From 419c239eb422011db7d57ed9f199bcfba0a3f1dc Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Thu, 15 Jun 2023 17:29:15 +0200 Subject: [PATCH] Rebase to fapolicyd v1.3.1 and selinux v0.6 Signed-off-by: Radovan Sroka --- .gitignore | 2 ++ fapolicyd.spec | 16 ++++++++++------ selinux.patch | 13 +++++++++++++ sources | 4 ++-- 4 files changed, 27 insertions(+), 8 deletions(-) create mode 100644 selinux.patch diff --git a/.gitignore b/.gitignore index f1d57ff..88b9195 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,5 @@ /fapolicyd-1.1.7.tar.gz /fapolicyd-selinux-0.5.tar.gz /fapolicyd-1.2.tar.gz +/fapolicyd-1.3.1.tar.gz +/fapolicyd-selinux-0.6.tar.gz diff --git a/fapolicyd.spec b/fapolicyd.spec index 84a9a8f..a866ea9 100644 --- a/fapolicyd.spec +++ b/fapolicyd.spec @@ -1,11 +1,11 @@ %global selinuxtype targeted %global moduletype contrib -%define semodule_version 0.5 +%define semodule_version 0.6 Summary: Application Whitelisting Daemon Name: fapolicyd -Version: 1.2 -Release: 6%{?dist} +Version: 1.3.1 +Release: 1%{?dist} License: GPL-3.0-or-later URL: http://people.redhat.com/sgrubb/fapolicyd Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz @@ -30,6 +30,8 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units +Patch1: selinux.patch + # RHEL-specific patches Patch100: fapolicyd-uthash-bundle.patch @@ -59,10 +61,12 @@ The %{name}-selinux package contains selinux policy for the %{name} daemon. # selinux %setup -q -D -T -a 1 +%patch 1 -p1 -b .selinux + %if 0%{?rhel} != 0 # uthash %setup -q -D -T -a 2 -%patch100 -p1 -b .uthash +%patch 100 -p1 -b .uthash %endif # generate rules for python @@ -79,7 +83,7 @@ interpret=`readelf -e /usr/bin/bash \ sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules %build -#cp INSTALL INSTALL.tmp +cp INSTALL INSTALL.tmp ./autogen.sh %configure \ --with-audit \ @@ -170,7 +174,7 @@ fi %ghost %{_sysconfdir}/%{name}/rules.d/* %ghost %{_sysconfdir}/%{name}/%{name}.rules %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf -%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/rpm-filter.conf +%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}-filter.conf %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.trust %ghost %attr(644,root,%{name}) %{_sysconfdir}/%{name}/compiled.rules %attr(644,root,root) %{_unitdir}/%{name}.service diff --git a/selinux.patch b/selinux.patch new file mode 100644 index 0000000..2ea84c6 --- /dev/null +++ b/selinux.patch @@ -0,0 +1,13 @@ +diff -up ./fapolicyd-selinux-0.6/fapolicyd.te.fix ./fapolicyd-selinux-0.6/fapolicyd.te +--- ./fapolicyd-selinux-0.6/fapolicyd.te.fix 2023-06-15 17:11:47.964646794 +0200 ++++ ./fapolicyd-selinux-0.6/fapolicyd.te 2023-06-15 17:13:10.426477653 +0200 +@@ -50,6 +50,9 @@ ifdef(`watch_mount_dirs_pattern',` + + ifdef(`fs_watch_all_fs',` + fs_watch_all_fs(fapolicyd_t) ++') ++ ++ifdef(`files_watch_sb_all_mountpoints',` + files_watch_sb_all_mountpoints(fapolicyd_t) + ') + diff --git a/sources b/sources index 899e070..f54e229 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (fapolicyd-1.2.tar.gz) = 42c2a66f9b28f96597544bff72022d8735ba8700f022bb7a4d2ab74df43924e372c6e25af0af9d737710b0b835163775002f330bd5adf2964831902b755bebc7 -SHA512 (fapolicyd-selinux-0.5.tar.gz) = 15f35fcbc8f9a387483be1501693ebfa0e909b6e27fdadd4b89d8541db18738c61074d9fbd3cb8b574edc873bca10fd56767b7b77ad559d93dbb5ef005708273 +SHA512 (fapolicyd-1.3.1.tar.gz) = 319b793db0f59ef49d67c0734aa379501f2ceec206eeedbd5f193c6148bb4f2327a00546c6eeccc38500ef3be60354fee2ca643e7a2c2e668dea5a93034ce69c +SHA512 (fapolicyd-selinux-0.6.tar.gz) = db3fb9fce2146cd9137585eae271e727aee4d774e385bbffa10ae70c6e40cf58f2e7aecd8ff8bc3ae446d75089f3ab1bd615237866d600df4acef6747a0c77c7 SHA512 (uthash-2.3.0.tar.gz) = 3b01f1074790fb242900411cb16eb82c1a9afcf58e3196a0f4611d9d7ef94690ad38c0a500e7783d3efa20328aa8d6ab14f246be63b3b3d385502ba2b6b2a294