SUSE-RU-2026:21678-1: important: Recommended update for google-guest-oslogin

SLE-UPDATES null at suse.de
Tue May 19 20:30:53 UTC 2026 

# Recommended update for google-guest-oslogin

Announcement ID: SUSE-RU-2026:21678-1  
Release Date: 2026-05-15T10:43:49Z  
Rating: important  
References:

  * bsc#1218548
  * bsc#1219642
  * bsc#1221342
  * bsc#1221900
  * bsc#1221901
  * bsc#1222171
  * bsc#1231775
  * bsc#1231776
  * bsc#1232553
  * bsc#1257010
  * jsc#PED-14688

  
Affected Products:

  * SUSE Linux Micro 6.0

  
  
An update that contains one feature and has 10 fixes can now be installed.

## Description:

This update for google-guest-oslogin fixes the following issues:

  * Update to version 20260430.00
    * URLEncode request parameters sent to the metadata server.
  * Add /var/google-sudoers.d to tmpfile config
    * The /var/google-users.d directory is pre-created in the Makefile but the google-sudoers.d is not.
  * Update to version 20260227.00 (bsc#1257010):
    * Fix broken cache_refresh behavior when groups are disabled.
      * Implement a binary cache for OS Login passwd entries. This change introduces a new binary cache format for storing OS Login passwd information. It includes:
        * `OsLoginPasswdCacheWriter`: A C++ class to build and write the cache file. It buffers user entries, sorts them, and writes them to a temporary file before atomically renaming it.
        * `oslogin_passwd_cache_reader`: A C implementation for reading from the cache file using mmap. It provides functions compatible with NSS modules for looking up entries by UID, name, and iterating through all entries.
        * `eytzinger_layout.h`: A template function to convert a sorted vector into an Eytzinger layout, used for the name index to improve cache locality during lookups.
        * `oslogin_index_structs.h`: Defines the structures used for the UID and Name indices.
        * New unit tests (`eytzinger_layout_test.cc`, `oslogin_passwd_cache_reader_test.cc`, `round_trip_test.cc`) to validate the cache functionality, including concurrent read access.
        * The `Makefile` is updated to build and run the new tests. The `main` function is removed from `oslogin_utils_test.cc` as `gtest_main.cc` is now linked.
      * Fix incorrect cache_refresh return value.
    * Add google-guest-oslogin.conf and ggosl no var content (jsc#PED-14688)
  * Update SELinux module dir as macro to allow root path move from
    /var/lib/selinux to /etc/selinux (bsc#1221342)
  * Update to version 20251022.00:
    * Log the response body when an auth failure occurs; it usually has helpful info in it.
  * Update to version 20250821.00:
    * Check policy uses adminLogin for cloud run
  * from version 20250807.00:
    * Extract the principal from certs when cloud_run enabled
  * Update to version 20250710.00:
    * Add the cloudrun support
  * Update to version 20250624.00:
    * Pass c-strings to logging functions:
  * from version 20241216.00:
    * Send the correct type to SysLogErr; the clang sanitizer dislikes the type mismatch.
    * Add Eric to the owners file.
    * Revert "new client component and tests"
  * from version 20241214.00
    * Remove pat from owners
  * from version 20241206.00
    * Fix json include
    * build: remove oslogin_sshca from binaries list
    * Fix bad struct initialization pattern `= { 0 }`
    * Apply "include what you use," fixing missing include statements broadly.
    * Fix base64.h's missing includes and BSD types
    * Fix a bug where very large GIDs would cause integer overflow errors
  * from version 20241127.00:
    * Rename openbsd.h to base64.h and move it into the src/ folder
  * from version 20241126.01:
    * Follow the Google style guide by using the "local include style" to include files from this project.
  * from version 20241126.00:
    * Delete oslogin_sshca binary, add it to the ignore list
  * from version 20241120.00
    * OS Login agent searches for full fingerprint extension instead of equals
  * from version 20241116.00:
    * Log an error when user has no challenges configured
  * Rework SELinux support (bsc#1232553):
    * Add pkgconfig(systemd) to BuildRequires for SELinux builds
    * Add policycoreutils to BuildRequires
    * Build and install SELinux module on older distributions as well to allow users to use the module with their own SELinux policies
    * Make checkpolicy build dependency unconditional
    * Move oslogin.pp SELinux module into %{selinuxtype} subdirectory
    * Own %{_datadir}/selinux{,/packages} on older distributions
    * Split SELinux support into separate -selinux package
    * Use SELinux RPM macros to install and uninstall SELinux module
    * Use RPM conditional builds to enable SELinux on newer distributions
  * Build and install SELinux module (bsc#1232553)
  * Update to version 20241021.00 (bsc#1231775, bsc#1231776):
    * Update OWNERS
  * Update to version 20240925.00:
    * Inherit environment build flags
  * Update to version 20240701.00:
    * Don't retry bad request responses
  * Update to version 20240415.00:
    * Log clearly when the initial parsing of a JSON object fails
  * Fix file permissions for google_authorized_principals binary (bsc#1222171)
  * Update to version 20240311.00 (bsc#1218548, bsc#1221900, bsc#1221901)
    * pam: Bring back pam's account management implementation
    * Change error messages when checking login policy
    * Remove quintonamore from OWNERS
  * Add explicit versioned dependency on google-guest-agent (bsc#1219642)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.0  
    zypper in -t patch SUSE-SLE-Micro-6.0-713=1

## Package List:

  * SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
    * google-guest-oslogin-debugsource-20260430.00-1.1
    * google-guest-oslogin-debuginfo-20260430.00-1.1
    * google-guest-oslogin-20260430.00-1.1
  * SUSE Linux Micro 6.0 (noarch)
    * google-guest-oslogin-selinux-20260430.00-1.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1218548
  * https://bugzilla.suse.com/show_bug.cgi?id=1219642
  * https://bugzilla.suse.com/show_bug.cgi?id=1221342
  * https://bugzilla.suse.com/show_bug.cgi?id=1221900
  * https://bugzilla.suse.com/show_bug.cgi?id=1221901
  * https://bugzilla.suse.com/show_bug.cgi?id=1222171
  * https://bugzilla.suse.com/show_bug.cgi?id=1231775
  * https://bugzilla.suse.com/show_bug.cgi?id=1231776
  * https://bugzilla.suse.com/show_bug.cgi?id=1232553
  * https://bugzilla.suse.com/show_bug.cgi?id=1257010
  * https://jira.suse.com/browse/PED-14688

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260519/fdccb562/attachment.htm>

More information about the sle-updates mailing list