!33 [sync] PR-32: update spec with openeuler !28

From: @openeuler-sync-bot 
Reviewed-by: @imxcc 
Signed-off-by: @imxcc

libcareplus.spec

@@ -3,7 +3,7 @@
 Version: 1.0.0
 Name: libcareplus
 Summary: LibcarePlus tools
-Release: 7
+Release: 8
 Group: Applications/System
 License: GPLv2
 Url: https://gitee.com/openeuler/libcareplus
@@ -19,6 +19,7 @@ Patch0007: kpatch_elf-compatible-with-older-versions-of-the-so-.patch
 Patch0008: kpatch_parse-fix-failed-to-recognize-.cold.patch
 Patch0009: help-modify-some-help-information.patch
 Patch0010: libcare-patch-make-fix-some-bugs.patch
+Patch0011: selinux-enable-libcare-ctl-to-mprotect-qemu-process.patch
 
 BuildRequires: elfutils-libelf-devel libunwind-devel gcc systemd
 
@@ -150,6 +151,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Mar 29 2022 yezengruan <yezengruan@huawei.com> 1.0.0.8
+- selinux: enable libcare-ctl to mprotect qemu process
+
 * Mon Mar 21 2022 yezengruan <yezengruan@huawei.com> 1.0.0.7
 - libcare-patch-make: fix some bugs
 

selinux-enable-libcare-ctl-to-mprotect-qemu-process.patch

@@ -0,0 +1,27 @@
+From 2724af94241663c9877e270c645dfcea124dc92c Mon Sep 17 00:00:00 2001
+From: jiang-dawei15 <jiangdawei15@huawei.com>
+Date: Tue, 29 Mar 2022 20:32:43 +0800
+Subject: [PATCH] selinux: enable libcare-ctl to mprotect qemu process
+
+Signed-off-by: Bihong Yu <yubihong@huawei.com>
+---
+ dist/selinux/libcare.te | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/dist/selinux/libcare.te b/dist/selinux/libcare.te
+index c240875..670c026 100644
+--- a/dist/selinux/libcare.te
++++ b/dist/selinux/libcare.te
+@@ -52,6 +52,9 @@ allow libcare_t libcare_file_t: lnk_file read_lnk_file_perms;
+ # to read patient's /proc entries and be able to attach to it
+ allow libcare_t self: capability { dac_override dac_read_search sys_ptrace };
+ 
++# need by remote mprotect
++allow svirt_t self : process execmem;
++
+ allow libcare_t svirt_t : process ptrace;
+ allow libcare_t svirt_t : dir list_dir_perms;
+ allow libcare_t svirt_t : file rw_file_perms;
+-- 
+2.27.0
+