From a23aef3763c827c4e0f319b92754333f6eeb986d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 10 2019 10:07:08 +0000 Subject: import selinux-policy-3.13.1-229.el7a.17 --- diff --git a/SOURCES/0001-Label-usr-lib64-libcuda.so.XX.XX-library-as-textrel_.patch b/SOURCES/0001-Label-usr-lib64-libcuda.so.XX.XX-library-as-textrel_.patch new file mode 100644 index 0000000..fed43c4 --- /dev/null +++ b/SOURCES/0001-Label-usr-lib64-libcuda.so.XX.XX-library-as-textrel_.patch @@ -0,0 +1,25 @@ +From a5d307242d52b2464983d3a7bd06f6666cf19514 Mon Sep 17 00:00:00 2001 +From: Lukas Vrabec +Date: Tue, 12 Mar 2019 13:01:30 +0100 +Subject: [PATCH 01/10] Label /usr/lib64/libcuda.so.XX.XX library as + textrel_shlib_t. Resolves: rhbz#1636197 + +--- + policy/modules/system/libraries.fc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc +index 10006d658..354e282d6 100644 +--- a/policy/modules/system/libraries.fc ++++ b/policy/modules/system/libraries.fc +@@ -156,6 +156,7 @@ ifdef(`distro_redhat',` + /usr/lib/libzvbi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib/libnvidia\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ++/usr/lib/libcuda\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib.*/libnvidia\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib/nero/plug-ins/libMP3\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +-- +2.21.0 + diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index a47e230..a150d4b 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 229%{?dist}.15 +Release: 229%{?dist}.17 License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -28,6 +28,7 @@ patch0: policy-rhel-7.6-base.patch patch3: policy-rhel-7.6.z-base.patch patch1: policy-rhel-7.6-contrib.patch patch2: policy-rhel-7.6.z-contrib.patch +patch4: 0001-Label-usr-lib64-libcuda.so.XX.XX-library-as-textrel_.patch Source1: modules-targeted-base.conf Source31: modules-targeted-contrib.conf Source2: booleans-targeted.conf @@ -347,6 +348,7 @@ contrib_path=`pwd` %setup -n serefpolicy-%{version} -q %patch0 -p1 %patch3 -p1 +%patch4 -p1 refpolicy_path=`pwd` cp $contrib_path/* $refpolicy_path/policy/modules/contrib rm -rf $refpolicy_path/policy/modules/contrib/kubernetes.* @@ -657,6 +659,14 @@ fi %endif %changelog +* Wed Oct 31 2019 Lukas Vrabec - 3.13.1-229.17 +- Bump release because of issue with probre build candidate tags +Resolves: rhbz#1636197 + +* Tue Aug 20 2019 Lukas Vrabec - 3.13.1-229.16 +Label /usr/lib64/libcuda.so.XX.XX library as textrel_shlib_t. +Resolves: rhbz#1636197 + * Wed Jul 10 2019 Lukas Vrabec - 3.13.1-229.15 - Allow sbd_t domain to use nsswitch Resolves: rhbz#1728592