public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Kaleb S. KEITHLEY <kkeithle@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/nfs-ganesha] rawhide: NFS-Ganesha 10.0, additional selinux, including home_dir_t
Date: Thu, 25 Jun 2026 15:26:59 GMT [thread overview]
Message-ID: <178240121921.1.6576226442432041341.rpms-nfs-ganesha-936bd7edf24b@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/nfs-ganesha
Branch : rawhide
Commit : 936bd7edf24b2a44fc7a076cc5eb0b1ac1b6a05c
Author : Kaleb S. KEITHLEY <kkeithle@redhat.com>
Date : 2026-06-25T11:26:45-04:00
Stats : +82/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/nfs-ganesha/c/936bd7edf24b2a44fc7a076cc5eb0b1ac1b6a05c?branch=rawhide
Log:
NFS-Ganesha 10.0, additional selinux, including home_dir_t
---
diff --git a/0003-src-selinux-ganesha.te.patch b/0003-src-selinux-ganesha.te.patch
new file mode 100644
index 0000000..bc95c51
--- /dev/null
+++ b/0003-src-selinux-ganesha.te.patch
@@ -0,0 +1,77 @@
+--- nfs-ganesha-9.16/src/selinux/ganesha.te.orig 2026-06-25 07:54:15.594771685 -0400
++++ nfs-ganesha-9.16/src/selinux/ganesha.te 2026-06-25 10:21:50.301809751 -0400
+@@ -1,10 +1,10 @@
+ policy_module(ganesha, 1.0.0)
+
+ require {
+- type var_lib_nfs_t;
+ type apm_bios_t;
+ type autofs_device_t;
+ type bpf_t;
++ type cache_home_t;
+ type clock_device_t;
+ type configfs_t;
+ type cpu_device_t;
+@@ -17,6 +17,7 @@
+ type fixed_disk_device_t;
+ type framebuf_device_t;
+ type fs_t;
++ type home_root_t;
+ type hugetlbfs_t;
+ type initctl_t;
+ type kmsg_device_t;
+@@ -32,18 +33,22 @@
+ type pstore_t;
+ type ptmx_t;
+ type removable_device_t;
++ type rpcbind_t;
+ type rpc_pipefs_t;
+ type scsi_generic_device_t;
+ type sound_device_t;
++ type ssh_home_t;
+ type sysfs_t;
+ type tmpfs_t;
+ type usb_device_t;
+ type usbmon_device_t;
++ type user_home_dir_t;
++ type user_home_t;
++ type var_lib_nfs_t;
+ type virtio_device_t;
+ type watchdog_device_t;
+ type wireless_device_t;
+ type xserver_misc_device_t;
+- type rpcbind_t;
+
+ type cgroup_t;
+ type usr_t;
+@@ -95,6 +100,7 @@
+ allow ganesha_t self:capability { dac_read_search dac_override fowner setgid setuid };
+ allow ganesha_t self:capability2 block_suspend;
+ allow ganesha_t self:capability sys_resource;
++allow ganesha_t self:capability sys_rawio;
+ allow ganesha_t self:process { setcap setrlimit };
+ allow ganesha_t self:fifo_file rw_fifo_file_perms;
+ allow ganesha_t self:unix_stream_socket create_stream_socket_perms;
+@@ -204,11 +210,21 @@
+ fs_read_cgroup_files(ganesha_t)
+
+ #!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
+-allow ganesha_t usr_t:file map;
++allow ganesha_t usr_t:dir { add_name remove_name };
++allow ganesha_t usr_t:file { map create unlink write };
++allow ganesha_t var_lib_nfs_t:file create;
+
+ #============= init_t ==============
+ allow init_t var_lib_nfs_t:dir { create setattr };
++allow init_t var_lib_nfs_t:file { create unlink write };
+
++#============= home_dir ==============
++allow ganesha_t cache_home_t:dir getattr;
++allow ganesha_t home_root_t:dir read;
++allow ganesha_t ssh_home_t:dir getattr;
++allow ganesha_t user_home_dir_t:dir { add_name getattr open read remove_name search };
++allow ganesha_t user_home_dir_t:file { create getattr open read unlink write };
++allow ganesha_t user_home_t:dir getattr;
+
+ ########################################
+ #
diff --git a/nfs-ganesha.spec b/nfs-ganesha.spec
index 0681487..4fddd6c 100644
--- a/nfs-ganesha.spec
+++ b/nfs-ganesha.spec
@@ -152,7 +152,7 @@ Requires: openSUSE-release
Name: nfs-ganesha
Version: 10.0
-Release: 2%{?dev:%{dev}}%{?dist}
+Release: 3%{?dev:%{dev}}%{?dist}
Summary: NFS-Ganesha is a NFS Server running in user space
License: LGPL-3.0-or-later
Url: https://github.com/nfs-ganesha/nfs-ganesha/wiki
@@ -161,6 +161,7 @@ Source0: https://github.com/%{name}/%{name}/archive/V%{version}%{?dev:-%{dev}}/%
Source1: https://github.com/ceph/libkmip/archive/%{kmip_ver_long}/libkmip-%{kmip_ver_short}.tar.gz
Patch: 0001-config_samples-log_rotate.patch
Patch: 0002-src-scripts-python.patch
+Patch: 0003-src-selinux-ganesha.te.patch
BuildRequires: cmake
BuildRequires: make
@@ -1006,6 +1007,9 @@ killall -SIGHUP dbus-daemon >/dev/null 2>&1 || :
%endif
%changelog
+* Thu Jun 25 2026 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 10.0-3
+- NFS-Ganesha 10.0, additional selinux, including home_dir_t
+
* Wed Jun 24 2026 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 10.0-2
- NFS-Ganesha 10.0 rebuild with libntirpc-10 rhbz#2492259
reply other threads:[~2026-06-25 15:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178240121921.1.6576226442432041341.rpms-nfs-ganesha-936bd7edf24b@fedoraproject.org \
--to=kkeithle@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox