Update selinux policy for a pcp-5.3.7-7 patched rebuild

Related: rhbz#2072971
2022-05-09 12:41:34 +10:00 · 2022-05-09 12:41:34 +10:00 · 0db4b30a66
parent 46da9c65c4
commit 0db4b30a66
2 changed files with 8 additions and 8 deletions
--- a/pcp.spec
+++ b/pcp.spec
@ -1,6 +1,6 @@
 Name:    pcp
 Version: 5.3.7
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: System-level performance monitoring and performance management
 License: GPLv2+ and LGPLv2+ and CC-BY
 URL:     https://pcp.io
@ -3353,7 +3353,7 @@ PCP_LOG_DIR=%{_logsdir}
 %files zeroconf -f pcp-zeroconf-files.rpm
 %changelog
-* Thu May 06 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-6
+* Mon May 09 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-7
 - Additional selinux policy rules for pmdasockets (BZ 1981886)
 * Thu May 05 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-5
--- a/redhat-bugzilla-1981886-pmdasockets-backporting.patch
+++ b/redhat-bugzilla-1981886-pmdasockets-backporting.patch
@ -416,7 +416,7 @@ index 1a1b1428c..1462c5ccb 100644
 endif
 ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true"
-commit 2ad43633709acd01427b3ec48577cd2502bf6023
+commit a6222992fe5f97f94bdddd928ce9557be1918bfd
 Author: Jan Kurik <jkurik@redhat.com>
 Date:   Fri May 6 08:04:46 2022 +1000
@ -430,7 +430,7 @@ Date:   Fri May 6 08:04:46 2022 +1000
    Related to Red Hat BZ #1981886.
 diff --git a/qa/917.out.in b/qa/917.out.in
-index 6a4356a12..f50ddc3c7 100644
+index 6a4356a12..723193aa2 100644
 --- a/qa/917.out.in
 +++ b/qa/917.out.in
@@ -156,7 +156,7 @@ Checking policies.
@ -438,12 +438,12 @@ index 6a4356a12..f50ddc3c7 100644
 ! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read };
 ! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans };
 -! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };
-+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { getattr ioctl nlmsg_read nlmsg_write read write };
+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };
   allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write };
   allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl };
   allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read };
 diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs
-index 1462c5ccb..e6c34db3a 100644
+index 1462c5ccb..9733aead9 100644
 --- a/src/selinux/GNUlocaldefs
 +++ b/src/selinux/GNUlocaldefs
@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket {
@ -452,8 +452,8 @@ index 1462c5ccb..e6c34db3a 100644
 ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true"
 -PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
 -PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
-+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { getattr ioctl nlmsg_read nlmsg_write read write };"
+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };"
-+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { getattr ioctl nlmsg_read nlmsg_write read write };"
+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };"
 endif
 ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true"