From d26797bfd62c7a3d190b2909293034aff47761fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 4 Nov 2024 17:10:00 +0400 Subject: [PATCH] Add extra SELinux policies. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related: RHEL-53967 Signed-off-by: Marc-André Lureau --- selinux.patch | 19 ++++++++++++++++--- swtpm.spec | 9 ++++++++- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/selinux.patch b/selinux.patch index 7fc0d4b..616ac7f 100644 --- a/selinux.patch +++ b/selinux.patch @@ -1,12 +1,25 @@ -From 1eab90cc323509eda1b43ef81fccb4bcf28056f0 Mon Sep 17 00:00:00 2001 +From b5276c6f67c17ab5636f787c5a2177f77594fa2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Sat, 13 Jul 2024 13:37:29 +0400 Subject: [PATCH] selinux --- + src/selinux/swtpm.te | 1 + src/selinux/swtpm_svirt.te | 4 ++++ - 1 file changed, 4 insertions(+) + 2 files changed, 5 insertions(+) +diff --git a/src/selinux/swtpm.te b/src/selinux/swtpm.te +index 2327721..f1c6867 100644 +--- a/src/selinux/swtpm.te ++++ b/src/selinux/swtpm.te +@@ -34,6 +34,7 @@ allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write }; + allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr }; + allow swtpm_t virtqemud_tmp_t:file { open write }; + ++virt_read_log(swtpm_t) + + domain_use_interactive_fds(swtpm_t) + diff --git a/src/selinux/swtpm_svirt.te b/src/selinux/swtpm_svirt.te index f7b886c..424efa7 100644 --- a/src/selinux/swtpm_svirt.te @@ -30,5 +43,5 @@ index f7b886c..424efa7 100644 # For virt-install (see https://bugzilla.redhat.com/show_bug.cgi?id=2283878 ) allow svirt_tcg_t user_tmp_t:sock_file { create setattr unlink }; -- -2.41.0.28.gd7d8841f67 +2.47.0 diff --git a/swtpm.spec b/swtpm.spec index c10ca70..30f95ea 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -8,7 +8,7 @@ Summary: TPM Emulator Name: swtpm Version: 0.9.0 -Release: 3%{?dist} +Release: 4%{?dist} License: BSD-3-Clause Url: https://github.com/stefanberger/swtpm Source0: https://github.com/stefanberger/swtpm/archive/v%{version}/%{name}-%{version}.tar.gz @@ -44,6 +44,7 @@ BuildRequires: gcc BuildRequires: libseccomp-devel BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd BuildRequires: python3-devel +BuildRequires: gmp-devel Requires: %{name}-libs = %{version}-%{release} Requires: libtpms >= 0.6.0 @@ -201,6 +202,12 @@ fi %{_datadir}/swtpm/swtpm-create-tpmca %changelog +* Mon Nov 04 2024 Marc-André Lureau - 0.9.0-4 +- Add extra SELinux policies. + Related: RHEL-53967 +- Fix FTBFS, add gmp-devel + Resolves: RHEL-65460 + * Tue Oct 29 2024 Troy Dawson - 0.9.0-3 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018