From e98b0994a726f961424b60babbf8511e73f03abc Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Feb 26 2016 13:55:26 +0000 Subject: * Fri Feb 26 2016 Lukas Vrabec 3.13.1-174 - Revert "Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/systemd/ rhbz#1285019" - Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/ rhbz#1285019 --- diff --git a/docker-selinux.tgz b/docker-selinux.tgz index e2b3421..584c3fa 100644 Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index 7fe17fb..8bb1cc6 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -45535,7 +45535,7 @@ index 0000000..21f7c14 +') diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te new file mode 100644 -index 0000000..bf93dba +index 0000000..11d2aa1 --- /dev/null +++ b/policy/modules/system/systemd.te @@ -0,0 +1,843 @@ @@ -45688,8 +45688,8 @@ index 0000000..bf93dba +manage_files_pattern(systemd_logind_t, { systemd_logind_sessions_t systemd_logind_var_run_t }, { systemd_logind_var_run_t systemd_logind_sessions_t }) +manage_fifo_files_pattern(systemd_logind_t, systemd_logind_sessions_t, { systemd_logind_sessions_t systemd_logind_var_run_t }) +init_named_pid_filetrans(systemd_logind_t, systemd_logind_sessions_t, dir, "sessions") -+init_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, { file dir }) -+files_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, file, "nologin") ++init_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, dir) ++files_pid_filetrans(systemd_logind_t, systemd_logind_var_run_t, file) + +manage_dirs_pattern(systemd_logind_t, systemd_logind_inhibit_var_run_t, systemd_logind_inhibit_var_run_t) +manage_files_pattern(systemd_logind_t, systemd_logind_inhibit_var_run_t, systemd_logind_inhibit_var_run_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index ab47992..6738f41 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 173%{?dist} +Release: 174%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -673,6 +673,10 @@ exit 0 %endif %changelog +* Fri Feb 26 2016 Lukas Vrabec 3.13.1-174 +- Revert "Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/systemd/ rhbz#1285019" +- Allow systemd-logind to create .#nologinXXXXXX labeled as systemd_logind_var_run_t in /var/run/ rhbz#1285019 + * Fri Feb 26 2016 Lukas Vrabec 3.13.1-173 - Allow amanda to manipulate the tape changer to load the necessary tapes. rhbz#1311759 - Allow keepalived to create netlink generic sockets. rhbz#1311756