#7 systemd 252.4-598.7 hyperscale release
Merged 2 years ago by daandemeyer. Opened 2 years ago by daandemeyer.
rpms/ daandemeyer/systemd v252.4-598.7-c8s  into  c8s-sig-hyperscale

file modified
+2 -2
@@ -1,2 +1,2 @@ 

- SHA512 (systemd-hs-252.4.tar.gz) = 81d249262de886492582ee0c2c5ea68e0b5a7ce9c047ccbdd0bb0b028090c9ba9d31e0297d4f550192ffdde88e8f0664752f8e149c86d323a7aa0b3a5ac97c83

- SHA512 (systemd-hs+fb-252.4.tar.gz) = 658eedf146dbcf5e0866145c4524252ff49eb89e98c2f93ad4c5181f10f7ebb8e65f7d4e9a238267f878c3d59baa45c733e965babbcd614a29e6f6818a1343cb

+ SHA512 (systemd-hs-252.4.tar.gz) = 2200da8d76c1940545d4184389e104b878d7538a320748235e12ecfaca293d7075ba0bd432589eff059740e30066f14ac05757e6a309992cee1978ad3dbba0d2

+ SHA512 (systemd-hs+fb-252.4.tar.gz) = ae5462c7263e94b30d4552df6c8e1c5371ce86eda2e8dd78e1a5ec80938d5cd9f79b7611e34487748296958af51a6e7f69042f5f6adff3c75b4b41b1b3b6ec86

file modified
+9 -4
@@ -4,9 +4,9 @@ 

  %global stable 1

  

  %if 0%{?facebook}

- %global hs_commit 6f34e02bc885d5bf248eac0914e4605380ef82c9

+ %global hs_commit 5a240fdebea1f6b24cb9b15cd1e5c19c851ce1fa

  %else

- %global hs_commit ab2623c42b43d997d5ccd1d3f1f7a224b09245d8

+ %global hs_commit ebdc7d8d718bc0aa48f18a2517ed209271a319b1

  %endif

  

  # We ship a .pc file but don't want to have a dep on pkg-config. We
@@ -43,7 +43,7 @@ 

  Url:            https://pagure.io/centos-sig-hyperscale/systemd

  %if %{without inplace}

  Version:        252.4

- Release:        598.6%{?dist}

+ Release:        598.7%{?dist}

  %else

  # determine the build information from local checkout

  Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@@ -85,6 +85,7 @@ 

  Source100:      Makefile.selinux

  Source101:      systemd_hs.te

  Source102:      systemd_hs.if

+ Source103:      systemd_hs.fc

  

  %if 0

  GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
@@ -527,7 +528,7 @@ 

  

  %if %{with selinux}

  mkdir selinux

- cp %SOURCE100 %SOURCE101 %SOURCE102 selinux

+ cp %SOURCE100 %SOURCE101 %SOURCE102 %SOURCE103 selinux

  %endif

  

  %build
@@ -1155,6 +1156,10 @@ 

  

  %changelog

  

+ * Wed Jan 04 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 252.4-598.7

+ - Backport udev rules fix

+ - Fix selinux module

+ 

  * Wed Jan 04 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 252.4-598.6

  - Bump release for 252.4

  - Sync from rawhide

file added
+2
@@ -0,0 +1,2 @@ 

+ /usr/lib/systemd/libsystemd-core-.+\.so.* --        system_u:object_r:lib_t:s0

+ /usr/lib/systemd/libsystemd-shared-.+\.so.* --      system_u:object_r:lib_t:s0

file modified
+30 -41
@@ -2,67 +2,56 @@ 

  

  # systemd overrides for 247

  gen_require(`

- 	type avahi_t;

- 	type cgroup_t;

  	type init_t;

  	type init_var_run_t;

- 	type initrc_t;

- 	class dbus send_msg;

- 	type install_t;

  	type kmsg_device_t;

- 	type policykit_auth_t;

- 	type policykit_t;

  	type proc_kmsg_t;

- 	type rpm_t;

- 	type system_dbusd_t;

- 	type system_dbusd_var_run_t;

+ 	type proc_security_t;

  	type systemd_hostnamed_t;

  	type systemd_localed_t;

  	type systemd_logind_t;

- 	type systemd_machined_t;

  	type systemd_resolved_t;

  	type systemd_tmpfiles_t;

+ 	type systemd_hwdb_t;

+ 	type systemd_sysctl_t;

  	type security_t;

- 	type sssd_t;

+ 	type tpm_device_t;

+ 	type ramfs_t;

+ 	type shadow_t;

  	type syslogd_t;

- 	type udev_var_run_t;

  	type user_tmp_t;

- 	type useradd_t;

- 	type xdm_t;

+ 	type systemd_machined_t;

+ 	type system_dbusd_var_run_t;

+ 	type systemd_networkd_t;

  ')

  

- allow avahi_t init_var_run_t:dir read;

+ #============= init_t ==============

  allow init_t kmsg_device_t:chr_file mounton;

  allow init_t proc_kmsg_t:file { getattr mounton };

- allow init_t system_dbusd_var_run_t:sock_file read;

- allow init_t systemd_machined_t:unix_stream_socket connectto;

- allow policykit_auth_t init_var_run_t:dir read;

- allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto;

- allow policykit_t systemd_machined_t:unix_stream_socket connectto;

- allow sssd_t cgroup_t:filesystem getattr;

- allow syslogd_t user_tmp_t:lnk_file read;

- allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto;

- allow systemd_hostnamed_t init_var_run_t:dir write;

- allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read };

- allow systemd_hostnamed_t initrc_t:dbus send_msg;

- allow systemd_hostnamed_t install_t:dbus send_msg;

- allow systemd_hostnamed_t udev_var_run_t:file getattr;

- allow systemd_hostnamed_t udev_var_run_t:file open;

- allow systemd_hostnamed_t udev_var_run_t:file read;

- allow systemd_logind_t self:netlink_selinux_socket bind;

- allow systemd_logind_t self:netlink_selinux_socket create;

- allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;

- allow systemd_logind_t user_tmp_t:chr_file unlink;

- allow systemd_machined_t init_var_run_t:sock_file create;

- allow sssd_t cgroup_t:dir search;

- allow sssd_t cgroup_t:filesystem getattr;

- allow useradd_t init_var_run_t:dir read;

- allow xdm_t systemd_machined_t:unix_stream_socket connectto;

+ allow init_t ramfs_t:file manage_file_perms;

+ allow init_t tpm_device_t:chr_file { read write open };

+ allow init_t shadow_t:file { read open };

+ 

+ #============= systemd_hwdb_t ==============

+ allow systemd_hwdb_t security_t:file { read open };

+ allow systemd_hwdb_t self:netlink_selinux_socket { create bind };

+ 

+ #============= systemd_sysctl_t ==============

+ allow systemd_sysctl_t proc_security_t:file read;

+ 

+ #============= syslogd_t ==============

+ allow syslogd_t user_tmp_t:dir search;

+ 

+ #============= systemd_machined_t ==============

+ allow systemd_machined_t init_var_run_t:sock_file manage_sock_file_perms;

+ 

+ #============= systemd_networkd_t ==============

+ allow systemd_networkd_t system_dbusd_var_run_t:sock_file watch;

  

  selinux_use_status_page(init_t)

- selinux_use_status_page(rpm_t)

  selinux_use_status_page(systemd_hostnamed_t)

  selinux_use_status_page(systemd_localed_t)

  selinux_use_status_page(systemd_logind_t)

  selinux_use_status_page(systemd_resolved_t)

  selinux_use_status_page(systemd_tmpfiles_t)

+ selinux_use_status_page(systemd_hwdb_t)

no initial comment

Pull-Request has been merged by daandemeyer

2 years ago