From 32adf788c70a3e75e947ea7394b9a746686bb01e Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sat, 5 Apr 2025 21:09:13 +0800 Subject: refpolicy: update to latest git rev * 5a6c7d8bf systemd: Add log env to systemd-machine-id-setup. * 33af8dfa4 Module for ipmitool * a3a6b1704 oddjob: allow oddjob_mkhomedir_t privfd:fd use * 621eb6caf systemd: allow reading /dev/cpu/0/msr * fb0e9cdda Remove unneeded backticks from gen_tunable * 2240e1a89 locallogin: allow sulogin_t user_tty_device_t rw Signed-off-by: Yi Zhao --- ...001-refpolicy-minimum-make-sysadmin-module-optional.patch | 12 ++++++------ recipes-security/refpolicy/refpolicy_git.inc | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/recipes-security/refpolicy/refpolicy/0001-refpolicy-minimum-make-sysadmin-module-optional.patch b/recipes-security/refpolicy/refpolicy/0001-refpolicy-minimum-make-sysadmin-module-optional.patch index b0c0556..f963901 100644 --- a/recipes-security/refpolicy/refpolicy/0001-refpolicy-minimum-make-sysadmin-module-optional.patch +++ b/recipes-security/refpolicy/refpolicy/0001-refpolicy-minimum-make-sysadmin-module-optional.patch @@ -1,4 +1,4 @@ -From 4a5d6d9b7c317a2b819ef9a0ebce2e913ad42be9 Mon Sep 17 00:00:00 2001 +From abcc9a219a57c4cdc60f72cd91372204f3fcfa38 Mon Sep 17 00:00:00 2001 From: Joe MacDonald Date: Fri, 5 Apr 2019 11:53:28 -0400 Subject: [PATCH] refpolicy-minimum: make sysadmin module optional @@ -22,10 +22,10 @@ Signed-off-by: Yi Zhao 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te -index 7df44cead..65146974b 100644 +index bde3d5944..cff62daa0 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te -@@ -648,13 +648,15 @@ ifdef(`init_systemd',` +@@ -653,13 +653,15 @@ ifdef(`init_systemd',` unconfined_write_keys(init_t) ') ',` @@ -48,12 +48,12 @@ index 7df44cead..65146974b 100644 ') ') diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te -index f96092070..db28ce41c 100644 +index 59bcc78c8..f25168e3b 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te -@@ -279,7 +279,9 @@ userdom_use_unpriv_users_fds(sulogin_t) +@@ -280,7 +280,9 @@ userdom_use_unpriv_users_fds(sulogin_t) userdom_search_user_home_dirs(sulogin_t) - userdom_use_user_ptys(sulogin_t) + userdom_use_user_terminals(sulogin_t) -sysadm_shell_domtrans(sulogin_t) +optional_policy(` diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index a4ffd5c..955d160 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc @@ -2,7 +2,7 @@ PV = "2.20250213+git" SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy" -SRCREV_refpolicy = "ffc9c4e16cef451bf1d1a1de44bb738aa342c69d" +SRCREV_refpolicy = "353352e31f0d301e6c49db79a753c7d0179b46c2" UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P\d+_\d+)" -- cgit v1.2.3-54-g00ecf