[rpms/nfs-ganesha] f44: NFS-Ganesha 9.16, addition selinux policy from Fedora 44

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/nfs-ganesha] f44: NFS-Ganesha 9.16, addition selinux policy from Fedora 44
@ 2026-06-25 15:41 Kaleb S. KEITHLEY
  0 siblings, 0 replies; only message in thread
From: Kaleb S. KEITHLEY @ 2026-06-25 15:41 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/nfs-ganesha
Branch : f44
Commit : 6fe2f39c561940fd9ca163f9179d494a5a0c465c
Author : Kaleb S. KEITHLEY <kkeithle@redhat.com>
Date   : 2026-06-25T11:41:04-04:00
Stats  : +82/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/nfs-ganesha/c/6fe2f39c561940fd9ca163f9179d494a5a0c465c?branch=f44

Log:
NFS-Ganesha 9.16, addition selinux policy from Fedora 44

---
diff --git a/0003-src-selinux-ganesha.te.patch b/0003-src-selinux-ganesha.te.patch
new file mode 100644
index 0000000..bc95c51
--- /dev/null
+++ b/0003-src-selinux-ganesha.te.patch
@@ -0,0 +1,77 @@
+--- nfs-ganesha-9.16/src/selinux/ganesha.te.orig	2026-06-25 07:54:15.594771685 -0400
++++ nfs-ganesha-9.16/src/selinux/ganesha.te	2026-06-25 10:21:50.301809751 -0400
+@@ -1,10 +1,10 @@
+ policy_module(ganesha, 1.0.0)
+ 
+ require {
+-	type var_lib_nfs_t;
+ 	type apm_bios_t;
+ 	type autofs_device_t;
+ 	type bpf_t;
++	type cache_home_t;
+ 	type clock_device_t;
+ 	type configfs_t;
+ 	type cpu_device_t;
+@@ -17,6 +17,7 @@
+ 	type fixed_disk_device_t;
+ 	type framebuf_device_t;
+ 	type fs_t;
++	type home_root_t;
+ 	type hugetlbfs_t;
+ 	type initctl_t;
+ 	type kmsg_device_t;
+@@ -32,18 +33,22 @@
+ 	type pstore_t;
+ 	type ptmx_t;
+ 	type removable_device_t;
++	type rpcbind_t;
+ 	type rpc_pipefs_t;
+ 	type scsi_generic_device_t;
+ 	type sound_device_t;
++	type ssh_home_t;
+ 	type sysfs_t;
+ 	type tmpfs_t;
+ 	type usb_device_t;
+ 	type usbmon_device_t;
++	type user_home_dir_t;
++	type user_home_t;
++	type var_lib_nfs_t;
+ 	type virtio_device_t;
+ 	type watchdog_device_t;
+ 	type wireless_device_t;
+ 	type xserver_misc_device_t;
+-	type rpcbind_t;
+ 
+ 	type cgroup_t;
+ 	type usr_t;
+@@ -95,6 +100,7 @@
+ allow ganesha_t self:capability { dac_read_search dac_override fowner setgid setuid };
+ allow ganesha_t self:capability2 block_suspend;
+ allow ganesha_t self:capability sys_resource;
++allow ganesha_t self:capability sys_rawio;
+ allow ganesha_t self:process { setcap setrlimit };
+ allow ganesha_t self:fifo_file rw_fifo_file_perms;
+ allow ganesha_t self:unix_stream_socket create_stream_socket_perms;
+@@ -204,11 +210,21 @@
+ fs_read_cgroup_files(ganesha_t)
+ 
+ #!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
+-allow ganesha_t usr_t:file map;
++allow ganesha_t usr_t:dir { add_name remove_name };
++allow ganesha_t usr_t:file { map create unlink write };
++allow ganesha_t var_lib_nfs_t:file create;
+ 
+ #============= init_t ==============
+ allow init_t var_lib_nfs_t:dir { create setattr };
++allow init_t var_lib_nfs_t:file { create unlink write };
+ 
++#============= home_dir ==============
++allow ganesha_t cache_home_t:dir getattr;
++allow ganesha_t home_root_t:dir read;
++allow ganesha_t ssh_home_t:dir getattr;
++allow ganesha_t user_home_dir_t:dir { add_name getattr open read remove_name search };
++allow ganesha_t user_home_dir_t:file { create getattr open read unlink write };
++allow ganesha_t user_home_t:dir getattr;
+ 
+ ########################################
+ #

diff --git a/nfs-ganesha.spec b/nfs-ganesha.spec
index 5bb0218..e2e2ac2 100644
--- a/nfs-ganesha.spec
+++ b/nfs-ganesha.spec
@@ -138,7 +138,7 @@ Requires: openSUSE-release
 
 Name:		nfs-ganesha
 Version:	9.16
-Release:	2%{?dev:%{dev}}%{?dist}
+Release:	3%{?dev:%{dev}}%{?dist}
 Summary:	NFS-Ganesha is a NFS Server running in user space
 License:	LGPL-3.0-or-later
 Url:		https://github.com/nfs-ganesha/nfs-ganesha/wiki
@@ -146,6 +146,7 @@ Url:		https://github.com/nfs-ganesha/nfs-ganesha/wiki
 Source0:	https://github.com/%{name}/%{name}/archive/V%{version}%{?dev:-%{dev}}/%{name}-%{version}%{?dev:%{dev}}.tar.gz
 Patch:		0001-config_samples-log_rotate.patch
 Patch:		0002-src-scripts-python.patch
+Patch:		0003-src-selinux-ganesha.te.patch
 
 BuildRequires:	cmake
 BuildRequires:	make
@@ -977,6 +978,9 @@ killall -SIGHUP dbus-daemon >/dev/null 2>&1 || :
 %endif
 
 %changelog
+* Thu Jun 25 2026 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 9.16-3
+- NFS-Ganesha 9.16, addition selinux policy from Fedora 44
+
 * Tue Jun 16 2026 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 9.16-2
 - NFS-Ganesha 9.16, missing BR for rdma-core-devel and enable rdma
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-25 15:41 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-25 15:41 [rpms/nfs-ganesha] f44: NFS-Ganesha 9.16, addition selinux policy from Fedora 44 Kaleb S. KEITHLEY

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox