rpms
/
selinux-policy
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i8c
rpms:c8
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i9-beta
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta
rpms:i8c-beta
rpms:c8-beta
...
pull from: rpms:i9-beta
Branches Tags
rpms:i8c
rpms:c8
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i9-beta
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta
rpms:i8c-beta
rpms:c8-beta

No commits in common. 'c9' and 'i9-beta' have entirely different histories.
c9 ... i9-beta

4 changed files with 60 additions and 17 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1,2 +1,2 @@
SOURCES/container-selinux.tgz
SOURCES/selinux-policy-0113b35.tar.gz
SOURCES/selinux-policy-b98a9aa.tar.gz

4
.selinux-policy.metadata
Unescape View File

@ -1,2 +1,2 @@
484f3f9e443621ccd65c42d11229424a36bf58b9 SOURCES/container-selinux.tgz
430470dababaa6af18348fc2f8f0fe2108b50e05 SOURCES/selinux-policy-0113b35.tar.gz
83e255994e12003389147092377c0b3d5f51f7c3 SOURCES/container-selinux.tgz
045b58e800983c60b5994d3d765544ccfc787c6d SOURCES/selinux-policy-b98a9aa.tar.gz

44
SOURCES/selinux-policy-focal-moh-spi.patch
Unescape View File

@ -0,0 +1,44 @@
--- selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.if.orig 2024-11-18 22:57:25.780148480 +0300
+++ selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.if 2024-11-18 22:52:43.561598444 +0300
@@ -6806,6 +6806,7 @@
type smartcard_device_t;
type mtrr_device_t;
type ecryptfs_device_t;
+ type fprintd_device_t;
type mptctl_device_t;
type hypervkvp_device_t;
type hypervvssd_device_t;
@@ -6988,6 +6989,7 @@
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb7")
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb8")
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb9")
+ filetrans_pattern($1, device_t, fprintd_device_t, chr_file, "focal_moh_spi")
filetrans_pattern($1, device_t, null_device_t, chr_file, "full")
filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw0")
filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw1")
--- selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.fc.orig 2024-11-18 23:04:01.420517717 +0300
+++ selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.fc 2024-11-18 23:04:54.842432548 +0300
@@ -39,6 +39,7 @@
/dev/event.* -c gen_context(system_u:object_r:event_device_t,s0)
/dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
+/dev/focal_moh_spi -c gen_context(system_u:object_r:fprintd_device_t,s0)
/dev/full -c gen_context(system_u:object_r:null_device_t,s0)
/dev/fw.* -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/gfx -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
--- selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.te.orig 2024-11-18 23:31:22.140887322 +0300
+++ selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.te 2024-11-18 23:33:28.487683696 +0300
@@ -132,6 +132,12 @@
dev_node(framebuf_device_t)
#
+# Type for fpr /dev/focal_moh_spi
+#
+type fprintd_device_t;
+dev_node(fprintd_device_t)
+
+#
# Type for hyperv devices
#
type hypervkvp_device_t;

27
SPECS/selinux-policy.spec
Unescape View File

@ -1,6 +1,6 @@
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 0113b35519369e628e7fcd87af000cfcd4b1fa6c
%global commit b98a9aa153fa314a437f7f979d06efdb191f5a24
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
@ -23,8 +23,8 @@
%define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 38.1.45
Release: 3%{?dist}
Version: 38.1.44
Release: 1%{?dist}.inferit
License: GPLv2+
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf
@ -64,6 +64,10 @@ Source36: selinux-check-proper-disable.service
# Provide rpm macros for packages installing SELinux modules
Source102: rpm.macros
# MSVSphere
# Added policy fprintd_t for facal fingerprint driver
Patch0: selinux-policy-focal-moh-spi.patch
Url: %{giturl}
BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
@ -404,6 +408,7 @@ end
%prep
%setup -n %{name}-%{commit} -q
%patch -P0 -p1 -b .focal
tar -C policy/modules/contrib -xf %{SOURCE35}
mkdir selinux_config
@ -809,17 +814,8 @@ exit 0
%endif
%changelog
* Mon Sep 16 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-3
- Rebuild
Resolves: RHEL-55414
* Wed Sep 04 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-2
- Rebuild
Resolves: RHEL-55414
* Thu Aug 29 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.45-1
- Allow setsebool_t relabel selinux data files
Resolves: RHEL-55414
* Tue Nov 19 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 38.1.44-1.inferit
- Added policy fprintd_t for focal fingerprint
* Mon Aug 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.44-1
- Allow coreos-installer-generator work with partitions
@ -1387,6 +1383,9 @@ Resolves: rhbz#2203359
- Allow snmpd read raw disk data
Resolves: rhbz#2196528
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 38.1.12-1
- Rebuilt for MSVSphere 9.2 beta
* Fri Apr 14 2023 Nikola Knazekova <nknazeko@redhat.com> - 38.1.12-1
- Allow cloud-init domain transition to insights-client domain
Resolves: rhbz#2162663

Write Preview
Loading…
Cancel
Save