_context(system_u:object_r:fwupd_cache_t,s0) diff --git a/fix_hadoop.patch b/fix_hadoop.patch index 34039ec..b679cd8 100644 --- a/fix_hadoop.patch +++ b/fix_hadoop.patch @@ -1,8 +1,8 @@ Index: fedora-policy/policy/modules/roles/sysadm.te =================================================================== ---- fedora-policy.orig/policy/modules/roles/sysadm.te 2020-02-19 09:08:50.433854051 +0000 -+++ fedora-policy/policy/modules/roles/sysadm.te 2020-02-19 09:17:47.026397710 +0000 -@@ -289,10 +289,6 @@ optional_policy(` +--- fedora-policy.orig/policy/modules/roles/sysadm.te ++++ fedora-policy/policy/modules/roles/sysadm.te +@@ -293,10 +293,6 @@ optional_policy(` ') optional_policy(` @@ -15,9 +15,9 @@ Index: fedora-policy/policy/modules/roles/sysadm.te Index: fedora-policy/policy/modules/roles/unprivuser.te =================================================================== ---- fedora-policy.orig/policy/modules/roles/unprivuser.te 2020-02-19 09:08:50.433854051 +0000 -+++ fedora-policy/policy/modules/roles/unprivuser.te 2020-02-19 09:17:47.030397773 +0000 -@@ -197,10 +197,6 @@ ifndef(`distro_redhat',` +--- fedora-policy.orig/policy/modules/roles/unprivuser.te ++++ fedora-policy/policy/modules/roles/unprivuser.te +@@ -200,10 +200,6 @@ ifndef(`distro_redhat',` ') optional_policy(` diff --git a/fix_init.patch b/fix_init.patch index b115e91..ffbff36 100644 --- a/fix_init.patch +++ b/fix_init.patch @@ -2,7 +2,7 @@ Index: fedora-policy/policy/modules/system/init.te =================================================================== --- fedora-policy.orig/policy/modules/system/init.te +++ fedora-policy/policy/modules/system/init.te -@@ -250,6 +250,7 @@ corecmd_exec_bin(init_t) +@@ -257,6 +257,7 @@ corecmd_exec_bin(init_t) corenet_all_recvfrom_netlabel(init_t) corenet_tcp_bind_all_ports(init_t) corenet_udp_bind_all_ports(init_t) @@ -10,7 +10,7 @@ Index: fedora-policy/policy/modules/system/init.te dev_create_all_files(init_t) dev_create_all_chr_files(init_t) -@@ -370,6 +371,7 @@ logging_manage_audit_config(init_t) +@@ -378,6 +379,7 @@ logging_manage_audit_config(init_t) logging_create_syslog_netlink_audit_socket(init_t) logging_write_var_log_dirs(init_t) logging_manage_var_log_symlinks(init_t) @@ -18,7 +18,7 @@ Index: fedora-policy/policy/modules/system/init.te seutil_read_config(init_t) seutil_read_login_config(init_t) -@@ -419,10 +421,15 @@ ifdef(`distro_redhat',` +@@ -427,10 +429,15 @@ ifdef(`distro_redhat',` corecmd_shell_domtrans(init_t, initrc_t) storage_raw_rw_fixed_disk(init_t) @@ -34,7 +34,7 @@ Index: fedora-policy/policy/modules/system/init.te bootloader_domtrans(init_t) ') -@@ -536,7 +543,7 @@ tunable_policy(`init_create_dirs',` +@@ -544,7 +551,7 @@ tunable_policy(`init_create_dirs',` allow init_t self:system all_system_perms; allow init_t self:system module_load; allow init_t self:unix_dgram_socket { create_socket_perms sendto }; @@ -43,7 +43,7 @@ Index: fedora-policy/policy/modules/system/init.te allow init_t self:process { getcap setcap }; allow init_t self:unix_stream_socket { create_stream_socket_perms connectto recvfrom }; allow init_t self:netlink_kobject_uevent_socket create_socket_perms; -@@ -598,6 +605,7 @@ files_delete_all_spool_sockets(init_t) +@@ -606,6 +613,7 @@ files_delete_all_spool_sockets(init_t) files_create_var_lib_dirs(init_t) files_create_var_lib_symlinks(init_t) files_read_var_lib_symlinks(init_t) @@ -51,7 +51,7 @@ Index: fedora-policy/policy/modules/system/init.te files_manage_urandom_seed(init_t) files_list_locks(init_t) files_list_spool(init_t) -@@ -689,6 +697,7 @@ systemd_userdbd_runtime_manage_symlinks( +@@ -698,6 +706,7 @@ systemd_write_inherited_logind_sessions_ create_sock_files_pattern(init_t, init_sock_file_type, init_sock_file_type) create_dirs_pattern(init_t, var_log_t, var_log_t) @@ -59,7 +59,7 @@ Index: fedora-policy/policy/modules/system/init.te auth_use_nsswitch(init_t) auth_rw_login_records(init_t) -@@ -1525,6 +1534,8 @@ optional_policy(` +@@ -1543,6 +1552,8 @@ optional_policy(` optional_policy(` postfix_list_spool(initrc_t) diff --git a/fix_irqbalance.patch b/fix_irqbalance.patch index 34017eb..c4b3952 100644 --- a/fix_irqbalance.patch +++ b/fix_irqbalance.patch @@ -2,17 +2,15 @@ Index: fedora-policy/policy/modules/contrib/irqbalance.te =================================================================== --- fedora-policy.orig/policy/modules/contrib/irqbalance.te +++ fedora-policy/policy/modules/contrib/irqbalance.te -@@ -25,8 +25,12 @@ dontaudit irqbalance_t self:capability s - allow irqbalance_t self:process { getcap getsched setcap signal_perms }; - allow irqbalance_t self:udp_socket create_socket_perms; - -+manage_dirs_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t) +@@ -29,8 +29,11 @@ allow irqbalance_t self:udp_socket creat + manage_dirs_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t) manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t) --files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file) + manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t) +manage_sock_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t) -+files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, { dir file sock_file }) -+ -+init_nnp_daemon_domain(irqbalance_t) + files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, { dir file sock_file }) ++init_nnp_daemon_domain(irqbalance_t) ++ kernel_read_network_state(irqbalance_t) kernel_read_system_state(irqbalance_t) + kernel_read_kernel_sysctls(irqbalance_t) diff --git a/fix_logrotate.patch b/fix_logrotate.patch index a640d77..1b6fe37 100644 --- a/fix_logrotate.patch +++ b/fix_logrotate.patch @@ -1,8 +1,8 @@ Index: fedora-policy/policy/modules/contrib/logrotate.te =================================================================== ---- fedora-policy.orig/policy/modules/contrib/logrotate.te 2020-02-19 09:36:31.796283623 +0000 -+++ fedora-policy/policy/modules/contrib/logrotate.te 2020-02-24 07:54:50.138294492 +0000 -@@ -100,6 +100,7 @@ files_var_lib_filetrans(logrotate_t, log +--- fedora-policy.orig/policy/modules/contrib/logrotate.te ++++ fedora-policy/policy/modules/contrib/logrotate.te +@@ -107,6 +107,7 @@ files_var_lib_filetrans(logrotate_t, log kernel_read_system_state(logrotate_t) kernel_read_kernel_sysctls(logrotate_t) diff --git a/fix_nagios.patch b/fix_nagios.patch index b5cf110..ddb660c 100644 --- a/fix_nagios.patch +++ b/fix_nagios.patch @@ -14,7 +14,7 @@ Index: fedora-policy/policy/modules/contrib/nagios.te =================================================================== --- fedora-policy.orig/policy/modules/contrib/nagios.te +++ fedora-policy/policy/modules/contrib/nagios.te -@@ -155,6 +155,7 @@ allow nagios_t nagios_spool_t:file map; +@@ -157,6 +157,7 @@ allow nagios_t nagios_spool_t:file map; manage_files_pattern(nagios_t, nagios_var_lib_t, nagios_var_lib_t) manage_fifo_files_pattern(nagios_t, nagios_var_lib_t, nagios_var_lib_t) manage_dirs_pattern(nagios_t, nagios_var_lib_t, nagios_var_lib_t) diff --git a/fix_networkmanager.patch b/fix_networkmanager.patch index 54cf282..40b77db 100644 --- a/fix_networkmanager.patch +++ b/fix_networkmanager.patch @@ -2,7 +2,7 @@ Index: fedora-policy/policy/modules/contrib/networkmanager.te =================================================================== --- fedora-policy.orig/policy/modules/contrib/networkmanager.te +++ fedora-policy/policy/modules/contrib/networkmanager.te -@@ -233,6 +233,9 @@ userdom_read_home_certs(NetworkManager_t +@@ -236,6 +236,9 @@ userdom_read_home_certs(NetworkManager_t userdom_read_user_home_content_files(NetworkManager_t) userdom_dgram_send(NetworkManager_t) @@ -12,7 +12,7 @@ Index: fedora-policy/policy/modules/contrib/networkmanager.te tunable_policy(`use_nfs_home_dirs',` fs_read_nfs_files(NetworkManager_t) ') -@@ -250,6 +253,14 @@ optional_policy(` +@@ -253,6 +256,14 @@ optional_policy(` ') optional_policy(` diff --git a/fix_nis.patch b/fix_nis.patch new file mode 100644 index 0000000..117562c --- /dev/null +++ b/fix_nis.patch @@ -0,0 +1,12 @@ +Index: fedora-policy/policy/modules/contrib/nis.te +=================================================================== +--- fedora-policy.orig/policy/modules/contrib/nis.te ++++ fedora-policy/policy/modules/contrib/nis.te +@@ -78,6 +78,7 @@ manage_files_pattern(ypbind_t, ypbind_va + files_pid_filetrans(ypbind_t, ypbind_var_run_t, file) + + manage_files_pattern(ypbind_t, var_yp_t, var_yp_t) ++manage_dirs_pattern(ypbind_t, var_yp_t, var_yp_t) + + kernel_read_system_state(ypbind_t) + kernel_read_kernel_sysctls(ypbind_t) diff --git a/fix_postfix.patch b/fix_postfix.patch index 392cf71..3f9b14f 100644 --- a/fix_postfix.patch +++ b/fix_postfix.patch @@ -70,11 +70,12 @@ Index: fedora-policy/policy/modules/contrib/postfix.te =================================================================== --- fedora-policy.orig/policy/modules/contrib/postfix.te +++ fedora-policy/policy/modules/contrib/postfix.te -@@ -447,6 +447,13 @@ logging_send_syslog_msg(postfix_map_t) +@@ -447,6 +447,14 @@ logging_send_syslog_msg(postfix_map_t) userdom_use_inherited_user_ptys(postfix_map_t) +corecmd_exec_bin(postfix_map_t) ++allow postfix_map_t postfix_map_exec_t:file execute_no_trans; +init_ioctl_stream_sockets(postfix_map_t) + +optional_policy(` @@ -84,7 +85,7 @@ Index: fedora-policy/policy/modules/contrib/postfix.te optional_policy(` locallogin_dontaudit_use_fds(postfix_map_t) ') -@@ -687,6 +694,14 @@ corenet_tcp_connect_spamd_port(postfix_m +@@ -687,6 +695,14 @@ corenet_tcp_connect_spamd_port(postfix_m files_search_all_mountpoints(postfix_smtp_t) optional_policy(` @@ -97,5 +98,5 @@ Index: fedora-policy/policy/modules/contrib/postfix.te + +optional_policy(` cyrus_stream_connect(postfix_smtp_t) + cyrus_runtime_stream_connect(postfix_smtp_t) ') - diff --git a/fix_sysnetwork.patch b/fix_sysnetwork.patch index ef929e2..844d87f 100644 --- a/fix_sysnetwork.patch +++ b/fix_sysnetwork.patch @@ -1,13 +1,13 @@ Index: fedora-policy/policy/modules/system/sysnetwork.fc =================================================================== ---- fedora-policy.orig/policy/modules/system/sysnetwork.fc 2019-08-05 09:39:39.121510745 +0200 -+++ fedora-policy/policy/modules/system/sysnetwork.fc 2019-08-21 13:47:17.253328905 +0200 +--- fedora-policy.orig/policy/modules/system/sysnetwork.fc ++++ fedora-policy/policy/modules/system/sysnetwork.fc @@ -102,6 +102,8 @@ ifdef(`distro_debian',` /var/run/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0) ') +/var/run/netconfig(/.*)? gen_context(system_u:object_r:net_conf_t,s0) + - /var/run/netns(/.*)? gen_context(system_u:object_r:ifconfig_var_run_t,s0) - /etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0) + /var/run/netns -d gen_context(system_u:object_r:ifconfig_var_run_t,s0) + /var/run/netns/[^/]+ <> diff --git a/fix_systemd.patch b/fix_systemd.patch index c7737e8..5dbba95 100644 --- a/fix_systemd.patch +++ b/fix_systemd.patch @@ -2,7 +2,7 @@ Index: fedora-policy/policy/modules/system/systemd.te =================================================================== --- fedora-policy.orig/policy/modules/system/systemd.te +++ fedora-policy/policy/modules/system/systemd.te -@@ -328,6 +328,10 @@ userdom_manage_user_tmp_chr_files(system +@@ -332,6 +332,10 @@ userdom_manage_user_tmp_chr_files(system xserver_dbus_chat(systemd_logind_t) optional_policy(` @@ -13,7 +13,7 @@ Index: fedora-policy/policy/modules/system/systemd.te apache_read_tmp_files(systemd_logind_t) ') -@@ -817,6 +821,10 @@ optional_policy(` +@@ -823,6 +827,10 @@ optional_policy(` dbus_connect_system_bus(systemd_hostnamed_t) ') diff --git a/fix_thunderbird.patch b/fix_thunderbird.patch index 93ceda7..0e2ee48 100644 --- a/fix_thunderbird.patch +++ b/fix_thunderbird.patch @@ -1,8 +1,8 @@ Index: fedora-policy/policy/modules/contrib/thunderbird.te =================================================================== ---- fedora-policy.orig/policy/modules/contrib/thunderbird.te 2019-08-21 13:42:54.325021721 +0200 -+++ fedora-policy/policy/modules/contrib/thunderbird.te 2019-08-21 13:42:58.249085986 +0200 -@@ -138,7 +138,6 @@ optional_policy(` +--- fedora-policy.orig/policy/modules/contrib/thunderbird.te ++++ fedora-policy/policy/modules/contrib/thunderbird.te +@@ -139,7 +139,6 @@ optional_policy(` optional_policy(` gnome_stream_connect_gconf(thunderbird_t) gnome_domtrans_gconfd(thunderbird_t) diff --git a/fix_unconfined.patch b/fix_unconfined.patch index 261628c..468bdf3 100644 --- a/fix_unconfined.patch +++ b/fix_unconfined.patch @@ -1,7 +1,7 @@ Index: fedora-policy/policy/modules/system/unconfined.te =================================================================== ---- fedora-policy.orig/policy/modules/system/unconfined.te 2020-02-19 09:36:25.444182470 +0000 -+++ fedora-policy/policy/modules/system/unconfined.te 2020-02-24 15:14:59.222899685 +0000 +--- fedora-policy.orig/policy/modules/system/unconfined.te ++++ fedora-policy/policy/modules/system/unconfined.te @@ -1,5 +1,10 @@ policy_module(unconfined, 3.5.0) diff --git a/fix_unconfineduser.patch b/fix_unconfineduser.patch index c542f6a..36ae7e1 100644 --- a/fix_unconfineduser.patch +++ b/fix_unconfineduser.patch @@ -25,10 +25,14 @@ Index: fedora-policy/policy/modules/roles/unconfineduser.te chrome_role_notrans(unconfined_r, unconfined_t) tunable_policy(`unconfined_chrome_sandbox_transition',` -@@ -244,6 +253,14 @@ optional_policy(` +@@ -244,6 +253,18 @@ optional_policy(` dbus_stub(unconfined_t) optional_policy(` ++ accountsd_dbus_chat(unconfined_dbusd_t) ++ ') ++ ++ optional_policy(` + networkmanager_dbus_chat(unconfined_dbusd_t) + ') + diff --git a/fix_unprivuser.patch b/fix_unprivuser.patch index 7cbb3b4..28f2e24 100644 --- a/fix_unprivuser.patch +++ b/fix_unprivuser.patch @@ -2,7 +2,7 @@ Index: fedora-policy/policy/modules/roles/unprivuser.te =================================================================== --- fedora-policy.orig/policy/modules/roles/unprivuser.te +++ fedora-policy/policy/modules/roles/unprivuser.te -@@ -281,6 +281,13 @@ ifndef(`distro_redhat',` +@@ -289,6 +289,13 @@ ifndef(`distro_redhat',` ') optional_policy(` diff --git a/selinux-policy.changes b/selinux-policy.changes index f3b81c2..c532fd2 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Fri Jul 17 08:30:52 UTC 2020 - Johannes Segitz + +- Update to version 20200717. Refreshed + * fix_fwupd.patch + * fix_hadoop.patch + * fix_init.patch + * fix_irqbalance.patch + * fix_logrotate.patch + * fix_nagios.patch + * fix_networkmanager.patch + * fix_postfix.patch + * fix_sysnetwork.patch + * fix_systemd.patch + * fix_thunderbird.patch + * fix_unconfined.patch + * fix_unprivuser.patch + * selinux-policy.spec +- Added update.sh to make updating easier + +------------------------------------------------------------------- +Tue Jul 14 13:18:43 UTC 2020 - Johannes Segitz + +- Updated fix_unconfineduser.patch to allow unconfined_dbusd_t access + to accountsd dbus +- New patch: + * fix_nis.patch +- Updated patches: + * fix_postfix.patch: Transition is done in distribution specific script + ------------------------------------------------------------------- Tue Jun 2 14:45:37 UTC 2020 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index f4b739a..af9867c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -66,7 +66,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20200219 +Version: 20200717 Release: 0 Source: fedora-policy.%{version}.tar.bz2 @@ -159,6 +159,7 @@ Patch045: fix_screen.patch Patch046: fix_unprivuser.patch Patch047: fix_rpm.patch Patch048: fix_apache.patch +Patch049: fix_nis.patch Patch100: sedoctool.patch @@ -414,6 +415,7 @@ systems and used as the basis for creating other policies. %patch046 -p1 %patch047 -p1 %patch048 -p1 +%patch049 -p1 %patch100 -p1 find . -type f -exec sed -i -e "s/distro_suse/distro_redhat/" \{\} \; diff --git a/update.sh b/update.sh new file mode 100644 index 0000000..3db7a02 --- /dev/null +++ b/update.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +date=$(date '+%Y%m%d') + +echo Update to $date + +rm -rf fedora-policy container-selinux selinux-policy-contrib + +git clone --depth 1 https://github.com/fedora-selinux/selinux-policy.git +git clone --depth 1 https://github.com/fedora-selinux/selinux-policy-contrib.git +git clone --depth 1 https://github.com/containers/container-selinux.git + +mv selinux-policy fedora-policy +rm -rf fedora-policy/.git* +mv selinux-policy-contrib/* fedora-policy/policy/modules/contrib/ +mv container-selinux/* fedora-policy/policy/modules/contrib/ + +rm -f fedora-policy.$date.tar* +tar cf fedora-policy.$date.tar fedora-policy +bzip2 fedora-policy.$date.tar +rm -rf fedora-policy container-selinux selinux-policy-contrib + +sed -i -e "s/^Version:.*/Version: $date/" selinux-policy.spec + +echo "remove old tar file, then osc addremove"