rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity
161 Commits 2 Branches 0 Tags 6.9 MiB
69818d8fec
Commit Graph

16 Commits

Author SHA256 Message Date
Johannes Segitz
9deff280f8 Accepting request 1042579 from home:jsegitz:branches:security:SELinux 
- Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and
  nm-priv-helper until the packaging is adjusted (bsc#1206355)
- Update fix_chronyd.patch to allow  sendto towards
  NetworkManager_dispatcher_custom_t. Added new interface
  networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357)
- Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895)

- Updated fix_networkmanager.patch to allow NetworkManager to watch
  net_conf_t (bsc#1206109)

OBS-URL: https://build.opensuse.org/request/show/1042579
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=161
 2022-12-13 09:20:16 +00:00
Johannes Segitz
b66c2b8ce6 Accepting request 1035580 from home:jsegitz:branches:security:SELinux 
- Update to version 20221019. Refreshed:
  * distro_suse_to_distro_redhat.patch
  * fix_apache.patch
  * fix_chronyd.patch
  * fix_cron.patch
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_rpm.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch
  * fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
  for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
  queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus

OBS-URL: https://build.opensuse.org/request/show/1035580
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=155
 2022-11-14 08:27:42 +00:00
OBS User buildservice-autocommit
124e8026e4 Updating link to change in openSUSE:Factory/selinux-policy revision 35 
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=74bbc58f85e33fdb068953a18504e591
 2022-10-24 09:13:01 +00:00
Johannes Segitz
71b9302857 Accepting request 1030151 from home:jsegitz:branches:security:SELinux 
- Update to version 20221019. Refreshed:
  * distro_suse_to_distro_redhat.patch
  * fix_apache.patch
  * fix_chronyd.patch
  * fix_cron.patch
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_rpm.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch
  * fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
  for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
  queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus

OBS-URL: https://build.opensuse.org/request/show/1030151
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=153
 2022-10-20 12:00:31 +00:00
Johannes Segitz
e785903b85 Accepting request 1007013 from home:jsegitz:branches:security:SELinux 
chrony helper script has proper label to be used by NetworkManager.
  Also allow NetworkManager_dispatcher_custom_t to query systemd status

OBS-URL: https://build.opensuse.org/request/show/1007013
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=148
 2022-09-29 15:51:37 +00:00
Johannes Segitz
d25433c6c5 Accepting request 1006965 from home:jsegitz:branches:security:SELinux 
- Update fix_networkmanager.patch to ensure NetworkManager chrony
  dispatcher is properly labled and update fix_chronyd.patch to ensure
  chrony helper script has proper label to be used by NetworkManager
  (bsc#1203824)

>>>>>>> ./selinux-policy.changes.new
- Revamped rtorrent module

OBS-URL: https://build.opensuse.org/request/show/1006965
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=147
 2022-09-29 14:06:49 +00:00
Johannes Segitz
2c8b63a3f9 Accepting request 991423 from home:cahu:branches:security:SELinux 
- fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t 
  and NetworkManager_dispatcher_custom_t to access nscd socket 
  (bsc#1201741)

OBS-URL: https://build.opensuse.org/request/show/991423
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=139
 2022-07-27 15:24:55 +00:00
Johannes Segitz
a7283c99d6 Accepting request 984855 from home:jsegitz:branches:security:SELinux 
- Update to version 20220624. Refreshed:
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_logging.patch
  * fix_networkmanager.patch
  * fix_unprivuser.patch
  Dropped fix_hadoop.patch, not necessary anymore
* Updated fix_locallogin.patch to allow accesses for nss-systemd 
  (bsc#1199630)

OBS-URL: https://build.opensuse.org/request/show/984855
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=132
 2022-06-24 09:40:15 +00:00
Johannes Segitz
0ae8014c7e Accepting request 978251 from home:jsegitz:branches:security:SELinux_3.3 
- Update to version 20220428. Refreshed:
  * fix_apache.patch
  * fix_hadoop.patch
  * fix_init.patch
  * fix_iptables.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unprivuser.patch
  * fix_usermanage.patch
  * fix_wine.patch

OBS-URL: https://build.opensuse.org/request/show/978251
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=129
 2022-05-20 09:46:20 +00:00
Johannes Segitz
3e76bf7c4f Accepting request 930934 from home:jsegitz:branches:security:SELinux 
- Update to version 20211111. Refreshed:
  * fix_dbus.patch
  * fix_systemd.patch
  * fix_authlogin.patch
  * fix_auditd.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_chronyd.patch
  * fix_unconfineduser.patch
  * fix_unconfined.patch
  * fix_firewalld.patch
  * fix_init.patch
  * fix_xserver.patch
  * fix_logging.patch
  * fix_hadoop.patch

OBS-URL: https://build.opensuse.org/request/show/930934
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=122
 2021-11-11 16:01:20 +00:00
Johannes Segitz
72477b3ac5 Accepting request 909369 from home:jsegitz:branches:security:SELinux 
- Update to version 20210716
- Remove interfaces for container module before building the package
  (bsc#1188184)
- Updated
  * fix_init.patch
  * fix_systemd_watch.patch
  to adapt to upstream changes

- Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing
  here

- Update to version 20210419
- Dropped fix_gift.patch, module was removed
- Updated wicked.te to removed dropped interface
- Refreshed:
  * fix_cockpit.patch
  * fix_hadoop.patch
  * fix_init.patch
  * fix_logging.patch
  * fix_logrotate.patch
  * fix_networkmanager.patch
  * fix_nscd.patch
  * fix_rpm.patch
  * fix_selinuxutil.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_thunderbird.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch

OBS-URL: https://build.opensuse.org/request/show/909369
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=113
 2021-07-30 09:07:13 +00:00
Johannes Segitz
3b70ecf210 Accepting request 890549 from home:jsegitz:branches:security:SELinux 
- Updated fix_networkmanager.patch to allow NetworkManager to watch
  its configuration directories
- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)

OBS-URL: https://build.opensuse.org/request/show/890549
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=105
 2021-05-05 07:01:43 +00:00
Johannes Segitz
21d0a40c65 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=96 2021-03-12 07:59:19 +00:00
Johannes Segitz
f9eb198b55 Accepting request 821528 from home:jsegitz:branches:security:SELinux 
- Update to version 20200717. Refreshed
  * fix_fwupd.patch
  * fix_hadoop.patch
  * fix_init.patch
  * fix_irqbalance.patch
  * fix_logrotate.patch
  * fix_nagios.patch
  * fix_networkmanager.patch
  * fix_postfix.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_thunderbird.patch
  * fix_unconfined.patch
  * fix_unprivuser.patch
  * selinux-policy.spec
- Added update.sh to make updating easier

- Updated fix_unconfineduser.patch to allow unconfined_dbusd_t access
  to accountsd dbus
- New patch:
  * fix_nis.patch
- Updated patches:
  * fix_postfix.patch: Transition is done in distribution specific script

OBS-URL: https://build.opensuse.org/request/show/821528
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=77
 2020-07-17 14:00:13 +00:00
Johannes Segitz
cf699a6f0f Accepting request 785956 from home:jsegitz:branches:security:SELinux 
- New patches:
  * fix_accountsd.patch
  * fix_automount.patch
  * fix_colord.patch
  * fix_mcelog.patch
  * fix_sslh.patch
  * fix_nagios.patch
  * fix_openvpn.patch
  * fix_cron.patch
  * fix_usermanage.patch
  * fix_smartmon.patch
  * fix_geoclue.patch
  * suse_specific.patch
  Default systems should now work without selinuxuser_execmod
- Removed xdm_entrypoint_pam.patch, necessary change is in
  fix_unconfineduser.patch
- Enable SUSE specific settings again

OBS-URL: https://build.opensuse.org/request/show/785956
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=75
 2020-03-17 14:46:20 +00:00
Johannes Segitz
1fd70ac29b Accepting request 781805 from home:jsegitz:branches:security:SELinux 
- Update to version 20200219
  Refreshed fix_hadoop.patch
  Updated 
  * fix_dbus.patch
  * fix_hadoop.patch
  * fix_nscd.patch
  * fix_xserver.patch
  Renamed postfix_paths.patch to fix_postfix.patch
  Added
  * fix_init.patch
  * fix_locallogin.patch
  * fix_policykit.patch
  * fix_iptables.patch
  * fix_irqbalance.patch
  * fix_ntp.patch
  * fix_fwupd.patch
  * fix_firewalld.patch
  * fix_logrotate.patch
  * fix_selinuxutil.patch
  * fix_corecommand.patch
  * fix_snapper.patch
  * fix_systemd.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_chronyd.patch
  * fix_networkmanager.patch
  * xdm_entrypoint_pam.patch
- Removed modules minimum_temp_fixes and targeted_temp_fixes
  from the corresponding policies
- Reduced default module list of minimum policy by removing

OBS-URL: https://build.opensuse.org/request/show/781805
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=74
 2020-03-05 10:13:59 +00:00