From 6fcfb3a6002575917805aaa7371e7b6e49ad892e Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Fri, 2 Feb 2024 17:08:18 +0800 Subject: refpolicy: update to latest git rev Update to latest rev to fix policy for systemd 255. Signed-off-by: Yi Zhao Signed-off-by: Joe MacDonald --- ...c-add-fcontext-for-init-scripts-and-systemd-service.patch | 8 ++++---- ...olicy-modules-system-authlogin-fix-login-errors-aft.patch | 12 ++++++------ recipes-security/refpolicy/refpolicy_git.inc | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch index c47984d..5699e10 100644 --- a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch +++ b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch @@ -1,4 +1,4 @@ -From 1096b2eb1172506006691e90769e51a086b8374f Mon Sep 17 00:00:00 2001 +From 4784a7fe74fd3842c1ade228e148cd6f5d6fd22e Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Tue, 30 Jun 2020 10:45:57 +0800 Subject: [PATCH] fc: add fcontext for init scripts and systemd service files @@ -34,11 +34,11 @@ index 382c067f9..0ecc5acc4 100644 /usr/bin/rngd -- gen_context(system_u:object_r:rngd_exec_t,s0) diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc -index 75c2f0617..fa881ba2e 100644 +index 18c204908..95f06d8de 100644 --- a/policy/modules/services/rpc.fc +++ b/policy/modules/services/rpc.fc -@@ -1,7 +1,9 @@ - /etc/exports -- gen_context(system_u:object_r:exports_t,s0) +@@ -2,7 +2,9 @@ + /etc/exports\.d(/.*)? -- gen_context(system_u:object_r:exports_t,s0) /etc/rc\.d/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/nfsserver -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) diff --git a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch index 8a5dde6..a3b5e21 100644 --- a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch +++ b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch @@ -1,4 +1,4 @@ -From 2824a6c927bf6df4be997a138a27d159d533d08b Mon Sep 17 00:00:00 2001 +From b8b80a2a07c451a1c9dfc166efcd7985f7a0a966 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Fri, 8 Dec 2023 14:16:26 +0800 Subject: [PATCH] policy/modules/system/authlogin: fix login errors after @@ -45,27 +45,27 @@ Signed-off-by: Yi Zhao 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if -index cd34cd9dd..b867f58b9 100644 +index dce1a0ea9..c55cdfc09 100644 --- a/policy/modules/admin/su.if +++ b/policy/modules/admin/su.if -@@ -75,7 +75,7 @@ template(`su_restricted_domain_template', ` +@@ -76,7 +76,7 @@ template(`su_restricted_domain_template', ` selinux_compute_access_vector($1_su_t) auth_domtrans_chk_passwd($1_su_t) - auth_dontaudit_read_shadow($1_su_t) + auth_read_shadow($1_su_t) auth_use_nsswitch($1_su_t) + auth_create_faillog_files($1_su_t) auth_rw_faillog($1_su_t) - -@@ -176,7 +176,7 @@ template(`su_role_template',` +@@ -183,7 +183,7 @@ template(`su_role_template',` selinux_use_status_page($1_su_t) auth_domtrans_chk_passwd($1_su_t) - auth_dontaudit_read_shadow($1_su_t) + auth_read_shadow($1_su_t) auth_use_nsswitch($1_su_t) + auth_create_faillog_files($1_su_t) auth_rw_faillog($1_su_t) - diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index 3a5d1ac3e..f9d50a8d4 100644 --- a/policy/modules/system/authlogin.te diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index d739522..f09fc94 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc @@ -2,7 +2,7 @@ PV = "2.20231002+git${SRCPV}" SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy" -SRCREV_refpolicy ?= "d7d41288b162b8786de844bde6daac25e4485565" +SRCREV_refpolicy ?= "504feb7a98e2e70f774d6fe7107b5d1a5f2c6124" UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P\d+_\d+)" -- cgit v1.2.3-54-g00ecf