From e98b0994a726f961424b60babbf8511e73f03abc Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Fri, 26 Feb 2016 14:55:26 +0100 Subject: [PATCH] * Fri Feb 26 2016 Lukas Vrabec 3.13.1-174 - Revert "Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/systemd/ rhbz#1285019" - Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/ rhbz#1285019 --- docker-selinux.tgz | Bin 4358 -> 4361 bytes policy-rawhide-base.patch | 6 +++--- selinux-policy.spec | 6 +++++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docker-selinux.tgz b/docker-selinux.tgz index e2b3421cf8245b5fc31161f6ceaee175509899f2..584c3fa7ad768bf438f3dd97b7d4d6f84844b731 100644 GIT binary patch literal 4361 zcmV+k5%%sMiwFR>#xA?y~|>NL{X$3vD4%L3*9;vXMQAy8GJAs)OJ~c2`F$ z5_{>!%KuNF<*Qf0ceKg#sNVnZ>y`v%MT)nyZ0eW=4g19VLloq58NU?#> zi|;NK+Y&&gJ)PR%%i^E+ByJc95U9*8v)@HiLa2l@zkc)ka3FT;u8RC;NfHsW^@h+;7u9YLNIr!#XkKhKn7f59IGptCRQ{Y;s8KJ65 zNzFxn%$fSE#LK78Un5-C?A1&MiugYyN=*6kfqYuY*3cy0H{O={^7YQe1xFUe4mGQR z9#zP68`b35h?%!$qM!xs1TkkRWjKMIQkE$8_tDWA;meBK2k=fG)!vx?gRf%TIcY`W zbe)n!Zl1X7k*?(q_p#L30kgrSqaGk;hoJu*714$~GaZ%lMm>&}lGqQ^ zQ;K_VJv^SK>krnm*|3cvL*4WUBj!_ik031pH z1`$v-3`EM(IN&{QZFJCGNEaDOt*X;ItOP0l!V$EPWh+8#g##ZwR^F9z%{8l#2x{V( zi)c<&f;Wt_h*D2gysTf>ipc7cIrZWHUxL4l@{h9bU$VOKbrDIeYF8vJHj}D#tO=#R zrunqa72)+-jamQAHT-)I|2`bikox&wKRt(?fLk9`n#|Y->Zb5$6~LiWO;wK4e{)=y zi<0{8@OaFi*n2U8Sx)YrGLpwE8xP2Qwq7(v%D9Bvu@Gp9G=>zk7?2dnYm${{HG@=A zm@K>`kdI=PBeyOEcmKv}LKNZsKhnimAQ}q4MJh z79Zi0wO*Lm6_tQ7a!m?0N4)s-s~He8XP7SPb_2!AlTbDhB|lO0#-8jd)?OMGbf$b( zZuqo!0m==^1-LD9Vh^<3rsN*T`{UWHu>4K%QWRVO$IJ7X2o&CgT^M{d8wbo{jqo)vQ)+*8diUQd4?*qy}q2+uH5cb5U3%n_)u&})|j>D!Jz}*UF8o@_1aE$Tz<>w#U z!%zBb$EAuVj}6kIN`;T9qat2&+a-jCa#bt3O)c}5gWsTdRC@$nAe+U?SsT7H0IOW# zx`9>&vVYv8;0ri~iedlf0gXbfC(w^+T^9K)OW+X(innmS*W!*Psi7NiaIDQAc2URM zP5-6XR)#EO>0bn2z=W-#ivdkHMU)AvF8KO+f)fI;T;n=QRsF*eI4`>qY4c9%L1yVx zTg)iHF>WDbWK|}GX5NhR$}Zb}?g*bT<|DqQavX6L_q;|Gj0&qVOXEGCmdd}C4lQ__ z1ydpabEAC3|9yQ7mlGGgns$`&5a=2;j-jBRTnmfyHEi67239M}vr0J4QKLFx)Ud70 zf9QsGc*%3h0pTs3oOHvfTg_;6^N{o#1E%}#umeQLm>imm^BCKd>ijg}KRg}BU_Z7E zEoA#l4L08Inbx#5&#SC~?d6D;wGB94V62Cy&SX424|!xPg^@?BV>ti!{nh(V-`e@V zAFr=Z`M-a~BMiMTFB9;k&ctkZ6TG{)y11I9iECYRb9< zn|Oe1Y1)O72Vb2@GZ6XZQBzp+$ShUV%l;Pex&LmwmwqeCY@V^(bfd0kol;BWMz~sV z@xD2HHCN18Md$ESyp-|svksxf-8!(MM){pLweMrPykxw=C|oAm`*%Gd5ikxS)a<{Z%>)T zp%L4kStS;OKK$rUHJzF^Pqj%E1tTA2fl!(7K9a{yLiPbA+4?4qs%VvFDcc8Mf_Pi* zir_W{HMWMo0AWoDOOqhKEy^S)2ovET{ufxu`h=OksG}WVvNb?rG{sdLXg(EQt4Rj? zQ-27+Ks|Mq<|*SfQh9*psZ~4qc#vm!{343r;&6onc@^E4Ll7*k z9?IGzJ=Rg4b{wyR6<_hRp%p0-(6@dI-c;z$biUq(qE8dLn#`41Hj}rX2{;vC^fbf| zWSxmj>xWXqj@aKcAr1ftPQv1$<{SLoKK-dei-^6K0>2-F*t{<2CxNDh$4!+Y8#{xluD&4uDu? z5ATV4GRtCqb;y{#pO-qu=BokbhiNjC;^K_w{BB zyDvd#s7(i{<-siB=~5np&?#95;!GSZFN`bsYY4$5Tiq8fW%u~^^BAo`-|3aqdR6FZ z*{{D!PgXi3hC|!7*Klp&Ye6!3t|%fv{CLsO1ttl&j=QqH9i-uhzk3?9j5;WGh~Y1X zUeS02gc?m|!Mzmw9_{|@a?zmRasFljm$m{b&eRvE!SlSELo zGf>7##3TfrJCW3eMT<*RyQ#~j>Q^g^g&jrrd6pKp7J)p@i#qcd-goNlR7zP{qkgTU zUC0A9_h3gPDZMp`cn|~EWkKmKW%1T1l!x$k55ZPR%AE-!??|Y;2cw9W;LE1dv^FsY z$BLupbYqfqC_ojV^9Cdx`zNKbF{C^=m;N`h1MA!t)wu*60g;BKQfnn-9W@yfcGi7o z-k4-!-gH3r6lY!{EwxZ&shTp76kHLd>pp@b>87souAz7?-ifBJ?AI3QYd7c`CPbN0 zmnb|OX~pnhWeyAee9WDgN&eUvKjvS)3bOlHSu*|y?7!+ynW~1?_-L3^0?Q8+GOth8%lE)u&YKezh96gS2#a3_ z9|N(?^7ox^q&ps|NX265Ml+o-{y1#1soOB@7gtC$z*Q%V*NM^GF9Si@HuKXZAeV97 z`j2D8eUH=cW0}WH(qL(oo8PF}2wUhbtzh{U>(XWR{Miu7LVicAbCPNh$p(fwOfS&N z4!cTGI1DHUh1Wc53T~2ut_Ody-gizBdnCPut@F;7V1b&Oi)pACCD05EBv7lEE2;*N z6IVfY$F%~hOB)t%Tp?orbyk*@pUI6VH)++@l!A|d;&AWf(jA#g<+dSuWUgJ^O{v}S zaZ>Ga_ejNVL)HD%K9rnFNa8Il;2$M%Q>TWD;zH;)+_HSc2Hdkxprk4MWi|1Y4Ypqk zNt#;r7~17dQ%w7G;XR)?{kF9f+-93;%kdvd*)}jQvsKq-<9;EUW7->Fdy_zyS1iA` z->Z2JJl!VqQrT!vsgh??pvsN$QhCU_buUr1fhE+M1E3EnytK?Ae!eSgK0bQ-WVd5f zwRANL^*43F)<9IJQC@3869^00n_~Oo*(7w7cP?RFU^dgw_Og*;JdV z9b5Ptv%yF0uw>Ox6)nI&#Z@=ca1@CkylflwOT@s43|`Fm#!)oeIhZT1Ve!xC?R`mv zSqUjmb~PGf8K(a2FE#! z*tO)b2b|vvYyB&)2j#d9(KAk+*wW{4#N@&AFaxzRCO^GLwp2ux0Q#a?w0}9EfVm26 zweXp7r^BVk3a*g~VV7ext|+;8GM8_n67=c=bwN-o0}o1H-RGbOup#zx2quxb_CDwJ z840E!#O*cl<2+aa_g^tw)V;jc&X*qljm;((V2@CP^f(;zw$E-}ew)gn95T@7ziv|+ zz<*J&YBq1+e=H~n{=gjQ`J&uiEEl&%B))a?gn`osKX>oMa!YGgp-WAl;jOQ!ZFle^ zyOe_cTZHZ=`Uj&IBt|2S1(l&%U~*GX}*Cl%cdik#svdug+wf znOvu19xg0HmO4AJ&3JPgLFx|3(Bb6B%@uFK@OkCIsQx3&gQ2~rnh!@FIOrS&9Y6FO zKcmwFecL^5v|~}4&U?6^DUA5N%F*k?ObGOA+L3U)qI>FV7tiJqa=BPP=Eaub`#)Fj z-+%mg`u+bWdM~eEU9)ZcdFl=t*4$bH>zv1s~O`n1zSZFf<7(D`*{Q0fp z_4HCK13C+_XDS&}7$`2Y`*;?fOvyJUAMdF*+tYJ;PS5E%J*VgNoSxHjdQQ*jIX$Q6iJt!fy2Fx90C)fZ DS3iF! literal 4358 zcmV+h5&7;PiwFQ^LC{tJ1MOT{kK;BHo>%)<5HkU$dok0;90|~qWU-QL0c_pRb3ilVNzJKYOd$i!{2>LXbsi&e#<<087H)kU&?@p#V_Jl}r% z0Y9(5`*>x4!t?IK_4T_K*YAMh>ciE?4?uVQ?!$NQUXZItY?FCv#>0w`7wKIUu4vRt zH&*_C`Yd0)BHyz*%ff2^JWO(05t?t{^WytU z&9(%PX-}&*__FxtJ&kHkNi3!zNpixs=3883P~(MQy0o~+_hndx8Og(p{_s*#z5KC* z{aF-{FindcjR`LZufm)q*c~6}r9g$hmr2fPwGJbC_PcCK0F?;l*KdAbE;cj|D*9)g zR6wv?Ecm|EZ4USw{TGF<1^m-;@%ntZTtr1hqbv>>4XbDytdjifo9pxCLIVe7$e~hv z>mZn~{CtT}N0xO2@_Ame#%_zXYSsWfs*u?> ztmv~5vuMpkK}*^RVonpraRPg#tWezVqoXszm*%$*;GI6IoiY7~SjD(=vXVy0I-#-J zJaN~fZOtVrjOC~!^MQNrW2v(PW`j>hJwVJJLH|3;dYT`(UXiim< zH;B@Zv7V|#S+}kgRn^6F>cjuP1b-XlAErONc-er&+|)@qo-H=S7_-Tu8VX3yBshV@N~G0ZEX&qG^FvGe{+Y$s$UK zdNi{dxpg7IOVAX%7{^B9xZa=Dj2rwQX5@|kH^icvLev(dzG~LxqJ;TV6*#ed^XMp! zO_;}IS0x>5H=`MBJ5RhicOa5%(&X^^<|yEdNE9v984_~^Mu;OZYgLteKX;EM4tTG~ z$eg%a&0zlUz0hSivD<>v)7=(dOz%q0P>NWB^1)A6mYV7&+E#&_>bn3cKaODWkv>`D zg~?q}3m7BUH0N`~i%++j0Wk}P>7s5nP^>%-R1;D16GdBk7207B6OP_}&1lc7>}NT18a< zghwG3Z~_&>{x1R=xn578ACs!cvssqFBMg*i;e4;fA4}3hH{jqnn?LNLp0}IsOS!EK zS;)%2AYZ_Qt)Pp9C7V1E=^a0ITG-HNpJPU=Bs4J(dyp& z{VN`6=ml93gD-U^XTuwEeQ|YhHA@#SUy;u=N1R?F6*uwhQt4I+jp~xudAKsIHwrGy_ixBLOc{lq zIL?(Xl~kPc#39X!JdnCyBf3ew=Sx{0uzK}J0IqPf4f74f(o9&;hS5+~1=z#`WJ}vF zR6O|VOqqemua266N;jk zoON^#KjljmFF$J$I^2x|D{EBWMN_*zrq4^3e5sB+pS6lRJfbQ$hQS9RB8%Ngf*U{h3qZ zFqp%S?o>0WY4cQ@Qc*DSVM?URg!iF3c9OCujHc_GC@jNOk|umlzL02J>~eCOfEruF zUx2V?lqWICZu250Ips1OB>n;`*_<$o7ge|eOuhz4jHdW%1I?$yYZXmle@ZdD=A&$a zH5&@PDX-em8mOmAlPuw)My3wXdTKRJJ|5&*9>0tt_&9vwKv6~eTjA1#b(|9 zHdTg0tP^DDWp7&)JrY!$JrbPUZ?reu?=$*7$Ud$ABP~$7(*YPdZRG%nRr>Ir_$RX} z7FUO?+52f}Vr+di!2Gan$NuRdn`5h%vBsDLpRA~JUgT5PPwzdAY4d1|eZoBIh46P+ z70*>B{bOV5d!=6VWC(c-jA79Z=AciX;8S2GO!6r(M}U|x;Da#!L2upHn=$Nt2|`0{ zI!G-KW(iN1@)(3k$vO~c;%N24_>#Yd5PY&VeGyXjkAF9h(HZoeSxJpog|3$S`m6F} zl`~>Fv`u?0*A~9!G*#z{G6E!y7cE_2lYr~EE2`T;8gcl$XAw`Chhm2q{pHXr7Hw%f zfQ{a!t*TT&3o}f`Nk|y+{!6SY%x*I9b9vU0UjcCK0AuSpmEAb`jgs zG<6xVljv0n$9n@`t0W4*FQ*QQreom!0p^{dP1aK>=b&P+vxio+RLBG4LQm?ym$Ik-E!v@eA>ou^GITyLr6|O#vVws&iKJ*|po*2q zNeDW3BB=|D7MHAcQx$dDtyUFFJBsbIG|6ur0(G1hw&pRsZ`IqXl<}fM{aS^)Km=;; z!H$R%c54%fAO^0>oUvWPqpek_4&mJ%f~^u4I~zpZk!-vO3qtVnji~>B&uacPJ*1Abz{3tO#3ZFH8 z-7^(Y#lKcX!Nni2|LQ+gsv273qhV47tUgf4qCQox*aJH`Z(dXweq7N3EPfMwByyV- z?_1$We>_r?%Ei)-W_n@zC+cPt;d0e9>ZD5>-QvWoVV4YuD1Nts&i z7`o+NQ_T2u!M&I`-L^Fp!e*Ok%ZVRK+14;G(^cDM6Mi9@W5yfcdz-+Nmpr?7-|Kk} zJnbfnQq}05QZ3IqN0l4lrSgEc>t3R2152ne2S6V(c$!^Q2YUnB+ zm~Z-mt%ayhqk63gLm(~W-Yfx&)OeQoqU%>SWKv`eq}vTIrH;H$B6KFG&!*ax&Dg@< zm<>K^hsCR!>1YA|DX+TOhNDab5oO!3TOtQWX7FOhH;$s+&cR%91B-_)Noy03DT+Sk zbyCqC3`*>8)$88A)@EaAnZ`ZTcS*&2jCon+8s6e%@9gsx2Mjj8RdMfy)`guZB1v>` zZIDRMq862qy-oUxtcwbbY{k{2V+TyO+G*w+lVN09qtt?3kyXVjNd+@AM0;NmVOByS zl3lIFxQ3+N02Sczq%+7f4ID|8P&SO@7i=(8h;5 zFNqo4AiTifO)U|o7)O4d#n=lHNO}vN;Y>#^5-I6}whE z?tqJXVU2&)>p^+0Lv)N&FShbIJTZCjJnTTNipfv!kt-FMC4jzY8tz{XC}5!i8!dch z-Rbb@v0P}RT-xOrjmrz+oy_H%s04fUfxaMUltB+lSKViz2e2XTav+mPeS4qx`iuh8 z5c2k#{Ba(vK=`j1E^1$1YvxOb|Hfrg3$R0IKsp?rdD~^TFTYLY&<+{s^Ix|KBk*5H zR`uo${Ew5I;t$M$p3jTj#d2|LMdBMbPZ~H~@N@r8thTgz75LQj8Q%Ju+I9~=vMVXL zzeVV8V*g-tf<)~YQ4K2wm2!x?Cmsr2<$i-oBlN zqHfkAiUaaCFYb!8&gfgI$EIW2S9T3B81V|Y5C5U?4ZgA))TgTFLWQ%Yx8J%1(QdyN z-|dH~@1fN#FF^?_@UzQ{zn%YmF%8HhP)iipcPy#TLTbD&(f>BmrE<9x;v_)rw6)-F z>lJLEM{L;LnoVj{+a7L-9uZ-)eyGsoK5yFAApM5Fw>5nVj$on90ATD0VCv_$j@Q#m zxeVAW#Ez+CO<|z8Oz)#vcq%2|M%g?7q;D}@VsLgAmUjUtu;yno0P#}%^4FuFqA7L+ zU_g_a<~RJgv-x;Wz1g0g({p-G&*?cmr|0yXp3`%BPS5E%Jx}!f53ar8xBz$n0E&%k Aga7~l diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index 7fe17fb3..8bb1cc6b 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -45535,7 +45535,7 @@ index 0000000..21f7c14 +') diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te new file mode 100644 -index 0000000..bf93dba +index 0000000..11d2aa1 --- /dev/null +++ b/policy/modules/system/systemd.te @@ -0,0 +1,843 @@ @@ -45688,8 +45688,8 @@ index 0000000..bf93dba +manage_files_pattern(systemd_logind_t, { systemd_logind_sessions_t systemd_logind_var_run_t }, { systemd_logind_var_run_t systemd_logind_sessions_t }) +manage_fifo_files_pattern(systemd_logind_t, systemd_logind_sessions_t, { systemd_logind_sessions_t systemd_logind_var_run_t }) +init_named_pid_filetrans(systemd_logind_t, systemd_logind_sessions_t, dir, "sessions") -+init_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, { file dir }) -+files_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, file, "nologin") ++init_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, dir) ++files_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, file) + +manage_dirs_pattern(systemd_logind_t, systemd_logind_inhibit_var_run_t, systemd_logind_inhibit_var_run_t) +manage_files_pattern(systemd_logind_t, systemd_logind_inhibit_var_run_t, systemd_logind_inhibit_var_run_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index ab479920..6738f418 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 173%{?dist} +Release: 174%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -673,6 +673,10 @@ exit 0 %endif %changelog +* Fri Feb 26 2016 Lukas Vrabec 3.13.1-174 +- Revert "Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/systemd/ rhbz#1285019" +- Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/ rhbz#1285019 + * Fri Feb 26 2016 Lukas Vrabec 3.13.1-173 - Allow amanda to manipulate the tape changer to load the necessary tapes. rhbz#1311759 - Allow keepalived to create netlink generic sockets. rhbz#1311756