diff --git a/0001-Grub-support-in-kernel-command-line-option-names-647.patch b/0001-Grub-support-in-kernel-command-line-option-names-647.patch index dbeddc1..fae00df 100644 --- a/0001-Grub-support-in-kernel-command-line-option-names-647.patch +++ b/0001-Grub-support-in-kernel-command-line-option-names-647.patch @@ -1,7 +1,7 @@ From e666bf968071a9976bd44e1eb65645eb9d51b5cb Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Wed, 23 Oct 2019 11:35:57 +0200 -Subject: [PATCH 1/8] Grub: support '+' in kernel command line option names +Subject: [PATCH 1/9] Grub: support '+' in kernel command line option names (#647) This way it is possible to parse files that pass options with '+' in the diff --git a/0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch b/0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch index 2c0de8b..a8a678f 100644 --- a/0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch +++ b/0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch @@ -1,7 +1,7 @@ From eb2dc4ec0879290f42e35a7facc345ca1c70ba69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Pinson?= Date: Tue, 12 Nov 2019 13:33:26 +0100 -Subject: [PATCH 2/8] Rsyslog: support multiple actions in filters and +Subject: [PATCH 2/9] Rsyslog: support multiple actions in filters and selectors (#653) (cherry picked from commit 5181105bae84dc7819a00886f068ad0bb4e6d05a) diff --git a/0003-src-augrun.c-nexttoken-add-more-escape-characters.patch b/0003-src-augrun.c-nexttoken-add-more-escape-characters.patch index 5c275fd..0f13f1b 100644 --- a/0003-src-augrun.c-nexttoken-add-more-escape-characters.patch +++ b/0003-src-augrun.c-nexttoken-add-more-escape-characters.patch @@ -1,7 +1,7 @@ From 5218c2997b7b77752511ebc61ffa743fd2d8fcbf Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Fri, 17 May 2019 13:47:20 +0200 -Subject: [PATCH 3/8] * src/augrun.c (nexttoken): add more escape characters +Subject: [PATCH 3/9] * src/augrun.c (nexttoken): add more escape characters Synchonize the list of "pass-through" characters with the set in the 'name_follow' variable in pathx.c: as pathx_escape_name() escapes them, diff --git a/0004-src-augtool.c-hopefully-fix-readline-quoting-issues.patch b/0004-src-augtool.c-hopefully-fix-readline-quoting-issues.patch index 8dcbba8..e08ef90 100644 --- a/0004-src-augtool.c-hopefully-fix-readline-quoting-issues.patch +++ b/0004-src-augtool.c-hopefully-fix-readline-quoting-issues.patch @@ -1,7 +1,7 @@ From fc2b84a2ecd9a403cb602d2de26d6c1804a3ceac Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Fri, 17 May 2019 15:18:50 +0200 -Subject: [PATCH 4/8] * src/augtool.c: hopefully fix readline quoting issues +Subject: [PATCH 4/9] * src/augtool.c: hopefully fix readline quoting issues Configure the quoting (also using a detector) and word break characters, so it is possible to autocomplete paths with special characters (like diff --git a/0005-Krb5-improve-dbmodules-and-includes-630.patch b/0005-Krb5-improve-dbmodules-and-includes-630.patch index 4b42a62..502b4e1 100644 --- a/0005-Krb5-improve-dbmodules-and-includes-630.patch +++ b/0005-Krb5-improve-dbmodules-and-includes-630.patch @@ -1,7 +1,7 @@ From 1b4d6a9918b8bcbc06af4ce99a48cd66fed97196 Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Tue, 4 Feb 2020 17:54:22 +0100 -Subject: [PATCH 5/8] Krb5: improve [dbmodules] and includes (#630) +Subject: [PATCH 5/9] Krb5: improve [dbmodules] and includes (#630) * Krb5: fix/revamp parsing of [dbmodules] subsection diff --git a/0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch b/0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch index f45e50f..ac8a0c0 100644 --- a/0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch +++ b/0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch @@ -1,7 +1,7 @@ From eb7c72cfffa5360a65be270c5554abf36739e382 Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Tue, 4 Feb 2020 18:05:05 +0100 -Subject: [PATCH 6/8] Systemd: fix parsing of envvars with spaces (#659) +Subject: [PATCH 6/9] Systemd: fix parsing of envvars with spaces (#659) Allow spaces inside of values quoted with single or double quotes. diff --git a/0007-Ssh-add-Match-keyword-support-695.patch b/0007-Ssh-add-Match-keyword-support-695.patch index 8f2bc43..7b4a698 100644 --- a/0007-Ssh-add-Match-keyword-support-695.patch +++ b/0007-Ssh-add-Match-keyword-support-695.patch @@ -1,7 +1,7 @@ From efd61b77563489ca0fa21904cc1fecfc482afd06 Mon Sep 17 00:00:00 2001 From: granquet Date: Tue, 6 Oct 2020 23:03:18 +0200 -Subject: [PATCH 7/8] Ssh: add Match keyword support (#695) +Subject: [PATCH 7/9] Ssh: add Match keyword support (#695) Signed-off-by: Guillaume Ranquet --- diff --git a/0008-Include-mke2fs-lens-and-test-from-upstream.patch b/0008-Include-mke2fs-lens-and-test-from-upstream.patch index 9ea417c..5502abc 100644 --- a/0008-Include-mke2fs-lens-and-test-from-upstream.patch +++ b/0008-Include-mke2fs-lens-and-test-from-upstream.patch @@ -1,7 +1,7 @@ From 59fb794a4c47b811998273323cd49cc91f9db7e2 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 12 Jan 2022 16:11:22 +0000 -Subject: [PATCH 8/8] Include mke2fs lens and test from upstream +Subject: [PATCH 8/9] Include mke2fs lens and test from upstream Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1807010 --- diff --git a/0009-semanage-Fix-parsing-of-ignoredirs-758.patch b/0009-semanage-Fix-parsing-of-ignoredirs-758.patch new file mode 100644 index 0000000..826e620 --- /dev/null +++ b/0009-semanage-Fix-parsing-of-ignoredirs-758.patch @@ -0,0 +1,148 @@ +From f1480aa0c228107a22664e6302c6f2b388536ece Mon Sep 17 00:00:00 2001 +From: rwmjones +Date: Thu, 6 Oct 2022 12:15:56 +0100 +Subject: [PATCH 9/9] semanage: Fix parsing of ignoredirs (#758) + +From /etc/selinux/semanage.conf from a RHEL 9.1 system, this line +caused problems: + + ignoredirs=/root;/bin;/boot;/dev;/etc [...] + +Parse this as a list of modified Rx.fspath, generating a tree like: + + /files/etc/selinux/semanage.conf/ignoredirs/1 = /root + /files/etc/selinux/semanage.conf/ignoredirs/2 = /bin + /files/etc/selinux/semanage.conf/ignoredirs/3 = /dev + /files/etc/selinux/semanage.conf/ignoredirs/4 = /etc + [...] + +Also this adds the RHEL 9 file as another test case and adjusts the +output of the existing test case. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2077120 +Signed-off-by: Richard W.M. Jones + +Signed-off-by: Richard W.M. Jones +(cherry picked from commit a3ba6e2d32b95507e2474a219e788ac3d54bc4a1) +--- + lenses/semanage.aug | 7 +++- + lenses/tests/test_semanage.aug | 4 +- + tests/root/etc/selinux/semanage.conf | 60 ++++++++++++++++++++++++++++ + tests/xpath.tests | 1 + + 4 files changed, 70 insertions(+), 2 deletions(-) + create mode 100644 tests/root/etc/selinux/semanage.conf + +diff --git a/lenses/semanage.aug b/lenses/semanage.aug +index 46f93b32..edd97131 100644 +--- a/lenses/semanage.aug ++++ b/lenses/semanage.aug +@@ -23,7 +23,12 @@ let sep = IniFile.sep "=" "=" + let empty = IniFile.empty + let eol = IniFile.eol + +-let entry = IniFile.entry IniFile.entry_re sep comment ++let list_keys = "ignoredirs" ++let scl = del ";" ";" ++let fspath = /[^ \t\n;#]+/ (* Rx.fspath without ; or # *) ++ ++let entry = IniFile.entry_list list_keys sep fspath scl comment ++ | IniFile.entry (IniFile.entry_re - list_keys) sep comment + | empty + + let title = IniFile.title_label "@group" (IniFile.record_re - /^end$/) +diff --git a/lenses/tests/test_semanage.aug b/lenses/tests/test_semanage.aug +index a6ceaca0..f76b95f3 100644 +--- a/lenses/tests/test_semanage.aug ++++ b/lenses/tests/test_semanage.aug +@@ -68,7 +68,9 @@ test Semanage.lns get conf = + { "usepasswd" = "False" } + { "bzip-small" = "true" } + { "bzip-blocksize" = "5" } +- { "ignoredirs" = "/root" } ++ { "ignoredirs" ++ { "1" = "/root" } ++ } + { } + { "@group" = "sefcontext_compile" + { "path" = "/usr/sbin/sefcontext_compile" } +diff --git a/tests/root/etc/selinux/semanage.conf b/tests/root/etc/selinux/semanage.conf +new file mode 100644 +index 00000000..406f16f1 +--- /dev/null ++++ b/tests/root/etc/selinux/semanage.conf +@@ -0,0 +1,60 @@ ++# Authors: Jason Tang ++# ++# Copyright (C) 2004-2005 Tresys Technology, LLC ++# ++# This library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2.1 of the License, or (at your option) any later version. ++# ++# This library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public ++# License along with this library; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++# ++# Specify how libsemanage will interact with a SELinux policy manager. ++# The four options are: ++# ++# "source" - libsemanage manipulates a source SELinux policy ++# "direct" - libsemanage will write directly to a module store. ++# /foo/bar - Write by way of a policy management server, whose ++# named socket is at /foo/bar. The path must begin ++# with a '/'. ++# foo.com:4242 - Establish a TCP connection to a remote policy ++# management server at foo.com. If there is a colon ++# then the remainder is interpreted as a port number; ++# otherwise default to port 4242. ++module-store = direct ++ ++# When generating the final linked and expanded policy, by default ++# semanage will set the policy version to POLICYDB_VERSION_MAX, as ++# given in . Change this setting if a different ++# version is necessary. ++#policy-version = 19 ++ ++# expand-check check neverallow rules when executing all semanage ++# commands. There might be a penalty in execution time if this ++# option is enabled. ++expand-check=0 ++ ++# usepasswd check tells semanage to scan all pass word records for home directories ++# and setup the labeling correctly. If this is turned off, SELinux will label only /home ++# and home directories of users with SELinux login mappings defined, see ++# semanage login -l for the list of such users. ++# If you want to use a different home directory, you will need to use semanage fcontext command. ++# For example, if you had home dirs in /althome directory you would have to execute ++# semanage fcontext -a -e /home /althome ++usepasswd=False ++bzip-small=true ++bzip-blocksize=5 ++ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var ++optimize-policy=true ++ ++[sefcontext_compile] ++path = /usr/sbin/sefcontext_compile ++args = -r $@ ++[end] +diff --git a/tests/xpath.tests b/tests/xpath.tests +index a7db8d83..feab7584 100644 +--- a/tests/xpath.tests ++++ b/tests/xpath.tests +@@ -109,6 +109,7 @@ test descendant-or-self /files/descendant-or-self :: 4 + /files/etc/ssh/ssh_config/Host/SendEnv[1]/4 = LC_TIME + /files/etc/ssh/ssh_config/Host/SendEnv[2]/4 = LC_TELEPHONE + /files/etc/aliases/4 ++ /files/etc/selinux/semanage.conf/ignoredirs/4 = /dev + /files/etc/fstab/4 + /files/etc/pam.d/login/4 + /files/etc/pam.d/newrole/4 +-- +2.31.1 + diff --git a/augeas.spec b/augeas.spec index e39e080..26a379b 100644 --- a/augeas.spec +++ b/augeas.spec @@ -1,6 +1,6 @@ Name: augeas Version: 1.12.0 -Release: 7%{?dist} +Release: 8%{?dist} Summary: A library for changing configuration files Group: System Environment/Libraries @@ -9,7 +9,7 @@ URL: http://augeas.net/ Source0: http://download.augeas.net/%{name}-%{version}.tar.gz # Patches are stored here: -# https://github.com/rwmjones/augeas/tree/rhel-8.6 +# https://github.com/rwmjones/augeas/tree/rhel-8.8 Patch1: 0001-Grub-support-in-kernel-command-line-option-names-647.patch Patch2: 0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch @@ -19,6 +19,7 @@ Patch5: 0005-Krb5-improve-dbmodules-and-includes-630.patch Patch6: 0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch Patch7: 0007-Ssh-add-Match-keyword-support-695.patch Patch8: 0008-Include-mke2fs-lens-and-test-from-upstream.patch +Patch9: 0009-semanage-Fix-parsing-of-ignoredirs-758.patch BuildRequires: readline-devel libselinux-devel libxml2-devel BuildRequires: autoconf, automake @@ -125,6 +126,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/augeas.pc %changelog +* Wed Oct 12 2022 Richard W.M. Jones - 1.12.0-8 +- Fix parsing of semanage.conf ignoredirs + resolves: rhbz#1931058 + * Wed Jan 12 2022 Richard W.M. Jones - 1.12.0-7 - Fix parsing of mke2fs.conf files resolves: rhbz#1807010