From 8c093f225cb89bb50ba457fc0605fdd9b39ae8df Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Mon, 19 Jun 2017 16:52:54 +0200 Subject: [PATCH] * Mon Jun 19 2017 Lukas Vrabec - 3.13.1-260 - Allow sssd_t to read realmd lib files. - Fix init interface file. init_var_run_t is type not attribute --- container-selinux.tgz | Bin 6832 -> 6832 bytes policy-rawhide-base.patch | 6 +++--- policy-rawhide-contrib.patch | 12 ++++++++---- selinux-policy.spec | 6 +++++- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/container-selinux.tgz b/container-selinux.tgz index 96ee255553f7635c6d53ee843549716e08de4b3c..47b8aa5cb574ac3ebe26614f65228c9ed10d847f 100644 GIT binary patch delta 6485 zcmV-b8LH;6HLx{*ABzY8h~r0D00Zq^ZI9eGlFrxZUm@55JQLV6<8k8P?Cc&E$pUvD z4hVJ^xDS`Rj#^T8E2Fna>Up_=_qShF@kJCxQj}Wl_<(63X-})_Az37g#bU7(l|>t- zMN(g;+pkXaxrWdC_uu08+wZ@-R=?r%?%VI*efQPdcW-Ys-hTi7?fdKRzq)?=?&jwD ztKj-n6;eNkrVZ;L_$s@r!%Y%d>BgS_KmDv;z6^e74tXBdkCC!30U?p%EdsnxlMw+r z4`ZdYK=QP&4L>Fzfpz=QlUe~Af4{w0orwyqtFVQ7A^0u(}!@KJYzhDy^jS$ zzt`yoyWr~^GX_GOVy=RazSxP11AdCA<$QF`wkRx!(mBhHoKSyD!kFY+f7K-pz5rG# z5P!KHPO*h%kjEgm2pg)prs~Za)fH$h*2WR-b*xDLPTi=;FH1K;4AqRY^`h>e@eCf6$~Hu!U5eS>m>i(K7;PkIkw>VtodgH~X+oz9gwrh5Y5t z$UUT=t+a`1lWcbOa%f`90;&wKIe}@mc`!6)>aY=5fBucj_bP(%EG*^;=%A+!4 zHXxAyNPFpodhob`V$p0fL~aoJe}qN2(-)F2V~*uiwUg;K4u6bxe-jvE6Xv8^(%6Gv zk}06{BPzAibfZIEo>cljg2u#c!{#@TcY}MjQ0WRNrPm#g$a0^y`yd3uLkkja(*pT3ZlgRGb;ji;>}uno2-9Dr&j7{ml*{BiMZUz5~#i@0?c z^8H!%-H%P1L_w^#QY5dFf2>4f9VC^)c%ml({|IK@ zt=p1;SD;w#W2_0oG3-Z`ntZ^oK#mN#BOT%56$N^R;J!{x26mq0 zuyXzJllmTHl+W^j8G1s}KtJRG!xpliAWdDEL7+*qKP{{Faq1EtX!urf1`}PlhXw{) z`$*~$=R#koe`1DcqK%Wgs-^Q1e29X=Z-aaV;fH8nuh|5-UqdaH5i)+*cCp(avej1+ zHvTIq+9{&O&#)wi$cbT+*t>-q%a7N*me>pa-JmT077DqC#Ao^h$;zFBRapxy6#Fty z^fAB}MZV~Y!xPKWh$OFr7xLL9@V&U0jT4vA?R=01f4J9!8sV>V(7@DJao$8(3f(&& ziM4Hkn#__7!ziP9lGSR^a10oJJFu5&7}`*1hzf-4A?g(`hQF%{+}O2LVJ6N%5R(xM z-8mEEO$O?&QAd`i{cmvOb)$cq?k$1ovZCXy#T~yCwy){8=PfHerKLAE!BFpfFmU%!Hz1?vo7{f^vLeofBjH+#{*+qm(@WSZ5%&u;wNI z&WoKl-{2%1=T^qaxOYzY*-$MEoNU73zplzGjUH))3#TCW0){XHT5$k-p*$aP8opZE z*}D!8?Vbm}4LrW|@CyqPr20+?_Aw;9}()@RdLoCgxbO(6)a!Jo1L%u9Pe|KF{!}+`F&J8tpnSP9p9pZH*vEERs#hh;axYiC#{47Izhn&WcL8Us{V+WEk zrcA4gACfV|szcHrOC&dxjPfxe;ZsMIhM^FO)j05y>ah$KvG-#EG@;9fj#~9kux&=G znO8k%Q&`2%u2P3e_ea?<0I7V*DIhj#bxnFuhH0cpZgW$HW;~4K{SiR zlQpzrHFS>5oCwr{!9<380@tU%`Q(E_!XW(sN!UN zYw^e^&+aCb&Zn-Gpsf3bha?eY0MR)TUC5u%GmPplr(NB;4eMRf3Yt7?f7YNkcH9}Q zJ&YP0`{S#4WL@(CepepND#+y`JCoptu zOnWH8joMbZ4FS{ib+8SyCb`h6#B0PXSbk)tdbOeSoCi7Y>he$p=iCKz!8MXcEw}-~ z0J?hEtafN_8lqCA6%^*X)5z>o3&WG5&*Cu2K@~9tb#5rhb-|IVf3@bY`E3nGO0-Ay z)hRd=oMb}P<;fv8@22Y6Yv!M~G&c2A*Z-ZV@9b`j#uYPg5 zpe~elDVy2Qom*KNOwN=OgGBXOBMzQ%BzKAZ^A5r?I;G}4dA2m73Joqvcc z+|+&K&a2Mq$^WLNe;ZxgMmK&RQ@HjSVkQD|&UG#m+Mt5`I6#jwIoFsRvp=r}8UTNi zJp+Geh&@&(G9C^Nu-T!hM2A1^_(*FWRW#s+qslx=&1V4`s_qEtgAd(O)-rU`VNr_9 zzF$i3P)PXR<&Wn^gdx0$N9<#F;fyRav3)!rvJAm^bV46Xe@5IfA><`=8MzY92aET$EFa7p$g+A9JY3c8Codws@bQ>qz^IsEM^VVR>qS^hDM?d2N5FfJ)!M^4?coU$7 z%%s0hcY9cQX|vfcIb(a=#R^7~T`hC6CDd6opg+PaVD=b1V*Vi0!rvs>_Cpj_;U>+} z_Az)0qJ4Q^e+0KF7(iS27l3V>q)p=>zb(o*z^mhbc{3}Q`aF5_W=BVZ@a@Tge*xnx*jNo3A7k2gOnYA@sMGI) z3;*rOW(scLMXNu0qP0=A0LmdApiE)!Cge@9AzPq1G*wc>E>2xns!c(62u)V6am4(P!JuK(l& z$P<@zT(>Q;9niV2Sv1FedB|d3IR2f(@(kt@><1G7aE79A_bK}V!jGN|oxekPKsu3- zDPVMnXeI=PmT7D(?+^MHY<9$q>DzPHSs%=s&J(dGPj6rRzOT}2vTM+mNq?lke@Cud z94&NT{9^>~-v;iOIAtN?hV?1Sm~3!QDZ^(K(U{0^R+f*C?n5kB>08z1K6RR~wy9>t zyynPT@}0wM#w>FsW}7=$JTNB@4iC(w@g~o97p6}SbK;4HkMAg!RawSTGG8%033hki z^px;7%j28wNS~$%<$m+&3cxGLf2)@rO;=JcFU4{;*H{|1ITPO#bF$L&#GS18JaMNx zqdb8pYr!#GA5GXx-8*p;Xv&V@U*!c2*s;7`b4RZi=2Ron6L{V*^8lVT%v`wrxB~BC zz#&b;K(?I*gwHS@W;D{q?!DAA{L(0lZ;X-BfBwXy4fs(-Kj^^NmM#*3e;6@x9Jj_T zMvt5I^DPKH$#`Tl3$vmCXEV70bI7%Kn8D+~I zO?9sBSOmF+ULlXVU`!`*r{j9s0k39F<{B-GpJe(G^V_VUZ5}I)e?2sK0V~Jje;-Je z*}$uLhl2btn%~;iUFbq$(x>QhXB#;s^ZSfc-a{Bozb71}-mlAoB|_zCQOs>=+OkFy z4r3TdeLr9jU)tPS=;`Pl7qOyg?$b8fo9TEe0Dbtt#xySPEzmrBtGJtGrXnJIez3HN z6O@&k-=>b}x!6YXe-l&6iGYzXj*eb+X)$oZQ>*i4XQA#9gN=kIS3qsse5XyMOalsS zO#e5u2l#gkT^Fz$b89+~T1Sbk{U%mn*KXk#KnMZDp*pnM5|bC@{yq-d&@qq5_7;=Q zUV)dvklN96j=ccml?i_p@AHc33;EhG%j8N9ZOU!eIN64Wf2?JGmIs?iR1P-$Y|xJl zE-^9p->g|aJIkcu#AFJkTPLm|K}yr?yUVLau2*Kpy2`E2%?tLJiDu)Vumf01-NNKA zvu31kEX--eEW~--__oJ8rWU=zn<%~+#%uNvv1^}rd&@sm`JYb|Va#j=kN9FWs1kVd zFj}Mgv`*uMfBs-m&0aVZOH(v+s&J$5+Nu67u-=pD8Au&wnN-J_x)xq?0(kYb4AUEPHcKbc}H16;9~yKZ_=@{=Pt zHHbtywvo=U_!+x{v}vrvgE-$K8TEn|x7vG4=D1H|f5#jocWDJ`x!9H?4v^muNz<;$ zrqeH&8t8d@);Y`)FlO8?7(wiIuo#Ga{5$k|D=*|zd6WZP-Gf*>Q3??V4iDRHZZ4pt zZimIze==Jn$-#pryQ4L?txHGMF#SK)%1M!xW#t9sS0q*rOp4m+0uVAwn>40qtkEqx z->MwJFuFq@aQN)O2TbxzZW5O~aU1hDFrM)Oxb8w~AG!kmqd25Cz>v?$wj`{;Jrq{Ti#jT|c>N+T_jwOrl}H6qV@zp_`|A(nJjTX&L@v}*GQ z2Z@k8AXz0(gu)LnN+{;Vp+EyN3aJz92X1JA!A`x~C_>*g@S}aZPWPCZ=ZXf5yuNI6 ze+6_bb-R{-iPsuAdE(6ht&b4R#a(J!H0AvWpS`N2Wn;thE`{KdmL2}!JjCiaSjTk* zIb>yI5}~kDdF<*=Nv@zwRmMoURYIF_x#Ag0q_f~Ig-#_u>Xu!i?o=uK;;4g0=xCru z$-;b`-e8TxttZap5?0tI)|s+^If-Zme;;d3XUtRG9H#s$m%y7a--MdTqtsiJMC#Q& zL^)0B#4;{+64zLrtwP`#cSsmp_}^B(5~`~R``yt_Be|nCMtXNk1q%%y#^EFsBh7=9 z1UO!4vzrew6mmU}W788dJLJC5m&0c@G`Ix5~?obTsMF^(oqre=*R` zwrzSL6|7U3En#QEJyORd7Gt(cGjmyduwg~#6C`2hDXO3pF*ELk%u?E}>TD7Cx79;n zVW)MP$Lr9NO)rnK)R*Nk5-Yolh?xxCxfPlkmUYRQ5#7&>Fwy5A+O)9wzgX5kQ_0)3 zPVT`@h({ax$|_XckI!=7ALK^ee|92aV=N*(Qz`K1)SCF@V)arb?Cw}iDvGAU=n>3QitwnD#QSKCB(BNPLByo3xq7h|eiyjH4H-Zs4^>ZvP9N8tIa+|O!;GWIfy zku+sI7v_wNSt{qm{7}*ix4V~R)vgflk{G#=G5$gff7i3oyBQ0?J8x4g zREFzf#j!=W?^yVtkKePfyqRP~?H~K967siCx$HAdaDJiua;$5YEexJ3N$Lu<fCz zoXG!T1oMj;l;q<9Ws-EJ!fSPH_cHjAB`nMyS=x$}y$uEyZ7`=%8DHXC^8$nIDl^V^ z^}FDSD_BlVwOIBGe_I^T_9W}IJh1%nr*FBmM7rg@Dqv)lyz1c1TE{*+4V-wjhrIEi{LdverkXHSxF#MbEj zMiWKf=(l*l+hH0;L)u;;iBVrS`uMu{T8KeeZ3x{PuwTR@IouvP~Jc!9L(& z+XwblVN|z0(>9*l>@krw&(5ucHOe&HN=i*vW{95I6EDushU<(+E(lMgp}2G!brpPK zlN}hEfA;qJ+netO?|-{~e*fEN`COqTa`nq4d!q}z2@!`x^3d{En5_>VxO%HUbVHY? zux_qlu3R0O`YKB|sQs@P&ei2NXK&tkqlqmZf2#_jnn2mtGSFa~b$CkwW)IODgj=%h zfO)lG72#R5Oa&25QvKKeT>bYq%<;Tz@4P{me`(V$R%4FJ-#fE3Y*F5o*&$EfOc#an z61NVzAtBdkxzwmS1zs7Y@ltq=3b@QH>T8e1yGSWvxk=DL^Gy!_o~N>u*N$=Yq!mi_ z9F)t&zn*zxMIt9Z382H_^YnN)9Gyp@tgh}tCOZu7VMx9}UHAsoM*#IiwFnkKU9npK ze}aiRy+K8MiV0FuHHd!s%`cci-d~6;7yUS}$o=V$>|be0`?(A-2ChsUM=m^`wsqnl z@Ibsd0BgZGAC(pW}>eDz{>ZZj2h5V)l1F#uL=lS#edHy_qoyO+vlF!%aze2DBcqXvt+pntl5Jiy`rB*vWU>Zo;)2jNBERw}yu~>@Aq7Bm` zsV~#*S10;h!{@v2zQymG@84ak-|%_+?e}lreRcEp=Jw_@`|I1Aw{O3?zIl6l{qC#a z`cxHCKZm9b>mc|lyRXAd5?SfSp8r4ntX{qherOJP9@bBhv@ZcMk>o7`d`OcM0Xh#; zrL;iuw66_6CLn=z`@xf30ULkcT&&JSh1ONrLcQ@t%PcX#{|$bY;9(RcO*4jyNKsf_jSe69o-}g0-WQKVf3x1lf}!8* zbc0>+^{p8LAx<$@K}cWhM8yF=MbvUWI%iuH7DVZsWk*h^za?Qz@~waB5(i%ZD;0>p z+zzMMLNmx?kXwWeRb5l{W{v6!v=(dQi1s>Gq<^PwROFYXn;?d2Mr~QANi$*ao<@*- zoI$mG1bH9UNZJXK$`8K2G10t-b_N_D{<*G_I&Xk+n`TKP3g*-_$QND>zBEzO9Q~Yv zw&)DWw}iUri<`Rk4;OzlDFX2BULFUaqtdlQE>Qo_rxifMP zsb^`^;@GwcodX$u^69d1?yR_*jo{zmgYNzd&3astn<|OYZ3-R4Iugy5WT5h>%$N-b zhvDVLCVkAp&Bx;#Tsj2z()rcH3c?NsEL_SP|B)qtIN_l_y{}(}7q5Q+_PcPc~U~3|hYQ=7nwAgtSYn~!P$9X%wj1$D=p;9Kn z*SGNBTlnwWW$m+{|NW;gWaS_$rb^>!>jrFtEeZ#qnh6Fm0U3W>eB0L~_5C7l-GzLA zmVNhA(fta`m;lkwj}#Y>Y>m+|G(O3sbr7)i8Nx(mXnRn~9 zWZ)GjmWLQ?!f*`xQKcsD@hgxcL+(gNxOjyEzJT#R1@~uk+t4%)i#T|wQ?cT57iJJ>((F&ms(qTega;bFRh+>@7w(~f!PY*J zdc?WV7pi}lA)098)?fab_skhE@tDzWppl`#N^;MiVQI*A~RAlcvn>FHr)Ez_Oldz!2D! zkI8>B&1aZs)Gi2D!u}x(pO#0wT@W&C%RCi201THJR_%2d=V`&#B0LDPO&_*c38YK; z0ML$f{gg!^{2S8fz{Uq*0EYf!(6nHZE34thr_Gpv7K=fL~>&p&o`XujmpS4G|<5NXjagD+pd z4Eve3Tx+N+87Qpfjkbj+@b@SoQ6EMZ@M^W?k-Y=^65$=J4^XRsw~yQ?q_a{e7}jp` z@%BUi?$f#~@=2SP({vZr^H^_<)$uNR)a~9G?pnZ3H$T`Je`n^5ryD?o0eyr`dJTWl z2%2;qYHqWtK)yG{S{bkb40`m;tRgfW1(jk2noqE$!@G zhlh60gWm=oUwZh31qo7pr-bqnLr;HOC`~>xL{~u?{Cr&8g1MuP4c|PGUKdjE?vA4( zHWh?p&shz|Hk0$0Yx7X+r<>iwSx{vMP_f>|ke3mxWBNXuK4A>KsUK94gK<+HinyT( zgQuy>=rVR7Ea8s`b?&M->kL9|;gAZJuj9>5SOvr4$pFvS3?>UOIblJopQ?Wnn#(NJ zv|0A9z{27DU3KS%n!8LtM#m2Ex{_FLDAi(4w|-n}2PS@&p}j*+W5}RV9qq9L$rw|n z)x{6V7-H2S>5nCn8%jp`7?JR)qe{b22*qj~cuDnG28-DHu>hLT!?nZa&vBucx88rQz4`GG>h|juP@3Yh_@mcoY`f3>3UV8a+^8U$MdHaC zTCo~BM`lihZHY$CCT!BEzkmw)`Yo4Loov%bgFJtx2UHC9T8CzrCk*@w&mdHBGQPEV zWRz!jlS=1P*Gf>K7MjMg4T z4UT?4FPGOBD{XGDkVfW72mazv?}o$F$U*@m+(V)omhS5ybtklw3boGz#f zrCrKqydM*B-g`P6W72iouc8vt!|+I4W{;tDr) zAG!0YvwHHssp)@47q`)k-^UcLeTJBcfShxk%Y-(lAU_V!qfE{V(PUT4oNNho77gf+FbkMH29KCO$h7b`Nw$3-g;lsov$TB* zJ_gagd?woTHeagg5?WgKAF&|ww*Ym*i-)|`H*L$GO*b_vp3Mzf$q zgJ6`JpQB-%uyUxz4(hy_l}mk|ym_;uqe1xg291v~?K`HuFB8=1cfp1K z_GB{!H}Im>A3f39s9FH!5D!qMuy+&kHrS9Y&>Wg7DPk9=t}E51pgV*ntJgSYN+^J7 zQbs9M-eX2l0YDlWHi=1{Mr%;uMl7$W&a0(_f`N)$&3}JsG zwv{5%gHQ5a$-Kty3_r|msuOGS)Ux53uif~8DT0%M&7b@<9U;6IQ<&Z8hjpt3Ota$q z#J14=V6KsB8beKa-Sw+oZ+>ga;u0Rda5dng(PcOE0el)p4!jKh62~llE)VaLUU17k ziSB}jvc9_nvVSY9WP8Z6Cv>=j1oD6Kp1koz@Q?)i5dH{*O@aalnld|}2N$^hlM^6M zT+(sfw#0To=e}mq91rCoi+SPrcMi)lm`ku9OaQuOxr3UUoEHNxi%j%h_CGY1rmWd{4~DO3xE_vf}f^o$ieC z1fHw~$8dc#VJ~&>#7&?nJA!|e7c^kU@_Nl3y{n8n+ld zZr0CtAoL{Tkwk~-rkdF*7AEq654 zxw>N!uCqPnl+hgv@m{>=|{|Ovxc^LtTcc2(BK8E9FPBfAX#Pu zujU;J^22C;Yg>1r3yDdeqRX9a<|&w_W388ymd3*kdM|jf27tU@3JAlfTTG zk-o7orxmjh=W*lP9`Bi2^a^jH_+}Wd*<-}6ed6sc|4`+BexwLvW-EBa7pp;)z?+BB z8r`RL8Yh4B2a9Udmej{&SL6l*QNaKzwuwM*kbY%T}soqXdA zK?TV8!hr2+he3N&i6=0y`aUd_TG{??$dwRF$c+gT7g~I z^b4j2dfuLO4zmP|8Mg~Y5W5{L24Wxo4!z#W3;9$YCLm?Q(Sug)Lo&vNmx_2jS$oFT zXtRfw7P7c(7B{2aG#c=+42r0bVMrzWB!kK5GQU@=IJsB%AQn%QLIi@t!*-jS3n;1E zVX=R;%oa&<@Sw@=Y0Yix(or=`|BtnDQe{WM&C7spQounkK+WgT$ zA|ww;R>>2g@B@qzig|G;(146W>ID0N8(LtnQ|~s4(02{|Xy2~WJ!a;)q5&hXFWY}y z0Ub--uH|3iwMI^!cymDOBSdp?m)aIhc|XEuuPSNT*zmkdA-JSvhd($Eu{sXcaa}Yx!i8mLjS zFdwHkSmSW(i8Hx`6}E|WrYvAiB3ggJ$C}d_^Hev7DgVkP@FvVRp(gSu^%fMFv1ceK+;?x>BC-rZ8cLc@n~I0?l_^B^Sw zj#t|3=0gmHT+id!^n}a~xi2)PLCQuSrhZhEi9<==Lr3tf^0FfxO?q^FiZ*{_479Ut zn_fr->l9{7*qLyT)NzT$nC;TcToxZ}Skd_eN!WRcDkw$FjC&!ol(wrnTLk`X^$=Lt zX`SZrI<#cd%cCsyWqFLm%I+d!CPQ~_g{FpOU2m_Bn%pM~S(B-*b_q2=I=_?YK z$;84Yjbw5;%it#7Orh44YTJeiF@RnP@hpkcV}h8JGMZX6n%yODsIY$_-wZq4JnIp6 z_w(E%4o_Q z8BI=fgh_RcDUK+q-Z7V1U77j@uUs(BmO(KxQ|?rLCA6C(I7T?V=chXsv>yB!lKGk^ zy1~SBQ5>j9kbVe<6Q{>)GhtjD_Hxw<#7X z!*#LZ*dp9_EPT+%?^#&hOfsVOk9}1M`P-*l_L(L)zfgWT*0swP2G5lwbp=;SA|+x@ zdVl6Ce$zx|+P=wvzH3DA)DxOY*AUzYH?R5a(xglm7X7|>{v z$6+JH#SPPf!Hd!t431IqJ2uCrLPBYxI7j ziK1`xTRjNa7}v|sev6WwY-&lLnb(eou*&R%{BX7B(-eP{#zD;ER@wa>>D16e9vqPg zj=&68K!&ECtalk&!?hyTpnlBlFb$(2ZLg5TsIMD+eBFC4_40?tjimqJq88DN3bpCh z)F5mT9V89x?(bOQw0m$qR(o7_*W8ZlL)&v!7f+VS|S zwja-B2ta>p{jMPLx#GHNLFdc9_qJO9+dQp*cE@%?R>yY29VAn2N9deayjuUPji&iI zGq3A$No9wLk*5@D4B?#=Bs)L5>x`_f$7XX~E{p3@LCZt+C9-R)YD{F=ri|NQAMmj4 z1N*8ls@tAv8_#X_n8=!E=T^cRWg2cJrKT%0M9&oL7w2cgb;ctXgeTHaTsn=q3Vvjh z9vGT`c60sh?K}PbZ#UmPzyIyCe6G+Ex%%ajz0rld&r?~-YsWZx(h8+| z4$9@?U(dX;B9W7y1kmB|d3rn?j?SY{R#*2SlN|>4FeG1~E_{RPBY=9MS_BKAu2`*q zf5AkZ-k>5r#RMs-8brVR<`>K$?=M7_i+&tf_LsT) zk5a-;O~o-!ps)n8S#KS!w#@L0YA<_y5z8nsfxoaW6R?Y`G!6K8%?75?Ogp8EjFI(3 zFi9|HDjV=v<$k%W(s+_dHUfuEL%?g6!F$6mX)Gf`zIrh`x0wn$2wYP17yv6a+XM|j vuTD~dcJpwACi$bCGS8pq&-3T`^Za@KJb#`)&!6Ydi9Y`aY?z<=0LTCUTKBn` diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index 7e1ae612..53806d8d 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -34324,7 +34324,7 @@ index bc0ffc8..37b8ea5 100644 ') +/var/run/systemd(/.*)? gen_context(system_u:object_r:init_var_run_t,s0) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if -index 79a45f6..2dad865 100644 +index 79a45f6..054b9f7 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -1,5 +1,21 @@ @@ -35160,7 +35160,7 @@ index 79a45f6..2dad865 100644 +# +interface(`init_config_transient_files',` + gen_require(` -+ attribute init_var_run_t; ++ type init_var_run_t; + ') + + allow $1 init_var_run_t:service all_service_perms; @@ -35179,7 +35179,7 @@ index 79a45f6..2dad865 100644 +# +interface(`init_manage_config_transient_files',` + gen_require(` -+ attribute init_var_run_t; ++ type init_var_run_t; + ') + + allow $1 init_var_run_t:service manage_service_perms; diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index 29026745..b2f3b0fc 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -106450,7 +106450,7 @@ index a240455..aac2584 100644 - admin_pattern($1, sssd_log_t) ') diff --git a/sssd.te b/sssd.te -index 2d8db1f..07606ba 100644 +index 2d8db1f..9b13b30 100644 --- a/sssd.te +++ b/sssd.te @@ -28,19 +28,31 @@ logging_log_file(sssd_var_log_t) @@ -106571,7 +106571,7 @@ index 2d8db1f..07606ba 100644 init_read_utmp(sssd_t) -@@ -112,18 +132,67 @@ logging_send_syslog_msg(sssd_t) +@@ -112,18 +132,71 @@ logging_send_syslog_msg(sssd_t) logging_send_audit_msgs(sssd_t) miscfiles_read_generic_certs(sssd_t) @@ -106599,7 +106599,7 @@ index 2d8db1f..07606ba 100644 + kerberos_read_home_content(sssd_t) + kerberos_rw_config(sssd_t) + kerberos_rw_keytab(sssd_t) -+') + ') + +optional_policy(` + dirsrv_stream_connect(sssd_t) @@ -106617,7 +106617,11 @@ index 2d8db1f..07606ba 100644 + +optional_policy(` + systemd_login_read_pid_files(sssd_t) - ') ++') ++ ++optional_policy(` ++ realmd_read_var_lib(sssd_t) ++') + +######################################## +# diff --git a/selinux-policy.spec b/selinux-policy.spec index 71273f4b..a61660fe 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 259%{?dist} +Release: 260%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -689,6 +689,10 @@ exit 0 %endif %changelog +* Mon Jun 19 2017 Lukas Vrabec - 3.13.1-260 +- Allow sssd_t to read realmd lib files. +- Fix init interface file. init_var_run_t is type not attribute + * Mon Jun 19 2017 Lukas Vrabec - 3.13.1-258 - Allow rpcbind_t to execute systemd_tmpfiles_exec_t binary files. - Merge branch 'rawhide' of github.com:wrabcak/selinux-policy-contrib into rawhide