rpms/checkpolicy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

SELinux userspace 2.8-rc1 release candidate

Browse Source
This commit is contained in:
Petr Lautrbach 2018-04-23 16:05:04 +02:00
parent bb731d2aae
commit ccff9f365f
4 changed files with 16 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -96,3 +96,4 @@ checkpolicy-2.0.22.tgz
/checkpolicy-2.5.tar.gz /checkpolicy-2.5.tar.gz
/checkpolicy-2.6.tar.gz /checkpolicy-2.6.tar.gz
/checkpolicy-2.7.tar.gz /checkpolicy-2.7.tar.gz
/checkpolicy-2.8-rc1.tar.gz

228
checkpolicy-fedora.patch
View File

@ -1,228 +0,0 @@
diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile
index 68e11f2..4c817cd 100644
--- checkpolicy-2.7/Makefile
+++ checkpolicy-2.7/Makefile
@@ -1,12 +1,9 @@
#
# Makefile for building the checkpolicy program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
TARGETS = checkpolicy checkmodule
LEX = flex
@@ -14,7 +11,12 @@ YACC = bison -y
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
-override CFLAGS += -I.
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
policy_define.o
@@ -27,8 +29,10 @@ all: $(TARGETS)
$(MAKE) -C test
checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c
$(LEX) policy_scan.l
install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
clean:
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8
index ee95882..cf76591 100644
--- checkpolicy-2.7/checkmodule.8
+++ checkpolicy-2.7/checkmodule.8
@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
This manual page was copied from the checkpolicy man page
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
and edited by Dan Walsh <dwalsh@redhat.com>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8
index 7b28696..1c8805d 100644
--- checkpolicy-2.7/checkpolicy.8
+++ checkpolicy-2.7/checkpolicy.8
@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
.SH AUTHOR
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
-and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+and edited by Stephen Smalley <sds@tycho.nsa.gov>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
index b75f2af..fbda455 100644
--- checkpolicy-2.7/checkpolicy.c
+++ checkpolicy-2.7/checkpolicy.c
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -69,6 +69,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <fcntl.h>
#include <stdio.h>
@@ -944,6 +947,8 @@ int main(int argc, char **argv)
protocol = IPPROTO_UDP;
else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
protocol = IPPROTO_DCCP;
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
+ protocol = IPPROTO_SCTP;
else {
printf("unknown protocol\n");
break;
diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
index f12ebdb..11fd37d 100644
--- checkpolicy-2.7/policy_define.c
+++ checkpolicy-2.7/policy_define.c
@@ -1,5 +1,5 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -40,6 +40,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <stdlib.h>
#include <limits.h>
@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
index 6b406c8..247bd4e 100644
--- checkpolicy-2.7/policy_parse.y
+++ checkpolicy-2.7/policy_parse.y
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l
index e6c4898..e93ccb6 100644
--- checkpolicy-2.7/policy_scan.l
+++ checkpolicy-2.7/policy_scan.l
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/* Updated: David Caplan, <dac@tresys.com>
diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c
index acc991c..82e6673 100644
--- checkpolicy-2.7/queue.c
+++ checkpolicy-2.7/queue.c
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h
index 655c94b..60c07fe 100644
--- checkpolicy-2.7/queue.h
+++ checkpolicy-2.7/queue.h
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile
index 59fa446..89e7557 100644
--- checkpolicy-2.7/test/Makefile
+++ checkpolicy-2.7/test/Makefile
@@ -1,19 +1,22 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
-BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
-
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
all: dispol dismod
dispol: dispol.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
dismod: dismod.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
clean:
-rm -f dispol dismod *.o

23
checkpolicy.spec
View File

@ -1,17 +1,19 @@
%define libselinuxver 2.7-13 %define libselinuxver 2.8-0
%define libsepolver 2.7-6 %define libsepolver 2.8-0
%global rcversion rc1
Summary: SELinux policy compiler Summary: SELinux policy compiler
Name: checkpolicy Name: checkpolicy
Version: 2.7 Version: 2.8
Release: 7%{?dist} Release: 0%{?rcversion:.%rcversion}.1%{?dist}
License: GPLv2 License: GPLv2
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/checkpolicy-2.7.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180419/checkpolicy-2.8-rc1.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh checkpolicy # $ VERSION=2.8-rc1 ./make-fedora-selinux-patch.sh checkpolicy
# HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707 # HEAD https://github.com/fedora-selinux/selinux/commit/5127dfaae645986169b50a7295d4961a4959006a
Patch1: checkpolicy-fedora.patch # Patch1: checkpolicy-fedora.patch
Conflicts: selinux-policy-base < 3.13.1-138 Conflicts: selinux-policy-base < 3.13.1-138
BuildRequires: gcc BuildRequires: gcc
BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver} BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver}
@ -31,7 +33,7 @@ This package contains checkpolicy, the SELinux policy compiler.
Only required for building policies. Only required for building policies.
%prep %prep
%autosetup -p 1 -n checkpolicy-%{version} %autosetup -p 1 -n checkpolicy-%{version}%{?rcversion:-%rcversion}
%build %build
make clean make clean
@ -56,6 +58,9 @@ install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
%{_bindir}/sedispol %{_bindir}/sedispol
%changelog %changelog
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
- SELinux userspace 2.8-rc1 release candidate
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-7 * Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-7
- Add support for the SCTP portcon keyword - Add support for the SCTP portcon keyword

2
sources
View File

@ -1 +1 @@
SHA512 (checkpolicy-2.7.tar.gz) = fba8a4132f90c98f8222de563dc15aac1b739d3a6207779b6a4715d2813e7553081351c54f42371a1b704a1f5038d40821b61213c4ad53eb705823975858cf7f SHA512 (checkpolicy-2.8-rc1.tar.gz) = a13d8abba9a10257d7b9b917754fecf21518d2cdf094508dca1028d24f19763f6ba71cf7dd8a654633152316a6ec618a488598d8ba6cda2960039f101745b57c