Package init

add-allow-for-ldconfig-to-map-libsudo_util-so.patch

@@ -0,0 +1,27 @@
+From db595c32644c01e6a9e5697d03a3f480d0dbba2e Mon Sep 17 00:00:00 2001
+From: zhangchenfeng <zhangchenfeng1@huawei.com>
+Date: Wed, 14 Aug 2019 07:58:13 +0800
+Subject: [PATCH] add allow for ldconfig to map /usr/libexec/libsudo_util.so
+
+reason: add allow for ldconfig to map /usr/libexec/libsudo_util.so
+---
+ policy/modules/system/libraries.te | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
+index 7a660a0..0893aba 100644
+--- a/policy/modules/system/libraries.te
++++ b/policy/modules/system/libraries.te
+@@ -95,6 +95,9 @@ files_search_usr(ldconfig_t)
+ # for when /etc/ld.so.cache is mislabeled:
+ files_delete_etc_files(ldconfig_t)
+ 
++# for map /usr/libexec/libsudo_util.so
++allow ldconfig_t bin_t:file map;
++
+ init_use_script_ptys(ldconfig_t)
+ init_read_script_tmp_files(ldconfig_t)
+ 
+-- 
+1.8.3.1
+

add-allow-syslogd_t-domain-to-send-null-signal-to-all-do.patch

@@ -0,0 +1,28 @@
+From aa8aaac6c35fd2cc53fa35000088773935afbd1f Mon Sep 17 00:00:00 2001
+From: zhangchenfeng <zhangchenfeng1@huawei.com>
+Date: Fri, 6 Sep 2019 11:06:51 +0800
+Subject: [PATCH] Allow syslogd_t domain to send null signal to all domains on
+ system
+
+Allow syslogd_t domain to send null signal to all domains on
+ system
+
+---
+ policy/modules/system/logging.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
+index 93c5b94..03a4c99 100644
+--- a/policy/modules/system/logging.te
++++ b/policy/modules/system/logging.te
+@@ -568,6 +568,7 @@ dev_read_kmsg(syslogd_t)
+ 
+ domain_read_all_domains_state(syslogd_t)
+ domain_getattr_all_domains(syslogd_t)
++domain_signull_all_domains(syslogd_t)
+ domain_use_interactive_fds(syslogd_t)
+ 
+ files_read_etc_files(syslogd_t)
+-- 
+1.8.3.1
+

selinux-policy.spec

@@ -12,10 +12,11 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 41
+Release: 44
 License: GPLv2+
+URL:     https://github.com/fedora-selinux/selinux-policy/
 
-Source0: selinux-policy-38fa84d.tar.gz
+Source0: https://github.com/fedora-selinux/selinux-policy/archive/38fa84dc715893cab1cc76aa9c43ba325b153e10/selinux-policy-38fa84d.tar.gz
 Source1: modules-targeted-base.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel
@@ -35,7 +36,7 @@ Source25: users-minimum
 Source26: file_contexts.subs_dist
 Source27: selinux-policy.conf
 Source28: permissivedomains.cil
-Source29: selinux-policy-contrib-f9b7466.tar.gz
+Source29: https://github.com/fedora-selinux/selinux-policy-contrib/archive/f9b7466780b5250bf94b5d40764277bc9c5b5f62/selinux-policy-contrib-f9b7466.tar.gz
 Source30: booleans.subs_dist
 Source31: modules-targeted-contrib.conf
 Source32: modules-mls-contrib.conf
@@ -49,6 +50,8 @@ Patch9003: Fix-userdom_write_user_tmp_dirs-to-allow-caller-doma.patch
 Patch9004: Fixing-range-for-ephemeral-ports-BZ-1518807.patch
 Patch9005: Fix-userdom_admin_user_template-interface-by-adding-.patch
 Patch9006: Fix-bug-in-userdom_restricted_xwindows_user_template.patch
+Patch9007: add-allow-for-ldconfig-to-map-libsudo_util-so.patch
+Patch9008: add-allow-syslogd_t-domain-to-send-null-signal-to-all-do.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -651,5 +654,15 @@ exit 0
 %endif
 
 %changelog
+* Mon Dec 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-44
+- add URL
+
+* Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-43
+- add source of tarball
+
+* Mon Dec 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-42
+- add allow for ldconfig to map /usr/libexec/libsudo_util.so
+  allow syslogd_t domain to send null signal to all domain
+
 * Thu Sep 12 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.14.2-41
 - Package init