libselinux-2.7-5.fc28

- Drop golang bindings - Add support for pcre2 to pkgconfig definition
2017-10-20 10:50:59 +02:00 · 2017-10-20 10:50:59 +02:00 · f2f46ec91f
commit f2f46ec91f
parent 85e255c58e
2 changed files with 65 additions and 472 deletions
--- a/libselinux-fedora.patch
+++ b/libselinux-fedora.patch
@ -1,474 +1,27 @@
 diff --git libselinux-2.7/Makefile libselinux-2.7/Makefile
-index 1ecab17..1f507fb 100644
+index 1ecab17..16531fe 100644
 --- libselinux-2.7/Makefile
 +++ libselinux-2.7/Makefile
-@@ -1,4 +1,4 @@
-SUBDIRS = src include utils man
-+SUBDIRS = src include utils man golang
+@@ -21,13 +21,14 @@ export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST
 
- PKG_CONFIG ?= pkg-config
- DISABLE_SETRANS ?= n
-diff --git libselinux-2.7/golang/Makefile libselinux-2.7/golang/Makefile
-new file mode 100644
-index 0000000..b75677b
--- /dev/null
-+++ libselinux-2.7/golang/Makefile
-@@ -0,0 +1,22 @@
-+# Installation directories.
-+PREFIX ?= $(DESTDIR)/usr
-+LIBDIR ?= $(DESTDIR)/usr/lib
-+GODIR ?= $(LIBDIR)/golang/src/pkg/github.com/selinux
-+all:
-+
-+install: 
-+	[ -d $(GODIR) ] || mkdir -p $(GODIR)
-+	install -m 644 selinux.go $(GODIR)
-+
-+test:
-+	@mkdir selinux
-+	@cp selinux.go selinux
-+	GOPATH=$(pwd) go run test.go 
-+	@rm -rf selinux
-+
-+clean:
-+	@rm -f *~
-+	@rm -rf selinux
-+indent:
-+
-+relabel:
-diff --git libselinux-2.7/golang/selinux.go libselinux-2.7/golang/selinux.go
-new file mode 100644
-index 0000000..34bf6bb
--- /dev/null
-+++ libselinux-2.7/golang/selinux.go
-@@ -0,0 +1,412 @@
-+package selinux
-+
-+/*
-+ The selinux package is a go bindings to libselinux required to add selinux
-+ support to docker.
-+
-+ Author Dan Walsh <dwalsh@redhat.com>
-+
-+ Used some ideas/code from the go-ini packages https://github.com/vaughan0
-+ By Vaughan Newton
-+*/
-+
-+// #cgo pkg-config: libselinux
-+// #include <selinux/selinux.h>
-+// #include <stdlib.h>
-+import "C"
-+import (
-+	"bufio"
-+	"crypto/rand"
-+	"encoding/binary"
-+	"fmt"
-+	"io"
-+	"os"
-+	"path"
-+	"path/filepath"
-+	"regexp"
-+	"strings"
-+	"unsafe"
-+)
-+
-+var (
-+	assignRegex = regexp.MustCompile(`^([^=]+)=(.*)$`)
-+	mcsList     = make(map[string]bool)
-+)
-+
-+func Matchpathcon(path string, mode os.FileMode) (string, error) {
-+	var con C.security_context_t
-+	var scon string
-+	rc, err := C.matchpathcon(C.CString(path), C.mode_t(mode), &con)
-+	if rc == 0 {
-+		scon = C.GoString(con)
-+		C.free(unsafe.Pointer(con))
-+	}
-+	return scon, err
-+}
-+
-+func Setfilecon(path, scon string) (int, error) {
-+	rc, err := C.lsetfilecon(C.CString(path), C.CString(scon))
-+	return int(rc), err
-+}
-+
-+func Getfilecon(path string) (string, error) {
-+	var scon C.security_context_t
-+	var fcon string
-+	rc, err := C.lgetfilecon(C.CString(path), &scon)
-+	if rc >= 0 {
-+		fcon = C.GoString(scon)
-+		err = nil
-+	}
-+	return fcon, err
-+}
-+
-+func Setfscreatecon(scon string) (int, error) {
-+	var (
-+		rc  C.int
-+		err error
-+	)
-+	if scon != "" {
-+		rc, err = C.setfscreatecon(C.CString(scon))
-+	} else {
-+		rc, err = C.setfscreatecon(nil)
-+	}
-+	return int(rc), err
-+}
-+
-+func Getfscreatecon() (string, error) {
-+	var scon C.security_context_t
-+	var fcon string
-+	rc, err := C.getfscreatecon(&scon)
-+	if rc >= 0 {
-+		fcon = C.GoString(scon)
-+		err = nil
-+		C.freecon(scon)
-+	}
-+	return fcon, err
-+}
-+
-+func Getcon() string {
-+	var pcon C.security_context_t
-+	C.getcon(&pcon)
-+	scon := C.GoString(pcon)
-+	C.freecon(pcon)
-+	return scon
-+}
-+
-+func Getpidcon(pid int) (string, error) {
-+	var pcon C.security_context_t
-+	var scon string
-+	rc, err := C.getpidcon(C.pid_t(pid), &pcon)
-+	if rc >= 0 {
-+		scon = C.GoString(pcon)
-+		C.freecon(pcon)
-+		err = nil
-+	}
-+	return scon, err
-+}
-+
-+func Getpeercon(socket int) (string, error) {
-+	var pcon C.security_context_t
-+	var scon string
-+	rc, err := C.getpeercon(C.int(socket), &pcon)
-+	if rc >= 0 {
-+		scon = C.GoString(pcon)
-+		C.freecon(pcon)
-+		err = nil
-+	}
-+	return scon, err
-+}
-+
-+func Setexeccon(scon string) error {
-+	var val *C.char
-+	if !SelinuxEnabled() {
-+		return nil
-+	}
-+	if scon != "" {
-+		val = C.CString(scon)
-+	} else {
-+		val = nil
-+	}
-+	_, err := C.setexeccon(val)
-+	return err
-+}
-+
-+type Context struct {
-+	con []string
-+}
-+
-+func (c *Context) SetUser(user string) {
-+	c.con[0] = user
-+}
-+func (c *Context) GetUser() string {
-+	return c.con[0]
-+}
-+func (c *Context) SetRole(role string) {
-+	c.con[1] = role
-+}
-+func (c *Context) GetRole() string {
-+	return c.con[1]
-+}
-+func (c *Context) SetType(setype string) {
-+	c.con[2] = setype
-+}
-+func (c *Context) GetType() string {
-+	return c.con[2]
-+}
-+func (c *Context) SetLevel(mls string) {
-+	c.con[3] = mls
-+}
-+func (c *Context) GetLevel() string {
-+	return c.con[3]
-+}
-+func (c *Context) Get() string {
-+	return strings.Join(c.con, ":")
-+}
-+func (c *Context) Set(scon string) {
-+	c.con = strings.SplitN(scon, ":", 4)
-+}
-+func NewContext(scon string) Context {
-+	var con Context
-+	con.Set(scon)
-+	return con
-+}
-+
-+func SelinuxEnabled() bool {
-+	b := C.is_selinux_enabled()
-+	if b > 0 {
-+		return true
-+	}
-+	return false
-+}
-+
-+const (
-+	Enforcing  = 1
-+	Permissive = 0
-+	Disabled   = -1
-+)
-+
-+func SelinuxGetEnforce() int {
-+	return int(C.security_getenforce())
-+}
-+
-+func SelinuxGetEnforceMode() int {
-+	var enforce C.int
-+	C.selinux_getenforcemode(&enforce)
-+	return int(enforce)
-+}
-+
-+func mcsAdd(mcs string) {
-+	mcsList[mcs] = true
-+}
-+
-+func mcsDelete(mcs string) {
-+	mcsList[mcs] = false
-+}
-+
-+func mcsExists(mcs string) bool {
-+	return mcsList[mcs]
-+}
-+
-+func IntToMcs(id int, catRange uint32) string {
-+	if (id < 1) || (id > 523776) {
-+		return ""
-+	}
-+
-+	SETSIZE := int(catRange)
-+	TIER := SETSIZE
-+
-+	ORD := id
-+	for ORD > TIER {
-+		ORD = ORD - TIER
-+		TIER -= 1
-+	}
-+	TIER = SETSIZE - TIER
-+	ORD = ORD + TIER
-+	return fmt.Sprintf("s0:c%d,c%d", TIER, ORD)
-+}
-+
-+func uniqMcs(catRange uint32) string {
-+	var n uint32
-+	var c1, c2 uint32
-+	var mcs string
-+	for {
-+		binary.Read(rand.Reader, binary.LittleEndian, &n)
-+		c1 = n % catRange
-+		binary.Read(rand.Reader, binary.LittleEndian, &n)
-+		c2 = n % catRange
-+		if c1 == c2 {
-+			continue
-+		} else {
-+			if c1 > c2 {
-+				t := c1
-+				c1 = c2
-+				c2 = t
-+			}
-+		}
-+		mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2)
-+		if mcsExists(mcs) {
-+			continue
-+		}
-+		mcsAdd(mcs)
-+		break
-+	}
-+	return mcs
-+}
-+func freeContext(processLabel string) {
-+	var scon Context
-+	scon = NewContext(processLabel)
-+	mcsDelete(scon.GetLevel())
-+}
-+
-+func GetLxcContexts() (processLabel string, fileLabel string) {
-+	var val, key string
-+	var bufin *bufio.Reader
-+	if !SelinuxEnabled() {
-+		return
-+	}
-+	lxcPath := C.GoString(C.selinux_lxc_contexts_path())
-+	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
-+	processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
-+
-+	in, err := os.Open(lxcPath)
-+	if err != nil {
-+		goto exit
-+	}
-+
-+	defer in.Close()
-+	bufin = bufio.NewReader(in)
-+
-+	for done := false; !done; {
-+		var line string
-+		if line, err = bufin.ReadString('\n'); err != nil {
-+			if err == io.EOF {
-+				done = true
-+			} else {
-+				goto exit
-+			}
-+		}
-+		line = strings.TrimSpace(line)
-+		if len(line) == 0 {
-+			// Skip blank lines
-+			continue
-+		}
-+		if line[0] == ';' || line[0] == '#' {
-+			// Skip comments
-+			continue
-+		}
-+		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
-+			key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
-+			if key == "process" {
-+				processLabel = strings.Trim(val, "\"")
-+			}
-+			if key == "file" {
-+				fileLabel = strings.Trim(val, "\"")
-+			}
-+		}
-+	}
-+exit:
-+	var scon Context
-+	mcs := IntToMcs(os.Getpid(), 1024)
-+	scon = NewContext(processLabel)
-+	scon.SetLevel(mcs)
-+	processLabel = scon.Get()
-+	scon = NewContext(fileLabel)
-+	scon.SetLevel(mcs)
-+	fileLabel = scon.Get()
-+	return processLabel, fileLabel
-+}
-+
-+func CopyLevel(src, dest string) (string, error) {
-+	if !SelinuxEnabled() {
-+		return "", nil
-+	}
-+	if src == "" {
-+		return "", nil
-+	}
-+	rc, err := C.security_check_context(C.CString(src))
-+	if rc != 0 {
-+		return "", err
-+	}
-+	rc, err = C.security_check_context(C.CString(dest))
-+	if rc != 0 {
-+		return "", err
-+	}
-+	scon := NewContext(src)
-+	tcon := NewContext(dest)
-+	tcon.SetLevel(scon.GetLevel())
-+	return tcon.Get(), nil
-+}
-+
-+func RestoreCon(fpath string, recurse bool) error {
-+	var flabel string
-+	var err error
-+	var fs os.FileInfo
-+
-+	if !SelinuxEnabled() {
-+		return nil
-+	}
-+
-+	if recurse {
-+		var paths []string
-+		var err error
-+
-+		if paths, err = filepath.Glob(path.Join(fpath, "**", "*")); err != nil {
-+			return fmt.Errorf("Unable to find directory %v: %v", fpath, err)
-+		}
-+
-+		for _, fpath := range paths {
-+			if err = RestoreCon(fpath, false); err != nil {
-+				return fmt.Errorf("Unable to restore selinux context for %v: %v", fpath, err)
-+			}
-+		}
-+		return nil
-+	}
-+	if fs, err = os.Stat(fpath); err != nil {
-+		return fmt.Errorf("Unable stat %v: %v", fpath, err)
-+	}
-+
-+	if flabel, err = Matchpathcon(fpath, fs.Mode()); flabel == "" {
-+		return fmt.Errorf("Unable to get context for %v: %v", fpath, err)
-+	}
-+
-+	if rc, err := Setfilecon(fpath, flabel); rc != 0 {
-+		return fmt.Errorf("Unable to set selinux context for %v: %v", fpath, err)
-+	}
-+
-+	return nil
-+}
-+
-+func Test() {
-+	var plabel, flabel string
-+	if !SelinuxEnabled() {
-+		return
-+	}
-+
-+	plabel, flabel = GetLxcContexts()
-+	fmt.Println(plabel)
-+	fmt.Println(flabel)
-+	freeContext(plabel)
-+	plabel, flabel = GetLxcContexts()
-+	fmt.Println(plabel)
-+	fmt.Println(flabel)
-+	freeContext(plabel)
-+	if SelinuxEnabled() {
-+		fmt.Println("Enabled")
-+	} else {
-+		fmt.Println("Disabled")
-+	}
-+	fmt.Println("getenforce ", SelinuxGetEnforce())
-+	fmt.Println("getenforcemode ", SelinuxGetEnforceMode())
-+	flabel, _ = Matchpathcon("/home/dwalsh/.emacs", 0)
-+	fmt.Println(flabel)
-+	pid := os.Getpid()
-+	fmt.Printf("PID:%d MCS:%s\n", pid, IntToMcs(pid, 1023))
-+	fmt.Println(Getcon())
-+	fmt.Println(Getfilecon("/etc/passwd"))
-+	fmt.Println(Getpidcon(1))
-+	Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
-+	fmt.Println(Getfscreatecon())
-+	Setfscreatecon("")
-+	fmt.Println(Getfscreatecon())
-+	fmt.Println(Getpidcon(1))
-+}
-diff --git libselinux-2.7/golang/test.go libselinux-2.7/golang/test.go
-new file mode 100644
-index 0000000..fed6de8
--- /dev/null
-+++ libselinux-2.7/golang/test.go
-@@ -0,0 +1,9 @@
-+package main
-+
-+import (
-+	"./selinux"
-+)
-+
-+func main() {
-+	selinux.Test()
-+}
+ USE_PCRE2 ?= n
+ ifeq ($(USE_PCRE2),y)
+-	PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 $(shell $(PKG_CONFIG) --cflags libpcre2-8)
+-	PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre2-8)
+	PCRE_MODULE := libpcre2-8
+	PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8
+ else
+-	PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags libpcre)
+-	PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre)
+	PCRE_MODULE := libpcre
+ endif
+-export PCRE_CFLAGS PCRE_LDLIBS
+PCRE_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE))
+PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE))
+export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS
+ 
+ OS := $(shell uname)
+ export OS
 diff --git libselinux-2.7/man/man8/selinux.8 libselinux-2.7/man/man8/selinux.8
 index e37aee6..bf23b65 100644
 --- libselinux-2.7/man/man8/selinux.8
@ -488,6 +41,32 @@ index e37aee6..bf23b65 100644
 
 Every confined service on the system has a man page in the following format:
 .br
+diff --git libselinux-2.7/src/Makefile libselinux-2.7/src/Makefile
+index 2408fae..18df75c 100644
+--- libselinux-2.7/src/Makefile
+++ libselinux-2.7/src/Makefile
+@@ -148,7 +148,7 @@ $(LIBSO): $(LOBJS)
+ 	ln -sf $@ $(TARGET)
+ 
+ $(LIBPC): $(LIBPC).in ../VERSION
+-	sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
+	sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@
+ 
+ selinuxswig_python_exception.i: ../include/selinux/selinux.h
+ 	bash -e exception.sh > $@ || (rm -f $@ ; false)
+diff --git libselinux-2.7/src/avc.c libselinux-2.7/src/avc.c
+index 96b2678..5230efd 100644
+--- libselinux-2.7/src/avc.c
+++ libselinux-2.7/src/avc.c
+@@ -4,7 +4,7 @@
+  * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+  *
+  * Derived from the kernel AVC implementation by
+- * Stephen Smalley <sds@epoch.ncsc.mil> and 
+ * Stephen Smalley <sds@tycho.nsa.gov> and
+  * James Morris <jmorris@redhat.com>.
+  */
+ #include <selinux/avc.h>
 diff --git libselinux-2.7/src/avc_sidtab.c libselinux-2.7/src/avc_sidtab.c
 index 9669264..c775430 100644
 --- libselinux-2.7/src/avc_sidtab.c
@ -647,6 +226,18 @@ index 52707d0..0cbe12d 100644
 	if (rc < 0 && errno == ENOTSUP) {
 		char * ccontext = NULL;
 		int err = errno;
+diff --git libselinux-2.7/src/libselinux.pc.in libselinux-2.7/src/libselinux.pc.in
+index 2cd04d3..2e90a84 100644
+--- libselinux-2.7/src/libselinux.pc.in
+++ libselinux-2.7/src/libselinux.pc.in
+@@ -7,6 +7,6 @@ Name: libselinux
+ Description: SELinux utility library
+ Version: @VERSION@
+ URL: http://userspace.selinuxproject.org/
+-Requires.private: libsepol libpcre
+Requires.private: libsepol @PCRE_MODULE@
+ Libs: -L${libdir} -lselinux
+ Cflags: -I${includedir}
 diff --git libselinux-2.7/src/lsetfilecon.c libselinux-2.7/src/lsetfilecon.c
 index 1d3b28a..ea6d70b 100644
 --- libselinux-2.7/src/lsetfilecon.c
--- a/libselinux.spec
+++ b/libselinux.spec
@ -3,13 +3,13 @@
 %endif

 %define ruby_inc %(pkg-config --cflags ruby)
-%define libsepolver 2.7-1
+%define libsepolver 2.7-2
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.7
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 # https://github.com/SELinuxProject/selinux/wiki/Releases
@ -20,7 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.7 ./make-fedora-selinux-patch.sh libselinux
-# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9
+# HEAD https://github.com/fedora-selinux/selinux/commit/4247fad665261169b430895f0ab10f56eb33dd10
 Patch1: libselinux-fedora.patch
 BuildRequires: python python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
 %if 0%{?with_python3}
@ -232,8 +232,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %files devel
 %{_libdir}/libselinux.so
 %{_libdir}/pkgconfig/libselinux.pc
-%dir %{_libdir}/golang/src/pkg/github.com/selinux
-%{_libdir}/golang/src/pkg/github.com/selinux/selinux.go
 %{_includedir}/selinux/
 %{_mandir}/man3/*

@ -254,6 +252,10 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so

 %changelog
+* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
+- Drop golang bindings
+- Add support for pcre2 to pkgconfig definition
+
 * Wed Sep 27 2017 Petr Šabata <contyk@redhat.com> - 2.7-4
 - Enable the python3 subpackages on EL