rpms/swtpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add extra SELinux policies.

Browse Source 
Related: RHEL-53967

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This commit is contained in:
Marc-André Lureau 2024-11-04 17:10:00 +04:00
parent 07a56aaa6c
commit d26797bfd6
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
selinux.patch
View File

@ -1,11 +1,24 @@
From 1eab90cc323509eda1b43ef81fccb4bcf28056f0 Mon Sep 17 00:00:00 2001 From b5276c6f67c17ab5636f787c5a2177f77594fa2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com> From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Sat, 13 Jul 2024 13:37:29 +0400 Date: Sat, 13 Jul 2024 13:37:29 +0400
Subject: [PATCH] selinux Subject: [PATCH] selinux
--- ---
src/selinux/swtpm.te | 1 +
src/selinux/swtpm_svirt.te | 4 ++++ src/selinux/swtpm_svirt.te | 4 ++++
1 file changed, 4 insertions(+) 2 files changed, 5 insertions(+)
diff --git a/src/selinux/swtpm.te b/src/selinux/swtpm.te
index 2327721..f1c6867 100644
--- a/src/selinux/swtpm.te
+++ b/src/selinux/swtpm.te
@@ -34,6 +34,7 @@ allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write };
allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr };
allow swtpm_t virtqemud_tmp_t:file { open write };
+virt_read_log(swtpm_t)
domain_use_interactive_fds(swtpm_t)
diff --git a/src/selinux/swtpm_svirt.te b/src/selinux/swtpm_svirt.te diff --git a/src/selinux/swtpm_svirt.te b/src/selinux/swtpm_svirt.te
index f7b886c..424efa7 100644 index f7b886c..424efa7 100644
@ -30,5 +43,5 @@ index f7b886c..424efa7 100644
# For virt-install (see https://bugzilla.redhat.com/show_bug.cgi?id=2283878 ) # For virt-install (see https://bugzilla.redhat.com/show_bug.cgi?id=2283878 )
allow svirt_tcg_t user_tmp_t:sock_file { create setattr unlink }; allow svirt_tcg_t user_tmp_t:sock_file { create setattr unlink };
-- --
2.41.0.28.gd7d8841f67 2.47.0

9
swtpm.spec
View File

@ -8,7 +8,7 @@
Summary: TPM Emulator Summary: TPM Emulator
Name: swtpm Name: swtpm
Version: 0.9.0 Version: 0.9.0
Release: 3%{?dist} Release: 4%{?dist}
License: BSD-3-Clause License: BSD-3-Clause
Url: https://github.com/stefanberger/swtpm Url: https://github.com/stefanberger/swtpm
Source0: https://github.com/stefanberger/swtpm/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/stefanberger/swtpm/archive/v%{version}/%{name}-%{version}.tar.gz
@ -44,6 +44,7 @@ BuildRequires: gcc
BuildRequires: libseccomp-devel BuildRequires: libseccomp-devel
BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: gmp-devel
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
Requires: libtpms >= 0.6.0 Requires: libtpms >= 0.6.0
@ -201,6 +202,12 @@ fi
%{_datadir}/swtpm/swtpm-create-tpmca %{_datadir}/swtpm/swtpm-create-tpmca
%changelog %changelog
* Mon Nov 04 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-4
- Add extra SELinux policies.
Related: RHEL-53967
- Fix FTBFS, add gmp-devel
Resolves: RHEL-65460
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.9.0-3 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.9.0-3
- Bump release for October 2024 mass rebuild: - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 Resolves: RHEL-64018