refpolicy: update to latest git rev

Update to latest rev to fix policy for systemd 255. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
author: Yi Zhao <yi.zhao@windriver.com> 2024-02-02 17:08:18 +0800
committer: Joe MacDonald <joe@deserted.net> 2024-02-27 12:30:21 -0500
commit: 6fcfb3a6002575917805aaa7371e7b6e49ad892e (patch)
tree: 4bdf0e2a677bf98a43cc2074184783c4bed49ba0
parent: f4f7ef11cda2fc6c74eede7502dc7c52e7d27371 (diff)
download: meta-selinux-6fcfb3a6002575917805aaa7371e7b6e49ad892e.tar.gz
3 files changed, 11 insertions, 11 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch
index c47984d..5699e10 100644
--- a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch
+++ b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch
@@ -1,4 +1,4 @@
-From 1096b2eb1172506006691e90769e51a086b8374f Mon Sep 17 00:00:00 2001
+From 4784a7fe74fd3842c1ade228e148cd6f5d6fd22e Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Tue, 30 Jun 2020 10:45:57 +0800
 Subject: [PATCH] fc: add fcontext for init scripts and systemd service files
@@ -34,11 +34,11 @@ index 382c067f9..0ecc5acc4 100644
 /usr/bin/rngd  --      gen_context(system_u:object_r:rngd_exec_t,s0)
 
 diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc
-index 75c2f0617..fa881ba2e 100644
+index 18c204908..95f06d8de 100644
 --- a/policy/modules/services/rpc.fc
 +++ b/policy/modules/services/rpc.fc
-@@ -1,7 +1,9 @@
+@@ -2,7 +2,9 @@
- /etc/exports   --      gen_context(system_u:object_r:exports_t,s0)
+ /etc/exports\.d(/.*)?  --      gen_context(system_u:object_r:exports_t,s0)
 
 /etc/rc\.d/init\.d/nfs --      gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/nfsserver   --      gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
diff --git a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch
index 8a5dde6..a3b5e21 100644
--- a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch
+++ b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch
@@ -1,4 +1,4 @@
-From 2824a6c927bf6df4be997a138a27d159d533d08b Mon Sep 17 00:00:00 2001
+From b8b80a2a07c451a1c9dfc166efcd7985f7a0a966 Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Fri, 8 Dec 2023 14:16:26 +0800
 Subject: [PATCH] policy/modules/system/authlogin: fix login errors after
@@ -45,27 +45,27 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 3 files changed, 5 insertions(+), 3 deletions(-)
 diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
-index cd34cd9dd..b867f58b9 100644
+index dce1a0ea9..c55cdfc09 100644
 --- a/policy/modules/admin/su.if
 +++ b/policy/modules/admin/su.if
-@@ -75,7 +75,7 @@ template(`su_restricted_domain_template', `
+@@ -76,7 +76,7 @@ template(`su_restricted_domain_template', `
        selinux_compute_access_vector($1_su_t)
 
        auth_domtrans_chk_passwd($1_su_t)
 -       auth_dontaudit_read_shadow($1_su_t)
 +       auth_read_shadow($1_su_t)
        auth_use_nsswitch($1_su_t)
+        auth_create_faillog_files($1_su_t)
        auth_rw_faillog($1_su_t)
- 
+@@ -183,7 +183,7 @@ template(`su_role_template',`
-@@ -176,7 +176,7 @@ template(`su_role_template',`
        selinux_use_status_page($1_su_t)
 
        auth_domtrans_chk_passwd($1_su_t)
 -       auth_dontaudit_read_shadow($1_su_t)
 +       auth_read_shadow($1_su_t)
        auth_use_nsswitch($1_su_t)
+        auth_create_faillog_files($1_su_t)
        auth_rw_faillog($1_su_t)
- 
 diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
 index 3a5d1ac3e..f9d50a8d4 100644
 --- a/policy/modules/system/authlogin.te
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index d739522..f09fc94 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -2,7 +2,7 @@ PV = "2.20231002+git${SRCPV}"
 SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy"
-SRCREV_refpolicy ?= "d7d41288b162b8786de844bde6daac25e4485565"
+SRCREV_refpolicy ?= "504feb7a98e2e70f774d6fe7107b5d1a5f2c6124"
 UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)"
author	Yi Zhao <yi.zhao@windriver.com>	2024-02-02 17:08:18 +0800
committer	Joe MacDonald <joe@deserted.net>	2024-02-27 12:30:21 -0500
commit	6fcfb3a6002575917805aaa7371e7b6e49ad892e (patch)
tree	4bdf0e2a677bf98a43cc2074184783c4bed49ba0
parent	f4f7ef11cda2fc6c74eede7502dc7c52e7d27371 (diff)
download	meta-selinux-6fcfb3a6002575917805aaa7371e7b6e49ad892e.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch index c47984d..5699e10 100644 --- a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch +++ b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch
@@ -1,4 +1,4 @@
1	From 1096b2eb1172506006691e90769e51a086b8374f Mon Sep 17 00:00:00 2001	1	From 4784a7fe74fd3842c1ade228e148cd6f5d6fd22e Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>	2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Tue, 30 Jun 2020 10:45:57 +0800	3	Date: Tue, 30 Jun 2020 10:45:57 +0800
4	Subject: [PATCH] fc: add fcontext for init scripts and systemd service files	4	Subject: [PATCH] fc: add fcontext for init scripts and systemd service files
@@ -34,11 +34,11 @@ index 382c067f9..0ecc5acc4 100644
34	/usr/bin/rngd -- gen_context(system_u:object_r:rngd_exec_t,s0)	34	/usr/bin/rngd -- gen_context(system_u:object_r:rngd_exec_t,s0)
35		35
36	diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc	36	diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc
37	index 75c2f0617..fa881ba2e 100644	37	index 18c204908..95f06d8de 100644
38	--- a/policy/modules/services/rpc.fc	38	--- a/policy/modules/services/rpc.fc
39	+++ b/policy/modules/services/rpc.fc	39	+++ b/policy/modules/services/rpc.fc
40	@@ -1,7 +1,9 @@	40	@@ -2,7 +2,9 @@
41	/etc/exports -- gen_context(system_u:object_r:exports_t,s0)	41	/etc/exports\.d(/.*)? -- gen_context(system_u:object_r:exports_t,s0)
42		42
43	/etc/rc\.d/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)	43	/etc/rc\.d/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
44	+/etc/rc\.d/init\.d/nfsserver -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)	44	+/etc/rc\.d/init\.d/nfsserver -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)


diff --git a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch index 8a5dde6..a3b5e21 100644 --- a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch +++ b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch
@@ -1,4 +1,4 @@
1	From 2824a6c927bf6df4be997a138a27d159d533d08b Mon Sep 17 00:00:00 2001	1	From b8b80a2a07c451a1c9dfc166efcd7985f7a0a966 Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>	2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Fri, 8 Dec 2023 14:16:26 +0800	3	Date: Fri, 8 Dec 2023 14:16:26 +0800
4	Subject: [PATCH] policy/modules/system/authlogin: fix login errors after	4	Subject: [PATCH] policy/modules/system/authlogin: fix login errors after
@@ -45,27 +45,27 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
45	3 files changed, 5 insertions(+), 3 deletions(-)	45	3 files changed, 5 insertions(+), 3 deletions(-)
46		46
47	diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if	47	diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
48	index cd34cd9dd..b867f58b9 100644	48	index dce1a0ea9..c55cdfc09 100644
49	--- a/policy/modules/admin/su.if	49	--- a/policy/modules/admin/su.if
50	+++ b/policy/modules/admin/su.if	50	+++ b/policy/modules/admin/su.if
51	@@ -75,7 +75,7 @@ template(`su_restricted_domain_template', `	51	@@ -76,7 +76,7 @@ template(`su_restricted_domain_template', `
52	selinux_compute_access_vector($1_su_t)	52	selinux_compute_access_vector($1_su_t)
53		53
54	auth_domtrans_chk_passwd($1_su_t)	54	auth_domtrans_chk_passwd($1_su_t)
55	- auth_dontaudit_read_shadow($1_su_t)	55	- auth_dontaudit_read_shadow($1_su_t)
56	+ auth_read_shadow($1_su_t)	56	+ auth_read_shadow($1_su_t)
57	auth_use_nsswitch($1_su_t)	57	auth_use_nsswitch($1_su_t)
		58	auth_create_faillog_files($1_su_t)
58	auth_rw_faillog($1_su_t)	59	auth_rw_faillog($1_su_t)
59		60	@@ -183,7 +183,7 @@ template(`su_role_template',`
60	@@ -176,7 +176,7 @@ template(`su_role_template',`
61	selinux_use_status_page($1_su_t)	61	selinux_use_status_page($1_su_t)
62		62
63	auth_domtrans_chk_passwd($1_su_t)	63	auth_domtrans_chk_passwd($1_su_t)
64	- auth_dontaudit_read_shadow($1_su_t)	64	- auth_dontaudit_read_shadow($1_su_t)
65	+ auth_read_shadow($1_su_t)	65	+ auth_read_shadow($1_su_t)
66	auth_use_nsswitch($1_su_t)	66	auth_use_nsswitch($1_su_t)
		67	auth_create_faillog_files($1_su_t)
67	auth_rw_faillog($1_su_t)	68	auth_rw_faillog($1_su_t)
68
69	diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te	69	diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
70	index 3a5d1ac3e..f9d50a8d4 100644	70	index 3a5d1ac3e..f9d50a8d4 100644
71	--- a/policy/modules/system/authlogin.te	71	--- a/policy/modules/system/authlogin.te


diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index d739522..f09fc94 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -2,7 +2,7 @@ PV = "2.20231002+git${SRCPV}"
2		2
3	SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy"	3	SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy"
4		4
5	SRCREV_refpolicy ?= "d7d41288b162b8786de844bde6daac25e4485565"	5	SRCREV_refpolicy ?= "504feb7a98e2e70f774d6fe7107b5d1a5f2c6124"
6		6
7	UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)"	7	UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)"
8		8