import libselinux-2.9-3.el8

This commit is contained in:
CentOS Sources 2020-01-21 13:27:18 -05:00 committed by Stepan Oksanichenko
parent 20bf07fc98
commit 7b8789d826
9 changed files with 314 additions and 13 deletions

View File

@ -1,7 +1,7 @@
From f71fc47524bef3c4cd8a412e43d13daebd1c418b Mon Sep 17 00:00:00 2001 From f71fc47524bef3c4cd8a412e43d13daebd1c418b Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com> From: Miroslav Grepl <mgrepl@redhat.com>
Date: Wed, 16 Jul 2014 08:28:03 +0200 Date: Wed, 16 Jul 2014 08:28:03 +0200
Subject: [PATCH 1/5] Fix selinux man page to refer seinfo and sesearch tools. Subject: [PATCH] Fix selinux man page to refer seinfo and sesearch tools.
--- ---
libselinux/man/man8/selinux.8 | 4 +++- libselinux/man/man8/selinux.8 | 4 +++-

View File

@ -1,7 +1,7 @@
From ad3d3a0bf819f5895a6884357c2d0e18ea1ef314 Mon Sep 17 00:00:00 2001 From ad3d3a0bf819f5895a6884357c2d0e18ea1ef314 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com> From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 23 Dec 2013 09:50:54 -0500 Date: Mon, 23 Dec 2013 09:50:54 -0500
Subject: [PATCH 2/5] Verify context input to funtions to make sure the context Subject: [PATCH] Verify context input to funtions to make sure the context
field is not null. field is not null.
Return errno EINVAL, to prevent segfault. Return errno EINVAL, to prevent segfault.

View File

@ -1,8 +1,8 @@
From 431f72836d6c02450725cf6ffb1c7223b9fa6acc Mon Sep 17 00:00:00 2001 From a6e839be2c5a77c22a8c72cad001e3f87eaedf2e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 11 Mar 2019 15:26:43 +0100 Date: Mon, 11 Mar 2019 15:26:43 +0100
Subject: [PATCH 3/5] libselinux: Allow to override OVERRIDE_GETTID from Subject: [PATCH] libselinux: Allow to override OVERRIDE_GETTID from command
command line line
$ make CFLAGS="$CFLAGS -DOVERRIDE_GETTID=0" ... $ make CFLAGS="$CFLAGS -DOVERRIDE_GETTID=0" ...

View File

@ -1,8 +1,8 @@
From dca54ca1a8ab0b256e7834f7f5e97375427fbfd9 Mon Sep 17 00:00:00 2001 From be420729fbf4adc8b32ca3722fa6ca46bb51413d Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 27 Feb 2019 09:37:17 +0100 Date: Wed, 27 Feb 2019 09:37:17 +0100
Subject: [PATCH 4/5] Bring some old permission and flask constants back to Subject: [PATCH] Bring some old permission and flask constants back to Python
Python bindings bindings
--- ---
libselinux/src/selinuxswig.i | 4 ++++ libselinux/src/selinuxswig.i | 4 ++++

View File

@ -1,7 +1,7 @@
From 8384ffa7a371c8845c145951363da5d978ab98b5 Mon Sep 17 00:00:00 2001 From 903c54bf62ffba3c95e22e74c9c43838cd3935a0 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com> From: Vit Mojzis <vmojzis@redhat.com>
Date: Tue, 28 Feb 2017 16:12:43 +0100 Date: Tue, 28 Feb 2017 16:12:43 +0100
Subject: [PATCH 5/5] libselinux: add missing av_permission values Subject: [PATCH] libselinux: add missing av_permission values
Add missing av_permission values to av_permissions.h for the sake of Add missing av_permission values to av_permissions.h for the sake of
completeness (this interface is obsolete - these values are now completeness (this interface is obsolete - these values are now

View File

@ -0,0 +1,177 @@
From 67d490a38a319126f371eaf66a5fc922d7005b1f Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 16 May 2019 15:01:59 +0200
Subject: [PATCH] libselinux: Use Python distutils to install SELinux python
bindings
SWIG-4.0 changed its behavior so that it uses: from . import _selinux which
looks for _selinux module in the same directory as where __init__.py is -
$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
of _selinux.so").
In order to prevent such breakage in future use Python's distutils instead of
building and installing python bindings manually in Makefile.
Fixes:
>>> import selinux
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
from . import _selinux
ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
>>>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libselinux/src/.gitignore | 2 +-
libselinux/src/Makefile | 37 ++++++++-----------------------------
libselinux/src/setup.py | 24 ++++++++++++++++++++++++
3 files changed, 33 insertions(+), 30 deletions(-)
create mode 100644 libselinux/src/setup.py
diff --git a/libselinux/src/.gitignore b/libselinux/src/.gitignore
index 4dcc3b3b..428afe5a 100644
--- a/libselinux/src/.gitignore
+++ b/libselinux/src/.gitignore
@@ -1,4 +1,4 @@
selinux.py
-selinuxswig_wrap.c
+selinuxswig_python_wrap.c
selinuxswig_python_exception.i
selinuxswig_ruby_wrap.c
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index e9ed0383..826c830c 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -36,7 +36,7 @@ TARGET=libselinux.so
LIBPC=libselinux.pc
SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
SWIGRUBYIF= selinuxswig_ruby.i
-SWIGCOUT= selinuxswig_wrap.c
+SWIGCOUT= selinuxswig_python_wrap.c
SWIGPYOUT= selinux.py
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
LDLIBS_LIBSEPOLA := -l:libsepol.a
endif
-GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
MAX_STACK_SIZE=32768
@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
SRCS:= $(filter-out label_backends_android.c, $(SRCS))
endif
-SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
-
SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
all: $(LIBA) $(LIBSO) $(LIBPC)
-pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
+pywrap: all selinuxswig_python_exception.i
+ CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
rubywrap: all $(SWIGRUBYSO)
-$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
-$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
-
$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash -e exception.sh > $@ || (rm -f $@ ; false)
-$(AUDIT2WHYLOBJ): audit2why.c
- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
-
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
%.lo: %.c policy.h
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
-$(SWIGCOUT): $(SWIGIF)
- $(SWIG) $<
-
-$(SWIGPYOUT): $(SWIGCOUT)
-
$(SWIGRUBYCOUT): $(SWIGRUBYIF)
$(SWIGRUBY) $<
-swigify: $(SWIGIF)
- $(SWIG) $<
-
install: all
test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
@@ -194,10 +173,8 @@ install: all
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+ install -m 644 selinux.py $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
install-rubywrap: rubywrap
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
@@ -208,6 +185,8 @@ relabel:
clean-pywrap:
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
+ $(PYTHON) setup.py clean
+ -rm -rf build *~ \#* *pyc .#*
clean-rubywrap:
-rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
new file mode 100644
index 00000000..b12e7869
--- /dev/null
+++ b/libselinux/src/setup.py
@@ -0,0 +1,24 @@
+#!/usr/bin/python3
+
+from distutils.core import Extension, setup
+
+setup(
+ name="selinux",
+ version="2.9",
+ description="SELinux python 3 bindings",
+ author="SELinux Project",
+ author_email="selinux@vger.kernel.org",
+ ext_modules=[
+ Extension('selinux._selinux',
+ sources=['selinuxswig_python.i'],
+ include_dirs=['../include'],
+ library_dirs=['.'],
+ libraries=['selinux']),
+ Extension('selinux.audit2why',
+ sources=['audit2why.c'],
+ include_dirs=['../include'],
+ library_dirs=['.'],
+ libraries=['selinux'],
+ extra_link_args=['-l:libsepol.a'])
+ ],
+)
--
2.21.0

View File

@ -0,0 +1,44 @@
From 6ec8116ee64a25a0c5eb543f0b12ed25f1348c45 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 27 Jun 2019 11:17:13 +0200
Subject: [PATCH] libselinux: Do not use SWIG_CFLAGS when Python bindings are
built
Fixes:
https://rpmdiff.engineering.redhat.com/run/410372/7/
Detecting usr/lib64/python3.6/site-packages/selinux/audit2why.cpython-36m-x86_64-linux-gnu.so with not-hardened warnings '
Hardened: audit2why.cpython-36m-x86_64-linux-gnu.so: FAIL: Gaps were detected in the annobin coverage. Run with -v to list.
' on x86_64
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libselinux/src/Makefile | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 826c830c..f64f23a8 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -104,9 +104,6 @@ FTS_LDLIBS ?=
override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
-SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
- -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
-
RANLIB ?= ranlib
ARCH := $(patsubst i%86,i386,$(shell uname -m))
@@ -130,7 +127,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
all: $(LIBA) $(LIBSO) $(LIBPC)
pywrap: all selinuxswig_python_exception.i
- CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
+ $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
rubywrap: all $(SWIGRUBYSO)
--
2.21.0

View File

@ -0,0 +1,66 @@
From 90a4f2b9a5194a2d1ab4c45b7a90bbb6c8099a68 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Tue, 2 Jul 2019 14:09:05 +0200
Subject: [PATCH] Fix mcstrans secolor examples
According to "check_dominance" function:
Range defined as "s15:c0.c1023" does not dominate any other range than
"s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.).
While range defined as "s15-s15:c0.c1023" dominates all of the above.
This is either a bug, or "s15:c0.c1023" should not be used in the
examples.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
libselinux/man/man5/secolor.conf.5 | 4 ++--
libselinux/man/ru/man5/secolor.conf.5 | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/libselinux/man/man5/secolor.conf.5 b/libselinux/man/man5/secolor.conf.5
index b834577a..a3bf2da1 100644
--- a/libselinux/man/man5/secolor.conf.5
+++ b/libselinux/man/man5/secolor.conf.5
@@ -123,7 +123,7 @@ range s7\-s7:c0.c1023 = black red
.br
range s9\-s9:c0.c1023 = black orange
.br
-range s15:c0.c1023 = black yellow
+range s15\-s15:c0.c1023 = black yellow
.RE
.sp
@@ -165,7 +165,7 @@ type xguest_t = black green
.br
user sysadm_u = white black
.br
-range s0:c0.c1023 = black white
+range s0-s0:c0.c1023 = black white
.br
user * = black white
.br
diff --git a/libselinux/man/ru/man5/secolor.conf.5 b/libselinux/man/ru/man5/secolor.conf.5
index 4c1236ae..bcae80c1 100644
--- a/libselinux/man/ru/man5/secolor.conf.5
+++ b/libselinux/man/ru/man5/secolor.conf.5
@@ -121,7 +121,7 @@ range s7\-s7:c0.c1023 = black red
.br
range s9\-s9:c0.c1023 = black orange
.br
-range s15:c0.c1023 = black yellow
+range s15\-s15:c0.c1023 = black yellow
.RE
.sp
@@ -163,7 +163,7 @@ type xguest_t = black green
.br
user sysadm_u = white black
.br
-range s0:c0.c1023 = black white
+range s0\-s0:c0.c1023 = black white
.br
user * = black white
.br
--
2.21.0

View File

@ -6,7 +6,7 @@
%endif %endif
%define libsepolver 2.9-1 %define libsepolver 2.9-1
%define libselinuxrelease 1 %define libselinuxrelease 3
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
@ -24,6 +24,9 @@ Patch0002: 0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch
Patch0003: 0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch Patch0003: 0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch
Patch0004: 0004-Bring-some-old-permission-and-flask-constants-back-t.patch Patch0004: 0004-Bring-some-old-permission-and-flask-constants-back-t.patch
Patch0005: 0005-libselinux-add-missing-av_permission-values.patch Patch0005: 0005-libselinux-add-missing-av_permission-values.patch
Patch0006: 0006-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
Patch0007: 0007-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch
Patch0008: 0008-Fix-mcstrans-secolor-examples.patch
BuildRequires: gcc BuildRequires: gcc
%if 0%{?with_ruby} %if 0%{?with_ruby}
@ -55,7 +58,7 @@ process and file security contexts and to obtain security policy
decisions. Required for any applications that use the SELinux API. decisions. Required for any applications that use the SELinux API.
%package utils %package utils
Summary: SELinux libselinux utilies Summary: SELinux libselinux utilities
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
%description utils %description utils
@ -182,8 +185,10 @@ echo "d %{_rundir}/setrans 0755 root root" > %{buildroot}%{_tmpfilesdir}/libseli
%if 0%{?with_python2} %if 0%{?with_python2}
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
InstallPythonWrapper %{__python2} InstallPythonWrapper %{__python2}
mv %{buildroot}%{python2_sitearch}/selinux/_selinux.so %{buildroot}%{python2_sitearch}/
%endif %endif
InstallPythonWrapper %{__python3} InstallPythonWrapper %{__python3}
mv %{buildroot}%{python3_sitearch}/selinux/_selinux.*.so %{buildroot}%{python3_sitearch}/
%if 0%{?with_ruby} %if 0%{?with_ruby}
make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" RUBYINSTALL=%{ruby_vendorarchdir} install install-rubywrap make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" RUBYINSTALL=%{ruby_vendorarchdir} install install-rubywrap
@ -219,7 +224,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%license LICENSE %license LICENSE
%{_libdir}/libselinux.so.* %{_libdir}/libselinux.so.*
%dir %{_rundir}/setrans/ %dir %{_rundir}/setrans/
%{_sbindir}/sefcontext_compile
%{_tmpfilesdir}/libselinux.conf %{_tmpfilesdir}/libselinux.conf
%files utils %files utils
@ -227,6 +231,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{_sbindir}/getenforce %{_sbindir}/getenforce
%{_sbindir}/getsebool %{_sbindir}/getsebool
%{_sbindir}/matchpathcon %{_sbindir}/matchpathcon
%{_sbindir}/sefcontext_compile
%{_sbindir}/selinuxconlist %{_sbindir}/selinuxconlist
%{_sbindir}/selinuxdefcon %{_sbindir}/selinuxdefcon
%{_sbindir}/selinuxexeccon %{_sbindir}/selinuxexeccon
@ -255,11 +260,13 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%files -n libselinux-python %files -n libselinux-python
%{python2_sitearch}/selinux/ %{python2_sitearch}/selinux/
%{python2_sitearch}/_selinux.so %{python2_sitearch}/_selinux.so
%{python2_sitearch}/selinux-%{version}-*
%endif %endif
%files -n python3-libselinux %files -n python3-libselinux
%{python3_sitearch}/selinux/ %{python3_sitearch}/selinux/
%{python3_sitearch}/_selinux.*.so %{python3_sitearch}/_selinux.*.so
%{python3_sitearch}/selinux-%{version}-*
%if 0%{?with_ruby} %if 0%{?with_ruby}
%files ruby %files ruby
@ -267,6 +274,13 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%endif %endif
%changelog %changelog
* Fri Nov 08 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
- Fix mcstrans secolor examples in secolor.conf man page (#1770270)
* Mon Jun 24 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2.1
- Use Python distutils to install SELinux python bindings (#1719771)
- Move sefcontext_compile to -utils package (#1612518)
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1 * Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release - SELinux userspace 2.9 release