From f38e8c8e53943b0de93da115bf66e48426120cf8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 10 2020 09:49:37 +0000 Subject: import selinux-policy-3.13.1-268.el7_9.2 --- diff --git a/SOURCES/policy-rhel-7.9.z-base.patch b/SOURCES/policy-rhel-7.9.z-base.patch new file mode 100644 index 0000000..8aa44c7 --- /dev/null +++ b/SOURCES/policy-rhel-7.9.z-base.patch @@ -0,0 +1,13 @@ +diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if +index e229517afa..53c780b2e7 100644 +--- a/policy/modules/system/miscfiles.if ++++ b/policy/modules/system/miscfiles.if +@@ -81,7 +81,7 @@ interface(`miscfiles_manage_all_certs',` + attribute cert_type; + ') + +- allow $1 cert_type:dir list_dir_perms; ++ manage_dirs_pattern($1, cert_type, cert_type) + manage_files_pattern($1, cert_type, cert_type) + manage_lnk_files_pattern($1, cert_type, cert_type) + ') diff --git a/SOURCES/policy-rhel-7.9.z-contrib.patch b/SOURCES/policy-rhel-7.9.z-contrib.patch new file mode 100644 index 0000000..de773a9 --- /dev/null +++ b/SOURCES/policy-rhel-7.9.z-contrib.patch @@ -0,0 +1,36 @@ +diff --git a/glusterd.te b/glusterd.te +index 382d67a996..322a4fe005 100644 +--- a/glusterd.te ++++ b/glusterd.te +@@ -331,3 +331,16 @@ optional_policy(` + optional_policy(` + ssh_exec(glusterd_t) + ') ++ ++ ++######################################## ++# ++# Local policy for ssh_keygen ++# ++ ++gen_require(` ++ type ssh_keygen_t; ++') ++ ++manage_dirs_pattern(ssh_keygen_t, glusterd_var_lib_t, glusterd_var_lib_t) ++manage_files_pattern(ssh_keygen_t, glusterd_var_lib_t, glusterd_var_lib_t) +diff --git a/ldap.te b/ldap.te +index 1c922b3402..9079ab40eb 100644 +--- a/ldap.te ++++ b/ldap.te +@@ -57,8 +57,8 @@ allow slapd_t self:process { setsched signal } ; + allow slapd_t self:fifo_file rw_fifo_file_perms; + allow slapd_t self:tcp_socket { accept listen }; + +-allow slapd_t slapd_cert_t:dir list_dir_perms; +-read_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t) ++manage_dirs_pattern(slapd_t, slapd_cert_t, slapd_cert_t) ++manage_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t) + read_lnk_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t) + + manage_dirs_pattern(slapd_t, slapd_db_t, slapd_db_t) diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index cdb2268..c2c80b4 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -20,12 +20,14 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 268%{?dist} +Release: 268%{?dist}.2 License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz patch0: policy-rhel-7.9-base.patch patch1: policy-rhel-7.9-contrib.patch +patch2: policy-rhel-7.9.z-base.patch +patch3: policy-rhel-7.9.z-contrib.patch Source1: modules-targeted-base.conf Source31: modules-targeted-contrib.conf Source2: booleans-targeted.conf @@ -340,9 +342,11 @@ Based off of reference policy: Checked out revision 2.20091117 %prep %setup -n serefpolicy-contrib-%{version} -q -b 29 %patch1 -p1 +%patch3 -p1 contrib_path=`pwd` %setup -n serefpolicy-%{version} -q %patch0 -p1 +%patch2 -p1 refpolicy_path=`pwd` cp $contrib_path/* $refpolicy_path/policy/modules/contrib rm -rf $refpolicy_path/policy/modules/contrib/kubernetes.* @@ -653,6 +657,18 @@ fi %endif %changelog +* Thu Oct 29 2020 Zdenek Pytela - 3.13.1-268.2 +- Allow certmonger add new entries in a generic certificates directory +Resolves: rhbz#1879496 +- Allow slapd add new entries in ldap certificates directory +Resolves: rhbz#1879496 +- Add miscfiles_add_entry_generic_cert_dirs() interface +Resolves: rhbz#1879496 + +* Mon Sep 07 2020 Zdenek Pytela - 3.13.1-268.1 +- Allow ssh-keygen create file in /var/lib/glusterd +Resolves: rhbz#1867995 + * Tue May 12 2020 Zdenek Pytela - 3.13.1-268 - Allow rhsmd read process state of all domains and kernel threads Resolves: rhbz#1837461