PR#5: systemd 252.4-598.7 hyperscale release - rpms/systemd

rpms / systemd

#5 systemd 252.4-598.7 hyperscale release

Closed 2 years ago by daandemeyer. Opened 2 years ago by daandemeyer.

rpms/ daandemeyer/systemd v252-4.597.7-c8s into c8s-sig-hyperscale

systemd 252.4-598.7 hyperscale release

Daan De Meyer • 2 years ago

10eaf0

sources

file modified

+2 -2

		`@@ -1,2 +1,2 @@`
		`- SHA512 (systemd-hs-252.4.tar.gz) = 81d249262de886492582ee0c2c5ea68e0b5a7ce9c047ccbdd0bb0b028090c9ba9d31e0297d4f550192ffdde88e8f0664752f8e149c86d323a7aa0b3a5ac97c83`
		`- SHA512 (systemd-hs+fb-252.4.tar.gz) = 658eedf146dbcf5e0866145c4524252ff49eb89e98c2f93ad4c5181f10f7ebb8e65f7d4e9a238267f878c3d59baa45c733e965babbcd614a29e6f6818a1343cb`
		`+ SHA512 (systemd-hs-252.4.tar.gz) = 2200da8d76c1940545d4184389e104b878d7538a320748235e12ecfaca293d7075ba0bd432589eff059740e30066f14ac05757e6a309992cee1978ad3dbba0d2`
		`+ SHA512 (systemd-hs+fb-252.4.tar.gz) = ae5462c7263e94b30d4552df6c8e1c5371ce86eda2e8dd78e1a5ec80938d5cd9f79b7611e34487748296958af51a6e7f69042f5f6adff3c75b4b41b1b3b6ec86`

systemd.spec

file modified

+9 -4

		`@@ -4,9 +4,9 @@`
		`%global stable 1`

		`%if 0%{?facebook}`
		`- %global hs_commit 6f34e02bc885d5bf248eac0914e4605380ef82c9`
		`+ %global hs_commit 5a240fdebea1f6b24cb9b15cd1e5c19c851ce1fa`
		`%else`
		`- %global hs_commit ab2623c42b43d997d5ccd1d3f1f7a224b09245d8`
		`+ %global hs_commit ebdc7d8d718bc0aa48f18a2517ed209271a319b1`
		`%endif`

		`# We ship a .pc file but don't want to have a dep on pkg-config. We`
		`@@ -43,7 +43,7 @@`
		`Url: https://pagure.io/centos-sig-hyperscale/systemd`
		`%if %{without inplace}`
		`Version: 252.4`
		`- Release: 598.6%{?dist}`
		`+ Release: 598.7%{?dist}`
		`%else`
		`# determine the build information from local checkout`
		`Version: %(tools/meson-vcs-tag.sh . error \| sed -r 's/-([0-9])/.^\1/; s/-g/_g/')`
		`@@ -85,6 +85,7 @@`
		`Source100: Makefile.selinux`
		`Source101: systemd_hs.te`
		`Source102: systemd_hs.if`
		`+ Source103: systemd_hs.fc`

		`%if 0`
		`GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable`
		`@@ -527,7 +528,7 @@`

		`%if %{with selinux}`
		`mkdir selinux`
		`- cp %SOURCE100 %SOURCE101 %SOURCE102 selinux`
		`+ cp %SOURCE100 %SOURCE101 %SOURCE102 %SOURCE103 selinux`
		`%endif`

		`%build`
		`@@ -1155,6 +1156,10 @@`

		`%changelog`

		`+ * Wed Jan 04 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 252.4-598.7`
		`+ - Backport udev rules fix`
		`+ - Fix selinux module`
		`+`
		`* Wed Jan 04 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 252.4-598.6`
		`- Bump release for 252.4`
		`- Sync from rawhide`

systemd_hs.fc

file added

		`@@ -0,0 +1,2 @@`
		`+ /usr/lib/systemd/libsystemd-core-.+\.so.* -- system_u:object_r:lib_t:s0`
		`+ /usr/lib/systemd/libsystemd-shared-.+\.so.* -- system_u:object_r:lib_t:s0`

systemd_hs.te

file modified

+30 -41

		`@@ -2,67 +2,56 @@`

		`# systemd overrides for 247`
		gen_require(`
		`- type avahi_t;`
		`- type cgroup_t;`
		`type init_t;`
		`type init_var_run_t;`
		`- type initrc_t;`
		`- class dbus send_msg;`
		`- type install_t;`
		`type kmsg_device_t;`
		`- type policykit_auth_t;`
		`- type policykit_t;`
		`type proc_kmsg_t;`
		`- type rpm_t;`
		`- type system_dbusd_t;`
		`- type system_dbusd_var_run_t;`
		`+ type proc_security_t;`
		`type systemd_hostnamed_t;`
		`type systemd_localed_t;`
		`type systemd_logind_t;`
		`- type systemd_machined_t;`
		`type systemd_resolved_t;`
		`type systemd_tmpfiles_t;`
		`+ type systemd_hwdb_t;`
		`+ type systemd_sysctl_t;`
		`type security_t;`
		`- type sssd_t;`
		`+ type tpm_device_t;`
		`+ type ramfs_t;`
		`+ type shadow_t;`
		`type syslogd_t;`
		`- type udev_var_run_t;`
		`type user_tmp_t;`
		`- type useradd_t;`
		`- type xdm_t;`
		`+ type systemd_machined_t;`
		`+ type system_dbusd_var_run_t;`
		`+ type systemd_networkd_t;`
		`')`

		`- allow avahi_t init_var_run_t:dir read;`
		`+ #============= init_t ==============`
		`allow init_t kmsg_device_t:chr_file mounton;`
		`allow init_t proc_kmsg_t:file { getattr mounton };`
		`- allow init_t system_dbusd_var_run_t:sock_file read;`
		`- allow init_t systemd_machined_t:unix_stream_socket connectto;`
		`- allow policykit_auth_t init_var_run_t:dir read;`
		`- allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto;`
		`- allow policykit_t systemd_machined_t:unix_stream_socket connectto;`
		`- allow sssd_t cgroup_t:filesystem getattr;`
		`- allow syslogd_t user_tmp_t:lnk_file read;`
		`- allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto;`
		`- allow systemd_hostnamed_t init_var_run_t:dir write;`
		`- allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read };`
		`- allow systemd_hostnamed_t initrc_t:dbus send_msg;`
		`- allow systemd_hostnamed_t install_t:dbus send_msg;`
		`- allow systemd_hostnamed_t udev_var_run_t:file getattr;`
		`- allow systemd_hostnamed_t udev_var_run_t:file open;`
		`- allow systemd_hostnamed_t udev_var_run_t:file read;`
		`- allow systemd_logind_t self:netlink_selinux_socket bind;`
		`- allow systemd_logind_t self:netlink_selinux_socket create;`
		`- allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;`
		`- allow systemd_logind_t user_tmp_t:chr_file unlink;`
		`- allow systemd_machined_t init_var_run_t:sock_file create;`
		`- allow sssd_t cgroup_t:dir search;`
		`- allow sssd_t cgroup_t:filesystem getattr;`
		`- allow useradd_t init_var_run_t:dir read;`
		`- allow xdm_t systemd_machined_t:unix_stream_socket connectto;`
		`+ allow init_t ramfs_t:file manage_file_perms;`
		`+ allow init_t tpm_device_t:chr_file { read write open };`
		`+ allow init_t shadow_t:file { read open };`
		`+`
		`+ #============= systemd_hwdb_t ==============`
		`+ allow systemd_hwdb_t security_t:file { read open };`
		`+ allow systemd_hwdb_t self:netlink_selinux_socket { create bind };`
		`+`
		`+ #============= systemd_sysctl_t ==============`
		`+ allow systemd_sysctl_t proc_security_t:file read;`
		`+`
		`+ #============= syslogd_t ==============`
		`+ allow syslogd_t user_tmp_t:dir search;`
		`+`
		`+ #============= systemd_machined_t ==============`
		`+ allow systemd_machined_t init_var_run_t:sock_file manage_sock_file_perms;`
		`+`
		`+ #============= systemd_networkd_t ==============`
		`+ allow systemd_networkd_t system_dbusd_var_run_t:sock_file watch;`

		`selinux_use_status_page(init_t)`
		`- selinux_use_status_page(rpm_t)`
		`selinux_use_status_page(systemd_hostnamed_t)`
		`selinux_use_status_page(systemd_localed_t)`
		`selinux_use_status_page(systemd_logind_t)`
		`selinux_use_status_page(systemd_resolved_t)`
		`selinux_use_status_page(systemd_tmpfiles_t)`
		`+ selinux_use_status_page(systemd_hwdb_t)`