From 93889e196e45a0a6826b6434724957fbe775efb5 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Mar 18 2017 14:56:05 +0000
Subject: * Sat Mar 18 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-246

- Label all files containing hostname substring in /etc/ created by systemd_hostnamed_t as hostname_etc_t. BZ(1433555)

---

diff --git a/container-selinux.tgz b/container-selinux.tgz
index 78a87ca..d7aa304 100644
Binary files a/container-selinux.tgz and b/container-selinux.tgz differ
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 4a24305..e9c57db 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -45289,14 +45289,14 @@ index a392fc4..b7497fc 100644
 +')
 diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
 new file mode 100644
-index 0000000..db8e9dc
+index 0000000..121b422
 --- /dev/null
 +++ b/policy/modules/system/systemd.fc
 @@ -0,0 +1,81 @@
 +HOME_DIR/\.local/share/systemd(/.*)?		gen_context(system_u:object_r:systemd_home_t,s0)
 +/root/\.local/share/systemd(/.*)?		gen_context(system_u:object_r:systemd_home_t,s0)
 +
-+/etc/hostname			--		gen_context(system_u:object_r:hostname_etc_t,s0)
++/etc/.*hostname.*			--		gen_context(system_u:object_r:hostname_etc_t,s0)
 +/etc/machine-info		--		gen_context(system_u:object_r:hostname_etc_t,s0)
 +/etc/udev/.*hwdb.*	--	gen_context(system_u:object_r:systemd_hwdb_etc_t,s0)
 +
@@ -47185,10 +47185,10 @@ index 0000000..86e3d01
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..0100a56
+index 0000000..c9d14fd
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,1018 @@
+@@ -0,0 +1,1017 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -47888,8 +47888,7 @@ index 0000000..0100a56
 +
 +manage_files_pattern(systemd_hostnamed_t, hostname_etc_t, hostname_etc_t)
 +manage_lnk_files_pattern(systemd_hostnamed_t, hostname_etc_t, hostname_etc_t)
-+files_etc_filetrans(systemd_hostnamed_t, hostname_etc_t, file, "hostname" )
-+files_etc_filetrans(systemd_hostnamed_t, hostname_etc_t, file, "machine-info" )
++files_etc_filetrans(systemd_hostnamed_t, hostname_etc_t, file)
 +
 +kernel_dgram_send(systemd_hostnamed_t)
 +kernel_read_xen_state(systemd_hostnamed_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index bc15846..2fd0050 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 245%{?dist}
+Release: 246%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -682,6 +682,9 @@ exit 0
 %endif
 
 %changelog
+* Sat Mar 18 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-246
+- Label all files containing hostname substring in /etc/ created by systemd_hostnamed_t as hostname_etc_t. BZ(1433555)
+
 * Fri Mar 17 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-245
 - Allow vdagent domain to getattr cgroup filesystem
 - Allow abrt_dump_oops_t stream connect to sssd_t domain