From 990dfbb9d58f4704194b33bafc6f1c708fa7354a Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 14 Nov 2023 18:56:41 +0000 Subject: [PATCH] import UBI iproute-6.2.0-5.el8_9 --- .gitignore | 2 +- .iproute.metadata | 2 +- SOURCES/0001-Update-kernel-headers.patch | 12 +- .../0002-macvlan-Add-bclim-parameter.patch | 34 ++-- SOURCES/0003-tc-add-missing-separator.patch | 43 +++++ ...ux_enabled-stub-work-like-in-SELinux.patch | 55 ++++++ ...stub-functions-conformant-to-API-def.patch | 52 ++++++ ...d-SELinux-include-and-stub-functions.patch | 156 ++++++++++++++++++ ...ip-vrf-make-ipvrf_exec-SELinux-aware.patch | 81 +++++++++ SPECS/iproute.spec | 67 +++++--- 10 files changed, 455 insertions(+), 49 deletions(-) create mode 100644 SOURCES/0003-tc-add-missing-separator.patch create mode 100644 SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch create mode 100644 SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch create mode 100644 SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch create mode 100644 SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch diff --git a/.gitignore b/.gitignore index b0528ef..73b1a63 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/iproute2-5.18.0.tar.xz +SOURCES/iproute2-6.2.0.tar.xz diff --git a/.iproute.metadata b/.iproute.metadata index aa9e569..9560dac 100644 --- a/.iproute.metadata +++ b/.iproute.metadata @@ -1 +1 @@ -575ff5bba13c6cb4d9a8e5ecad1d691faecfdee6 SOURCES/iproute2-5.18.0.tar.xz +f4e339800fe15b88cfa516cabcc9e883dda245d7 SOURCES/iproute2-6.2.0.tar.xz diff --git a/SOURCES/0001-Update-kernel-headers.patch b/SOURCES/0001-Update-kernel-headers.patch index 3eec3d3..15ad90f 100644 --- a/SOURCES/0001-Update-kernel-headers.patch +++ b/SOURCES/0001-Update-kernel-headers.patch @@ -1,10 +1,10 @@ -From 527ed2d16bbd40b0e519587aeab96af7ed4f61ff Mon Sep 17 00:00:00 2001 -Message-Id: <527ed2d16bbd40b0e519587aeab96af7ed4f61ff.1686053139.git.aclaudi@redhat.com> +From 6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b Mon Sep 17 00:00:00 2001 +Message-Id: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com> From: Andrea Claudi -Date: Tue, 6 Jun 2023 13:18:36 +0200 +Date: Wed, 3 May 2023 11:19:24 +0200 Subject: [PATCH] Update kernel headers -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2209687 +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134 Upstream Status: iproute2-next.git commit 88786cd1 commit 88786cd1a96a89427bc22061c7736eb2eac31121 @@ -22,10 +22,10 @@ Date: Thu Mar 30 09:43:49 2023 -0600 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h -index 22e21e57..e3544afe 100644 +index 147ad0a3..644d3554 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h -@@ -617,6 +617,7 @@ enum { +@@ -628,6 +628,7 @@ enum { IFLA_MACVLAN_MACADDR_COUNT, IFLA_MACVLAN_BC_QUEUE_LEN, IFLA_MACVLAN_BC_QUEUE_LEN_USED, diff --git a/SOURCES/0002-macvlan-Add-bclim-parameter.patch b/SOURCES/0002-macvlan-Add-bclim-parameter.patch index da9ae01..bc713ae 100644 --- a/SOURCES/0002-macvlan-Add-bclim-parameter.patch +++ b/SOURCES/0002-macvlan-Add-bclim-parameter.patch @@ -1,12 +1,12 @@ -From 61beaa5d73b14afd5df6e8d35cbeb07c54362ed9 Mon Sep 17 00:00:00 2001 -Message-Id: <61beaa5d73b14afd5df6e8d35cbeb07c54362ed9.1686053139.git.aclaudi@redhat.com> -In-Reply-To: <527ed2d16bbd40b0e519587aeab96af7ed4f61ff.1686053139.git.aclaudi@redhat.com> -References: <527ed2d16bbd40b0e519587aeab96af7ed4f61ff.1686053139.git.aclaudi@redhat.com> +From 1638c2909a2911f981ee437dafde70e5e8d721f8 Mon Sep 17 00:00:00 2001 +Message-Id: <1638c2909a2911f981ee437dafde70e5e8d721f8.1683117490.git.aclaudi@redhat.com> +In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com> +References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1683117490.git.aclaudi@redhat.com> From: Andrea Claudi -Date: Tue, 6 Jun 2023 13:18:36 +0200 +Date: Wed, 3 May 2023 11:19:24 +0200 Subject: [PATCH] macvlan: Add bclim parameter -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2209687 +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2188134 Upstream Status: iproute2-next.git commit e8a3fb47 commit e8a3fb470b4e96aa35a2731c7cc175b946c0a62d @@ -32,10 +32,10 @@ Date: Thu Mar 30 11:07:25 2023 +0800 2 files changed, 42 insertions(+), 2 deletions(-) diff --git a/ip/iplink_macvlan.c b/ip/iplink_macvlan.c -index 05e6bc77..6f84724d 100644 +index 0f13637d..6bdc76d1 100644 --- a/ip/iplink_macvlan.c +++ b/ip/iplink_macvlan.c -@@ -30,13 +30,14 @@ +@@ -26,13 +26,14 @@ static void print_explain(struct link_util *lu, FILE *f) { fprintf(f, @@ -52,7 +52,7 @@ index 05e6bc77..6f84724d 100644 lu->id ); } -@@ -71,6 +72,12 @@ static int bc_queue_len_arg(const char *arg) +@@ -67,6 +68,12 @@ static int bc_queue_len_arg(const char *arg) return -1; } @@ -65,7 +65,7 @@ index 05e6bc77..6f84724d 100644 static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, struct nlmsghdr *n) { -@@ -172,6 +179,15 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, +@@ -168,6 +175,15 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, return bc_queue_len_arg(*argv); } addattr32(n, 1024, IFLA_MACVLAN_BC_QUEUE_LEN, bc_queue_len); @@ -81,7 +81,7 @@ index 05e6bc77..6f84724d 100644 } else if (matches(*argv, "help") == 0) { explain(lu); return -1; -@@ -249,6 +265,12 @@ static void macvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[] +@@ -245,6 +261,12 @@ static void macvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[] print_luint(PRINT_ANY, "usedbcqueuelen", "usedbcqueuelen %lu ", bc_queue_len); } @@ -95,10 +95,10 @@ index 05e6bc77..6f84724d 100644 if (mode != MACVLAN_MODE_SOURCE) diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index ee189abc..6c278c50 100644 +index eeddf493..62aebabd 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in -@@ -1428,6 +1428,7 @@ the following additional arguments are supported: +@@ -1455,6 +1455,7 @@ the following additional arguments are supported: .BR mode " { " private " | " vepa " | " bridge " | " passthru .RB " [ " nopromisc " ] | " source " [ " nodst " ] } " .RB " [ " bcqueuelen " { " LENGTH " } ] " @@ -106,7 +106,7 @@ index ee189abc..6c278c50 100644 .in +8 .sp -@@ -1486,6 +1487,13 @@ will be the maximum length that any macvlan interface has requested. +@@ -1513,6 +1514,13 @@ will be the maximum length that any macvlan interface has requested. When listing device parameters both the bcqueuelen parameter as well as the actual used bcqueuelen are listed to better help the user understand the setting. @@ -120,7 +120,7 @@ index ee189abc..6c278c50 100644 .in -8 .TP -@@ -2591,6 +2599,9 @@ Update the broadcast/multicast queue length. +@@ -2675,6 +2683,9 @@ Update the broadcast/multicast queue length. [ .BI bcqueuelen " LENGTH " ] @@ -130,7 +130,7 @@ index ee189abc..6c278c50 100644 .in +8 .BI bcqueuelen " LENGTH " -@@ -2604,6 +2615,13 @@ will be the maximum length that any macvlan interface has requested. +@@ -2688,6 +2699,13 @@ will be the maximum length that any macvlan interface has requested. When listing device parameters both the bcqueuelen parameter as well as the actual used bcqueuelen are listed to better help the user understand the setting. @@ -143,7 +143,7 @@ index ee189abc..6c278c50 100644 +using it is greater than the given value. .in -8 - .SS ip link show - display device attributes + .TP -- 2.40.1 diff --git a/SOURCES/0003-tc-add-missing-separator.patch b/SOURCES/0003-tc-add-missing-separator.patch new file mode 100644 index 0000000..41e9c7a --- /dev/null +++ b/SOURCES/0003-tc-add-missing-separator.patch @@ -0,0 +1,43 @@ +From 4c2e1768c0d446345796dc058d1e114147a1029a Mon Sep 17 00:00:00 2001 +Message-Id: <4c2e1768c0d446345796dc058d1e114147a1029a.1686090191.git.aclaudi@redhat.com> +In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com> +References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1686090191.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Wed, 7 Jun 2023 00:15:59 +0200 +Subject: [PATCH] tc: add missing separator + +Jira: https://issues.redhat.com/browse/RHEL-487 +Upstream Status: iproute2-next.git commit 4e0e56e0 + +commit 4e0e56e0ef05387f7f5d8ab41fe6ec6a1897b26d +Author: Christian Hesse +Date: Thu Feb 23 11:15:03 2023 +0100 + + tc: add missing separator + + This is missing a separator, that was accidently removed + when JSON was added. + + Fixes: 010a8388aea1 ("tc: Add JSON output to tc-class") + Signed-off-by: Christian Hesse + Signed-off-by: Stephen Hemminger +--- + tc/tc_class.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/tc_class.c b/tc/tc_class.c +index c1feb009..096fa2ec 100644 +--- a/tc/tc_class.c ++++ b/tc/tc_class.c +@@ -356,7 +356,7 @@ int print_class(struct nlmsghdr *n, void *arg) + print_string(PRINT_ANY, "parent", "parent %s ", abuf); + } + if (t->tcm_info) +- print_0xhex(PRINT_ANY, "leaf", "leaf %x", t->tcm_info>>16); ++ print_0xhex(PRINT_ANY, "leaf", "leaf %x: ", t->tcm_info>>16); + + q = get_qdisc_kind(RTA_DATA(tb[TCA_KIND])); + if (tb[TCA_OPTIONS]) { +-- +2.40.1 + diff --git a/SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch b/SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch new file mode 100644 index 0000000..7696fd2 --- /dev/null +++ b/SOURCES/0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch @@ -0,0 +1,55 @@ +From dcff6d4c73cd9c33b4103a4505ecebe6852f63df Mon Sep 17 00:00:00 2001 +Message-ID: +In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Tue, 5 Sep 2023 12:44:19 +0200 +Subject: [PATCH] ss: make is_selinux_enabled stub work like in SELinux + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023 +Upstream Status: iproute2-next.git commit c8970828 + +commit c8970828b6509af3ab0f2982da335fb6a6c846af +Author: Andrea Claudi +Date: Wed Aug 23 19:29:59 2023 +0200 + + ss: make is_selinux_enabled stub work like in SELinux + + From the is_selinux_enabled() manpage: + + is_selinux_enabled() returns 1 if SELinux is running or 0 if it is not. + + This makes the is_selinux_enabled() stub functions works exactly like + the SELinux function it is supposed to replace. + + Signed-off-by: Andrea Claudi + Signed-off-by: David Ahern +--- + misc/ss.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/misc/ss.c b/misc/ss.c +index de02fccb..d2dffbf8 100644 +--- a/misc/ss.c ++++ b/misc/ss.c +@@ -77,7 +77,7 @@ + /* Stubs for SELinux functions */ + static int is_selinux_enabled(void) + { +- return -1; ++ return 0; + } + + static int getpidcon(pid_t pid, char **context) +@@ -5684,7 +5684,7 @@ int main(int argc, char *argv[]) + show_sock_ctx++; + /* fall through */ + case 'Z': +- if (is_selinux_enabled() <= 0) { ++ if (!is_selinux_enabled()) { + fprintf(stderr, "ss: SELinux is not enabled.\n"); + exit(1); + } +-- +2.41.0 + diff --git a/SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch b/SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch new file mode 100644 index 0000000..4896199 --- /dev/null +++ b/SOURCES/0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch @@ -0,0 +1,52 @@ +From d59fc35f66f5d0d6e7b3209c21f2c891a2ba0768 Mon Sep 17 00:00:00 2001 +Message-ID: +In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Tue, 5 Sep 2023 12:44:19 +0200 +Subject: [PATCH] ss: make SELinux stub functions conformant to API definitions + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023 +Upstream Status: iproute2-next.git commit 61c6882c + +commit 61c6882ce21c1247c06cd61783120be0a2e2019c +Author: Andrea Claudi +Date: Wed Aug 23 19:30:00 2023 +0200 + + ss: make SELinux stub functions conformant to API definitions + + getfilecon() and security_get_initial_context() use the const qualifier + for their first paramater in SELinux APIs. + + This commit adds the const qualifier to these functions, making them + conformant to API definitions. + + Signed-off-by: Andrea Claudi + Signed-off-by: David Ahern +--- + misc/ss.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/misc/ss.c b/misc/ss.c +index d2dffbf8..fe19f489 100644 +--- a/misc/ss.c ++++ b/misc/ss.c +@@ -86,13 +86,13 @@ static int getpidcon(pid_t pid, char **context) + return -1; + } + +-static int getfilecon(char *path, char **context) ++static int getfilecon(const char *path, char **context) + { + *context = NULL; + return -1; + } + +-static int security_get_initial_context(char *name, char **context) ++static int security_get_initial_context(const char *name, char **context) + { + *context = NULL; + return -1; +-- +2.41.0 + diff --git a/SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch b/SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch new file mode 100644 index 0000000..169093b --- /dev/null +++ b/SOURCES/0006-lib-add-SELinux-include-and-stub-functions.patch @@ -0,0 +1,156 @@ +From 0e71f7774a764c0a19037b79b71d7146769082ac Mon Sep 17 00:00:00 2001 +Message-ID: <0e71f7774a764c0a19037b79b71d7146769082ac.1695227714.git.aclaudi@redhat.com> +In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Tue, 5 Sep 2023 12:44:19 +0200 +Subject: [PATCH] lib: add SELinux include and stub functions + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023 +Upstream Status: iproute2-next.git commit e246ebc3 + +commit e246ebc3b7f1f438310ad6fd1d5976ba6ccf7a69 +Author: Andrea Claudi +Date: Wed Aug 23 19:30:01 2023 +0200 + + lib: add SELinux include and stub functions + + ss provides some selinux stub functions, useful when iproute2 is + compiled without selinux support. + + Move them to lib/ so we can use them in other iproute2 tools. + + Signed-off-by: Andrea Claudi + Signed-off-by: David Ahern +--- + include/selinux.h | 9 +++++++++ + lib/Makefile | 4 ++++ + lib/selinux.c | 32 ++++++++++++++++++++++++++++++++ + misc/ss.c | 34 +--------------------------------- + 4 files changed, 46 insertions(+), 33 deletions(-) + create mode 100644 include/selinux.h + create mode 100644 lib/selinux.c + +diff --git a/include/selinux.h b/include/selinux.h +new file mode 100644 +index 00000000..499aa966 +--- /dev/null ++++ b/include/selinux.h +@@ -0,0 +1,9 @@ ++#if HAVE_SELINUX ++#include ++#else ++int is_selinux_enabled(void); ++void freecon(char *context); ++int getpidcon(pid_t pid, char **context); ++int getfilecon(const char *path, char **context); ++int security_get_initial_context(const char *name, char **context); ++#endif +diff --git a/lib/Makefile b/lib/Makefile +index ddedd37f..aa7bbd2e 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -13,6 +13,10 @@ UTILOBJ += bpf_libbpf.o + endif + endif + ++ifneq ($(HAVE_SELINUX),y) ++UTILOBJ += selinux.o ++endif ++ + NLOBJ=libgenl.o libnetlink.o + ifeq ($(HAVE_MNL),y) + NLOBJ += mnl_utils.o +diff --git a/lib/selinux.c b/lib/selinux.c +new file mode 100644 +index 00000000..4e6805fc +--- /dev/null ++++ b/lib/selinux.c +@@ -0,0 +1,32 @@ ++#include ++#include ++#include "selinux.h" ++ ++/* Stubs for SELinux functions */ ++int is_selinux_enabled(void) ++{ ++ return 0; ++} ++ ++void freecon(char *context) ++{ ++ free(context); ++} ++ ++int getpidcon(pid_t pid, char **context) ++{ ++ *context = NULL; ++ return -1; ++} ++ ++int getfilecon(const char *path, char **context) ++{ ++ *context = NULL; ++ return -1; ++} ++ ++int security_get_initial_context(const char *name, char **context) ++{ ++ *context = NULL; ++ return -1; ++} +diff --git a/misc/ss.c b/misc/ss.c +index fe19f489..6e18bf0c 100644 +--- a/misc/ss.c ++++ b/misc/ss.c +@@ -33,6 +33,7 @@ + #include "version.h" + #include "rt_names.h" + #include "cg_map.h" ++#include "selinux.h" + + #include + #include +@@ -71,39 +72,6 @@ + #define BUF_CHUNKS_MAX 5 /* Maximum number of allocated buffer chunks */ + #define LEN_ALIGN(x) (((x) + 1) & ~1) + +-#if HAVE_SELINUX +-#include +-#else +-/* Stubs for SELinux functions */ +-static int is_selinux_enabled(void) +-{ +- return 0; +-} +- +-static int getpidcon(pid_t pid, char **context) +-{ +- *context = NULL; +- return -1; +-} +- +-static int getfilecon(const char *path, char **context) +-{ +- *context = NULL; +- return -1; +-} +- +-static int security_get_initial_context(const char *name, char **context) +-{ +- *context = NULL; +- return -1; +-} +- +-static void freecon(char *context) +-{ +- free(context); +-} +-#endif +- + int preferred_family = AF_UNSPEC; + static int show_options; + int show_details; +-- +2.41.0 + diff --git a/SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch b/SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch new file mode 100644 index 0000000..d87cf48 --- /dev/null +++ b/SOURCES/0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch @@ -0,0 +1,81 @@ +From 6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2 Mon Sep 17 00:00:00 2001 +Message-ID: <6bfcc5679d601c393e7d6ca6c78c2d7680c3e4f2.1695227714.git.aclaudi@redhat.com> +In-Reply-To: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +References: <6a3ecf4fd80f7dcecb72b6c83781f5aed463a75b.1695227714.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Tue, 5 Sep 2023 12:44:19 +0200 +Subject: [PATCH] ip vrf: make ipvrf_exec SELinux-aware + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1780023 +Upstream Status: iproute2-next.git commit 0d0eeaa6 + +commit 0d0eeaa6cb9218e57ce910fc3a8991b80da6393e +Author: Andrea Claudi +Date: Wed Aug 23 19:30:02 2023 +0200 + + ip vrf: make ipvrf_exec SELinux-aware + + When using ip vrf and SELinux is enabled, make sure to set the exec file + context before calling cmd_exec. + + This ensures that the command is executed with the right context, + falling back to the ifconfig_t context when needed. + + Signed-off-by: Andrea Claudi + Signed-off-by: David Ahern +--- + include/selinux.h | 1 + + ip/ipvrf.c | 6 ++++++ + lib/selinux.c | 5 +++++ + 3 files changed, 12 insertions(+) + +diff --git a/include/selinux.h b/include/selinux.h +index 499aa966..592c7680 100644 +--- a/include/selinux.h ++++ b/include/selinux.h +@@ -6,4 +6,5 @@ void freecon(char *context); + int getpidcon(pid_t pid, char **context); + int getfilecon(const char *path, char **context); + int security_get_initial_context(const char *name, char **context); ++int setexecfilecon(const char *filename, const char *fallback_type); + #endif +diff --git a/ip/ipvrf.c b/ip/ipvrf.c +index 0718bea8..b0dd2abe 100644 +--- a/ip/ipvrf.c ++++ b/ip/ipvrf.c +@@ -24,6 +24,7 @@ + #include "utils.h" + #include "ip_common.h" + #include "bpf_util.h" ++#include "selinux.h" + + #define CGRP_PROC_FILE "/cgroup.procs" + +@@ -455,6 +456,11 @@ static int ipvrf_exec(int argc, char **argv) + return -1; + } + ++ if (is_selinux_enabled() && setexecfilecon(argv[1], "ifconfig_t")) { ++ fprintf(stderr, "setexecfilecon for \"%s\" failed\n", argv[1]); ++ return -1; ++ } ++ + return -cmd_exec(argv[1], argv + 1, !!batch_mode, do_switch, argv[0]); + } + +diff --git a/lib/selinux.c b/lib/selinux.c +index 4e6805fc..7e5dd16d 100644 +--- a/lib/selinux.c ++++ b/lib/selinux.c +@@ -30,3 +30,8 @@ int security_get_initial_context(const char *name, char **context) + *context = NULL; + return -1; + } ++ ++int setexecfilecon(const char *filename, const char *fallback_type) ++{ ++ return -1; ++} +-- +2.41.0 + diff --git a/SPECS/iproute.spec b/SPECS/iproute.spec index cdcd17e..3281ccd 100644 --- a/SPECS/iproute.spec +++ b/SPECS/iproute.spec @@ -1,7 +1,7 @@ Summary: Advanced IP routing and network device configuration tools Name: iproute -Version: 5.18.0 -Release: 1.1%{?dist}%{?buildid} +Version: 6.2.0 +Release: 5%{?dist}%{?buildid} %if 0%{?rhel} Group: Applications/System %endif @@ -10,8 +10,13 @@ Source0: https://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{v Source1: rt_dsfield.deprecated Patch0: 0001-Update-kernel-headers.patch Patch1: 0002-macvlan-Add-bclim-parameter.patch +Patch2: 0003-tc-add-missing-separator.patch +Patch3: 0004-ss-make-is_selinux_enabled-stub-work-like-in-SELinux.patch +Patch4: 0005-ss-make-SELinux-stub-functions-conformant-to-API-def.patch +Patch5: 0006-lib-add-SELinux-include-and-stub-functions.patch +Patch6: 0007-ip-vrf-make-ipvrf_exec-SELinux-aware.patch -License: GPLv2+ and Public Domain +License: GPL-2.0-or-later AND NIST-PD BuildRequires: bison BuildRequires: elfutils-libelf-devel BuildRequires: flex @@ -43,7 +48,7 @@ Summary: Linux Traffic Control utility %if 0%{?rhel} Group: Applications/System %endif -License: GPLv2+ +License: GPL-2.0-or-later Requires: %{name}%{?_isa} = %{version}-%{release} Provides: /sbin/tc @@ -58,7 +63,7 @@ Summary: Documentation for iproute2 utilities with examples %if 0%{?rhel} Group: Applications/System %endif -License: GPLv2+ +License: GPL-2.0-or-later Requires: %{name} = %{version}-%{release} %description doc @@ -70,7 +75,7 @@ Summary: iproute development files %if 0%{?rhel} Group: Development/Libraries %endif -License: GPLv2+ +License: GPL-2.0-or-later Requires: %{name} = %{version}-%{release} Provides: iproute-static = %{version}-%{release} @@ -81,12 +86,11 @@ The libnetlink static library. %autosetup -p1 -n %{name}2-%{version} %build -%configure +%configure --libdir %{_libdir} +echo -e "\nPREFIX=%{_prefix}\nCONFDIR:=%{_sysconfdir}/iproute2\nSBINDIR=%{_sbindir}" >> config.mk %make_build %install -export SBINDIR='%{_sbindir}' -export LIBDIR='%{_libdir}' %make_install echo '.so man8/tc-cbq.8' > %{buildroot}%{_mandir}/man8/cbq.8 @@ -99,7 +103,7 @@ install -D -m644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a rm -rf '%{buildroot}%{_docdir}' # append deprecated values to rt_dsfield for compatibility reasons -%if ! 0%{?fedora} +%if 0%{?rhel} && ! 0%{?eln} cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield %endif @@ -142,9 +146,24 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield %{_includedir}/iproute2/bpf_elf.h %changelog -* Tue Jun 06 2023 Andrea Claudi - 5.18.0-1.1.el8 -- macvlan: Add bclim parameter (Andrea Claudi) [2209687] -- Update kernel headers (Andrea Claudi) [2209687] +* Mon Sep 25 2023 Andrea Claudi - 6.2.0-5.el8 +- Bump version number (wrong exception build) + +* Wed Sep 20 2023 Andrea Claudi - 6.2.0-4.el8 +- ip vrf: make ipvrf_exec SELinux-aware (Andrea Claudi) [1780023] +- lib: add SELinux include and stub functions (Andrea Claudi) [1780023] +- ss: make SELinux stub functions conformant to API definitions (Andrea Claudi) [1780023] +- ss: make is_selinux_enabled stub work like in SELinux (Andrea Claudi) [1780023] + +* Wed Jun 07 2023 Andrea Claudi - 6.2.0-3.el8 +- tc: add missing separator (Andrea Claudi) + +* Wed May 03 2023 Andrea Claudi - 6.2.0-2.el8 +- macvlan: Add bclim parameter (Andrea Claudi) [2188134] +- Update kernel headers (Andrea Claudi) [2188134] + +* Wed Apr 26 2023 Andrea Claudi - 6.2.0-1.el8 +- New version 6.2.0 (Andrea Claudi) [RHEL-424] * Wed Jun 08 2022 Wen Liang - 5.18.0-1.el8 - New version 5.18.0 [2074607] @@ -773,14 +792,14 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu Apr 23 2009 Marcela Mašláňová - 2.6.29-3 -- new iptables (xtables) bring problems to tc, when ipt is used. +- new iptables (xtables) bring problems to tc, when ipt is used. rhbz#497344 still broken. tc_modules.patch brings correct paths to xtables, but that doesn't fix whole issue. -- 497355 ip should allow creation of an IPsec SA with 'proto any' +- 497355 ip should allow creation of an IPsec SA with 'proto any' and specified sport and dport as selectors * Tue Apr 14 2009 Marcela Mašláňová - 2.6.29-2 -- c3651bf4763d7247e3edd4e20526a85de459041b ip6tunnel: Fix no default +- c3651bf4763d7247e3edd4e20526a85de459041b ip6tunnel: Fix no default display of ip4ip6 tunnels - e48f73d6a5e90d2f883e15ccedf4f53d26bb6e74 missing arpd directory @@ -839,7 +858,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield * Wed Feb 6 2008 Marcela Maslanova - 2.6.23-3 - rebuild without tetex files. It isn't working in rawhide yet. Added - new source for ps files. + new source for ps files. - #431179 backward compatibility for previous iproute versions * Mon Jan 21 2008 Marcela Maslanova - 2.6.23-2 @@ -891,7 +910,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield - bug fix for xfrm monitor - alignment fixes for cris - documentation corrections - + * Mon Oct 2 2006 Radek Vokal - 2.6.16-7 - fix ip.8 man page, add initcwnd option @@ -941,7 +960,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield - use tc manpages and cbq.init from source tarball (#172851) * Thu Nov 10 2005 Radek Vokal 2.6.14-8 -- new upstream source +- new upstream source * Mon Oct 31 2005 Radek Vokal 2.6.14-7 - add warning to ip tunnel add command (#128107) @@ -957,7 +976,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield - add RPM_OPT_FLAGS * Mon Sep 19 2005 Radek Vokal 2.6.14-3 -- forget to apply the patch :( +- forget to apply the patch :( * Mon Sep 19 2005 Radek Vokal 2.6.14-2 - make ip help work again (#168449) @@ -976,7 +995,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield * Tue May 24 2005 Radek Vokal 2.6.11-2 - removed useless initvar patch (#150798) -- new upstream source +- new upstream source * Tue Mar 15 2005 Radek Vokal 2.6.11-1 - update to iproute-2.6.11 @@ -995,7 +1014,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield * Tue Nov 16 2004 Radek Vokal 2.6.9-4 - source file updated from snapshot version -- endian patch adding +- endian patch adding * Sat Sep 18 2004 Joshua Blanton 2.6.9-3 - added installation of netem module for tc @@ -1021,7 +1040,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield * Wed Apr 21 2004 Phil Knirsch 2.4.7-14 - Fixed -f option for ss (#118355). - Small description fix (#110997). -- Added initialization of some vars (#74961). +- Added initialization of some vars (#74961). - Added patch to initialize "default" rule as well (#60693). * Fri Feb 13 2004 Elliot Lee @@ -1074,7 +1093,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield - fix build problem in beehive if kernel-sources is not installed * Fri May 25 2001 Helge Deller -- updated to iproute2-2.2.4-now-ss001007.tar.gz +- updated to iproute2-2.2.4-now-ss001007.tar.gz - bzip2 source tar file - "License" replaces "Copyright" - added "BuildPrereq: tetex-latex tetex-dvips psutils"