diff --git a/add-rw-perms-tpm-apache.patch b/add-rw-perms-tpm-apache.patch new file mode 100644 index 0000000000000000000000000000000000000000..f425fb8d3aef650f6c652e55aeb1b1cfdc3aaa78 --- /dev/null +++ b/add-rw-perms-tpm-apache.patch @@ -0,0 +1,12 @@ +diff -uprN selinux-policy-9c84d687e0fef5d8e4e25273bd25f58c28a7c67c.orig/policy/modules/contrib/apache.te selinux-policy-9c84d687e0fef5d8e4e25273bd25f58c28a7c67c/policy/modules/contrib/apache.te +--- selinux-policy-9c84d687e0fef5d8e4e25273bd25f58c28a7c67c.orig/policy/modules/contrib/apache.te 2021-03-11 17:07:01.195611439 +0100 ++++ selinux-policy-9c84d687e0fef5d8e4e25273bd25f58c28a7c67c/policy/modules/contrib/apache.te 2021-03-12 09:03:47.199430000 +0100 +@@ -521,6 +521,8 @@ allow httpd_t httpd_keytab_t:file read_f + allow httpd_t httpd_lock_t:file manage_file_perms; + files_lock_filetrans(httpd_t, httpd_lock_t, file) + ++dev_rw_tpm(httpd_t) ++ + allow httpd_t httpd_log_t:dir setattr; + create_dirs_pattern(httpd_t, httpd_log_t, httpd_log_t) + create_files_pattern(httpd_t, httpd_log_t, httpd_log_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 751410fb899a192ccc3f7d6f3063dddde8e34adc..07a585e131d5eeebb1e1cb2e42545a3e2f39ef83 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -12,7 +12,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.2 -Release: 68 +Release: 69 License: GPLv2+ URL: https://github.com/fedora-selinux/selinux-policy/ @@ -75,6 +75,7 @@ Patch22: backport-Allow-dovecot-bind-to-smtp-ports.patch Patch23: backport-selinux-tweak-selinux_get_enforce_mode-to-allow-stat.patch Patch24: backport-Allow-resolved-to-created-varlink-sockets-and-the-do.patch Patch25: backport-Allow-systemd-resolved-manage-its-private-runtime-sy.patch +Patch26: add-rw-perms-tpm-apache.patch BuildArch: noarch BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc @@ -740,6 +741,9 @@ exit 0 %endif %changelog +* Tue Mar 16 2021 Roberto Sassu - 3.14.2-69 +- add add-rw-perms-tpm-apache.patch + * Sat Mar 13 2021 luhuaxin <1539327763@qq.com> - 3.14.2-68 - add patches for system_resolved