libselinux-3.5-4

- Add examples to man pages Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2023-06-22 19:10:17 +02:00 · 2023-06-22 19:10:17 +02:00 · 3d6e36cb93
commit 3d6e36cb93
parent a786690073
3 changed files with 143 additions and 23 deletions
--- a/0001-Use-SHA-2-instead-of-SHA-1.patch
+++ b/0001-Use-SHA-2-instead-of-SHA-1.patch
@ -1,8 +1,7 @@
-From 1dbd23dc2566b3fe9113bf09fd9e190dfd4651b6 Mon Sep 17 00:00:00 2001
+From 3a9bb0000dd9386b80ec54ecb64a99dd07b2f93a Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
-Content-type: text/plain

 The use of SHA-1 in RHEL9 is deprecated
 ---
@ -30,7 +29,7 @@ The use of SHA-1 in RHEL9 is deprecated
 create mode 100644 libselinux/src/sha256.h

 diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
-index e8983606d93b..a35d84d63b0a 100644
+index e8983606..a35d84d6 100644
 --- a/libselinux/include/selinux/label.h
 +++ b/libselinux/include/selinux/label.h
@@ -120,13 +120,13 @@ extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
@ -51,7 +50,7 @@ index e8983606d93b..a35d84d63b0a 100644
  * @num_specfiles: number of specfiles in the list.
  *
 diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
-index b10fe684eff9..8df4744505b3 100644
+index b10fe684..8df47445 100644
 --- a/libselinux/include/selinux/restorecon.h
 +++ b/libselinux/include/selinux/restorecon.h
@@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
@ -66,7 +65,7 @@ index b10fe684eff9..8df4744505b3 100644
 #define SELINUX_RESTORECON_IGNORE_DIGEST		0x00001
 /*
 diff --git a/libselinux/man/man3/selabel_digest.3 b/libselinux/man/man3/selabel_digest.3
-index 56a008f00df0..5f7c42533d0e 100644
+index 56a008f0..5f7c4253 100644
 --- a/libselinux/man/man3/selabel_digest.3
 +++ b/libselinux/man/man3/selabel_digest.3
@@ -20,11 +20,11 @@ selabel_digest \- Return digest of specfiles and list of files used
@ -84,7 +83,7 @@ index 56a008f00df0..5f7c42533d0e 100644
 with the number of entries in
 .IR num_specfiles .
 diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3
-index 0e03e1be111e..14ab888d2e03 100644
+index 0e03e1be..14ab888d 100644
 --- a/libselinux/man/man3/selabel_open.3
 +++ b/libselinux/man/man3/selabel_open.3
@@ -69,7 +69,7 @@ is used; a custom validation function can be provided via
@ -97,7 +96,7 @@ index 0e03e1be111e..14ab888d2e03 100644
 .BR selabel_digest (3)
 .
 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
-index 218aaf6d2ae5..5f6d4b386429 100644
+index 218aaf6d..5f6d4b38 100644
 --- a/libselinux/man/man3/selinux_restorecon.3
 +++ b/libselinux/man/man3/selinux_restorecon.3
@@ -36,7 +36,7 @@ If this is a directory and the
@ -172,7 +171,7 @@ index 218aaf6d2ae5..5f6d4b386429 100644
 .B SELINUX_RESTORECON_SET_SPECFILE_CTX
 flag (provided
 diff --git a/libselinux/man/man3/selinux_restorecon_xattr.3 b/libselinux/man/man3/selinux_restorecon_xattr.3
-index c56326814b94..098c840fc59b 100644
+index c5632681..098c840f 100644
 --- a/libselinux/man/man3/selinux_restorecon_xattr.3
 +++ b/libselinux/man/man3/selinux_restorecon_xattr.3
@@ -119,7 +119,7 @@ By default
@ -185,7 +184,7 @@ index c56326814b94..098c840fc59b 100644
 .BR selabel_open (3)
 must be called specifying the required
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index 70ba063ada5d..0c803d8d4aae 100644
+index 36d57122..8eafced9 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
@@ -125,7 +125,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
@ -198,7 +197,7 @@ index 70ba063ada5d..0c803d8d4aae 100644
 LABEL_BACKEND_ANDROID=y
 endif
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index 74ae9b9feb70..33d395e414f0 100644
+index 74ae9b9f..33d395e4 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
@@ -1010,7 +1010,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
@ -293,7 +292,7 @@ index 74ae9b9feb70..33d395e414f0 100644
 	free(matches);
 	return true;
 diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
-index 782c6aa8cc0c..304e8d96490a 100644
+index 782c6aa8..304e8d96 100644
 --- a/libselinux/src/label_internal.h
 +++ b/libselinux/src/label_internal.h
@@ -13,7 +13,7 @@
@ -334,7 +333,7 @@ index 782c6aa8cc0c..304e8d96490a 100644
 };
 
 diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
-index 54fd49a5b7b9..4003eb8dc7af 100644
+index 54fd49a5..4003eb8d 100644
 --- a/libselinux/src/label_support.c
 +++ b/libselinux/src/label_support.c
@@ -115,7 +115,7 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
@ -371,7 +370,7 @@ index 54fd49a5b7b9..4003eb8dc7af 100644
 	digest->hashbuf = NULL;
 	return;
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
-index 6b5f6921b82b..24604776974e 100644
+index 7ef2d45d..0f7d9bc3 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
@@ -37,7 +37,7 @@
@ -448,7 +447,7 @@ index 6b5f6921b82b..24604776974e 100644
 	return 0;
 
 oom:
-@@ -775,7 +775,7 @@ err:
+@@ -777,7 +777,7 @@ err:
 
 struct dir_hash_node {
 	char *path;
@ -457,7 +456,7 @@ index 6b5f6921b82b..24604776974e 100644
 	struct dir_hash_node *next;
 };
 /*
-@@ -1281,7 +1281,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
+@@ -1283,7 +1283,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
 			if (setxattr(current->path,
 			    RESTORECON_PARTIAL_MATCH_DIGEST,
 			    current->digest,
@ -468,7 +467,7 @@ index 6b5f6921b82b..24604776974e 100644
 					    current->path);
 diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c
 deleted file mode 100644
-index 9d51e04ac331..000000000000
+index 9d51e04a..00000000
 --- a/libselinux/src/sha1.c
 +++ /dev/null
@@ -1,220 +0,0 @@
@ -694,7 +693,7 @@ index 9d51e04ac331..000000000000
 -}
 diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h
 deleted file mode 100644
-index f83a6e7ed7ba..000000000000
+index f83a6e7e..00000000
 --- a/libselinux/src/sha1.h
 +++ /dev/null
@@ -1,85 +0,0 @@
@ -785,7 +784,7 @@ index f83a6e7ed7ba..000000000000
 -#endif //_sha1_h_
 diff --git a/libselinux/src/sha256.c b/libselinux/src/sha256.c
 new file mode 100644
-index 000000000000..fe2aeef07f53
+index 00000000..fe2aeef0
 --- /dev/null
 +++ b/libselinux/src/sha256.c
@@ -0,0 +1,294 @@
@ -1085,7 +1084,7 @@ index 000000000000..fe2aeef07f53
 +}
 diff --git a/libselinux/src/sha256.h b/libselinux/src/sha256.h
 new file mode 100644
-index 000000000000..406ed869cd82
+index 00000000..406ed869
 --- /dev/null
 +++ b/libselinux/src/sha256.h
@@ -0,0 +1,89 @@
@ -1179,7 +1178,7 @@ index 000000000000..406ed869cd82
 +        SHA256_HASH*        Digest          // [in]
 +    );
 diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
-index 6a8313a2c88d..a69331f1c6b5 100644
+index 6a8313a2..a69331f1 100644
 --- a/libselinux/utils/selabel_digest.c
 +++ b/libselinux/utils/selabel_digest.c
@@ -15,8 +15,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
@ -1260,7 +1259,7 @@ index 6a8313a2c88d..a69331f1c6b5 100644
 	selabel_close(hnd);
 	return rc;
 diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
-index c4e0f836b260..80723f714264 100644
+index c4e0f836..80723f71 100644
 --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
 +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
@@ -18,8 +18,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
@ -1349,5 +1348,5 @@ index c4e0f836b260..80723f714264 100644
 		}
 		default:
 -- 
-2.39.0
+2.40.0

--- a/0002-libselinux-Add-examples-to-man-pages.patch
+++ b/0002-libselinux-Add-examples-to-man-pages.patch
@ -0,0 +1,117 @@
+From 1540d4dd89af42b6a6c66e517142a2f5bade0974 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Thu, 1 Jun 2023 16:39:15 +0200
+Subject: [PATCH] libselinux: Add examples to man pages
+
+Also fix some typos and remove trailing whitespaces.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Acked-by: Petr Lautrbach <lautrbach@redhat.com>
+---
+ libselinux/man/man8/getsebool.8    | 18 +++++++++++-------
+ libselinux/man/man8/matchpathcon.8 | 19 +++++++++++++------
+ 2 files changed, 24 insertions(+), 13 deletions(-)
+
+diff --git a/libselinux/man/man8/getsebool.8 b/libselinux/man/man8/getsebool.8
+index d70bf1e4..9e36f04f 100644
+--- a/libselinux/man/man8/getsebool.8
+++ b/libselinux/man/man8/getsebool.8
+@@ -1,6 +1,6 @@
+ .TH "getsebool" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+ .SH "NAME"
+-getsebool \- get SELinux boolean value(s) 
+getsebool \- get SELinux boolean value(s)
+ .
+ .SH "SYNOPSIS"
+ .B getsebool
+@@ -8,17 +8,16 @@ getsebool \- get SELinux boolean value(s)
+ .RI [ boolean ]
+ .
+ .SH "DESCRIPTION"
+-.B getsebool 
+-reports where a particular SELinux boolean or
+-all SELinux booleans are on or off
+-In certain situations a boolean can be in one state with a pending 
+-change to the other state.  getsebool will report this as a pending change.
+.B getsebool
+reports whether a particular SELinux boolean, or all SELinux booleans, are on or off.
+In certain situations a boolean can be in one state with a pending
+change to the other state. getsebool will report this as a pending change.
+ The pending value indicates
+ the value that will be applied upon the next boolean commit.
+ 
+ The setting of boolean values occurs in two stages; first the pending
+ value is changed, then the booleans are committed, causing their
+-active values to become their pending values.  This allows a group of
+active values to become their pending values. This allows a group of
+ booleans to be changed in a single transaction, by setting all of
+ their pending values as desired and then committing once.
+ .
+@@ -27,6 +26,11 @@ their pending values as desired and then committing once.
+ .B \-a
+ Show all SELinux booleans.
+ .
+.SH EXAMPLE
+.nf
+Show current state of httpd_can_connect_ftp
+# getsebool httpd_can_connect_ftp
+.
+ .SH AUTHOR
+ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+ The program was written by Tresys Technology.
+diff --git a/libselinux/man/man8/matchpathcon.8 b/libselinux/man/man8/matchpathcon.8
+index 50c0d392..6d848f43 100644
+--- a/libselinux/man/man8/matchpathcon.8
+++ b/libselinux/man/man8/matchpathcon.8
+@@ -25,8 +25,8 @@ queries the system policy and outputs the default security context associated wi
+ Identical paths can have different security contexts, depending on the file
+ type (regular file, directory, link file, char file ...).
+ 
+-.B matchpathcon 
+-will also take the file type into consideration in determining the default security context if the file exists.  If the file does not exist, no file type matching will occur.
+.B matchpathcon
+will also take the file type into consideration in determining the default security context if the file exists. If the file does not exist, no file type matching will occur.
+ .
+ .SH OPTIONS
+ .TP
+@@ -34,19 +34,19 @@ will also take the file type into consideration in determining the default secur
+ Force file type for the lookup.
+ Valid types are
+ .BR file ", " dir ", "pipe ", " chr_file ", " blk_file ", "
+-.BR lnk_file ", " sock_file .
+.BR lnk_file ", " sock_file
+ .TP
+ .B \-n
+-Do not display path.
+Do not display path
+ .TP
+ .B \-N
+-Do not use translations.
+Do not use translations
+ .TP
+ .BI \-f " file_context_file"
+ Use alternate file_context file
+ .TP
+ .BI \-p " prefix"
+-Use prefix to speed translations
+Use prefix to speed up translations
+ .TP
+ .BI \-P " policy_root_path"
+ Use alternate policy root path
+@@ -54,6 +54,13 @@ Use alternate policy root path
+ .B \-V
+ Verify file context on disk matches defaults
+ .
+.SH EXAMPLE
+.nf
+Show the default label of sock_file cups.sock
+# matchpathcon -m sock_file /var/run/cups/cups.sock
+Verify that /var/www/html directory is labeled correctly (the content of the folder is not checked)
+# matchpathcon -V /var/www/html
+.
+ .SH AUTHOR
+ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+ .
+-- 
+2.40.0
+
--- a/libselinux.spec
+++ b/libselinux.spec
@ -4,7 +4,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 3.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: LicenseRef-Fedora-Public-Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libselinux-3.5.tar.gz
@ -17,6 +17,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
 # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
 Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
+Patch0002: 0002-libselinux-Add-examples-to-man-pages.patch
 # Patch list end
 BuildRequires: gcc make
 BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@ -214,6 +215,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so

 %changelog
+* Thu Jun 22 2023 Vit Mojzis <vmojzis@redhat.com> - 3.5-4
+- Add examples to man pages
+
 * Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 3.5-3
 - Rebuilt for Python 3.12