import augeas-1.12.0-8.el8

2022-10-15 04:11:40 +00:00 · 2022-10-15 04:11:40 +00:00 · ec16e5d6ad
commit ec16e5d6ad
parent dd8ab551fc
10 changed files with 163 additions and 10 deletions
--- a/SOURCES/0001-Grub-support-in-kernel-command-line-option-names-647.patch
+++ b/SOURCES/0001-Grub-support-in-kernel-command-line-option-names-647.patch
@ -1,7 +1,7 @@
 From e666bf968071a9976bd44e1eb65645eb9d51b5cb Mon Sep 17 00:00:00 2001
 From: Pino Toscano <ptoscano@redhat.com>
 Date: Wed, 23 Oct 2019 11:35:57 +0200
-Subject: [PATCH 1/8] Grub: support '+' in kernel command line option names
+Subject: [PATCH 1/9] Grub: support '+' in kernel command line option names
 (#647)

 This way it is possible to parse files that pass options with '+' in the
--- a/SOURCES/0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch
+++ b/SOURCES/0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch
@ -1,7 +1,7 @@
 From eb2dc4ec0879290f42e35a7facc345ca1c70ba69 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Rapha=C3=ABl=20Pinson?= <raphael.pinson@camptocamp.com>
 Date: Tue, 12 Nov 2019 13:33:26 +0100
-Subject: [PATCH 2/8] Rsyslog: support multiple actions in filters and
+Subject: [PATCH 2/9] Rsyslog: support multiple actions in filters and
 selectors (#653)

 (cherry picked from commit 5181105bae84dc7819a00886f068ad0bb4e6d05a)
--- a/SOURCES/0003-src-augrun.c-nexttoken-add-more-escape-characters.patch
+++ b/SOURCES/0003-src-augrun.c-nexttoken-add-more-escape-characters.patch
@ -1,7 +1,7 @@
 From 5218c2997b7b77752511ebc61ffa743fd2d8fcbf Mon Sep 17 00:00:00 2001
 From: Pino Toscano <ptoscano@redhat.com>
 Date: Fri, 17 May 2019 13:47:20 +0200
-Subject: [PATCH 3/8] * src/augrun.c (nexttoken): add more escape characters
+Subject: [PATCH 3/9] * src/augrun.c (nexttoken): add more escape characters

 Synchonize the list of "pass-through" characters with the set in the
 'name_follow' variable in pathx.c: as pathx_escape_name() escapes them,
--- a/SOURCES/0004-src-augtool.c-hopefully-fix-readline-quoting-issues.patch
+++ b/SOURCES/0004-src-augtool.c-hopefully-fix-readline-quoting-issues.patch
@ -1,7 +1,7 @@
 From fc2b84a2ecd9a403cb602d2de26d6c1804a3ceac Mon Sep 17 00:00:00 2001
 From: Pino Toscano <ptoscano@redhat.com>
 Date: Fri, 17 May 2019 15:18:50 +0200
-Subject: [PATCH 4/8] * src/augtool.c: hopefully fix readline quoting issues
+Subject: [PATCH 4/9] * src/augtool.c: hopefully fix readline quoting issues

 Configure the quoting (also using a detector) and word break characters,
 so it is possible to autocomplete paths with special characters (like
--- a/SOURCES/0005-Krb5-improve-dbmodules-and-includes-630.patch
+++ b/SOURCES/0005-Krb5-improve-dbmodules-and-includes-630.patch
@ -1,7 +1,7 @@
 From 1b4d6a9918b8bcbc06af4ce99a48cd66fed97196 Mon Sep 17 00:00:00 2001
 From: Pino Toscano <ptoscano@redhat.com>
 Date: Tue, 4 Feb 2020 17:54:22 +0100
-Subject: [PATCH 5/8] Krb5: improve [dbmodules] and includes (#630)
+Subject: [PATCH 5/9] Krb5: improve [dbmodules] and includes (#630)

 * Krb5: fix/revamp parsing of [dbmodules] subsection

--- a/SOURCES/0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch
+++ b/SOURCES/0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch
@ -1,7 +1,7 @@
 From eb7c72cfffa5360a65be270c5554abf36739e382 Mon Sep 17 00:00:00 2001
 From: Pino Toscano <ptoscano@redhat.com>
 Date: Tue, 4 Feb 2020 18:05:05 +0100
-Subject: [PATCH 6/8] Systemd: fix parsing of envvars with spaces (#659)
+Subject: [PATCH 6/9] Systemd: fix parsing of envvars with spaces (#659)

 Allow spaces inside of values quoted with single or double quotes.

--- a/SOURCES/0007-Ssh-add-Match-keyword-support-695.patch
+++ b/SOURCES/0007-Ssh-add-Match-keyword-support-695.patch
@ -1,7 +1,7 @@
 From efd61b77563489ca0fa21904cc1fecfc482afd06 Mon Sep 17 00:00:00 2001
 From: granquet <ranquet.guillaume@gmail.com>
 Date: Tue, 6 Oct 2020 23:03:18 +0200
-Subject: [PATCH 7/8] Ssh: add Match keyword support (#695)
+Subject: [PATCH 7/9] Ssh: add Match keyword support (#695)

 Signed-off-by: Guillaume Ranquet <guillaume-externe.ranquet@edf.fr>
 ---
--- a/SOURCES/0008-Include-mke2fs-lens-and-test-from-upstream.patch
+++ b/SOURCES/0008-Include-mke2fs-lens-and-test-from-upstream.patch
@ -1,7 +1,7 @@
 From 59fb794a4c47b811998273323cd49cc91f9db7e2 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Wed, 12 Jan 2022 16:11:22 +0000
-Subject: [PATCH 8/8] Include mke2fs lens and test from upstream
+Subject: [PATCH 8/9] Include mke2fs lens and test from upstream

 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1807010
 ---
--- a/SOURCES/0009-semanage-Fix-parsing-of-ignoredirs-758.patch
+++ b/SOURCES/0009-semanage-Fix-parsing-of-ignoredirs-758.patch
@ -0,0 +1,148 @@
+From f1480aa0c228107a22664e6302c6f2b388536ece Mon Sep 17 00:00:00 2001
+From: rwmjones <rjones@redhat.com>
+Date: Thu, 6 Oct 2022 12:15:56 +0100
+Subject: [PATCH 9/9] semanage: Fix parsing of ignoredirs (#758)
+
+From /etc/selinux/semanage.conf from a RHEL 9.1 system, this line
+caused problems:
+
+  ignoredirs=/root;/bin;/boot;/dev;/etc [...]
+
+Parse this as a list of modified Rx.fspath, generating a tree like:
+
+  /files/etc/selinux/semanage.conf/ignoredirs/1 = /root
+  /files/etc/selinux/semanage.conf/ignoredirs/2 = /bin
+  /files/etc/selinux/semanage.conf/ignoredirs/3 = /dev
+  /files/etc/selinux/semanage.conf/ignoredirs/4 = /etc
+  [...]
+
+Also this adds the RHEL 9 file as another test case and adjusts the
+output of the existing test case.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2077120
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+(cherry picked from commit a3ba6e2d32b95507e2474a219e788ac3d54bc4a1)
+---
+ lenses/semanage.aug                  |  7 +++-
+ lenses/tests/test_semanage.aug       |  4 +-
+ tests/root/etc/selinux/semanage.conf | 60 ++++++++++++++++++++++++++++
+ tests/xpath.tests                    |  1 +
+ 4 files changed, 70 insertions(+), 2 deletions(-)
+ create mode 100644 tests/root/etc/selinux/semanage.conf
+
+diff --git a/lenses/semanage.aug b/lenses/semanage.aug
+index 46f93b32..edd97131 100644
+--- a/lenses/semanage.aug
+++ b/lenses/semanage.aug
+@@ -23,7 +23,12 @@ let sep = IniFile.sep "=" "="
+ let empty = IniFile.empty
+ let eol = IniFile.eol
+ 
+-let entry = IniFile.entry IniFile.entry_re sep comment
+let list_keys = "ignoredirs"
+let scl = del ";" ";"
+let fspath = /[^ \t\n;#]+/ (* Rx.fspath without ; or # *)
+
+let entry = IniFile.entry_list list_keys sep fspath scl comment
+          | IniFile.entry (IniFile.entry_re - list_keys) sep comment
+           | empty
+ 
+ let title = IniFile.title_label "@group" (IniFile.record_re - /^end$/)
+diff --git a/lenses/tests/test_semanage.aug b/lenses/tests/test_semanage.aug
+index a6ceaca0..f76b95f3 100644
+--- a/lenses/tests/test_semanage.aug
+++ b/lenses/tests/test_semanage.aug
+@@ -68,7 +68,9 @@ test Semanage.lns get conf =
+    { "usepasswd" = "False" }
+    { "bzip-small" = "true" }
+    { "bzip-blocksize" = "5" }
+-   { "ignoredirs" = "/root" }
+   { "ignoredirs"
+     { "1" = "/root" }
+   }
+    { }
+    { "@group" = "sefcontext_compile"
+      { "path" = "/usr/sbin/sefcontext_compile" }
+diff --git a/tests/root/etc/selinux/semanage.conf b/tests/root/etc/selinux/semanage.conf
+new file mode 100644
+index 00000000..406f16f1
+--- /dev/null
+++ b/tests/root/etc/selinux/semanage.conf
+@@ -0,0 +1,60 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+#  "source"     - libsemanage manipulates a source SELinux policy
+#  "direct"     - libsemanage will write directly to a module store.
+#  /foo/bar     - Write by way of a policy management server, whose
+#                 named socket is at /foo/bar.  The path must begin
+#                 with a '/'.
+#  foo.com:4242 - Establish a TCP connection to a remote policy
+#                 management server at foo.com.  If there is a colon
+#                 then the remainder is interpreted as a port number;
+#                 otherwise default to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanage will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>.  Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# expand-check check neverallow rules when executing all semanage
+# commands. There might be a penalty in execution time if this
+# option is enabled.
+expand-check=0
+
+# usepasswd check tells semanage to scan all pass word records for home directories
+# and setup the labeling correctly. If this is turned off, SELinux will label only /home
+# and home directories of users with SELinux login mappings defined, see
+# semanage login -l for the list of such users.
+# If you want to use a different home directory, you will need to use semanage fcontext command.
+# For example, if you had home dirs in /althome directory you would have to execute
+# semanage fcontext -a -e /home /althome
+usepasswd=False
+bzip-small=true
+bzip-blocksize=5
+ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
+optimize-policy=true
+
+[sefcontext_compile]
+path = /usr/sbin/sefcontext_compile
+args = -r $@
+[end]
+diff --git a/tests/xpath.tests b/tests/xpath.tests
+index a7db8d83..feab7584 100644
+--- a/tests/xpath.tests
+++ b/tests/xpath.tests
+@@ -109,6 +109,7 @@ test descendant-or-self /files/descendant-or-self :: 4
+      /files/etc/ssh/ssh_config/Host/SendEnv[1]/4 = LC_TIME
+      /files/etc/ssh/ssh_config/Host/SendEnv[2]/4 = LC_TELEPHONE
+      /files/etc/aliases/4
+     /files/etc/selinux/semanage.conf/ignoredirs/4 = /dev
+      /files/etc/fstab/4
+      /files/etc/pam.d/login/4
+      /files/etc/pam.d/newrole/4
+-- 
+2.31.1
+
--- a/SPECS/augeas.spec
+++ b/SPECS/augeas.spec
@ -1,6 +1,6 @@
 Name:           augeas
 Version:        1.12.0
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        A library for changing configuration files

 Group:          System Environment/Libraries
@ -9,7 +9,7 @@ URL:            http://augeas.net/
 Source0:        http://download.augeas.net/%{name}-%{version}.tar.gz

 # Patches are stored here:
-# https://github.com/rwmjones/augeas/tree/rhel-8.6
+# https://github.com/rwmjones/augeas/tree/rhel-8.8

 Patch1:         0001-Grub-support-in-kernel-command-line-option-names-647.patch
 Patch2:         0002-Rsyslog-support-multiple-actions-in-filters-and-sele.patch
@ -19,6 +19,7 @@ Patch5:         0005-Krb5-improve-dbmodules-and-includes-630.patch
 Patch6:         0006-Systemd-fix-parsing-of-envvars-with-spaces-659.patch
 Patch7:         0007-Ssh-add-Match-keyword-support-695.patch
 Patch8:         0008-Include-mke2fs-lens-and-test-from-upstream.patch
+Patch9:         0009-semanage-Fix-parsing-of-ignoredirs-758.patch

 BuildRequires:  readline-devel libselinux-devel libxml2-devel
 BuildRequires:  autoconf, automake
@ -125,6 +126,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/augeas.pc

 %changelog
+* Wed Oct 12 2022 Richard W.M. Jones <rjones@redhat.com> - 1.12.0-8
+- Fix parsing of semanage.conf ignoredirs
+  resolves: rhbz#1931058
+
 * Wed Jan 12 2022 Richard W.M. Jones <rjones@redhat.com> - 1.12.0-7
 - Fix parsing of mke2fs.conf files
  resolves: rhbz#1807010