Compare commits
No commits in common. "c8" and "c10s" have entirely different histories.
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
237
.gitignore
vendored
237
.gitignore
vendored
@ -1 +1,236 @@
|
|||||||
SOURCES/libselinux-2.9.tar.gz
|
libselinux-1.17.9.tgz
|
||||||
|
libselinux-1.17.10.tgz
|
||||||
|
libselinux-1.17.11.tgz
|
||||||
|
libselinux-1.17.12.tgz
|
||||||
|
libselinux-1.17.13.tgz
|
||||||
|
libselinux-1.17.14.tgz
|
||||||
|
libselinux-1.17.15.tgz
|
||||||
|
libselinux-1.17.16.tgz
|
||||||
|
libselinux-1.18.1.tgz
|
||||||
|
libselinux-1.19.1.tgz
|
||||||
|
libselinux-1.19.2.tgz
|
||||||
|
libselinux-1.19.3.tgz
|
||||||
|
libselinux-1.19.4.tgz
|
||||||
|
libselinux-1.20.1.tgz
|
||||||
|
libselinux-1.21.1.tgz
|
||||||
|
libselinux-1.21.2.tgz
|
||||||
|
libselinux-1.21.4.tgz
|
||||||
|
libselinux-1.21.5.tgz
|
||||||
|
libselinux-1.21.7.tgz
|
||||||
|
exclude
|
||||||
|
nsadiff
|
||||||
|
nsalibselinux
|
||||||
|
libselinux-1.21.8.tgz
|
||||||
|
libselinux-1.21.9.tgz
|
||||||
|
libselinux-1.21.10.tgz
|
||||||
|
libselinux-1.21.11.tgz
|
||||||
|
libselinux-1.21.12.tgz
|
||||||
|
libselinux-1.21.13.tgz
|
||||||
|
libselinux-1.22.tgz
|
||||||
|
libselinux-1.23.1.tgz
|
||||||
|
libselinux-1.23.2.tgz
|
||||||
|
libselinux-1.23.3.tgz
|
||||||
|
libselinux-1.23.4.tgz
|
||||||
|
libselinux-1.23.5.tgz
|
||||||
|
libselinux-1.23.6.tgz
|
||||||
|
libselinux-1.23.7.tgz
|
||||||
|
libselinux-1.23.8.tgz
|
||||||
|
libselinux-1.23.10.tgz
|
||||||
|
libselinux-1.23.11.tgz
|
||||||
|
libselinux-1.24.1.tgz
|
||||||
|
libselinux-1.24.2.tgz
|
||||||
|
libselinux-1.25.2.tgz
|
||||||
|
libselinux-1.25.3.tgz
|
||||||
|
libselinux-1.25.4.tgz
|
||||||
|
libselinux-1.25.5.tgz
|
||||||
|
libselinux-1.25.6.tgz
|
||||||
|
libselinux-1.25.7.tgz
|
||||||
|
libselinux-1.26.tgz
|
||||||
|
libselinux-1.27.1.tgz
|
||||||
|
libselinux-1.27.2.tgz
|
||||||
|
libselinux-1.27.3.tgz
|
||||||
|
libselinux-1.27.4.tgz
|
||||||
|
libselinux-1.27.6.tgz
|
||||||
|
libselinux-1.27.7.tgz
|
||||||
|
libselinux-1.27.9.tgz
|
||||||
|
libselinux-1.27.10.tgz
|
||||||
|
libselinux-1.27.12.tgz
|
||||||
|
libselinux-1.27.13.tgz
|
||||||
|
libselinux-1.27.14.tgz
|
||||||
|
libselinux-1.27.17.tgz
|
||||||
|
libselinux-1.27.18.tgz
|
||||||
|
libselinux-1.27.19.tgz
|
||||||
|
libselinux-1.27.20.tgz
|
||||||
|
libselinux-1.27.21.tgz
|
||||||
|
libselinux-1.27.22.tgz
|
||||||
|
libselinux-1.27.23.tgz
|
||||||
|
libselinux-1.27.25.tgz
|
||||||
|
libselinux-1.27.26.tgz
|
||||||
|
libselinux-1.27.28.tgz
|
||||||
|
libselinux-1.28.tgz
|
||||||
|
libselinux-1.29.1.tgz
|
||||||
|
libselinux-1.29.2.tgz
|
||||||
|
libselinux-1.29.3.tgz
|
||||||
|
libselinux-1.29.4.tgz
|
||||||
|
libselinux-1.29.5.tgz
|
||||||
|
libselinux-1.29.6.tgz
|
||||||
|
libselinux-1.29.7.tgz
|
||||||
|
libselinux-1.29.8.tgz
|
||||||
|
libselinux-1.30.tgz
|
||||||
|
libselinux-1.30.1.tgz
|
||||||
|
libselinux-1.30.3.tgz
|
||||||
|
libselinux-1.30.5.tgz
|
||||||
|
libselinux-1.30.6.tgz
|
||||||
|
libselinux-1.30.7.tgz
|
||||||
|
libselinux-1.30.8.tgz
|
||||||
|
libselinux-1.30.10.tgz
|
||||||
|
libselinux-1.30.11.tgz
|
||||||
|
libselinux-1.30.12.tgz
|
||||||
|
libselinux-1.30.15.tgz
|
||||||
|
libselinux-1.30.19.tgz
|
||||||
|
libselinux-1.30.20.tgz
|
||||||
|
libselinux-1.30.22.tgz
|
||||||
|
libselinux-1.30.24.tgz
|
||||||
|
libselinux-1.30.26.tgz
|
||||||
|
libselinux-1.30.27.tgz
|
||||||
|
libselinux-1.30.28.tgz
|
||||||
|
libselinux-1.30.29.tgz
|
||||||
|
libselinux-1.30.30.tgz
|
||||||
|
libselinux-1.32.tgz
|
||||||
|
libselinux-1.33.1.tgz
|
||||||
|
libselinux-1.33.2.tgz
|
||||||
|
libselinux-1.33.3.tgz
|
||||||
|
libselinux-1.33.4.tgz
|
||||||
|
libselinux-1.33.5.tgz
|
||||||
|
libselinux-1.33.6.tgz
|
||||||
|
libselinux-1.34.0.tgz
|
||||||
|
libselinux-1.34.1.tgz
|
||||||
|
libselinux-2.0.0.tgz
|
||||||
|
libselinux-2.0.1.tgz
|
||||||
|
libselinux-2.0.2.tgz
|
||||||
|
libselinux-2.0.3.tgz
|
||||||
|
libselinux-2.0.4.tgz
|
||||||
|
libselinux-2.0.5.tgz
|
||||||
|
libselinux-2.0.7.tgz
|
||||||
|
libselinux-2.0.8.tgz
|
||||||
|
libselinux-2.0.9.tgz
|
||||||
|
libselinux-2.0.11.tgz
|
||||||
|
libselinux-2.0.12.tgz
|
||||||
|
libselinux-2.0.13.tgz
|
||||||
|
libselinux-2.0.14.tgz
|
||||||
|
libselinux-2.0.16.tgz
|
||||||
|
libselinux-2.0.18.tgz
|
||||||
|
libselinux-2.0.21.tgz
|
||||||
|
libselinux-2.0.22.tgz
|
||||||
|
libselinux-2.0.23.tgz
|
||||||
|
libselinux-2.0.24.tgz
|
||||||
|
libselinux-2.0.29.tgz
|
||||||
|
libselinux-2.0.30.tgz
|
||||||
|
libselinux-2.0.31.tgz
|
||||||
|
libselinux-2.0.33.tgz
|
||||||
|
libselinux-2.0.34.tgz
|
||||||
|
libselinux-2.0.35.tgz
|
||||||
|
libselinux-2.0.36.tgz
|
||||||
|
libselinux-2.0.37.tgz
|
||||||
|
libselinux-2.0.40.tgz
|
||||||
|
libselinux-2.0.42.tgz
|
||||||
|
libselinux-2.0.43.tgz
|
||||||
|
libselinux-2.0.45.tgz
|
||||||
|
libselinux-2.0.46.tgz
|
||||||
|
libselinux-2.0.47.tgz
|
||||||
|
libselinux-2.0.48.tgz
|
||||||
|
libselinux-2.0.49.tgz
|
||||||
|
libselinux-2.0.50.tgz
|
||||||
|
libselinux-2.0.52.tgz
|
||||||
|
libselinux-2.0.53.tgz
|
||||||
|
libselinux-2.0.55.tgz
|
||||||
|
libselinux-2.0.56.tgz
|
||||||
|
libselinux-2.0.57.tgz
|
||||||
|
libselinux-2.0.58.tgz
|
||||||
|
libselinux-2.0.59.tgz
|
||||||
|
libselinux-2.0.60.tgz
|
||||||
|
libselinux-2.0.61.tgz
|
||||||
|
libselinux-2.0.64.tgz
|
||||||
|
libselinux-2.0.65.tgz
|
||||||
|
libselinux-2.0.67.tgz
|
||||||
|
libselinux-2.0.69.tgz
|
||||||
|
libselinux-2.0.70.tgz
|
||||||
|
libselinux-2.0.71.tgz
|
||||||
|
libselinux-2.0.73.tgz
|
||||||
|
libselinux-2.0.74.tgz
|
||||||
|
libselinux-2.0.75.tgz
|
||||||
|
libselinux-2.0.76.tgz
|
||||||
|
libselinux-2.0.77.tgz
|
||||||
|
libselinux-2.0.78.tgz
|
||||||
|
libselinux-2.0.79.tgz
|
||||||
|
libselinux-2.0.80.tgz
|
||||||
|
libselinux-2.0.81.tgz
|
||||||
|
libselinux-2.0.82.tgz
|
||||||
|
libselinux-2.0.83.tgz
|
||||||
|
libselinux-2.0.84.tgz
|
||||||
|
libselinux-2.0.85.tgz
|
||||||
|
libselinux-2.0.86.tgz
|
||||||
|
libselinux-2.0.87.tgz
|
||||||
|
libselinux-2.0.88.tgz
|
||||||
|
libselinux-2.0.89.tgz
|
||||||
|
libselinux-2.0.90.tgz
|
||||||
|
libselinux-2.0.91.tgz
|
||||||
|
libselinux-2.0.92.tgz
|
||||||
|
libselinux-2.0.93.tgz
|
||||||
|
libselinux-2.0.94.tgz
|
||||||
|
libselinux-2.0.96.tgz
|
||||||
|
/libselinux-2.0.97.tgz
|
||||||
|
/libselinux-2.0.98.tgz
|
||||||
|
/libselinux-2.0.99.tgz
|
||||||
|
/libselinux-2.0.101.tgz
|
||||||
|
/libselinux-2.0.102.tgz
|
||||||
|
/libselinux-2.1.0.tgz
|
||||||
|
/libselinux-2.1.4.tgz
|
||||||
|
/libselinux-2.1.5.tgz
|
||||||
|
/libselinux-2.1.6.tgz
|
||||||
|
/libselinux-2.1.7.tgz
|
||||||
|
/libselinux-2.1.8.tgz
|
||||||
|
/libselinux-2.1.9.tgz
|
||||||
|
/libselinux-2.1.10.tgz
|
||||||
|
/libselinux-2.1.11.tgz
|
||||||
|
/libselinux-2.1.12.tgz
|
||||||
|
/libselinux-2.1.13.tgz
|
||||||
|
/libselinux-2.2.tgz
|
||||||
|
/libselinux-2.2.1.tgz
|
||||||
|
/libselinux-2.2.2.tgz
|
||||||
|
/libselinux-2.3.tgz
|
||||||
|
/libselinux-2.3.tar.gz
|
||||||
|
/libselinux-2.4.tar.gz
|
||||||
|
/libselinux-2.5-rc1.tar.gz
|
||||||
|
/libselinux-2.5.tar.gz
|
||||||
|
/libselinux-2.6.tar.gz
|
||||||
|
/libselinux-2.7.tar.gz
|
||||||
|
/libselinux-2.8-rc1.tar.gz
|
||||||
|
/libselinux-2.8-rc2.tar.gz
|
||||||
|
/libselinux-2.8-rc3.tar.gz
|
||||||
|
/libselinux-2.8.tar.gz
|
||||||
|
/libselinux-2.9-rc1.tar.gz
|
||||||
|
/libselinux-2.9-rc2.tar.gz
|
||||||
|
/libselinux-2.9.tar.gz
|
||||||
|
/libselinux-3.0-rc1.tar.gz
|
||||||
|
/libselinux-3.0.tar.gz
|
||||||
|
/libselinux-3.1.tar.gz
|
||||||
|
/libselinux-3.2-rc1.tar.gz
|
||||||
|
/libselinux-3.2-rc2.tar.gz
|
||||||
|
/libselinux-3.2.tar.gz
|
||||||
|
/libselinux-3.3-rc2.tar.gz
|
||||||
|
/libselinux-3.3-rc3.tar.gz
|
||||||
|
/libselinux-3.3.tar.gz
|
||||||
|
/libselinux-3.4-rc1.tar.gz
|
||||||
|
/libselinux-3.4-rc2.tar.gz
|
||||||
|
/libselinux-3.4-rc3.tar.gz
|
||||||
|
/libselinux-3.4.tar.gz
|
||||||
|
/libselinux-3.5-rc1.tar.gz
|
||||||
|
/libselinux-3.5-rc2.tar.gz
|
||||||
|
/libselinux-3.5-rc3.tar.gz
|
||||||
|
/libselinux-3.5.tar.gz
|
||||||
|
/libselinux-3.6-rc1.tar.gz
|
||||||
|
/libselinux-3.6-rc2.tar.gz
|
||||||
|
/libselinux-3.6.tar.gz
|
||||||
|
/libselinux-3.7.tar.gz
|
||||||
|
/libselinux-3.7.tar.gz.asc
|
||||||
|
@ -1 +0,0 @@
|
|||||||
c53911ee9da673f7653ab1afe66c0b2bf5fb5ac9 SOURCES/libselinux-2.9.tar.gz
|
|
1362
0001-Use-SHA-2-instead-of-SHA-1.patch
Normal file
1362
0001-Use-SHA-2-instead-of-SHA-1.patch
Normal file
File diff suppressed because it is too large
Load Diff
78
0002-libselinux-set-free-d-data-to-NULL.patch
Normal file
78
0002-libselinux-set-free-d-data-to-NULL.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
From bd6a803553a82238a9f618d1bb22f288682f8195 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Tue, 9 Jul 2024 21:13:36 +0200
|
||||||
|
Subject: [PATCH] libselinux: set free'd data to NULL
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Fixes segfault in selabel_open() on systems with SELinux disabled and without any
|
||||||
|
SELinux policy installed introduced by commit 5876aca0484f ("libselinux: free
|
||||||
|
data on selabel open failure"):
|
||||||
|
|
||||||
|
$ sestatus
|
||||||
|
SELinux status: disabled
|
||||||
|
|
||||||
|
$ cat /etc/selinux/config
|
||||||
|
cat: /etc/selinux/config: No such file or directory
|
||||||
|
|
||||||
|
$ matchpathcon /abc
|
||||||
|
[1] 907999 segmentation fault (core dumped) matchpathcon /abc
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
---
|
||||||
|
libselinux/src/label_backends_android.c | 1 +
|
||||||
|
libselinux/src/label_file.c | 1 +
|
||||||
|
libselinux/src/label_media.c | 1 +
|
||||||
|
libselinux/src/label_x.c | 1 +
|
||||||
|
4 files changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
|
||||||
|
index 49a87686de4c..5bad24f20d73 100644
|
||||||
|
--- a/libselinux/src/label_backends_android.c
|
||||||
|
+++ b/libselinux/src/label_backends_android.c
|
||||||
|
@@ -260,6 +260,7 @@ static void closef(struct selabel_handle *rec)
|
||||||
|
free(data->spec_arr);
|
||||||
|
|
||||||
|
free(data);
|
||||||
|
+ rec->data = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec,
|
||||||
|
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
||||||
|
index 6c6fe328b353..87dbd0e90f2b 100644
|
||||||
|
--- a/libselinux/src/label_file.c
|
||||||
|
+++ b/libselinux/src/label_file.c
|
||||||
|
@@ -942,6 +942,7 @@ static void closef(struct selabel_handle *rec)
|
||||||
|
free(last_area);
|
||||||
|
}
|
||||||
|
free(data);
|
||||||
|
+ rec->data = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Finds all the matches of |key| in the given context. Returns the result in
|
||||||
|
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
|
||||||
|
index 852aeada8ff4..bae065c12a55 100644
|
||||||
|
--- a/libselinux/src/label_media.c
|
||||||
|
+++ b/libselinux/src/label_media.c
|
||||||
|
@@ -183,6 +183,7 @@ static void close(struct selabel_handle *rec)
|
||||||
|
free(spec_arr);
|
||||||
|
|
||||||
|
free(data);
|
||||||
|
+ rec->data = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
|
||||||
|
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
|
||||||
|
index a8decc7a0093..ddae4f6c22b6 100644
|
||||||
|
--- a/libselinux/src/label_x.c
|
||||||
|
+++ b/libselinux/src/label_x.c
|
||||||
|
@@ -210,6 +210,7 @@ static void close(struct selabel_handle *rec)
|
||||||
|
free(spec_arr);
|
||||||
|
|
||||||
|
free(data);
|
||||||
|
+ rec->data = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
48
0003-libselinux-restorecon-Include-selinux-label.h.patch
Normal file
48
0003-libselinux-restorecon-Include-selinux-label.h.patch
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
From b0d8e4c5d6f1652cb103305f773ad5fae8a91304 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Date: Fri, 26 Jul 2024 17:59:15 +0200
|
||||||
|
Subject: [PATCH] libselinux/restorecon: Include <selinux/label.h>
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
restorecon.h uses types defined in label.h, so it needs to include
|
||||||
|
label.h (or code using restorecon.h also needs to include label.h,
|
||||||
|
which is not practical).
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
$ make DESTDIR=~/obj install > make.out
|
||||||
|
In file included from semanage_store.c:39:
|
||||||
|
/home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error:
|
||||||
|
‘struct selabel_handle’ declared inside parameter list will not be
|
||||||
|
visible outside of this definition or declaration [-Werror]
|
||||||
|
137 | extern void selinux_restorecon_set_sehandle(struct
|
||||||
|
selabel_handle *hndl);
|
||||||
|
| ^~~~~~~~~~~~~~
|
||||||
|
cc1: all warnings being treated as errors
|
||||||
|
make[2]: *** [Makefile:111: semanage_store.o] Error 1
|
||||||
|
make[1]: *** [Makefile:15: install] Error 2
|
||||||
|
make: *** [Makefile:40: install] Error 1
|
||||||
|
|
||||||
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||||
|
---
|
||||||
|
libselinux/include/selinux/restorecon.h | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
|
||||||
|
index 8df47445..210f65fd 100644
|
||||||
|
--- a/libselinux/include/selinux/restorecon.h
|
||||||
|
+++ b/libselinux/include/selinux/restorecon.h
|
||||||
|
@@ -1,6 +1,8 @@
|
||||||
|
#ifndef _RESTORECON_H_
|
||||||
|
#define _RESTORECON_H_
|
||||||
|
|
||||||
|
+#include <selinux/label.h>
|
||||||
|
+
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <stddef.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
@ -0,0 +1,62 @@
|
|||||||
|
From c89965eb2854db11b7b484b171beae092476ef0b Mon Sep 17 00:00:00 2001
|
||||||
|
From: James Carter <jwcart2@gmail.com>
|
||||||
|
Date: Mon, 1 Jul 2024 14:27:32 -0400
|
||||||
|
Subject: [PATCH] libselinux: Fix integer comparison issues when compiling for
|
||||||
|
32-bit
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Trying to compile libselinux for 32-bit produces the following error:
|
||||||
|
|
||||||
|
selinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: ‘__fsword_t’ {aka ‘int’} and ‘unsigned int’ [-Werror=sign-compare]
|
||||||
|
1194 | if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
|
||||||
|
| ^~
|
||||||
|
|
||||||
|
Since RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32,
|
||||||
|
cast both as uint32_t for the comparison.
|
||||||
|
|
||||||
|
Reported-by: Daniel Schepler
|
||||||
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
||||||
|
Reviewed-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||||
|
---
|
||||||
|
libselinux/src/selinux_restorecon.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
||||||
|
index 2422b415..93bd7779 100644
|
||||||
|
--- a/libselinux/src/selinux_restorecon.c
|
||||||
|
+++ b/libselinux/src/selinux_restorecon.c
|
||||||
|
@@ -1191,8 +1191,8 @@ static int selinux_restorecon_common(const char *pathname_orig,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Skip digest on in-memory filesystems and /sys */
|
||||||
|
- if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
|
||||||
|
- state.sfsb.f_type == SYSFS_MAGIC)
|
||||||
|
+ if ((uint32_t)state.sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
|
||||||
|
+ state.sfsb.f_type == TMPFS_MAGIC || state.sfsb.f_type == SYSFS_MAGIC)
|
||||||
|
state.setrestorecondigest = false;
|
||||||
|
|
||||||
|
if (state.flags.set_xdev)
|
||||||
|
@@ -1490,7 +1490,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
|
||||||
|
|
||||||
|
if (!recurse) {
|
||||||
|
if (statfs(pathname, &sfsb) == 0) {
|
||||||
|
- if (sfsb.f_type == RAMFS_MAGIC ||
|
||||||
|
+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
|
||||||
|
sfsb.f_type == TMPFS_MAGIC)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -1525,7 +1525,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
|
||||||
|
continue;
|
||||||
|
case FTS_D:
|
||||||
|
if (statfs(ftsent->fts_path, &sfsb) == 0) {
|
||||||
|
- if (sfsb.f_type == RAMFS_MAGIC ||
|
||||||
|
+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
|
||||||
|
sfsb.f_type == TMPFS_MAGIC)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
From f71fc47524bef3c4cd8a412e43d13daebd1c418b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
Date: Wed, 16 Jul 2014 08:28:03 +0200
|
|
||||||
Subject: [PATCH] Fix selinux man page to refer seinfo and sesearch tools.
|
|
||||||
|
|
||||||
---
|
|
||||||
libselinux/man/man8/selinux.8 | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
|
|
||||||
index e37aee68..bf23b655 100644
|
|
||||||
--- a/libselinux/man/man8/selinux.8
|
|
||||||
+++ b/libselinux/man/man8/selinux.8
|
|
||||||
@@ -91,11 +91,13 @@ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
||||||
.BR sepolicy (8),
|
|
||||||
.BR system-config-selinux (8),
|
|
||||||
.BR togglesebool (8),
|
|
||||||
-.BR restorecon (8),
|
|
||||||
.BR fixfiles (8),
|
|
||||||
+.BR restorecon (8),
|
|
||||||
.BR setfiles (8),
|
|
||||||
.BR semanage (8),
|
|
||||||
.BR sepolicy (8)
|
|
||||||
+.BR seinfo (8),
|
|
||||||
+.BR sesearch (8)
|
|
||||||
|
|
||||||
Every confined service on the system has a man page in the following format:
|
|
||||||
.br
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,214 +0,0 @@
|
|||||||
From ad3d3a0bf819f5895a6884357c2d0e18ea1ef314 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dan Walsh <dwalsh@redhat.com>
|
|
||||||
Date: Mon, 23 Dec 2013 09:50:54 -0500
|
|
||||||
Subject: [PATCH] Verify context input to funtions to make sure the context
|
|
||||||
field is not null.
|
|
||||||
|
|
||||||
Return errno EINVAL, to prevent segfault.
|
|
||||||
|
|
||||||
Rejected by upstream https://marc.info/?l=selinux&m=145036088424584&w=2
|
|
||||||
|
|
||||||
FIXME: use __attribute__(nonnull (arg-index, ...))
|
|
||||||
---
|
|
||||||
libselinux/src/avc_sidtab.c | 5 +++++
|
|
||||||
libselinux/src/canonicalize_context.c | 5 +++++
|
|
||||||
libselinux/src/check_context.c | 5 +++++
|
|
||||||
libselinux/src/compute_av.c | 5 +++++
|
|
||||||
libselinux/src/compute_create.c | 5 +++++
|
|
||||||
libselinux/src/compute_member.c | 5 +++++
|
|
||||||
libselinux/src/compute_relabel.c | 5 +++++
|
|
||||||
libselinux/src/compute_user.c | 5 +++++
|
|
||||||
libselinux/src/fsetfilecon.c | 8 ++++++--
|
|
||||||
libselinux/src/lsetfilecon.c | 9 +++++++--
|
|
||||||
libselinux/src/setfilecon.c | 8 ++++++--
|
|
||||||
11 files changed, 59 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
|
|
||||||
index 9669264d..c7754305 100644
|
|
||||||
--- a/libselinux/src/avc_sidtab.c
|
|
||||||
+++ b/libselinux/src/avc_sidtab.c
|
|
||||||
@@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s,
|
|
||||||
int hvalue, rc = 0;
|
|
||||||
struct sidtab_node *cur;
|
|
||||||
|
|
||||||
+ if (! ctx) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
*sid = NULL;
|
|
||||||
hvalue = sidtab_hash(ctx);
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
|
|
||||||
index ba4c9a2c..c8158725 100644
|
|
||||||
--- a/libselinux/src/canonicalize_context.c
|
|
||||||
+++ b/libselinux/src/canonicalize_context.c
|
|
||||||
@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const char * con,
|
|
||||||
size_t size;
|
|
||||||
int fd, ret;
|
|
||||||
|
|
||||||
+ if (! con) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (!selinux_mnt) {
|
|
||||||
errno = ENOENT;
|
|
||||||
return -1;
|
|
||||||
diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c
|
|
||||||
index 8a7997f0..5be84348 100644
|
|
||||||
--- a/libselinux/src/check_context.c
|
|
||||||
+++ b/libselinux/src/check_context.c
|
|
||||||
@@ -14,6 +14,11 @@ int security_check_context_raw(const char * con)
|
|
||||||
char path[PATH_MAX];
|
|
||||||
int fd, ret;
|
|
||||||
|
|
||||||
+ if (! con) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (!selinux_mnt) {
|
|
||||||
errno = ENOENT;
|
|
||||||
return -1;
|
|
||||||
diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
|
|
||||||
index a47cffe9..6d285a2e 100644
|
|
||||||
--- a/libselinux/src/compute_av.c
|
|
||||||
+++ b/libselinux/src/compute_av.c
|
|
||||||
@@ -27,6 +27,11 @@ int security_compute_av_flags_raw(const char * scon,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((! scon) || (! tcon)) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
snprintf(path, sizeof path, "%s/access", selinux_mnt);
|
|
||||||
fd = open(path, O_RDWR | O_CLOEXEC);
|
|
||||||
if (fd < 0)
|
|
||||||
diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
|
|
||||||
index 0975aeac..3e6a48c1 100644
|
|
||||||
--- a/libselinux/src/compute_create.c
|
|
||||||
+++ b/libselinux/src/compute_create.c
|
|
||||||
@@ -64,6 +64,11 @@ int security_compute_create_name_raw(const char * scon,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((! scon) || (! tcon)) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
snprintf(path, sizeof path, "%s/create", selinux_mnt);
|
|
||||||
fd = open(path, O_RDWR | O_CLOEXEC);
|
|
||||||
if (fd < 0)
|
|
||||||
diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
|
|
||||||
index 4e2d221e..d1dd9772 100644
|
|
||||||
--- a/libselinux/src/compute_member.c
|
|
||||||
+++ b/libselinux/src/compute_member.c
|
|
||||||
@@ -25,6 +25,11 @@ int security_compute_member_raw(const char * scon,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((! scon) || (! tcon)) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
snprintf(path, sizeof path, "%s/member", selinux_mnt);
|
|
||||||
fd = open(path, O_RDWR | O_CLOEXEC);
|
|
||||||
if (fd < 0)
|
|
||||||
diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
|
|
||||||
index 49f77ef3..c3db7c0a 100644
|
|
||||||
--- a/libselinux/src/compute_relabel.c
|
|
||||||
+++ b/libselinux/src/compute_relabel.c
|
|
||||||
@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const char * scon,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((! scon) || (! tcon)) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
|
|
||||||
fd = open(path, O_RDWR | O_CLOEXEC);
|
|
||||||
if (fd < 0)
|
|
||||||
diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
|
|
||||||
index 7b881215..401fd107 100644
|
|
||||||
--- a/libselinux/src/compute_user.c
|
|
||||||
+++ b/libselinux/src/compute_user.c
|
|
||||||
@@ -24,6 +24,11 @@ int security_compute_user_raw(const char * scon,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (! scon) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
snprintf(path, sizeof path, "%s/user", selinux_mnt);
|
|
||||||
fd = open(path, O_RDWR | O_CLOEXEC);
|
|
||||||
if (fd < 0)
|
|
||||||
diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
|
|
||||||
index 52707d05..0cbe12d8 100644
|
|
||||||
--- a/libselinux/src/fsetfilecon.c
|
|
||||||
+++ b/libselinux/src/fsetfilecon.c
|
|
||||||
@@ -9,8 +9,12 @@
|
|
||||||
|
|
||||||
int fsetfilecon_raw(int fd, const char * context)
|
|
||||||
{
|
|
||||||
- int rc = fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1,
|
|
||||||
- 0);
|
|
||||||
+ int rc;
|
|
||||||
+ if (! context) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ rc = fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0);
|
|
||||||
if (rc < 0 && errno == ENOTSUP) {
|
|
||||||
char * ccontext = NULL;
|
|
||||||
int err = errno;
|
|
||||||
diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
|
|
||||||
index 1d3b28a1..ea6d70b7 100644
|
|
||||||
--- a/libselinux/src/lsetfilecon.c
|
|
||||||
+++ b/libselinux/src/lsetfilecon.c
|
|
||||||
@@ -9,8 +9,13 @@
|
|
||||||
|
|
||||||
int lsetfilecon_raw(const char *path, const char * context)
|
|
||||||
{
|
|
||||||
- int rc = lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
|
|
||||||
- 0);
|
|
||||||
+ int rc;
|
|
||||||
+ if (! context) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0);
|
|
||||||
if (rc < 0 && errno == ENOTSUP) {
|
|
||||||
char * ccontext = NULL;
|
|
||||||
int err = errno;
|
|
||||||
diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c
|
|
||||||
index d05969c6..3f0200e8 100644
|
|
||||||
--- a/libselinux/src/setfilecon.c
|
|
||||||
+++ b/libselinux/src/setfilecon.c
|
|
||||||
@@ -9,8 +9,12 @@
|
|
||||||
|
|
||||||
int setfilecon_raw(const char *path, const char * context)
|
|
||||||
{
|
|
||||||
- int rc = setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
|
|
||||||
- 0);
|
|
||||||
+ int rc;
|
|
||||||
+ if (! context) {
|
|
||||||
+ errno=EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ rc = setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0);
|
|
||||||
if (rc < 0 && errno == ENOTSUP) {
|
|
||||||
char * ccontext = NULL;
|
|
||||||
int err = errno;
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,39 +0,0 @@
|
|||||||
From a6e839be2c5a77c22a8c72cad001e3f87eaedf2e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Mon, 11 Mar 2019 15:26:43 +0100
|
|
||||||
Subject: [PATCH] libselinux: Allow to override OVERRIDE_GETTID from command
|
|
||||||
line
|
|
||||||
|
|
||||||
$ make CFLAGS="$CFLAGS -DOVERRIDE_GETTID=0" ...
|
|
||||||
|
|
||||||
Drop this as soon as glibc-2.30 will become real 2.30 version, see
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1685594
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/procattr.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
|
|
||||||
index c6799ef2..cbb6824e 100644
|
|
||||||
--- a/libselinux/src/procattr.c
|
|
||||||
+++ b/libselinux/src/procattr.c
|
|
||||||
@@ -24,6 +24,7 @@ static __thread char destructor_initialized;
|
|
||||||
|
|
||||||
/* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and
|
|
||||||
* has a definition for it */
|
|
||||||
+#ifndef OVERRIDE_GETTID
|
|
||||||
#ifdef __BIONIC__
|
|
||||||
#define OVERRIDE_GETTID 0
|
|
||||||
#elif !defined(__GLIBC_PREREQ)
|
|
||||||
@@ -33,6 +34,7 @@ static __thread char destructor_initialized;
|
|
||||||
#else
|
|
||||||
#define OVERRIDE_GETTID 0
|
|
||||||
#endif
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#if OVERRIDE_GETTID
|
|
||||||
static pid_t gettid(void)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,55 +0,0 @@
|
|||||||
From be420729fbf4adc8b32ca3722fa6ca46bb51413d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Wed, 27 Feb 2019 09:37:17 +0100
|
|
||||||
Subject: [PATCH] Bring some old permission and flask constants back to Python
|
|
||||||
bindings
|
|
||||||
|
|
||||||
---
|
|
||||||
libselinux/src/selinuxswig.i | 4 ++++
|
|
||||||
libselinux/src/selinuxswig_python.i | 3 ++-
|
|
||||||
2 files changed, 6 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/selinuxswig.i b/libselinux/src/selinuxswig.i
|
|
||||||
index dbdb4c3d..9c5b9263 100644
|
|
||||||
--- a/libselinux/src/selinuxswig.i
|
|
||||||
+++ b/libselinux/src/selinuxswig.i
|
|
||||||
@@ -5,7 +5,9 @@
|
|
||||||
%module selinux
|
|
||||||
%{
|
|
||||||
#include "../include/selinux/avc.h"
|
|
||||||
+ #include "../include/selinux/av_permissions.h"
|
|
||||||
#include "../include/selinux/context.h"
|
|
||||||
+ #include "../include/selinux/flask.h"
|
|
||||||
#include "../include/selinux/get_context_list.h"
|
|
||||||
#include "../include/selinux/get_default_type.h"
|
|
||||||
#include "../include/selinux/label.h"
|
|
||||||
@@ -58,7 +60,9 @@
|
|
||||||
%ignore avc_netlink_check_nb;
|
|
||||||
|
|
||||||
%include "../include/selinux/avc.h"
|
|
||||||
+%include "../include/selinux/av_permissions.h"
|
|
||||||
%include "../include/selinux/context.h"
|
|
||||||
+%include "../include/selinux/flask.h"
|
|
||||||
%include "../include/selinux/get_context_list.h"
|
|
||||||
%include "../include/selinux/get_default_type.h"
|
|
||||||
%include "../include/selinux/label.h"
|
|
||||||
diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
|
|
||||||
index 4c73bf92..6eaab081 100644
|
|
||||||
--- a/libselinux/src/selinuxswig_python.i
|
|
||||||
+++ b/libselinux/src/selinuxswig_python.i
|
|
||||||
@@ -1,10 +1,11 @@
|
|
||||||
/* Author: James Athey
|
|
||||||
*/
|
|
||||||
|
|
||||||
-/* Never build rpm_execcon interface */
|
|
||||||
+/* Never build rpm_execcon interface unless you need to have ACG compatibility
|
|
||||||
#ifndef DISABLE_RPM
|
|
||||||
#define DISABLE_RPM
|
|
||||||
#endif
|
|
||||||
+*/
|
|
||||||
|
|
||||||
%module selinux
|
|
||||||
%{
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
|||||||
From 903c54bf62ffba3c95e22e74c9c43838cd3935a0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 28 Feb 2017 16:12:43 +0100
|
|
||||||
Subject: [PATCH] libselinux: add missing av_permission values
|
|
||||||
|
|
||||||
Add missing av_permission values to av_permissions.h for the sake of
|
|
||||||
completeness (this interface is obsolete - these values are now
|
|
||||||
obtained at runtime).
|
|
||||||
|
|
||||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1025931
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/include/selinux/av_permissions.h | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libselinux/include/selinux/av_permissions.h b/libselinux/include/selinux/av_permissions.h
|
|
||||||
index c1269af9..631f0276 100644
|
|
||||||
--- a/libselinux/include/selinux/av_permissions.h
|
|
||||||
+++ b/libselinux/include/selinux/av_permissions.h
|
|
||||||
@@ -876,6 +876,8 @@
|
|
||||||
#define NSCD__SHMEMHOST 0x00000080UL
|
|
||||||
#define NSCD__GETSERV 0x00000100UL
|
|
||||||
#define NSCD__SHMEMSERV 0x00000200UL
|
|
||||||
+#define NSCD__GETNETGRP 0x00000400UL
|
|
||||||
+#define NSCD__SHMEMNETGRP 0x00000800UL
|
|
||||||
#define ASSOCIATION__SENDTO 0x00000001UL
|
|
||||||
#define ASSOCIATION__RECVFROM 0x00000002UL
|
|
||||||
#define ASSOCIATION__SETCONTEXT 0x00000004UL
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,177 +0,0 @@
|
|||||||
From 67d490a38a319126f371eaf66a5fc922d7005b1f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Thu, 16 May 2019 15:01:59 +0200
|
|
||||||
Subject: [PATCH] libselinux: Use Python distutils to install SELinux python
|
|
||||||
bindings
|
|
||||||
|
|
||||||
SWIG-4.0 changed its behavior so that it uses: from . import _selinux which
|
|
||||||
looks for _selinux module in the same directory as where __init__.py is -
|
|
||||||
$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
|
|
||||||
$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
|
|
||||||
of _selinux.so").
|
|
||||||
|
|
||||||
In order to prevent such breakage in future use Python's distutils instead of
|
|
||||||
building and installing python bindings manually in Makefile.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
>>> import selinux
|
|
||||||
Traceback (most recent call last):
|
|
||||||
File "<stdin>", line 1, in <module>
|
|
||||||
File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
|
|
||||||
from . import _selinux
|
|
||||||
ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
|
|
||||||
>>>
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/.gitignore | 2 +-
|
|
||||||
libselinux/src/Makefile | 37 ++++++++-----------------------------
|
|
||||||
libselinux/src/setup.py | 24 ++++++++++++++++++++++++
|
|
||||||
3 files changed, 33 insertions(+), 30 deletions(-)
|
|
||||||
create mode 100644 libselinux/src/setup.py
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/.gitignore b/libselinux/src/.gitignore
|
|
||||||
index 4dcc3b3b..428afe5a 100644
|
|
||||||
--- a/libselinux/src/.gitignore
|
|
||||||
+++ b/libselinux/src/.gitignore
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
selinux.py
|
|
||||||
-selinuxswig_wrap.c
|
|
||||||
+selinuxswig_python_wrap.c
|
|
||||||
selinuxswig_python_exception.i
|
|
||||||
selinuxswig_ruby_wrap.c
|
|
||||||
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
|
|
||||||
index e9ed0383..826c830c 100644
|
|
||||||
--- a/libselinux/src/Makefile
|
|
||||||
+++ b/libselinux/src/Makefile
|
|
||||||
@@ -36,7 +36,7 @@ TARGET=libselinux.so
|
|
||||||
LIBPC=libselinux.pc
|
|
||||||
SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
|
|
||||||
SWIGRUBYIF= selinuxswig_ruby.i
|
|
||||||
-SWIGCOUT= selinuxswig_wrap.c
|
|
||||||
+SWIGCOUT= selinuxswig_python_wrap.c
|
|
||||||
SWIGPYOUT= selinux.py
|
|
||||||
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
|
|
||||||
SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
|
|
||||||
@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
|
|
||||||
LDLIBS_LIBSEPOLA := -l:libsepol.a
|
|
||||||
endif
|
|
||||||
|
|
||||||
-GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
|
|
||||||
+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
|
|
||||||
SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
|
|
||||||
|
|
||||||
MAX_STACK_SIZE=32768
|
|
||||||
@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
|
|
||||||
SRCS:= $(filter-out label_backends_android.c, $(SRCS))
|
|
||||||
endif
|
|
||||||
|
|
||||||
-SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
|
|
||||||
-
|
|
||||||
SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
|
|
||||||
|
|
||||||
all: $(LIBA) $(LIBSO) $(LIBPC)
|
|
||||||
|
|
||||||
-pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
|
|
||||||
+pywrap: all selinuxswig_python_exception.i
|
|
||||||
+ CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
|
|
||||||
|
|
||||||
rubywrap: all $(SWIGRUBYSO)
|
|
||||||
|
|
||||||
-$(SWIGLOBJ): $(SWIGCOUT)
|
|
||||||
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
|
|
||||||
-
|
|
||||||
$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
|
|
||||||
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
|
|
||||||
|
|
||||||
-$(SWIGSO): $(SWIGLOBJ)
|
|
||||||
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
|
|
||||||
-
|
|
||||||
$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
|
|
||||||
$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
|
|
||||||
|
|
||||||
@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
|
|
||||||
selinuxswig_python_exception.i: ../include/selinux/selinux.h
|
|
||||||
bash -e exception.sh > $@ || (rm -f $@ ; false)
|
|
||||||
|
|
||||||
-$(AUDIT2WHYLOBJ): audit2why.c
|
|
||||||
- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
|
|
||||||
-
|
|
||||||
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
|
|
||||||
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
|
|
||||||
-
|
|
||||||
%.o: %.c policy.h
|
|
||||||
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
|
|
||||||
|
|
||||||
%.lo: %.c policy.h
|
|
||||||
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
|
|
||||||
|
|
||||||
-$(SWIGCOUT): $(SWIGIF)
|
|
||||||
- $(SWIG) $<
|
|
||||||
-
|
|
||||||
-$(SWIGPYOUT): $(SWIGCOUT)
|
|
||||||
-
|
|
||||||
$(SWIGRUBYCOUT): $(SWIGRUBYIF)
|
|
||||||
$(SWIGRUBY) $<
|
|
||||||
|
|
||||||
-swigify: $(SWIGIF)
|
|
||||||
- $(SWIG) $<
|
|
||||||
-
|
|
||||||
install: all
|
|
||||||
test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
|
|
||||||
install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
|
|
||||||
@@ -194,10 +173,8 @@ install: all
|
|
||||||
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
|
|
||||||
|
|
||||||
install-pywrap: pywrap
|
|
||||||
- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
|
|
||||||
- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
|
|
||||||
- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
|
|
||||||
- install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
|
|
||||||
+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
|
|
||||||
+ install -m 644 selinux.py $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
|
|
||||||
|
|
||||||
install-rubywrap: rubywrap
|
|
||||||
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
|
|
||||||
@@ -208,6 +185,8 @@ relabel:
|
|
||||||
|
|
||||||
clean-pywrap:
|
|
||||||
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
|
|
||||||
+ $(PYTHON) setup.py clean
|
|
||||||
+ -rm -rf build *~ \#* *pyc .#*
|
|
||||||
|
|
||||||
clean-rubywrap:
|
|
||||||
-rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
|
|
||||||
diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..b12e7869
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/libselinux/src/setup.py
|
|
||||||
@@ -0,0 +1,24 @@
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
+
|
|
||||||
+from distutils.core import Extension, setup
|
|
||||||
+
|
|
||||||
+setup(
|
|
||||||
+ name="selinux",
|
|
||||||
+ version="2.9",
|
|
||||||
+ description="SELinux python 3 bindings",
|
|
||||||
+ author="SELinux Project",
|
|
||||||
+ author_email="selinux@vger.kernel.org",
|
|
||||||
+ ext_modules=[
|
|
||||||
+ Extension('selinux._selinux',
|
|
||||||
+ sources=['selinuxswig_python.i'],
|
|
||||||
+ include_dirs=['../include'],
|
|
||||||
+ library_dirs=['.'],
|
|
||||||
+ libraries=['selinux']),
|
|
||||||
+ Extension('selinux.audit2why',
|
|
||||||
+ sources=['audit2why.c'],
|
|
||||||
+ include_dirs=['../include'],
|
|
||||||
+ library_dirs=['.'],
|
|
||||||
+ libraries=['selinux'],
|
|
||||||
+ extra_link_args=['-l:libsepol.a'])
|
|
||||||
+ ],
|
|
||||||
+)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,44 +0,0 @@
|
|||||||
From 6ec8116ee64a25a0c5eb543f0b12ed25f1348c45 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Thu, 27 Jun 2019 11:17:13 +0200
|
|
||||||
Subject: [PATCH] libselinux: Do not use SWIG_CFLAGS when Python bindings are
|
|
||||||
built
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
https://rpmdiff.engineering.redhat.com/run/410372/7/
|
|
||||||
|
|
||||||
Detecting usr/lib64/python3.6/site-packages/selinux/audit2why.cpython-36m-x86_64-linux-gnu.so with not-hardened warnings '
|
|
||||||
Hardened: audit2why.cpython-36m-x86_64-linux-gnu.so: FAIL: Gaps were detected in the annobin coverage. Run with -v to list.
|
|
||||||
' on x86_64
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/Makefile | 5 +----
|
|
||||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
|
|
||||||
index 826c830c..f64f23a8 100644
|
|
||||||
--- a/libselinux/src/Makefile
|
|
||||||
+++ b/libselinux/src/Makefile
|
|
||||||
@@ -104,9 +104,6 @@ FTS_LDLIBS ?=
|
|
||||||
|
|
||||||
override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
|
|
||||||
|
|
||||||
-SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
|
|
||||||
- -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
|
|
||||||
-
|
|
||||||
RANLIB ?= ranlib
|
|
||||||
|
|
||||||
ARCH := $(patsubst i%86,i386,$(shell uname -m))
|
|
||||||
@@ -130,7 +127,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
|
|
||||||
all: $(LIBA) $(LIBSO) $(LIBPC)
|
|
||||||
|
|
||||||
pywrap: all selinuxswig_python_exception.i
|
|
||||||
- CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
|
|
||||||
+ $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
|
|
||||||
|
|
||||||
rubywrap: all $(SWIGRUBYSO)
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,66 +0,0 @@
|
|||||||
From 90a4f2b9a5194a2d1ab4c45b7a90bbb6c8099a68 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 2 Jul 2019 14:09:05 +0200
|
|
||||||
Subject: [PATCH] Fix mcstrans secolor examples
|
|
||||||
|
|
||||||
According to "check_dominance" function:
|
|
||||||
Range defined as "s15:c0.c1023" does not dominate any other range than
|
|
||||||
"s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.).
|
|
||||||
While range defined as "s15-s15:c0.c1023" dominates all of the above.
|
|
||||||
|
|
||||||
This is either a bug, or "s15:c0.c1023" should not be used in the
|
|
||||||
examples.
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/man/man5/secolor.conf.5 | 4 ++--
|
|
||||||
libselinux/man/ru/man5/secolor.conf.5 | 4 ++--
|
|
||||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/man/man5/secolor.conf.5 b/libselinux/man/man5/secolor.conf.5
|
|
||||||
index b834577a..a3bf2da1 100644
|
|
||||||
--- a/libselinux/man/man5/secolor.conf.5
|
|
||||||
+++ b/libselinux/man/man5/secolor.conf.5
|
|
||||||
@@ -123,7 +123,7 @@ range s7\-s7:c0.c1023 = black red
|
|
||||||
.br
|
|
||||||
range s9\-s9:c0.c1023 = black orange
|
|
||||||
.br
|
|
||||||
-range s15:c0.c1023 = black yellow
|
|
||||||
+range s15\-s15:c0.c1023 = black yellow
|
|
||||||
.RE
|
|
||||||
|
|
||||||
.sp
|
|
||||||
@@ -165,7 +165,7 @@ type xguest_t = black green
|
|
||||||
.br
|
|
||||||
user sysadm_u = white black
|
|
||||||
.br
|
|
||||||
-range s0:c0.c1023 = black white
|
|
||||||
+range s0-s0:c0.c1023 = black white
|
|
||||||
.br
|
|
||||||
user * = black white
|
|
||||||
.br
|
|
||||||
diff --git a/libselinux/man/ru/man5/secolor.conf.5 b/libselinux/man/ru/man5/secolor.conf.5
|
|
||||||
index 4c1236ae..bcae80c1 100644
|
|
||||||
--- a/libselinux/man/ru/man5/secolor.conf.5
|
|
||||||
+++ b/libselinux/man/ru/man5/secolor.conf.5
|
|
||||||
@@ -121,7 +121,7 @@ range s7\-s7:c0.c1023 = black red
|
|
||||||
.br
|
|
||||||
range s9\-s9:c0.c1023 = black orange
|
|
||||||
.br
|
|
||||||
-range s15:c0.c1023 = black yellow
|
|
||||||
+range s15\-s15:c0.c1023 = black yellow
|
|
||||||
.RE
|
|
||||||
|
|
||||||
.sp
|
|
||||||
@@ -163,7 +163,7 @@ type xguest_t = black green
|
|
||||||
.br
|
|
||||||
user sysadm_u = white black
|
|
||||||
.br
|
|
||||||
-range s0:c0.c1023 = black white
|
|
||||||
+range s0\-s0:c0.c1023 = black white
|
|
||||||
.br
|
|
||||||
user * = black white
|
|
||||||
.br
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,354 +0,0 @@
|
|||||||
From bfee1a3131580a7b9d8a7366764b8e78d99a9f1b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Mon, 17 Feb 2020 21:47:35 +0100
|
|
||||||
Subject: [PATCH] libselinux: Eliminate use of security_compute_user()
|
|
||||||
|
|
||||||
get_ordered_context_list() code used to ask the kernel to compute the complete
|
|
||||||
set of reachable contexts using /sys/fs/selinux/user aka
|
|
||||||
security_compute_user(). This set can be so huge so that it doesn't fit into a
|
|
||||||
kernel page and security_compute_user() fails. Even if it doesn't fail,
|
|
||||||
get_ordered_context_list() throws away the vast majority of the returned
|
|
||||||
contexts because they don't match anything in
|
|
||||||
/etc/selinux/targeted/contexts/default_contexts or
|
|
||||||
/etc/selinux/targeted/contexts/users/
|
|
||||||
|
|
||||||
get_ordered_context_list() is rewritten to compute set of contexts based on
|
|
||||||
/etc/selinux/targeted/contexts/users/ and
|
|
||||||
/etc/selinux/targeted/contexts/default_contexts files and to return only valid
|
|
||||||
contexts, using security_check_context(), from this set.
|
|
||||||
|
|
||||||
Fixes: https://github.com/SELinuxProject/selinux/issues/28
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/get_context_list.c | 212 +++++++++++++-----------------
|
|
||||||
1 file changed, 93 insertions(+), 119 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
|
|
||||||
index 689e4658..26d7b3b9 100644
|
|
||||||
--- a/libselinux/src/get_context_list.c
|
|
||||||
+++ b/libselinux/src/get_context_list.c
|
|
||||||
@@ -2,6 +2,7 @@
|
|
||||||
#include <errno.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdio_ext.h>
|
|
||||||
+#include <stdint.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
@@ -114,64 +115,41 @@ int get_default_context(const char *user,
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int find_partialcon(char ** list,
|
|
||||||
- unsigned int nreach, char *part)
|
|
||||||
+static int is_in_reachable(char **reachable, const char *usercon_str)
|
|
||||||
{
|
|
||||||
- const char *conrole, *contype;
|
|
||||||
- char *partrole, *parttype, *ptr;
|
|
||||||
- context_t con;
|
|
||||||
- unsigned int i;
|
|
||||||
+ if (!reachable)
|
|
||||||
+ return 0;
|
|
||||||
|
|
||||||
- partrole = part;
|
|
||||||
- ptr = part;
|
|
||||||
- while (*ptr && !isspace(*ptr) && *ptr != ':')
|
|
||||||
- ptr++;
|
|
||||||
- if (*ptr != ':')
|
|
||||||
- return -1;
|
|
||||||
- *ptr++ = 0;
|
|
||||||
- parttype = ptr;
|
|
||||||
- while (*ptr && !isspace(*ptr) && *ptr != ':')
|
|
||||||
- ptr++;
|
|
||||||
- *ptr = 0;
|
|
||||||
-
|
|
||||||
- for (i = 0; i < nreach; i++) {
|
|
||||||
- con = context_new(list[i]);
|
|
||||||
- if (!con)
|
|
||||||
- return -1;
|
|
||||||
- conrole = context_role_get(con);
|
|
||||||
- contype = context_type_get(con);
|
|
||||||
- if (!conrole || !contype) {
|
|
||||||
- context_free(con);
|
|
||||||
- return -1;
|
|
||||||
- }
|
|
||||||
- if (!strcmp(conrole, partrole) && !strcmp(contype, parttype)) {
|
|
||||||
- context_free(con);
|
|
||||||
- return i;
|
|
||||||
+ for (; *reachable != NULL; reachable++) {
|
|
||||||
+ if (strcmp(*reachable, usercon_str) == 0) {
|
|
||||||
+ return 1;
|
|
||||||
}
|
|
||||||
- context_free(con);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- return -1;
|
|
||||||
+ return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int get_context_order(FILE * fp,
|
|
||||||
+static int get_context_user(FILE * fp,
|
|
||||||
char * fromcon,
|
|
||||||
- char ** reachable,
|
|
||||||
- unsigned int nreach,
|
|
||||||
- unsigned int *ordering, unsigned int *nordered)
|
|
||||||
+ const char * user,
|
|
||||||
+ char ***reachable,
|
|
||||||
+ unsigned int *nreachable)
|
|
||||||
{
|
|
||||||
char *start, *end = NULL;
|
|
||||||
char *line = NULL;
|
|
||||||
- size_t line_len = 0;
|
|
||||||
+ size_t line_len = 0, usercon_len;
|
|
||||||
+ size_t user_len = strlen(user);
|
|
||||||
ssize_t len;
|
|
||||||
int found = 0;
|
|
||||||
- const char *fromrole, *fromtype;
|
|
||||||
+ const char *fromrole, *fromtype, *fromlevel;
|
|
||||||
char *linerole, *linetype;
|
|
||||||
- unsigned int i;
|
|
||||||
+ char **new_reachable = NULL;
|
|
||||||
+ char *usercon_str;
|
|
||||||
context_t con;
|
|
||||||
+ context_t usercon;
|
|
||||||
+
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
- errno = -EINVAL;
|
|
||||||
+ errno = EINVAL;
|
|
||||||
|
|
||||||
/* Extract the role and type of the fromcon for matching.
|
|
||||||
User identity and MLS range can be variable. */
|
|
||||||
@@ -180,6 +158,7 @@ static int get_context_order(FILE * fp,
|
|
||||||
return -1;
|
|
||||||
fromrole = context_role_get(con);
|
|
||||||
fromtype = context_type_get(con);
|
|
||||||
+ fromlevel = context_range_get(con);
|
|
||||||
if (!fromrole || !fromtype) {
|
|
||||||
context_free(con);
|
|
||||||
return -1;
|
|
||||||
@@ -243,23 +222,75 @@ static int get_context_order(FILE * fp,
|
|
||||||
if (*end)
|
|
||||||
*end++ = 0;
|
|
||||||
|
|
||||||
- /* Check for a match in the reachable list. */
|
|
||||||
- rc = find_partialcon(reachable, nreach, start);
|
|
||||||
- if (rc < 0) {
|
|
||||||
- /* No match, skip it. */
|
|
||||||
+ /* Check whether a new context is valid */
|
|
||||||
+ if (SIZE_MAX - user_len < strlen(start) + 2) {
|
|
||||||
+ fprintf(stderr, "%s: one of partial contexts is too big\n", __FUNCTION__);
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ rc = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ usercon_len = user_len + strlen(start) + 2;
|
|
||||||
+ usercon_str = malloc(usercon_len);
|
|
||||||
+ if (!usercon_str) {
|
|
||||||
+ rc = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* set range from fromcon in the new usercon */
|
|
||||||
+ snprintf(usercon_str, usercon_len, "%s:%s", user, start);
|
|
||||||
+ usercon = context_new(usercon_str);
|
|
||||||
+ if (!usercon) {
|
|
||||||
+ if (errno != EINVAL) {
|
|
||||||
+ free(usercon_str);
|
|
||||||
+ rc = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ fprintf(stderr,
|
|
||||||
+ "%s: can't create a context from %s, skipping\n",
|
|
||||||
+ __FUNCTION__, usercon_str);
|
|
||||||
+ free(usercon_str);
|
|
||||||
start = end;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
+ free(usercon_str);
|
|
||||||
+ if (context_range_set(usercon, fromlevel) != 0) {
|
|
||||||
+ context_free(usercon);
|
|
||||||
+ rc = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ usercon_str = context_str(usercon);
|
|
||||||
+ if (!usercon_str) {
|
|
||||||
+ context_free(usercon);
|
|
||||||
+ rc = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- /* If a match is found and the entry is not already ordered
|
|
||||||
- (e.g. due to prior match in prior config file), then set
|
|
||||||
- the ordering for it. */
|
|
||||||
- i = rc;
|
|
||||||
- if (ordering[i] == nreach)
|
|
||||||
- ordering[i] = (*nordered)++;
|
|
||||||
+ /* check whether usercon is already in reachable */
|
|
||||||
+ if (is_in_reachable(*reachable, usercon_str)) {
|
|
||||||
+ context_free(usercon);
|
|
||||||
+ start = end;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ if (security_check_context(usercon_str) == 0) {
|
|
||||||
+ new_reachable = realloc(*reachable, (*nreachable + 2) * sizeof(char *));
|
|
||||||
+ if (!new_reachable) {
|
|
||||||
+ context_free(usercon);
|
|
||||||
+ rc = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ *reachable = new_reachable;
|
|
||||||
+ new_reachable[*nreachable] = strdup(usercon_str);
|
|
||||||
+ if (new_reachable[*nreachable] == NULL) {
|
|
||||||
+ context_free(usercon);
|
|
||||||
+ rc = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ new_reachable[*nreachable + 1] = 0;
|
|
||||||
+ *nreachable += 1;
|
|
||||||
+ }
|
|
||||||
+ context_free(usercon);
|
|
||||||
start = end;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
rc = 0;
|
|
||||||
|
|
||||||
out:
|
|
||||||
@@ -313,21 +344,6 @@ static int get_failsafe_context(const char *user, char ** newcon)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-struct context_order {
|
|
||||||
- char * con;
|
|
||||||
- unsigned int order;
|
|
||||||
-};
|
|
||||||
-
|
|
||||||
-static int order_compare(const void *A, const void *B)
|
|
||||||
-{
|
|
||||||
- const struct context_order *c1 = A, *c2 = B;
|
|
||||||
- if (c1->order < c2->order)
|
|
||||||
- return -1;
|
|
||||||
- else if (c1->order > c2->order)
|
|
||||||
- return 1;
|
|
||||||
- return strcmp(c1->con, c2->con);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
int get_ordered_context_list_with_level(const char *user,
|
|
||||||
const char *level,
|
|
||||||
char * fromcon,
|
|
||||||
@@ -395,11 +411,8 @@ int get_ordered_context_list(const char *user,
|
|
||||||
char *** list)
|
|
||||||
{
|
|
||||||
char **reachable = NULL;
|
|
||||||
- unsigned int *ordering = NULL;
|
|
||||||
- struct context_order *co = NULL;
|
|
||||||
- char **ptr;
|
|
||||||
int rc = 0;
|
|
||||||
- unsigned int nreach = 0, nordered = 0, freefrom = 0, i;
|
|
||||||
+ unsigned nreachable = 0, freefrom = 0;
|
|
||||||
FILE *fp;
|
|
||||||
char *fname = NULL;
|
|
||||||
size_t fname_len;
|
|
||||||
@@ -413,23 +426,6 @@ int get_ordered_context_list(const char *user,
|
|
||||||
freefrom = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* Determine the set of reachable contexts for the user. */
|
|
||||||
- rc = security_compute_user(fromcon, user, &reachable);
|
|
||||||
- if (rc < 0)
|
|
||||||
- goto failsafe;
|
|
||||||
- nreach = 0;
|
|
||||||
- for (ptr = reachable; *ptr; ptr++)
|
|
||||||
- nreach++;
|
|
||||||
- if (!nreach)
|
|
||||||
- goto failsafe;
|
|
||||||
-
|
|
||||||
- /* Initialize ordering array. */
|
|
||||||
- ordering = malloc(nreach * sizeof(unsigned int));
|
|
||||||
- if (!ordering)
|
|
||||||
- goto failsafe;
|
|
||||||
- for (i = 0; i < nreach; i++)
|
|
||||||
- ordering[i] = nreach;
|
|
||||||
-
|
|
||||||
/* Determine the ordering to apply from the optional per-user config
|
|
||||||
and from the global config. */
|
|
||||||
fname_len = strlen(user_contexts_path) + strlen(user) + 2;
|
|
||||||
@@ -440,8 +436,8 @@ int get_ordered_context_list(const char *user,
|
|
||||||
fp = fopen(fname, "re");
|
|
||||||
if (fp) {
|
|
||||||
__fsetlocking(fp, FSETLOCKING_BYCALLER);
|
|
||||||
- rc = get_context_order(fp, fromcon, reachable, nreach, ordering,
|
|
||||||
- &nordered);
|
|
||||||
+ rc = get_context_user(fp, fromcon, user, &reachable, &nreachable);
|
|
||||||
+
|
|
||||||
fclose(fp);
|
|
||||||
if (rc < 0 && errno != ENOENT) {
|
|
||||||
fprintf(stderr,
|
|
||||||
@@ -454,8 +450,7 @@ int get_ordered_context_list(const char *user,
|
|
||||||
fp = fopen(selinux_default_context_path(), "re");
|
|
||||||
if (fp) {
|
|
||||||
__fsetlocking(fp, FSETLOCKING_BYCALLER);
|
|
||||||
- rc = get_context_order(fp, fromcon, reachable, nreach, ordering,
|
|
||||||
- &nordered);
|
|
||||||
+ rc = get_context_user(fp, fromcon, user, &reachable, &nreachable);
|
|
||||||
fclose(fp);
|
|
||||||
if (rc < 0 && errno != ENOENT) {
|
|
||||||
fprintf(stderr,
|
|
||||||
@@ -463,40 +458,19 @@ int get_ordered_context_list(const char *user,
|
|
||||||
__FUNCTION__, selinux_default_context_path());
|
|
||||||
/* Fall through */
|
|
||||||
}
|
|
||||||
- rc = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (!nordered)
|
|
||||||
+ if (!nreachable)
|
|
||||||
goto failsafe;
|
|
||||||
|
|
||||||
- /* Apply the ordering. */
|
|
||||||
- co = malloc(nreach * sizeof(struct context_order));
|
|
||||||
- if (!co)
|
|
||||||
- goto failsafe;
|
|
||||||
- for (i = 0; i < nreach; i++) {
|
|
||||||
- co[i].con = reachable[i];
|
|
||||||
- co[i].order = ordering[i];
|
|
||||||
- }
|
|
||||||
- qsort(co, nreach, sizeof(struct context_order), order_compare);
|
|
||||||
- for (i = 0; i < nreach; i++)
|
|
||||||
- reachable[i] = co[i].con;
|
|
||||||
- free(co);
|
|
||||||
-
|
|
||||||
- /* Only report the ordered entries to the caller. */
|
|
||||||
- if (nordered <= nreach) {
|
|
||||||
- for (i = nordered; i < nreach; i++)
|
|
||||||
- free(reachable[i]);
|
|
||||||
- reachable[nordered] = NULL;
|
|
||||||
- rc = nordered;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
out:
|
|
||||||
- if (rc > 0)
|
|
||||||
+ if (nreachable > 0) {
|
|
||||||
*list = reachable;
|
|
||||||
+ rc = nreachable;
|
|
||||||
+ }
|
|
||||||
else
|
|
||||||
freeconary(reachable);
|
|
||||||
|
|
||||||
- free(ordering);
|
|
||||||
if (freefrom)
|
|
||||||
freecon(fromcon);
|
|
||||||
|
|
||||||
@@ -519,7 +493,7 @@ int get_ordered_context_list(const char *user,
|
|
||||||
reachable = NULL;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- rc = 1; /* one context in the list */
|
|
||||||
+ nreachable = 1; /* one context in the list */
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.25.4
|
|
||||||
|
|
@ -1,168 +0,0 @@
|
|||||||
From d4c22fcd5943fe35db648dee971f631d40b3eb94 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stephen Smalley <sds@tycho.nsa.gov>
|
|
||||||
Date: Thu, 20 Feb 2020 10:40:19 -0500
|
|
||||||
Subject: [PATCH] libselinux: deprecate security_compute_user(), update man
|
|
||||||
pages
|
|
||||||
|
|
||||||
commit 1f89c4e7879fcf6da5d8d1b025dcc03371f30fc9 ("libselinux: Eliminate
|
|
||||||
use of security_compute_user()") eliminated the use of
|
|
||||||
security_compute_user() by get_ordered_context_list(). Deprecate
|
|
||||||
all use of security_compute_user() by updating the headers and man
|
|
||||||
pages and logging a warning message on any calls to it. Remove
|
|
||||||
the example utility that called the interface. While here, also
|
|
||||||
fix the documentation of correct usage of the user argument to these
|
|
||||||
interfaces.
|
|
||||||
|
|
||||||
Fixes: https://github.com/SELinuxProject/selinux/issues/70
|
|
||||||
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
||||||
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/include/selinux/selinux.h | 8 +++-
|
|
||||||
.../man/man3/get_ordered_context_list.3 | 24 +++++++++---
|
|
||||||
libselinux/man/man3/security_compute_av.3 | 5 ++-
|
|
||||||
libselinux/src/compute_user.c | 3 ++
|
|
||||||
libselinux/utils/compute_user.c | 38 -------------------
|
|
||||||
5 files changed, 31 insertions(+), 47 deletions(-)
|
|
||||||
delete mode 100644 libselinux/utils/compute_user.c
|
|
||||||
|
|
||||||
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
|
|
||||||
index a34d54fc..a5ada324 100644
|
|
||||||
--- a/libselinux/include/selinux/selinux.h
|
|
||||||
+++ b/libselinux/include/selinux/selinux.h
|
|
||||||
@@ -246,8 +246,12 @@ extern int security_compute_member_raw(const char * scon,
|
|
||||||
security_class_t tclass,
|
|
||||||
char ** newcon);
|
|
||||||
|
|
||||||
-/* Compute the set of reachable user contexts and set *con to refer to
|
|
||||||
- the NULL-terminated array of contexts. Caller must free via freeconary. */
|
|
||||||
+/*
|
|
||||||
+ * Compute the set of reachable user contexts and set *con to refer to
|
|
||||||
+ * the NULL-terminated array of contexts. Caller must free via freeconary.
|
|
||||||
+ * These interfaces are deprecated. Use get_ordered_context_list() or
|
|
||||||
+ * one of its variant interfaces instead.
|
|
||||||
+ */
|
|
||||||
extern int security_compute_user(const char * scon,
|
|
||||||
const char *username,
|
|
||||||
char *** con);
|
|
||||||
diff --git a/libselinux/man/man3/get_ordered_context_list.3 b/libselinux/man/man3/get_ordered_context_list.3
|
|
||||||
index e084da40..3ed14a96 100644
|
|
||||||
--- a/libselinux/man/man3/get_ordered_context_list.3
|
|
||||||
+++ b/libselinux/man/man3/get_ordered_context_list.3
|
|
||||||
@@ -26,14 +26,28 @@ get_ordered_context_list, get_ordered_context_list_with_level, get_default_conte
|
|
||||||
.BI "int get_default_type(const char *" role ", char **" type );
|
|
||||||
.
|
|
||||||
.SH "DESCRIPTION"
|
|
||||||
+
|
|
||||||
+This family of functions can be used to obtain either a prioritized list of
|
|
||||||
+all reachable security contexts for a given SELinux user or a single default
|
|
||||||
+(highest priority) context for a given SELinux user for use by login-like
|
|
||||||
+programs. These functions takes a SELinux user identity that must
|
|
||||||
+be defined in the SELinux policy as their input, not a Linux username.
|
|
||||||
+Most callers should typically first call
|
|
||||||
+.BR getseuserbyname(3)
|
|
||||||
+to look up the SELinux user identity and level for a given
|
|
||||||
+Linux username and then invoke one of
|
|
||||||
+.BR get_ordered_context_list_with_level ()
|
|
||||||
+or
|
|
||||||
+.BR get_default_context_with_level ()
|
|
||||||
+with the returned SELinux user and level as inputs.
|
|
||||||
+
|
|
||||||
.BR get_ordered_context_list ()
|
|
||||||
-invokes the
|
|
||||||
-.BR security_compute_user (3)
|
|
||||||
-function to obtain the list of contexts for the specified
|
|
||||||
+obtains the list of contexts for the specified
|
|
||||||
+SELinux
|
|
||||||
.I user
|
|
||||||
-that are reachable from the specified
|
|
||||||
+identity that are reachable from the specified
|
|
||||||
.I fromcon
|
|
||||||
-context. The function then orders the resulting list based on the global
|
|
||||||
+context based on the global
|
|
||||||
.I \%/etc/selinux/{SELINUXTYPE}/contexts/default_contexts
|
|
||||||
file and the per-user
|
|
||||||
.I \%/etc/selinux/{SELINUXTYPE}/contexts/users/<username>
|
|
||||||
diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3
|
|
||||||
index 2aade5fe..8e1f746a 100644
|
|
||||||
--- a/libselinux/man/man3/security_compute_av.3
|
|
||||||
+++ b/libselinux/man/man3/security_compute_av.3
|
|
||||||
@@ -97,8 +97,9 @@ instance.
|
|
||||||
|
|
||||||
.BR security_compute_user ()
|
|
||||||
is used to determine the set of user contexts that can be reached from a
|
|
||||||
-source context. It is mainly used by
|
|
||||||
-.BR get_ordered_context_list ().
|
|
||||||
+source context. This function is deprecated; use
|
|
||||||
+.BR get_ordered_context_list (3)
|
|
||||||
+instead.
|
|
||||||
|
|
||||||
.BR security_get_initial_context ()
|
|
||||||
is used to get the context of a kernel initial security identifier specified by
|
|
||||||
diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
|
|
||||||
index 401fd107..0f55de84 100644
|
|
||||||
--- a/libselinux/src/compute_user.c
|
|
||||||
+++ b/libselinux/src/compute_user.c
|
|
||||||
@@ -8,6 +8,7 @@
|
|
||||||
#include "selinux_internal.h"
|
|
||||||
#include "policy.h"
|
|
||||||
#include <limits.h>
|
|
||||||
+#include "callbacks.h"
|
|
||||||
|
|
||||||
int security_compute_user_raw(const char * scon,
|
|
||||||
const char *user, char *** con)
|
|
||||||
@@ -24,6 +25,8 @@ int security_compute_user_raw(const char * scon,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ selinux_log(SELINUX_WARNING, "Direct use of security_compute_user() is deprecated, switch to get_ordered_context_list()\n");
|
|
||||||
+
|
|
||||||
if (! scon) {
|
|
||||||
errno=EINVAL;
|
|
||||||
return -1;
|
|
||||||
diff --git a/libselinux/utils/compute_user.c b/libselinux/utils/compute_user.c
|
|
||||||
deleted file mode 100644
|
|
||||||
index cae62b26..00000000
|
|
||||||
--- a/libselinux/utils/compute_user.c
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,38 +0,0 @@
|
|
||||||
-#include <unistd.h>
|
|
||||||
-#include <sys/types.h>
|
|
||||||
-#include <fcntl.h>
|
|
||||||
-#include <stdio.h>
|
|
||||||
-#include <stdlib.h>
|
|
||||||
-#include <errno.h>
|
|
||||||
-#include <string.h>
|
|
||||||
-#include <ctype.h>
|
|
||||||
-#include <selinux/selinux.h>
|
|
||||||
-
|
|
||||||
-int main(int argc, char **argv)
|
|
||||||
-{
|
|
||||||
- char **buf, **ptr;
|
|
||||||
- int ret;
|
|
||||||
-
|
|
||||||
- if (argc != 3) {
|
|
||||||
- fprintf(stderr, "usage: %s context user\n", argv[0]);
|
|
||||||
- exit(1);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- ret = security_compute_user(argv[1], argv[2], &buf);
|
|
||||||
- if (ret < 0) {
|
|
||||||
- fprintf(stderr, "%s: security_compute_user(%s,%s) failed\n",
|
|
||||||
- argv[0], argv[1], argv[2]);
|
|
||||||
- exit(2);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (!buf[0]) {
|
|
||||||
- printf("none\n");
|
|
||||||
- exit(0);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- for (ptr = buf; *ptr; ptr++) {
|
|
||||||
- printf("%s\n", *ptr);
|
|
||||||
- }
|
|
||||||
- freeconary(buf);
|
|
||||||
- exit(0);
|
|
||||||
-}
|
|
||||||
--
|
|
||||||
2.25.4
|
|
||||||
|
|
@ -1,39 +0,0 @@
|
|||||||
From c556c6ad0b94cf3ba4b441a1a0930f2468434227 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Wed, 10 Feb 2021 18:05:29 +0100
|
|
||||||
Subject: [PATCH] selinux(8,5): Describe fcontext regular expressions
|
|
||||||
|
|
||||||
Describe which type of regular expression is used in file context
|
|
||||||
definitions and which flags are in effect.
|
|
||||||
|
|
||||||
Explain how local file context modifications are processed.
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/man/man5/selabel_file.5 | 9 ++++++++-
|
|
||||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/man/man5/selabel_file.5 b/libselinux/man/man5/selabel_file.5
|
|
||||||
index e97bd826..baba7776 100644
|
|
||||||
--- a/libselinux/man/man5/selabel_file.5
|
|
||||||
+++ b/libselinux/man/man5/selabel_file.5
|
|
||||||
@@ -125,7 +125,14 @@ Where:
|
|
||||||
.RS
|
|
||||||
.I pathname
|
|
||||||
.RS
|
|
||||||
-An entry that defines the pathname that may be in the form of a regular expression.
|
|
||||||
+An entry that defines the path to be labeled.
|
|
||||||
+May contain either a fully qualified path,
|
|
||||||
+or a Perl compatible regular expression (PCRE),
|
|
||||||
+describing fully qualified path(s).
|
|
||||||
+The only PCRE flag in use is PCRE2_DOTALL,
|
|
||||||
+which causes a wildcard '.' to match anything, including a new line.
|
|
||||||
+Strings representing paths are processed as bytes (as opposed to Unicode),
|
|
||||||
+meaning that non-ASCII characters are not matched by a single wildcard.
|
|
||||||
.RE
|
|
||||||
.I file_type
|
|
||||||
.RS
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,88 +0,0 @@
|
|||||||
From 9bf63bb85d4d2cab73181ee1d8d0b07961ce4a80 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Thu, 17 Feb 2022 14:14:15 +0100
|
|
||||||
Subject: [PATCH] libselinux: Strip spaces before values in config
|
|
||||||
|
|
||||||
Spaces before values in /etc/selinux/config should be ignored just as
|
|
||||||
spaces after them are.
|
|
||||||
|
|
||||||
E.g. "SELINUXTYPE= targeted" should be a valid value.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
# sed -i 's/^SELINUXTYPE=/SELINUXTYPE= /g' /etc/selinux/config
|
|
||||||
# dnf install <any_package>
|
|
||||||
...
|
|
||||||
RPM: error: selabel_open: (/etc/selinux/ targeted/contexts/files/file_contexts) No such file or directory
|
|
||||||
RPM: error: Plugin selinux: hook tsm_pre failed
|
|
||||||
...
|
|
||||||
Error: Could not run transaction.
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/selinux_config.c | 17 +++++++++++++----
|
|
||||||
1 file changed, 13 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
|
|
||||||
index b06cb63b..0892b87c 100644
|
|
||||||
--- a/libselinux/src/selinux_config.c
|
|
||||||
+++ b/libselinux/src/selinux_config.c
|
|
||||||
@@ -91,6 +91,7 @@ int selinux_getenforcemode(int *enforce)
|
|
||||||
FILE *cfg = fopen(SELINUXCONFIG, "re");
|
|
||||||
if (cfg) {
|
|
||||||
char *buf;
|
|
||||||
+ char *tag;
|
|
||||||
int len = sizeof(SELINUXTAG) - 1;
|
|
||||||
buf = malloc(selinux_page_size);
|
|
||||||
if (!buf) {
|
|
||||||
@@ -100,21 +101,24 @@ int selinux_getenforcemode(int *enforce)
|
|
||||||
while (fgets_unlocked(buf, selinux_page_size, cfg)) {
|
|
||||||
if (strncmp(buf, SELINUXTAG, len))
|
|
||||||
continue;
|
|
||||||
+ tag = buf+len;
|
|
||||||
+ while (isspace(*tag))
|
|
||||||
+ tag++;
|
|
||||||
if (!strncasecmp
|
|
||||||
- (buf + len, "enforcing", sizeof("enforcing") - 1)) {
|
|
||||||
+ (tag, "enforcing", sizeof("enforcing") - 1)) {
|
|
||||||
*enforce = 1;
|
|
||||||
ret = 0;
|
|
||||||
break;
|
|
||||||
} else
|
|
||||||
if (!strncasecmp
|
|
||||||
- (buf + len, "permissive",
|
|
||||||
+ (tag, "permissive",
|
|
||||||
sizeof("permissive") - 1)) {
|
|
||||||
*enforce = 0;
|
|
||||||
ret = 0;
|
|
||||||
break;
|
|
||||||
} else
|
|
||||||
if (!strncasecmp
|
|
||||||
- (buf + len, "disabled",
|
|
||||||
+ (tag, "disabled",
|
|
||||||
sizeof("disabled") - 1)) {
|
|
||||||
*enforce = -1;
|
|
||||||
ret = 0;
|
|
||||||
@@ -177,7 +181,10 @@ static void init_selinux_config(void)
|
|
||||||
|
|
||||||
if (!strncasecmp(buf_p, SELINUXTYPETAG,
|
|
||||||
sizeof(SELINUXTYPETAG) - 1)) {
|
|
||||||
- type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
|
|
||||||
+ buf_p += sizeof(SELINUXTYPETAG) - 1;
|
|
||||||
+ while (isspace(*buf_p))
|
|
||||||
+ buf_p++;
|
|
||||||
+ type = strdup(buf_p);
|
|
||||||
if (!type)
|
|
||||||
return;
|
|
||||||
end = type + strlen(type) - 1;
|
|
||||||
@@ -199,6 +206,8 @@ static void init_selinux_config(void)
|
|
||||||
} else if (!strncmp(buf_p, REQUIRESEUSERS,
|
|
||||||
sizeof(REQUIRESEUSERS) - 1)) {
|
|
||||||
value = buf_p + sizeof(REQUIRESEUSERS) - 1;
|
|
||||||
+ while (isspace(*value))
|
|
||||||
+ value++;
|
|
||||||
intptr = &require_seusers;
|
|
||||||
} else {
|
|
||||||
continue;
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,46 +0,0 @@
|
|||||||
From 9a04499cebedac3f585c0240e6cf68f786ae62b7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Mon, 31 Oct 2022 17:00:43 +0100
|
|
||||||
Subject: [PATCH] libselinux: Ignore missing directories when -i is used
|
|
||||||
|
|
||||||
Currently "-i" only ignores a file whose parent directory exists. Start also
|
|
||||||
ignoring paths with missing components.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
# restorecon -i -v -R /var/log/missingdir/missingfile; echo $?
|
|
||||||
255
|
|
||||||
restorecon: SELinux: Could not get canonical path for /var/log/missingdir/missingfile restorecon: No such file or directory.
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/selinux_restorecon.c | 7 +++++++
|
|
||||||
1 file changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
|
||||||
index 5f189235..2ff73db6 100644
|
|
||||||
--- a/libselinux/src/selinux_restorecon.c
|
|
||||||
+++ b/libselinux/src/selinux_restorecon.c
|
|
||||||
@@ -820,6 +820,10 @@ int selinux_restorecon(const char *pathname_orig,
|
|
||||||
pathname = realpath(pathname_orig, NULL);
|
|
||||||
if (!pathname) {
|
|
||||||
free(basename_cpy);
|
|
||||||
+ /* missing parent directory */
|
|
||||||
+ if (flags.ignore_noent && errno == ENOENT) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
goto realpatherr;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
@@ -833,6 +837,9 @@ int selinux_restorecon(const char *pathname_orig,
|
|
||||||
free(dirname_cpy);
|
|
||||||
if (!pathdnamer) {
|
|
||||||
free(basename_cpy);
|
|
||||||
+ if (flags.ignore_noent && errno == ENOENT) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
goto realpatherr;
|
|
||||||
}
|
|
||||||
if (!strcmp(pathdnamer, "/"))
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
|||||||
From 599f1ec818d50ffc9690fea8c03b5fe278f30ed4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Wed, 7 Dec 2022 09:19:29 +0100
|
|
||||||
Subject: [PATCH] libselinux/restorecon: Fix memory leak - xattr_value
|
|
||||||
|
|
||||||
Fix memory leak introduced by commit
|
|
||||||
9a04499cebedac3f585c0240e6cf68f786ae62b7
|
|
||||||
libselinux: Ignore missing directories when -i is used
|
|
||||||
|
|
||||||
Error: RESOURCE_LEAK:
|
|
||||||
selinux_restorecon.c:804: alloc_fn: Storage is returned from allocation function "malloc".
|
|
||||||
selinux_restorecon.c:804: var_assign: Assigning: "xattr_value" = storage returned from "malloc(fc_digest_len)".
|
|
||||||
selinux_restorecon.c:825: leaked_storage: Variable "xattr_value" going out of scope leaks the storage it points to.
|
|
||||||
|
|
||||||
Resolves: rhbz#2137965
|
|
||||||
---
|
|
||||||
libselinux/src/selinux_restorecon.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
|
||||||
index 2ff73db6..b3702764 100644
|
|
||||||
--- a/libselinux/src/selinux_restorecon.c
|
|
||||||
+++ b/libselinux/src/selinux_restorecon.c
|
|
||||||
@@ -822,6 +822,7 @@ int selinux_restorecon(const char *pathname_orig,
|
|
||||||
free(basename_cpy);
|
|
||||||
/* missing parent directory */
|
|
||||||
if (flags.ignore_noent && errno == ENOENT) {
|
|
||||||
+ free(xattr_value);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
goto realpatherr;
|
|
||||||
@@ -838,6 +839,7 @@ int selinux_restorecon(const char *pathname_orig,
|
|
||||||
if (!pathdnamer) {
|
|
||||||
free(basename_cpy);
|
|
||||||
if (flags.ignore_noent && errno == ENOENT) {
|
|
||||||
+ free(xattr_value);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
goto realpatherr;
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
24
STAGE1-libselinux
Normal file
24
STAGE1-libselinux
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
# TLSFLAGS are set in order to avoid a bogus check in
|
||||||
|
# libselinux/src/Makefile.
|
||||||
|
srpm libselinux
|
||||||
|
mcd $BUILDDIR/t-libselinux
|
||||||
|
rsync -av $SRC/libselinux*/ ./
|
||||||
|
# libselinux uses $prefix/include for both -I and *.pc, which
|
||||||
|
# prevents cross compiling.
|
||||||
|
sed 's@-I$(INCLUDEDIR)@@' < src/Makefile > src/Makefile.stage1
|
||||||
|
mv src/Makefile.stage1 src/Makefile
|
||||||
|
make $J \
|
||||||
|
CC=${TARGET}-gcc \
|
||||||
|
AS=${TARGET}-as \
|
||||||
|
AR=${TARGET}-ar \
|
||||||
|
STRIP=${TARGET}-strip \
|
||||||
|
RANLIB=${TARGET}-ranlib \
|
||||||
|
CFLAGS="" \
|
||||||
|
TLSFLAGS="" \
|
||||||
|
all
|
||||||
|
ARGS="DESTDIR=${ROOTFS}"
|
||||||
|
if [ "$SUFFIX" = "64" ]
|
||||||
|
then
|
||||||
|
ARGS="$ARGS LIBDIR=${ROOTFS}/usr/lib64 SHLIBDIR=${ROOTFS}/usr/lib64"
|
||||||
|
fi
|
||||||
|
make $J $ARGS install
|
321
bachradsusi.gpg
Normal file
321
bachradsusi.gpg
Normal file
@ -0,0 +1,321 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno
|
||||||
|
qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A
|
||||||
|
vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3
|
||||||
|
K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU
|
||||||
|
lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw
|
||||||
|
CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K
|
||||||
|
AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et
|
||||||
|
3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi
|
||||||
|
kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX
|
||||||
|
TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW
|
||||||
|
Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB
|
||||||
|
tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6JAjgEEwECACIF
|
||||||
|
Ak97JQcCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGOorUuYLENzy1MP
|
||||||
|
/2c4fH8eXWbqoot/vLE+hJ14k0leYOQhVSo4lNlxRlbKNd5MQSX/QjkQgJNECbB3
|
||||||
|
LM0KxE/zwVOZ+umvmxLxNskOxjubE6NzoF7Sm9ydoqjwzenIpR9BVtg71mfjBOoL
|
||||||
|
PNrst7tHRE5btSnnnOS9ddt/y9JOIvQpkjtBTI2TfVcp2b4Domg7i4qU/hJ7hu45
|
||||||
|
5oAi6rPPkr0pcGiDKTqi46l7+9orsj9Mxs1XTmrTMMB/eV6PCU7Fo4WJNXS8SXd3
|
||||||
|
sEVxXvpyYjUTTnDuewjT1q8NL7anrsckS16WYSVGKzRhqtP1Vudt1F/D5cWKVqQp
|
||||||
|
vQl/XW/uQS2IsgEWsbRmIAEZIUOy4TnuF494C/A+1BbJBdUr4Nl9zPH2bjrJeqYk
|
||||||
|
TsvGQr1icgO4pUg5oC456htkqCxCuPRqqrGDAZBx54TldgPwvCo31+aPQJlOlWvI
|
||||||
|
uWD/depp0De3oTK9FDnHh3swE0vyn4Ht96+vM+KNnDYgJ1FEaw1efYePFACobvEB
|
||||||
|
o2ZpLbnDyqAT4MzfHpHSbwzUOk52ZOnkl/KrUIOxhXtf4dxRS6J70Rzb+HWS3rY/
|
||||||
|
LgaMO5Q0BJfbvknguKmE8dO8jx0pTlVER9ujqp+bVPXmFMha1j8vyGhJ3eLJZaRL
|
||||||
|
k3jgfRjiUUb4lNp+hXpvBwIYeFWl5kFVKg2aPywgnnFWiEYEExECAAYFAlBq4WgA
|
||||||
|
CgkQ4J/vJdlkhKxmjQCfevlawFaGTx58nDFN+4j/2U6uaGcAn2g1sZcTUrEEYHdL
|
||||||
|
byAyw1GNLksOiF4EEBEIAAYFAk99mCMACgkQ/2iSBAM3HxDivAD+Lu8U54iGgL5+
|
||||||
|
h9KpeV+ZlHgIpj4cD+BVL85L6AQ3GP0A/1TwZ1tS6Ag3ut2G6AL2wewR3v9Mgu68
|
||||||
|
E0M5esz5of4oiQEcBBMBAgAGBQJPh9ZuAAoJEBliWhMliBCHMSUH/30V/E930OTT
|
||||||
|
oWeq+QKkTJuMF0lrA5NaAy+xWtrynMKoiAuM0KFNGPfrPehkoxR4D+MKXH+xh0j2
|
||||||
|
bHl6fXOHJCKZLhCtsC/o8j7kkjIJjixBlwYMul21rxecke7Zt4XpxHARJx4208Lk
|
||||||
|
ztpzOd7ZnDP6KYav3itpxK8Eyj4g8N2omoTQ2Dcd+sCa0jgRkyskpPxdt0fK0D04
|
||||||
|
XW7b1LZkxwzwrAGSpjAZVzpKBXANcSmUQDAaIhGvYSKoiwVe2eaE5lUmvAaJQaTr
|
||||||
|
Ud/LCIwFofTLSaBRX8fEOe+UwvW36VtynPyETyROeTMp//Cm5e2CQVPoDv79soyi
|
||||||
|
E/oUW9DFDhCJARwEEwECAAYFAk+Oe6EACgkQlGXZM5TcxIlIRwf/VjfbN3eVf648
|
||||||
|
vXvDctsXfucl37i6Yue2COJiGYuZOrN7wYxVvH2to8P3V53YV9OqDpJl2NXUro1V
|
||||||
|
iUjFHuIKp23VbtyBAYsrLeTMmHLjnXlaUPSr6JUDHUQhCF34BTk17e9y7tXlEshF
|
||||||
|
YVyPlGum7JhyarHB2rRdjQk8kyTqmQ4yHjw/nP/HlvVxdgb+mTmudTPVBafOT1R9
|
||||||
|
MJ/SN2x4bclT4cQ0hjNEy/TsFzVduQj8yNOMFG9r6p1Vb+u1wn3BTANIh55R9aDh
|
||||||
|
3JFFIV/jBTkxukxR5iyGQiR53nl0e0qnQFxpfhFGclh0RktjrHZ3DBAzcuYXp540
|
||||||
|
Vu9aq9QuPIkCHAQQAQIABgUCT4bdRgAKCRDCPZG7HYJE34FtEACfqPwWSItk1lNX
|
||||||
|
E0HOM1YuHXFfMGURF1AotskJatwtjGy9oDUQkjfsPROnWjgH9s0xD2UmlTrjJfWi
|
||||||
|
BdH0kTLiExVUOmvnM9VFMRhYxQZMwiHecm4FZ5IWUz4e05oGCkHFbMswXEoEG+qq
|
||||||
|
btOfLNpX67yy/JM6We+8PiXV/c2vaErpH5S8YChb5wD9lEWNM2aPBOUmbzONM1/f
|
||||||
|
EFd8AF6fUVYN7htuyG1n5zTv+oowmO2c0terJRGmMgVuLugIEnKKhaQ+H1K6bdZJ
|
||||||
|
7mX4xxx5izEyYeYhi9DhBHSwCLhWR+Yilqkc5U0nrF+3Z+Cb9THHppi071OIQ7pX
|
||||||
|
rGsQSpDzGRXCw0nKEBm0Li13re8cOoHMlPD0RHWZEIRZGSYX1YKBtVuv4kpSq8GN
|
||||||
|
85lZSDKGRNtbJBS7Qj4vyOlOrBO1eyyd4lepQCe2Ri3gU97rek52tOM+fAIibz7V
|
||||||
|
b4a0qbbphrz6PVMbDGiBxM92+YpdDyZGyL7wJ4g6DhRRcEUQahlZ1n7y+YQ60ETs
|
||||||
|
zt7+kD08Zi2BoJpiMHsFfoas2pot7VePFxGutwvq0p+OHSVlwkLgOaORPHumLA8u
|
||||||
|
J3BGlJTHsErUB2EEgdc/Tv1vsZzEI3Zi+hqw1gcbke21Ii8aDfshbeKW9hYJAhnW
|
||||||
|
m8VdF3n80UX5Eg56iybrLCjEyiAEYYkCHAQQAQIABgUCT7yYRAAKCRBOBfZjp6Qb
|
||||||
|
nnyTD/4gVbq8H5ka7fVdSAnX65/kFn5xkqGzbpCkjcqe/5uI2CvdYtjeQ4K6sm7I
|
||||||
|
5RLoyu/EE/JPbCRHiucsEak42WAZSRte/Wn2yTQpIb0mQ0wXJvuM+Hx7DSx2R12P
|
||||||
|
9rIZ4mGo/rEtdG7Y9Vog9M/XGx7w5IqSw2DF2yiYQJXsOzHjphfYB8JfoqjW/73k
|
||||||
|
n4E2IRJtCuWhfiJZJ+GEGceSBIredH3o01ThtbAeh/gzPRF3FU1361zyA1sXtmGe
|
||||||
|
qwnhNL1spHRlpub3cvAXQ8RSYrNdiFZB5zohNt+iL+qzVWaUJo+vYZal1Co5/roI
|
||||||
|
HN5nJef8kp1ngaYKvf1hIVvsdQsilVQIXKFWMd47aU6W8gPr1W2+U4yw+q+OXari
|
||||||
|
eo7gpH7/OvMSe/3wOhGVD8KJrMwAVnr3M4wo2CM6zlwxPGdltQI+IxDD8NTGTmNT
|
||||||
|
rRARYRQaFQyqd1SrVt4sSkeoegrpOG4oWXya/v4SeXHD4vt8vvvX3A4szB73a355
|
||||||
|
IfbyRXDER3EfFfW5c+BnR3bxhfATTE6T0AKz1Gq30Xm2ycTGYCAZ2yBKewaegTpx
|
||||||
|
3O/E6APTXUnVWTIPQay8T4iVUiLFs7W1UFMY/RvmIvKKFIQWcm5O0L+27PJK+YSx
|
||||||
|
Uoo1Ivt1pclTuetbRbN8VnR3K9Pp5uZ4KLz6ZkffmJg2sOSu74kCHAQSAQgABgUC
|
||||||
|
WWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0nr47rA12X6dJ6+KIBE+XB
|
||||||
|
QxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVdzvUa1m2yeNCFHOTjln6Q
|
||||||
|
GjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaqZt38I2u0Pi+/qHDt0kLy
|
||||||
|
RSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk2HUerg8VCAyQrxYtZtHc
|
||||||
|
coyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROFm257MiH6gvG/V8CTrJfz
|
||||||
|
lpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erxe+biBauFErYQPw3bg6xL
|
||||||
|
1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZRHwRUPGRN07SbbEO1lDk5
|
||||||
|
uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4V9d4uVDX3SsktOLMvtWg
|
||||||
|
nL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zjq5eqotVq90HMBO9kqcjC
|
||||||
|
YsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBprk5DSjD7F0/wnQPoq8PY
|
||||||
|
HIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ8fvo6B91COe9jTF/H/i3
|
||||||
|
A7NjR4kCHAQTAQgABgUCUQZ8hwAKCRDZsFd72T6Y/MoUD/9xxmXbPL2Zto6qECXs
|
||||||
|
Q1GFuydiYlURxDsVUiuc1tSgEoDb8XcXl37l/IKX1QmcpvHMPzeT0g8sNwIXSnL6
|
||||||
|
BNCnFcfrd0tEz8uBPxVnzMiGwaHP1kB6Vs6sNV31+CJcTz8BHHbOdXZnhHqXSb02
|
||||||
|
SonqAYeWVSlE08Ejvq0HIWRn6NIGdGqv6icBExryJjS3ZChRFpvgAJwsVO5f6BKH
|
||||||
|
oZnEn79uQR4XPHwuxRbm4hf6iYEbOhE7Hod6kTzS9vYIhyuTFTz5Kz/YxlMoZX/j
|
||||||
|
TIYsX0nZ3r+Tshur8iUXJhKvvXVlGyrGO2HXfEuIpJqEx4/qM9jUNP0EE7aPzZ6f
|
||||||
|
BP7Xq49Dx9lnZuSQ1jeXxEEpO+AND2xmnjCHr3EfgYZrrhCSxMQhvJh7wypkzu30
|
||||||
|
D41BHPOPSotmM7WLceHWmYui0Wuq9X2hom5jq11XwACEtmNiP/odXjF0ovfK0d8l
|
||||||
|
j/kivgrXAZdN/ONJapVSLkRMS71S6eln+urR9HfswEfM7IPt0cRwN1oNIhXmK14+
|
||||||
|
XBWvvwvalfuxG2UfxD8K0JXMwARlpGlV8lXpuzDV8EcrvLipKpqiQWaJer64kaQb
|
||||||
|
8qHEtT6+JNoGkymohrfeVagxKmPzDWR4v1a9lgZwY1FTRHNVPM0P8LWlN9q0CrYc
|
||||||
|
poBwkhTMV1YJ1OBSrkM9IM2vsokCMwQTAQgAHRYhBGMZHOlBgwmGicq4237xN+yT
|
||||||
|
Ww6vBQJjLRkzAAoJEH7xN+yTWw6vZSYP/36Bt4QhRtIh6HPWbHraFSl4omnuISu6
|
||||||
|
lTHsqhik81nbIUiLZ5e/KN6ONSgD2jfMVQOLiPTQFOoxVZvOjaHmHvMuF7BCbr90
|
||||||
|
Afh1qXW9txuPbVkhtC6hqIMn87b8UHEnt1l5MiafQnPHhoociqaqwfls/iu0nJGu
|
||||||
|
Jf5eVMXpdeWRk+ckGkqP+tXp/0G933jibSdYqwG1Tsw9D98xnGV3a/+zIqRtJflp
|
||||||
|
HPEjHPT6rVKAZxk7gkYSSsv6ONBwZHqwe9W1I+U4t6OPkGo5kNbMPBORB6/7B2Qo
|
||||||
|
LHx3+KYZs1j6glI+F/8IX2+JSFs07saMnsDhE7w5FzmwWV2JcUt42RSf8DVub438
|
||||||
|
jgA/Ht5yPROEJ87de78aD/t/gPq/Gm3bnUz1BW0jxBidjqg1qPOMYjC7n4dH8X0N
|
||||||
|
cRfX6tWOdSXmDBbPg/vQi6CEIhsGVisKlnrgYi1wDZExU6UVMnBNvllUu9PXye+7
|
||||||
|
51cIbrb+fwAWiwmu+AsL0qsjxZYo+9ozOLh9wLUhxOY5MZM82alN/mlUGzEiXN3R
|
||||||
|
i7D3rDrNFHdI4LGGLbO2hjPYrG4hdNHS+6WbU6qYcpBEhrqBtnUjoVqIKP2boBLR
|
||||||
|
ara7hHqVO120s8kgGtf/AoYpggD0H4qqUy4EFNjVdcL5T08w6ldQIYo7CEa1iHFt
|
||||||
|
ML4bsPcJh8lciQIzBBIBCAAdFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAmMsvIwA
|
||||||
|
CgkQVeRaWujKfIqNXA//fjCpyIPPd6RnJhagWH8XCp5NB4cCT+LqAIR5yZfz1QE8
|
||||||
|
Qbzpoobz9ysgXZ5XjLp/lbVffGyg986j0wUtSW1+g3kJcYXBUKjSWoBwwmZgyZky
|
||||||
|
95U+uklY8CdPjSeuzr2I5X/LogHNH1378d9aEmQXBfX1uW5g4Aqgnl0OOgkCVzgs
|
||||||
|
FFOO2o1j6svrrDVG52/mwXhNRm0yYK/hFB8T3PO2IvMQGDGJLHl6N5Kl7P2jtkyF
|
||||||
|
Isi4AEzJeop/2GJYXQ+VkUTSNRKQj8oOS5qe9/0RkF9uqeamoc81n2But8MZN2fv
|
||||||
|
R7ug2EuG2LHp9/pwu5ekohXmY8EtMbVbU7TYKgduK0FMBaK36jXN4Bapakfxr1z5
|
||||||
|
pwdDjN4QiqUefBQlG1CJ6fGrqbdAupzRRDqN974rs5HafnbxioYRYjoo4H0zC8XN
|
||||||
|
UwgmA2wrwIIY/cyNCSnUuT8yVAnroPiFgmMoL8RM7C5pHQYh0u3fXPfvNBswjXmR
|
||||||
|
pJ6mhTqG6SS4qIaPhqoZqA1iyA6+Ua3YLBDT5wqvuqNMnfLtLUvMuridmlj97cRc
|
||||||
|
srQIr022NdpafDQVAiVhZO0CRyFd/++XT35iiDoiv20+LewC0VVza466AE1fkAme
|
||||||
|
rKlurlET8U/+U0JB6IP77ErjMgCzotV8e1DJkp/M37nMeNzazAb//ovsdkNM6P6J
|
||||||
|
AjMEEwEIAB0WIQRFaBEoRJtl+IDGF5c6hKlGtLpirgUCYy3RvAAKCRA6hKlGtLpi
|
||||||
|
rvhHD/99Lvgf+CjbhwC87CoKX84MyAyBlYACCSuySQBnEsVigz8sCVyTYDx52h1h
|
||||||
|
/SEj7XfTylAfIl1CjUedH4w3hk+7IN4scmhf5eeEMvQd8q+Q/hWQcXIUpwgKOcVD
|
||||||
|
NbUgYcbakJAPtilK1CeQvDdBD+aYoMsJTsII/f7FJzwjPM1XGf5EoODUC8BtQf/W
|
||||||
|
KAVoESwwAUwN6Y5XeYSwMqu1s7IHs3yNYLV8C6A7EQPVaVVlORqI+33rKyqAhK5X
|
||||||
|
ErNvAREQPYJMfRnQlIW7alSORwdG0JBgVLgV+jvoFo4a1AQImHDDtKxs2X5BCVG1
|
||||||
|
I687uYDBy5Assl/VxRMIUpx5+zWvXyDZX/6nlL7AMokTlyosgP4iiifBS+5KMhan
|
||||||
|
phMgnDXYIJE10V46Bdw2tjd7wMKey6BcKgfbZSvU5z+SuVnQXCyl3/blRML54I5o
|
||||||
|
EomXPg6lgVxSb6BBnaJXzx4JKgLer5uom1OGsLgPMqEHRoO3bucr2xFdtq1Zegw4
|
||||||
|
9S3qDhQ3bn8pg9JlYwmAAhBd3Xy5cPv01mV6ompOQ38SlMCJzcAGASdMw5scaxUl
|
||||||
|
7MloV2Nl32HIzPjK47bF7aVOFX7Tz+rEFLmJCchqmUSdxi42rJyHKVRqiAlNfZ9S
|
||||||
|
9FeaEfU+vBxOHsLNqVO7ErvrTafT5fjphZqvUTqZGCUiJUjPnYkCMwQTAQgAHRYh
|
||||||
|
BOJeJUyO5NMDVUv1r+xwGh2klMXrBQJjL1NOAAoJEOxwGh2klMXrYaIP/ifHM9eU
|
||||||
|
UT6JD0m6Oa3P3T161NhOvNqr71LDSztClsWo3XX0+ZK3wpjoC6vKqgx0Cc8OL1S2
|
||||||
|
GqwCaxb5JqWpsoqR3NW6bTqTTUGREj/e0JHDeBzv57OEUTe4ea7qzqjhCX6iyzHa
|
||||||
|
qDP9fiAogMQ7uT2oCghDV5yo4JUrG5brw8GkMLEvRSs2BEv7xFAySRaGwNj+oziZ
|
||||||
|
VzL7sBzp1bCr5cwNZVYxoo3VAv6FUcExp1TydxzPVB8/VvxOa4zrht+hFTn6mjUi
|
||||||
|
NHBc7DYECgh4jlDR6TnAdvpg0FsujTXiN6A0obOUl9jGz2uFmdY+2ojlVtzqKXoP
|
||||||
|
+PDz8o2zMrRoQYkni9VyIc536E4OFIhfO6CrThMjJjPNn22Tq+fzRYkWTrlJom9b
|
||||||
|
nOldQ1BdUXQt2QNigdzqjhZTIgF5OEOTERh80dvwIbZ+7vN00BOsuncR5GUBQerU
|
||||||
|
F6+SksVRAaOg2lyoDdxUQ+Z28RU8R/n7VjMV8ctFkQvHHLBqKkpET8LRh0C/jSNh
|
||||||
|
gB8zLPc3Oa4wTf2xZWO58S18esbYMr74vRYrsACbmwxH5Tz+L6Br70Fmcz608+IQ
|
||||||
|
ESKW3657gemZgFud3AGokzKG5AuWykSinydiZbK8MRGLsdfPUojaVIgXFqnWKtkH
|
||||||
|
At9gkD8YbqGYzuVwBnljBNRdTUMk0ClgV6pjuQINBFom2R0BEAC9k1Ky6AIe9sPP
|
||||||
|
xrgsrXRe0dyYcoHufzeU3jFssl3+S4cRuvYCzdZfRfdjfHa4n+CxTaOd7xkefwJg
|
||||||
|
GpaR9KJbu8dqHm61GIiS5ZbMCRU8FAW6ohVeDqEwFrPAzZjtO41OTpeXCrPu5H5A
|
||||||
|
Tg/kDnabzlD2H8JWAqr0DYRRhFtJUihXUey9zK03wSjUi5E1+YHUC/fOpbS+msNN
|
||||||
|
945CeQNBN4Ljap9Q183Fkh0Wm4Q8C0OS1WN8a0XtqSALRCGAZ+EV6UrmQVP9PCC4
|
||||||
|
/J0hoKQPv2bfpBAsrUGAO3Fnsw7804i2TY7O3JA8gGDYX6fwOVJMUXdD7FX7LM2P
|
||||||
|
pESqAdPrjqmPqHT8cPfq27GYgqHv3N4hP9Rjt9wxmHYFbJT0YCHw2ZMiAO/VcvvN
|
||||||
|
miGr590ZFiQEb1MJN1r+h5UDE1CtF6nTieirSXi9oMilHlo2NY5nAItv/T9PKk4X
|
||||||
|
+kaH3UoicMxrkT34tACGwxi4VIRYWL+ZquxE+bwXqAvbGJ0p3XbyREURCaO96J/2
|
||||||
|
w951EvZErpFRQu4zzClmoMiNbwkQ8QdesSaqjMirlHyFI8T9BZrXbPazdVNUwfyR
|
||||||
|
LFil1q/kgXjXeJDoje73UiyGhqhlVOlEbunGzCwEBzrtQdPTDeFQr476/4pe0v4u
|
||||||
|
gdNYkL/gY8Izodn47d1XH68AuRSrzwARAQABiQI2BBgBCgAgFiEE6FPBhIsBhc9C
|
||||||
|
hk3zY6itS5gsQ3MFAlom2R0CGyAACgkQY6itS5gsQ3PQSA/8CZGTxQDbD2oLkGb6
|
||||||
|
tyECIs5A1RsfwJ9aj0R/HuEO39ki8yM88fwi8F5AfzNcmYwp0rxyYDDYM0itObSv
|
||||||
|
A9WBB8YFZ2PKT1YHrwTzWbne+spmQYDRdFt+0Kx0JLvgv7SYvQ1jNdCazixH1SAM
|
||||||
|
9O+Tn5oFybVHjRavWsQYHp1CvXY5kOHOEDHhz37pGwFvyVyFdSYS5PWT0+0XU/g6
|
||||||
|
Uq2HeFCurhUGuDXJ6WA6Ipvmu0vbi8GpyeiWCRoG76sqbBfQ7dd0oDMUHitewWGq
|
||||||
|
LP1Kioke9hu5p9CbkjYwGZjJWZEV6WHxOmICfFcBRPeIJyO8Kfa/vVBfQZj9fhqs
|
||||||
|
3sHSfAGIdKIB3tX0qKhMRdu/QoM14YQ1yK80JTUUOcrKLDt6QJinF1UQ/OcYQqGB
|
||||||
|
CXaRk1OKGFuuij16QudnX56+aYbNPltf7cLs1O7aodQcRxmMSgxSE/2ckthPYBsX
|
||||||
|
PWuDMYZCb3e6JMWsdnCI7iPpoPFAJmId7SWJebXZxntoX6YwZ7Tx58/QMLEqxMfE
|
||||||
|
ExQTAFg8/owvxCG12KaharLr4GpLx0aU39QEJenG1LqGLwiQh9Vxsejw+MkebZJE
|
||||||
|
6zhs7XBpenrd5c9OFOtb/Goxwal/6UXz7a62jZ7wDNpJw9xOfC3/eX/56+6dLVef
|
||||||
|
RFj/LOIu9reM4boTiY2dmGj1QC25Ag0EWibSSgEQAMhQB2Q329FSozPk7V6dYBO+
|
||||||
|
jDBMr1jHWvNMCR/2DkwXfDAKK3haSWSqr51/wua9skFRezQvc9PhgvOIJi1jsxRf
|
||||||
|
xNoM82a2OpYJdj16FG5RVQ/ApojiywNvp1YPJbmq4DfXSuUA6q+OephsFLrx2cPY
|
||||||
|
nyDQaI6mrqTBecET4cdQTZK0nKKUPj3U2bI96zTBIYK8Kr7GMKXm8R1eV8bktwHT
|
||||||
|
HyDjI7hN5EjZViYqZYDQ3jt2vC1Aj6XpFw5K7Sv6f0l91zyjfcu6Llsfo8xtRhAl
|
||||||
|
lub8EBuO6ljJ5uWqDgjqTOkDXcIAUkhUCg8ztweR15zgJQQ/On0XDcHLtyi7zuQd
|
||||||
|
xNaKYKkD3oROTqce+YbNN3qnP4bV0qa0JLlTOrE/0/zmif7Q1zYOidcmMgGeF6Gp
|
||||||
|
pGQkkxY4gSKet8kD8h4AZXGlpFu4e9sue1ENDRmgWaqSzIWudMRZ3z0/s9EGNNiW
|
||||||
|
60nwJ1NBoySeQEmnwMzAHXneRM9pRGQ1S3/CKttq/0eWEH3Y/Td9xi4DNvTXcvgJ
|
||||||
|
uUUwoclWP2PCPg3zE+EQ1q/Kt2oYrT8NcemM9EO8btNzJ/Y1wSDLFAFNikHwYjTM
|
||||||
|
86jWoeGhSM3fD9HJjfqoB41gDKvNIVlhQavhe6df4+AoCo/mGosLYAPFaHHdkmqn
|
||||||
|
eT0Y0BnTRIS9yLcO8CBVABEBAAGJBGwEGAEIACAWIQToU8GEiwGFz0KGTfNjqK1L
|
||||||
|
mCxDcwUCWibSSgIbAgJACRBjqK1LmCxDc8F0IAQZAQgAHRYhBNalthyaVTQWgpLb
|
||||||
|
Z74iCR4+9iJ1BQJaJtJKAAoJEL4iCR4+9iJ1D2AP/1VMC8KOmzPYyiFY+1xHu2rv
|
||||||
|
siB0f80GH1jXwDSM/IKvsH1axCD0hMV5sSi52epCov37czSlR3MpQjo0xK32wJB9
|
||||||
|
26AgbzJYZO48qulDUXUhPWJ9bxiyIcxI/3KEspY1RMoWv8AfYA/qSma1cSdT4IMo
|
||||||
|
SGJzPh3RyrUpeFP5QT02oGa5TuSQPiJwy/b9u+RVOi1SSqzHMJdKzZehGays65Pd
|
||||||
|
jC8Xtf4ipdYRBr6mIyUISOB+FBkY2MttFzNDUBdDrOepyjStQLZ1vUXnYKIiSRHX
|
||||||
|
o3XTW/W8fh72o26zeDbQcALywQMZqnwtrZluzKHZxF07whKmXvw9pUHXX6hbJDvm
|
||||||
|
GVMxnB/F6grPNi/V+Bv75sKOdImgnJBUp1Jz7288SPbNQwrqFKV2ZD3f0PFmolFj
|
||||||
|
Cz/Oc+UUk+swfnsT3pV6LClTThsOH8WlKJYxZLneX75HuVx4CmT+qv6GlFQuixjc
|
||||||
|
H0LtsbbSjAx7J2LRNVtfI+2DfMcIi8KJxe69MAKGqqxDyDPSWeFrs0MHmyD6/6m+
|
||||||
|
GTovgUT5jOZbR6GVKelW054bmby0zQevWnRieANVeFoFsnwclJnqKIRzQiGod1p1
|
||||||
|
b8HhSCw4nOeOQSifaOf3zcnFhYyByDMOtl3/AqGoLp/61u3Bk9h+BP4VPR3RUWzc
|
||||||
|
ggjmxJM0MrLzjaSXSedjzuQQAIq9g35FGpnaB8d/EjufED1TVSOkvNK/qJ+dD4Xz
|
||||||
|
f5RvnbprofMnzfEyy8jJ1Vqc3QZQU3IDQt/Un2ZywX0OboKGAIn/gyfwdkpnxJ0j
|
||||||
|
JoxRBuMplNpfNBw+oe0nFuozO9idFozKM+SWoE051/jvGHp1FqEPLnAAGeSbWB0L
|
||||||
|
RlAsnMjc5u6+SKHeFGRKYg7U0sO7ZKbVIT4ZmRnsQLDakHwbAgfcIakh9Whj0Ou5
|
||||||
|
r78Cs+DcM3XAdtZ04d81jV5TsveR8/Cn473c6dvPIfnA2P4uClTCaCDv+jXG2f9a
|
||||||
|
FIuJhYCO+TdYs7qjAsXWngJUebRFiHbfSuYDw92/eqLdKD1Hoff4MnW5YOtDpp6E
|
||||||
|
sdCDuINeRtUtnidw2vIPezX+xdmycXIq9Fb+GvKrIDsKu0VO8HObVviLa/RE11ds
|
||||||
|
EHYlrarj4mqzS2MhvmU79Bazg9rDDB4WVs502n3uJaf6Sod/+ke1c3ff7AUPox2n
|
||||||
|
pjH/bVmkZJsOq5EqcvlH3m2FZUHSFWS/yTR1rPuJoHBMHVc4OPlTuSqT3qmKL2vb
|
||||||
|
vD1l3D4zHZs1paRLddYXiaex4qPU/0YpP61XU070MmFGYE8Z43TbMPHu/6LYBpw9
|
||||||
|
p5Vj3VZwn2edNl4LGx+05hIABzM23I7JoQ44uPoTbohmYXF/DUGJ6h2LYdp81AVC
|
||||||
|
lSFWuQINBE97JQcBEACpbBqvDl8J65jEhPjOWczcDVB+WfG7GBHB7T6RxSNFIahy
|
||||||
|
mDqzx73zZD6n4NnZogPDPopYdRJ56u5AfF0bDZlgebl8+VEgPHGoay74Gf6k0B+c
|
||||||
|
pEkp5PaWQHHEqXINotVg29hTsf1u0sb+yjgcc+9WHw3MtpChsgk8Rc5N8Xvr1FJc
|
||||||
|
L+xynSvUCcLIwfgvLHYPPBYGIRpvz4ek/zgHvaGftDfnyMwrMbgi8kadrSb7PQgc
|
||||||
|
eWeTL7CQN1B88TPJFqKt/QxMdXaPy+Cr3P4XVy5V3/QEVFUizrtCCqJgxHMAeCP5
|
||||||
|
QxwYEWmA2zxUzGA/t/QUDFbccKt2BdpdKBFtHLliE+yn9FHw98JayjhAJxxeCkrp
|
||||||
|
MED9N2aGHI1q44sbmeLKQ8EuIbCamfq7fqLXgkEy8jgivv2J9YfXejjjEobGLkss
|
||||||
|
Jlxaq9JeQgFEVl6f0jJ0PgkYPd11RxTcVLy4RB417cxc9LHcoKdAtcgBTcZXPPYO
|
||||||
|
L+eM9S7rTvFTna9IdF4bbnJFNjHDMhb/9XomxxBsekpTUXEm2DGoTpO2W/jwWcZY
|
||||||
|
LVrdhikkkF8b88EdWk94fUTcFA90I+Ch0YbS8XGM/WIklrMGa0JpA4OQW5oMhKDn
|
||||||
|
gqAcV7gxRYt6ylBPVh94/AIMz++wmfqBxETFP8HMgTVEApLBLjwru9B/4lRStwAR
|
||||||
|
AQABiQIfBBgBAgAJBQJPeyUHAhsMAAoJEGOorUuYLENzegsQAL6NuhGuzQf2GELc
|
||||||
|
O5J8/BW2yF9sxHWDLrw0Pntq8D35kgGfZLB52tN3DI4NwL0vE931bXC7ovi4kHPS
|
||||||
|
sazv+WPUckYfJ7qskWVD1yDtHsADduwudJpAflfZ4VIvMJqJ7FUw5Fy9ennw/Idp
|
||||||
|
H7LC+ubn6XT6Kh9oKvVmp+BQEOsdisjVw848Thik+gS08WvAjK9m+g7++FFwKy08
|
||||||
|
5iXuuqZpvi94eU1QPvzxzzRZz6M4gQaz+pCq/5yf6I+Hu8G+5nq2foFN+G7FRkx7
|
||||||
|
KJmJ3SAEsG3M23V9MKWON49ZbhTe5xW+1at/TKKoNGzNIYs07jApR2/E4J57yMWj
|
||||||
|
zsAqg77hTDRiV0jhHl0DJw3RHFi3z+SrK+6ie6mrq8WEPj62q9qdM8dFs+y5X3UT
|
||||||
|
x0nxly7GjOxxhi+Nt83PAG2wVFpqmhVLuyPnruvxzyrVFc8Dvx46DiKCzt4PPK/Y
|
||||||
|
+jnVIQ7Jr2Jm2ZCpzZZT5QNJuDp46mKHlNBkvSy3q3+pM6cM8vKSuCFd9+dw3dX/
|
||||||
|
GptLebMrPOvLVDl4Bm9hSmG7rLpJy8U8Ns8pYSS1zaxHM8KqMaPuS/Zlx1SRIj/E
|
||||||
|
afefnHd5fIlmsH9C2O5fb18SFjmD14FCLcVTG7bwh3ZfbGo9sOJSShPxppPW2OoT
|
||||||
|
jwfANmj1cSg/VFr1d4HAEc83jFgumQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa
|
||||||
|
/Fvc4T49tqxcc/sY4uVlGo6oSi4fQcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6L
|
||||||
|
yYFmX2U9VRTcyITdmJs8itkEaDwq8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1Gx
|
||||||
|
uV44Ihlh6v2YyqSzDG/rZur771hke8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYq
|
||||||
|
OeQhxGIxDOHo7QhzTG+SlX+uQq6mzACKygVJJl33toaUwVAX5R02a0u67A5wC0wh
|
||||||
|
AoLSHInc3P7ayivWV/iESAz+gMIkuvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQSc
|
||||||
|
qA8F0x4OChCixbZGZn6Mr0u8+01VCEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20L
|
||||||
|
GHSbjJLcnqLLFx3LDpI5dAxo5K2kFvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpU
|
||||||
|
maPnMTiD5yvnFzEihM5L9DuaWqSK3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMt
|
||||||
|
aKWf0HkAsCP0BLJcS9Oc1/0I0+gC4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+
|
||||||
|
gi34CxWMl2Q34OSqtS37mzzBu+UZxffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoy
|
||||||
|
eG4J2ox9JRANZXLh/i7mNwARAQABtCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNo
|
||||||
|
QHJlZGhhdC5jb20+iQJXBBMBCABBFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZ
|
||||||
|
jyYCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUX
|
||||||
|
nPGeAA//ScQ3kJMqI6FRULXo0aF7CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXR
|
||||||
|
BSjstWkmOXP/UqkN7bNeXH/S3D3GCJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kW
|
||||||
|
vuBuLvUdm23cntv49gAzj+ElDqCxtT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK
|
||||||
|
9Dt8tHriQyI410qFRMbi3QxU+iTJ79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4
|
||||||
|
knt9E6zhegUWN6zErl2HY8FBM2P9eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1R
|
||||||
|
UUl1V9WFEaMiLg/Z2rmbD8LX9YtfYlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsq
|
||||||
|
I/2XS3BTLPyjuqAYnXxrk+T/Cydcg4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46V
|
||||||
|
SDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCk
|
||||||
|
Dczs1rxd/o8Wfjo1vwRHW84jZrCP3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwl
|
||||||
|
V103RpRUK4JidwHsmYDVk6pgeUH69hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7
|
||||||
|
hBj2l+pV/uzeA0akL2dkgfJc9pAf6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPJgEQ
|
||||||
|
AMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0P1/I7SfcJU9D3wX8c4vm
|
||||||
|
xkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9XQEuU9OtJsZn1ZJ+Ynh6i
|
||||||
|
5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64G2u8Xtxr5yqlQJEUThV6
|
||||||
|
280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3QhlWhHVjJlJ5hCLiktwF
|
||||||
|
DyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJMoADqBThf4B69BxjJ7Yg
|
||||||
|
7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO17w1qScrOPRj6G1IXP1R
|
||||||
|
5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvCJvPctDE6EV2vaiRy5N1f
|
||||||
|
QjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQlDdeHRRd1q03TKAg/byP
|
||||||
|
auAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XTxMOjB34SzqPRWzmLPLF6
|
||||||
|
YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd7w+/qUYbfKwO9eJOWzuU
|
||||||
|
WajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQpABEBAAGJAjwEGAEIACYW
|
||||||
|
IQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJA8JnAAAKCRC8OQXyNRec
|
||||||
|
8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB56Cu7ElIpr74sk0R98Ia
|
||||||
|
1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKThz33waTru9IfLhCrRSNd0
|
||||||
|
ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzYeikqVUYzS143cSzMEwtv
|
||||||
|
PSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3q5OlpYxxw+X62vslZ2OM
|
||||||
|
iKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKhC/BcWpEYSjfPpVua2oKb
|
||||||
|
ccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDyBGOAxBeiOaOnZ8vLBzy7
|
||||||
|
2HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62FG3I4zK985GtrXAHEzN/F
|
||||||
|
fd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutYzVE8lF+uqcduPuq/rTcU
|
||||||
|
BuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1xpPueDBTzvoGDQRqc2eoX
|
||||||
|
pJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr6RFgWdD008PsGxUevIDg
|
||||||
|
MAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBiTakEP7kCDQRjWY9xARAA
|
||||||
|
rEkjlUH4hoSQAkVJCWWk+nF+daAP5IszrGEQH7TyOVwXbRZndSPFSUqKU2kEgHbM
|
||||||
|
m+wFYoZe95h9tjDh2sLCs338pVu5Chhz3dNseTF7/rbckw2rCU+JbalEiwck7tKL
|
||||||
|
qobvbh77jnrbQnkrZNc+nMeHHLrYyc5gHW6cSn4UlU42MKmTlSeOG4Ly9wXhgaKC
|
||||||
|
heIXNX3U/D682Tffl7Gopcm7pPZF92dwY4nIpCxU2ATimkSyulbhzk2CjZ1JYUJ1
|
||||||
|
LHctMHm9F0LEGtc1GxDShzVZP8dOWpDs9BBwZDLXxCzC4rvZ+z5BJCDFbuNTKZQ5
|
||||||
|
JEoW2sM8yP1LLZGXz44hsab1aPrvB3vcdS5ETP6bqT5267ZiotdhUifU/pTV5ze4
|
||||||
|
7wNuaZenQtGd9olyh2dAqOk2DQrcBQFA0gRp55b4U62hLTYXxT+7jEbSVAxeXDPR
|
||||||
|
qPvqh/4kVn86llYjV6dAoASN1wWz423QH3u4ZK+S6g8HZ0HrY2+NBYgqthb6H/X6
|
||||||
|
FiF5VcHWstkk967g4Xt0PgN/rlCtpXh4WK9sScX/CFdOURsHlb78ZN2LexaYaVBq
|
||||||
|
QuqvfHaAPJaIElXqMheZ8aYrO6Df4yzJ+6eTs3s4PqM6EMir5waFonx5Gh50X4xL
|
||||||
|
9p7IVqgNPhQsU8Z5U5hGYbmUH766GtENv4CI1upFA1cAEQEAAYkCPAQYAQgAJhYh
|
||||||
|
BLhoKEd2TfYN9S2ZLLw5BfI1F5zxBQJjWY9xAhsgBQkDwmcAAAoJELw5BfI1F5zx
|
||||||
|
4cMP+wbjKu2xCr63oyn+lo7NqMDLBYl4zHunYTZhG/egDakVWp5Ikj5/k3i+hVSY
|
||||||
|
fUyUhqQ/b/H096ropB7GA6EzS44GS+hLMdQOJOmEbjvAP/9dJDX2FQnYZzaA2f/e
|
||||||
|
Ikgaw283oOLnmYz0x7YAW/oxlnPn+7Sg7DGGqqn3nKofDUUrowfX0tQGwkGmJJqQ
|
||||||
|
gOH/ZfU4t51UCKzF6hWRbberBI8ezp24vYngA2kGef1fCUC+EIFhoYcdHHCtC1Ti
|
||||||
|
KmOUaeB9ZMiVXkP60fmCLKObwcKTyYpAFPqM05xgsMPFaXN+fQ7YVAGpCdthk53N
|
||||||
|
5Go+QqehwLoJk77CHZxIWJIf43p3UiuH1FsuXF7OdExzIhUSiUum6MoCI8BpVwn9
|
||||||
|
uSKfXKLOdGDR6IJI8jqdC9LYoXqxZtDhpcqD70hFWJwJzZg+U2SvxZyhOqwtKXtD
|
||||||
|
TDtee3yGzPacSAJD7mFURc/DRi62UBMiFcqO1YW/5LgC4yjtzo7MTQPkaGbQLduH
|
||||||
|
IlCKa8pHWPqaLFdMawwqNrTNHWXCD4XxijJYwdAue3NUG/utekNm82mqnbbWw/AX
|
||||||
|
URIzefQsbyqiNYMztudJ9hAS8yCdkfb9SKVIvWYPQ77tHltOZF7K/NzOGeJaJr8l
|
||||||
|
vqZCfXpWmOduTpWaD2kIvU2Kx7gB4jXdMa2ai9N+/Hdr3lLouQINBGNZj8YBEADg
|
||||||
|
Y6HOawiThxQVI+0uvAAU9yisew1SSVO6mAsQtZM7s7BpLA3RGPj3UGojZIeejA+k
|
||||||
|
fq7A+PVLBhz/kSBTtw9/s3o4rlqNzz7SLaix6XKWCpHOBs84n3/LF6u9KMMVk9vT
|
||||||
|
sjKz8iDF9mBR2bmCfLvEk0HDiMyApv5SbOsZMB8k5PWyK8HYPyMI5umEaOsaC3tA
|
||||||
|
eihO3nzAxEf3oZl53J1pIw+ecdrQLbWbH0aqKngfCddD8Q0oMr/Iwly3W49+5eqJ
|
||||||
|
oelR9/dut/dg0a3Nn1wIGYRzC62CCsF5IZwKdyPh7nilEUFpA5Vlz+HfIFch2LfR
|
||||||
|
F3Q/GZD8fKzKxhjDIdgyaWSTsMbityKxX2G/pcjshyMsZT7I3Hx7SwQfFro58s2D
|
||||||
|
FsFLEZgBhJv+nW/HckeedaveXmXdHKjtsa8+rvGADti4wohOl+N5tbpYW3/zR3AY
|
||||||
|
qlh47hG0ikUJ8Tusnu865j3Z5mE+KqS68ypRVBMRrdJl2lGPDCnXGhl2720VPNMC
|
||||||
|
/jB2Mgm/L1mvQM1jPfdC3KgokDAH5NMzKvav6A71aLSUJli3UdkGHkX5d5urs3k3
|
||||||
|
WmCt7XeTb30MBvNzBcSYTbw2UGIRE8G0CFc3wtiWWiQKPeFXYhn0+COCoW/EXpIC
|
||||||
|
VaAuMPMgcsldM13bKGyGo3NngsNEdopNFfr0KKW5XwARAQABiQRyBBgBCAAmFiEE
|
||||||
|
uGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj8YCGwIFCQPCZwACQAkQvDkF8jUXnPHB
|
||||||
|
dCAEGQEIAB0WIQQb4sD/CJSWIxAv0lZGlYgcJUUI0QUCY1mPxgAKCRBGlYgcJUUI
|
||||||
|
0ZkHD/9TlRvAaZETf+pv4/IceeL3KHwj5lrC/gojXxN0AjhAXljLSRCu0EyICxZy
|
||||||
|
3158h4k0vwjdv8699yHEN97PdF84m81mqxOz+juKBRHFK/EwAAgOdSlzGnUYgNkm
|
||||||
|
mCROFWtjeneNWaFdEnq9MItx1OascPeyxnWMjq7LLYMSESP4tgUV5KdlaVAXR6q/
|
||||||
|
833u27/NodkDcNH2UK+IyT+Kt/uCOoIIL4ttxo/PvZTphzV8n6s0sJJE3/BrRxgv
|
||||||
|
CTkVU6zosyJsyau8/vayQYGPuBuEQVs4Tr+vZ42izbkHgElcZv9oYjJsxaqZqqMz
|
||||||
|
fWPte7m6Pl/pvtmlhPmpZ+ej7y8SRysBV+3aHNXaE1J3sIOmYxighlgZapSjHl/A
|
||||||
|
9N/KXdoLAjIZtBAOQ2ZFyRz/c2+VUqJgwiwdxoaFaYn2eUM+HSTbZfdGXBS/yyZL
|
||||||
|
YsM+L4M2aizQvDIRXzy8vG0vpHQEvPlXL0Gg0gyk0fox0OsAP5CfXmHC/AvYOHM8
|
||||||
|
y81X2QqDf33Au1RIgog4cLqq2wpXEARWbAj0BAMIeJoCDCu9Mz2juK1ui2wr8AZ0
|
||||||
|
42PCUgZK6CdUI18AsvApUhPsNunF7ZOc5mFMuaEGjjWJvrTG3qyrCY73ySBiGXWo
|
||||||
|
92ZB7FXu2MzgujPBEigByqeF6IV2x0EBHw/VrcxXq6Slgmik6G0SD/48l5mGCxM0
|
||||||
|
Wr91raB9zQlwDbtD3PCbjA6DtkMrRyAq+81g75N6uiztGPCVw9n1HoGOSjN1hAhe
|
||||||
|
SgQQlcXbDLpzfdPFowDEHclFFfUODCIOuF+FgmxlAz5Exr9JkJdozBFqRZ4iF/tf
|
||||||
|
E5sHB0rzeUcY3J6VjTsjULjE4GSg5trsOc8GHUnFn9wwwkf9nR/Mr1RYcX0GkTcy
|
||||||
|
iUskw+AoRz6svOfAWIDJY450wgD0MHZK08IfUUsYTGecoXcvWf/hITtv/Af5MpQA
|
||||||
|
wuGEDltVDeu9EAu65SZlMkkMuQD1h3KOQjUJ6nY4a4M2CQ51ggs/c+vsemxsuYlG
|
||||||
|
vSuhrfXt6HGD3dhsOEeyEvIcjjpP1Ku5mqrPhqXFli1swfohhYGGVO+fM7G3l7wF
|
||||||
|
kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
|
||||||
|
5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
|
||||||
|
IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
|
||||||
|
1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
|
||||||
|
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg==
|
||||||
|
=I8Dr
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -1,326 +1,229 @@
|
|||||||
|
* Tue Jul 09 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-2
|
||||||
|
- set free'd data to NULL (#2295428)
|
||||||
|
|
||||||
%global with_ruby 1
|
* Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
|
||||||
|
- SELinux userspace 3.7 release
|
||||||
|
|
||||||
%if 0%{?with_ruby}
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.6-6
|
||||||
%global ruby_inc %(pkg-config --cflags ruby)
|
- Bump release for June 2024 mass rebuild
|
||||||
%endif
|
|
||||||
|
|
||||||
%define libsepolver 2.9-1
|
* Mon Apr 01 2024 Christoph Erhardt <fedora@sicherha.de> - 3.6-5
|
||||||
%define libselinuxrelease 8
|
- Drop unused `xz-devel` build dependency
|
||||||
|
|
||||||
Summary: SELinux library and simple utilities
|
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-4
|
||||||
Name: libselinux
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
Version: 2.9
|
|
||||||
Release: %{libselinuxrelease}%{?dist}
|
|
||||||
License: Public Domain
|
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/libselinux-2.9.tar.gz
|
|
||||||
Source1: selinuxconlist.8
|
|
||||||
Source2: selinuxdefcon.8
|
|
||||||
Url: https://github.com/SELinuxProject/selinux/wiki
|
|
||||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
|
||||||
Patch0001: 0001-Fix-selinux-man-page-to-refer-seinfo-and-sesearch-to.patch
|
|
||||||
Patch0002: 0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch
|
|
||||||
Patch0003: 0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch
|
|
||||||
Patch0004: 0004-Bring-some-old-permission-and-flask-constants-back-t.patch
|
|
||||||
Patch0005: 0005-libselinux-add-missing-av_permission-values.patch
|
|
||||||
Patch0006: 0006-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
|
|
||||||
Patch0007: 0007-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch
|
|
||||||
Patch0008: 0008-Fix-mcstrans-secolor-examples.patch
|
|
||||||
Patch0009: 0009-libselinux-Eliminate-use-of-security_compute_user.patch
|
|
||||||
Patch0010: 0010-libselinux-deprecate-security_compute_user-update-ma.patch
|
|
||||||
Patch0011: 0011-selinux-8-5-Describe-fcontext-regular-expressions.patch
|
|
||||||
Patch0012: 0012-libselinux-Strip-spaces-before-values-in-config.patch
|
|
||||||
Patch0013: 0013-libselinux-Ignore-missing-directories-when-i-is-used.patch
|
|
||||||
Patch0014: 0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch
|
|
||||||
|
|
||||||
BuildRequires: gcc
|
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-3
|
||||||
%if 0%{?with_ruby}
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
|
|
||||||
%else
|
|
||||||
BuildRequires: libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
|
|
||||||
%endif
|
|
||||||
BuildRequires: python3 python3-devel
|
|
||||||
%if 0%{?with_python2}
|
|
||||||
BuildRequires: python2 python2-devel
|
|
||||||
%endif
|
|
||||||
BuildRequires: systemd
|
|
||||||
Requires: libsepol%{?_isa} >= %{libsepolver} pcre2
|
|
||||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
|
||||||
|
|
||||||
%description
|
* Wed Jan 03 2024 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.6-2
|
||||||
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.3
|
||||||
of utilities with enhanced security functionality designed to add
|
|
||||||
mandatory access controls to Linux. The Security-enhanced Linux
|
|
||||||
kernel contains new architectural components originally developed to
|
|
||||||
improve the security of the Flask operating system. These
|
|
||||||
architectural components provide general support for the enforcement
|
|
||||||
of many kinds of mandatory access control policies, including those
|
|
||||||
based on the concepts of Type Enforcement®, Role-based Access
|
|
||||||
Control, and Multi-level Security.
|
|
||||||
|
|
||||||
libselinux provides an API for SELinux applications to get and set
|
* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
|
||||||
process and file security contexts and to obtain security policy
|
- SELinux userspace 3.6 release
|
||||||
decisions. Required for any applications that use the SELinux API.
|
|
||||||
|
|
||||||
%package utils
|
* Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
|
||||||
Summary: SELinux libselinux utilities
|
- SELinux userspace 3.6-rc2 release
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description utils
|
* Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1
|
||||||
The libselinux-utils package contains the utilities
|
- SELinux userspace 3.6-rc1 release
|
||||||
|
|
||||||
%if 0%{?with_python2}
|
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-5
|
||||||
%package -n libselinux-python
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
%{?python_provide:%python_provide python2-libselinux}
|
|
||||||
Provides: python2-%{name} = %{version}-%{release}
|
|
||||||
Provides: python2-%{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Obsoletes: %{name}-python < %{version}-%{release}
|
|
||||||
Summary: SELinux python bindings for libselinux
|
|
||||||
Requires: %{name}%{?_isa} >= %{version}-%{libselinuxrelease}
|
|
||||||
|
|
||||||
%description -n libselinux-python
|
* Thu Jun 22 2023 Vit Mojzis <vmojzis@redhat.com> - 3.5-4
|
||||||
The libselinux-python package contains the python bindings for developing
|
- Add examples to man pages
|
||||||
SELinux applications.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%package -n python3-libselinux
|
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 3.5-3
|
||||||
Summary: SELinux python 3 bindings for libselinux
|
- Rebuilt for Python 3.12
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
%{?python_provide:%python_provide python3-libselinux}
|
|
||||||
# Remove before F30
|
|
||||||
Provides: %{name}-python3 = %{version}-%{release}
|
|
||||||
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
|
|
||||||
Obsoletes: %{name}-python3 < %{version}-%{release}
|
|
||||||
|
|
||||||
%description -n python3-libselinux
|
* Fri May 26 2023 Miro Hrončok <mhroncok@redhat.com> - 3.5-2
|
||||||
The libselinux-python3 package contains python 3 bindings for developing
|
- Fix build with pip 23.1.2+
|
||||||
SELinux applications.
|
- Fixes: rhbz#2209019
|
||||||
|
|
||||||
%if 0%{?with_ruby}
|
* Fri Feb 24 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
|
||||||
%package ruby
|
- SELinux userspace 3.5 release
|
||||||
Summary: SELinux ruby bindings for libselinux
|
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Provides: ruby(selinux)
|
|
||||||
|
|
||||||
%description ruby
|
* Mon Feb 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
|
||||||
The libselinux-ruby package contains the ruby bindings for developing
|
- SELinux userspace 3.5-rc3 release
|
||||||
SELinux applications.
|
|
||||||
%endif # with_ruby
|
|
||||||
|
|
||||||
%package devel
|
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-0.rc2.1.1
|
||||||
Summary: Header files and libraries used to build SELinux
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: libsepol-devel%{?_isa} >= %{libsepolver}
|
|
||||||
|
|
||||||
%description devel
|
* Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
|
||||||
The libselinux-devel package contains the libraries and header files
|
- SELinux userspace 3.5-rc2 release
|
||||||
needed for developing SELinux applications.
|
|
||||||
|
|
||||||
%package static
|
* Wed Jan 04 2023 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.5-0.rc1.1.1
|
||||||
Summary: Static libraries used to build SELinux
|
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2
|
||||||
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description static
|
* Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
|
||||||
The libselinux-static package contains the static libraries
|
- SELinux userspace 3.5-rc1 release
|
||||||
needed for developing SELinux applications.
|
|
||||||
|
|
||||||
%prep
|
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6
|
||||||
%autosetup -p 2 -n libselinux-%{version}
|
- Rebase on upstream f56a72ac9e86
|
||||||
|
|
||||||
%build
|
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-5
|
||||||
export DISABLE_RPM="n"
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
export USE_PCRE2="y"
|
|
||||||
|
|
||||||
%set_build_flags
|
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.4-4
|
||||||
|
- Rebuilt for Python 3.11
|
||||||
|
|
||||||
# To support building the Python wrapper against multiple Python runtimes
|
* Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
|
||||||
# Define a function, for how to perform a "build" of the python wrapper against
|
- Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
|
||||||
# a specific runtime:
|
|
||||||
BuildPythonWrapper() {
|
|
||||||
BinaryName=$1
|
|
||||||
|
|
||||||
# Perform the build from the upstream Makefile:
|
* Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
|
||||||
make \
|
- rebuilt
|
||||||
PYTHON=$BinaryName \
|
|
||||||
LIBDIR="%{_libdir}" %{?_smp_mflags} \
|
|
||||||
pywrap
|
|
||||||
}
|
|
||||||
|
|
||||||
make clean
|
* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
|
||||||
make LIBDIR="%{_libdir}" %{?_smp_mflags} swigify
|
- SELinux userspace 3.4 release
|
||||||
make LIBDIR="%{_libdir}" %{?_smp_mflags} all
|
|
||||||
|
|
||||||
%if 0%{?with_python2}
|
* Tue May 10 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc3.1
|
||||||
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
|
- SELinux userspace 3.4-rc3 release
|
||||||
BuildPythonWrapper %{__python2}
|
|
||||||
%endif
|
|
||||||
BuildPythonWrapper %{__python3}
|
|
||||||
|
|
||||||
%if 0%{?with_ruby}
|
* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
|
||||||
make RUBYINC="%{ruby_inc}" SHLIBDIR="%{_libdir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" %{?_smp_mflags} rubywrap
|
- SELinux userspace 3.4-rc2 release
|
||||||
%endif
|
|
||||||
|
|
||||||
%install
|
* Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
|
||||||
InstallPythonWrapper() {
|
- SELinux userspace 3.4-rc1 release
|
||||||
BinaryName=$1
|
|
||||||
|
|
||||||
make \
|
* Thu Jan 27 2022 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.3-4
|
||||||
PYTHON=$BinaryName \
|
- F-36: rebuild against ruby31
|
||||||
LIBDIR="%{_libdir}" %{?_smp_mflags} \
|
|
||||||
LIBSEPOLA="%{_libdir}/libsepol.a" \
|
|
||||||
pywrap
|
|
||||||
|
|
||||||
make \
|
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
|
||||||
PYTHON=$BinaryName \
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||||
DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" \
|
|
||||||
SHLIBDIR="%{_lib}" BINDIR="%{_bindir}" \
|
|
||||||
SBINDIR="%{_sbindir}" \
|
|
||||||
LIBSEPOLA="%{_libdir}/libsepol.a" \
|
|
||||||
install-pywrap
|
|
||||||
}
|
|
||||||
|
|
||||||
rm -rf %{buildroot}
|
* Mon Nov 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
|
||||||
mkdir -p %{buildroot}%{_tmpfilesdir}
|
- Introduce selinux_restorecon_parallel(3)
|
||||||
mkdir -p %{buildroot}%{_libdir}
|
|
||||||
mkdir -p %{buildroot}%{_includedir}
|
|
||||||
mkdir -p %{buildroot}%{_sbindir}
|
|
||||||
install -d -m 0755 %{buildroot}%{_rundir}/setrans
|
|
||||||
echo "d %{_rundir}/setrans 0755 root root" > %{buildroot}%{_tmpfilesdir}/libselinux.conf
|
|
||||||
|
|
||||||
%if 0%{?with_python2}
|
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
|
||||||
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
|
- SELinux userspace 3.3 release
|
||||||
InstallPythonWrapper %{__python2}
|
|
||||||
mv %{buildroot}%{python2_sitearch}/selinux/_selinux.so %{buildroot}%{python2_sitearch}/
|
|
||||||
%endif
|
|
||||||
InstallPythonWrapper %{__python3}
|
|
||||||
mv %{buildroot}%{python3_sitearch}/selinux/_selinux.*.so %{buildroot}%{python3_sitearch}/
|
|
||||||
|
|
||||||
%if 0%{?with_ruby}
|
* Fri Oct 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
|
||||||
make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" RUBYINSTALL=%{ruby_vendorarchdir} install install-rubywrap
|
- SELinux userspace 3.3-rc3 release
|
||||||
%else
|
|
||||||
make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" install
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Nuke the files we don't want to distribute
|
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
|
||||||
rm -f %{buildroot}%{_sbindir}/compute_*
|
- SELinux userspace 3.3-rc2 release
|
||||||
rm -f %{buildroot}%{_sbindir}/deftype
|
|
||||||
rm -f %{buildroot}%{_sbindir}/execcon
|
|
||||||
rm -f %{buildroot}%{_sbindir}/getenforcemode
|
|
||||||
rm -f %{buildroot}%{_sbindir}/getfilecon
|
|
||||||
rm -f %{buildroot}%{_sbindir}/getpidcon
|
|
||||||
rm -f %{buildroot}%{_sbindir}/mkdircon
|
|
||||||
rm -f %{buildroot}%{_sbindir}/policyvers
|
|
||||||
rm -f %{buildroot}%{_sbindir}/setfilecon
|
|
||||||
rm -f %{buildroot}%{_sbindir}/selinuxconfig
|
|
||||||
rm -f %{buildroot}%{_sbindir}/selinuxdisable
|
|
||||||
rm -f %{buildroot}%{_sbindir}/getseuser
|
|
||||||
rm -f %{buildroot}%{_sbindir}/togglesebool
|
|
||||||
rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
|
|
||||||
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
|
|
||||||
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
|
|
||||||
install -d %{buildroot}%{_mandir}/man8/
|
|
||||||
install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/
|
|
||||||
install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
|
||||||
rm -f %{buildroot}%{_mandir}/man8/togglesebool*
|
|
||||||
|
|
||||||
%ldconfig_scriptlets
|
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
|
||||||
|
- Rebase on upstream commit 32611aea6543
|
||||||
|
|
||||||
%files
|
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-3
|
||||||
%license LICENSE
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
%{_libdir}/libselinux.so.*
|
|
||||||
%dir %{_rundir}/setrans/
|
|
||||||
%{_tmpfilesdir}/libselinux.conf
|
|
||||||
|
|
||||||
%files utils
|
* Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 3.2-2
|
||||||
%{_sbindir}/avcstat
|
- Rebuilt for Python 3.10
|
||||||
%{_sbindir}/getenforce
|
|
||||||
%{_sbindir}/getsebool
|
|
||||||
%{_sbindir}/matchpathcon
|
|
||||||
%{_sbindir}/sefcontext_compile
|
|
||||||
%{_sbindir}/selinuxconlist
|
|
||||||
%{_sbindir}/selinuxdefcon
|
|
||||||
%{_sbindir}/selinuxexeccon
|
|
||||||
%{_sbindir}/selinuxenabled
|
|
||||||
%{_sbindir}/setenforce
|
|
||||||
%{_sbindir}/selabel_digest
|
|
||||||
%{_sbindir}/selabel_lookup
|
|
||||||
%{_sbindir}/selabel_lookup_best_match
|
|
||||||
%{_sbindir}/selabel_partial_match
|
|
||||||
%{_sbindir}/selinux_check_access
|
|
||||||
%{_mandir}/man5/*
|
|
||||||
%{_mandir}/man8/*
|
|
||||||
%{_mandir}/ru/man5/*
|
|
||||||
%{_mandir}/ru/man8/*
|
|
||||||
|
|
||||||
%files devel
|
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
|
||||||
%{_libdir}/libselinux.so
|
- SELinux userspace 3.2 release
|
||||||
%{_libdir}/pkgconfig/libselinux.pc
|
|
||||||
%{_includedir}/selinux/
|
|
||||||
%{_mandir}/man3/*
|
|
||||||
|
|
||||||
%files static
|
* Fri Feb 5 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1
|
||||||
%{_libdir}/libselinux.a
|
- SELinux userspace 3.2-rc2 release
|
||||||
|
|
||||||
%if 0%{?with_python2}
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1
|
||||||
%files -n libselinux-python
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
%{python2_sitearch}/selinux/
|
|
||||||
%{python2_sitearch}/_selinux.so
|
|
||||||
%{python2_sitearch}/selinux-%{version}-*
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%files -n python3-libselinux
|
* Wed Jan 20 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1
|
||||||
%{python3_sitearch}/selinux/
|
- SELinux userspace 3.2-rc1 release
|
||||||
%{python3_sitearch}/_selinux.*.so
|
|
||||||
%{python3_sitearch}/selinux-%{version}-*
|
|
||||||
|
|
||||||
%if 0%{?with_ruby}
|
* Thu Jan 07 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.1-6
|
||||||
%files ruby
|
- F-34: rebuild against ruby 3.0
|
||||||
%{ruby_vendorarchdir}/selinux.so
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%changelog
|
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
|
||||||
* Wed Dec 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-8
|
- selinux(8): explain that runtime disable is deprecated
|
||||||
- restorecon: Fix memory leak - xattr_value (#2137965)
|
|
||||||
|
|
||||||
* Tue Dec 06 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-7
|
* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-4
|
||||||
- Restorecon: Ignore missing directories when -i is used (#2137965)
|
- Use libsepol.so.2
|
||||||
|
- Convert matchpathcon to selabel_lookup()
|
||||||
|
- Change userspace AVC setenforce and policy load messages to audit
|
||||||
|
format
|
||||||
|
- Remove trailing slash on selabel_file lookups
|
||||||
|
- Use kernel status page by default
|
||||||
|
|
||||||
* Thu Jul 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-6
|
* Wed Sep 02 2020 Jeff Law <law@redhat.com> - 3.1-3
|
||||||
- Describe fcontext regular expressions (#1904059)
|
- Re-enable LTO
|
||||||
- Strip spaces before values in config (#2012145)
|
|
||||||
|
|
||||||
* Tue Oct 20 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-5
|
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
|
||||||
- Deprecate security_compute_user(), update man pages (#1879368)
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
- Use -fno-semantic-interposition and more make macros
|
||||||
|
|
||||||
* Thu Sep 24 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-4
|
* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
|
||||||
- Eliminate use of security_compute_user() (#1879368)
|
- SELinux userspace 3.1 release
|
||||||
|
|
||||||
* Fri Nov 08 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
|
* Wed Jul 1 2020 Jeff Law <law@redhat.com> - 3.0-6
|
||||||
- Fix mcstrans secolor examples in secolor.conf man page (#1770270)
|
- Disable LTO
|
||||||
|
|
||||||
* Mon Jun 24 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2.1
|
* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-5
|
||||||
- Use Python distutils to install SELinux python bindings (#1719771)
|
- Rebuilt for Python 3.9
|
||||||
- Move sefcontext_compile to -utils package (#1612518)
|
|
||||||
|
* Thu Mar 5 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-4
|
||||||
|
- Eliminate use of security_compute_user()
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 18 2020 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.0-2
|
||||||
|
- F-32: rebuild against ruby27
|
||||||
|
|
||||||
|
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
|
||||||
|
- SELinux userspace 3.0 release
|
||||||
|
|
||||||
|
* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.r1.1
|
||||||
|
- SELinux userspace 3.0-rc1 release candidate
|
||||||
|
|
||||||
|
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-7
|
||||||
|
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||||
|
|
||||||
|
* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-6
|
||||||
|
- Rebuilt for Python 3.8
|
||||||
|
|
||||||
|
* Mon Aug 12 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-5
|
||||||
|
- Drop python2-libselinux (#1739646)
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 28 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
|
||||||
|
- Use standard build flags for Python bindings
|
||||||
|
|
||||||
|
* Fri May 24 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2
|
||||||
|
- Use Python distutils to install SELinux python bindings
|
||||||
|
|
||||||
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
||||||
- SELinux userspace 2.9 release
|
- SELinux userspace 2.9 release
|
||||||
|
|
||||||
* Tue Nov 6 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-6
|
* Wed Mar 6 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
|
||||||
|
- SELinux userspace 2.9-rc2 release
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
|
||||||
|
- SELinux userspace 2.9-rc1 release
|
||||||
|
|
||||||
|
* Tue Jan 22 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.8-8
|
||||||
|
- F-30: again rebuild against ruby26
|
||||||
|
|
||||||
|
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
|
||||||
|
- selinux_restorecon: Skip customized files also without -v
|
||||||
|
- Do not dereference symlink with statfs in selinux_restorecon
|
||||||
|
|
||||||
|
* Mon Jan 21 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.8-6
|
||||||
|
- F-30: rebuild against ruby26
|
||||||
|
|
||||||
|
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
|
||||||
- Fix RESOURCE_LEAK coverity scan defects
|
- Fix RESOURCE_LEAK coverity scan defects
|
||||||
|
|
||||||
* Mon Oct 15 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
|
* Tue Sep 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
|
||||||
- selinux_restorecon: Skip customized files also without -v
|
- Fix the whatis line for the selinux_boolean_sub.3 manpage
|
||||||
- man pages fixes
|
- Fix line wrapping in selabel_file.5
|
||||||
|
- Fix spelling errors in manpages
|
||||||
|
|
||||||
* Mon Oct 1 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-3
|
||||||
- Build libselinux-python when %with_python2 macro is set to non-zero value
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Fri Jun 22 2018 Petr Lautrbach <plautrba@workstation> - 2.8-3
|
* Fri Jun 15 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8-2
|
||||||
- Build libselinux-ruby (#1581322)
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
* Thu Jun 7 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-2
|
|
||||||
- Don't build the Python 2 subpackage (#1567358)
|
|
||||||
|
|
||||||
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
|
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
|
||||||
- SELinux userspace 2.8 release
|
- SELinux userspace 2.8 release
|
||||||
@ -334,9 +237,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
|
|||||||
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
|
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
|
||||||
- SELinux userspace 2.8-rc1 release candidate
|
- SELinux userspace 2.8-rc1 release candidate
|
||||||
|
|
||||||
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-14
|
|
||||||
- Do not build libselinux-ruby
|
|
||||||
|
|
||||||
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-13
|
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-13
|
||||||
- build: Replace PYSITEDIR with PYTHONLIBDIR
|
- build: Replace PYSITEDIR with PYTHONLIBDIR
|
||||||
|
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-10
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
228
libselinux.spec
Normal file
228
libselinux.spec
Normal file
@ -0,0 +1,228 @@
|
|||||||
|
%define ruby_inc %(pkg-config --cflags ruby)
|
||||||
|
%define libsepolver 3.7-1
|
||||||
|
|
||||||
|
Summary: SELinux library and simple utilities
|
||||||
|
Name: libselinux
|
||||||
|
Version: 3.7
|
||||||
|
Release: 3%{?dist}
|
||||||
|
License: LicenseRef-Fedora-Public-Domain
|
||||||
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz
|
||||||
|
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc
|
||||||
|
Source2: https://github.com/bachradsusi.gpg
|
||||||
|
Source3: selinuxconlist.8
|
||||||
|
Source4: selinuxdefcon.8
|
||||||
|
|
||||||
|
Url: https://github.com/SELinuxProject/selinux/wiki
|
||||||
|
# $ git clone https://github.com/fedora-selinux/selinux.git
|
||||||
|
# $ cd selinux
|
||||||
|
# $ git format-patch -N 3.7 -- libselinux
|
||||||
|
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||||
|
# Patch list start
|
||||||
|
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
|
||||||
|
Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch
|
||||||
|
Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch
|
||||||
|
Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
|
||||||
|
# Patch list end
|
||||||
|
BuildRequires: gcc make
|
||||||
|
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
|
||||||
|
BuildRequires: python3 python3-devel python3-setuptools python3-wheel python3-pip
|
||||||
|
BuildRequires: systemd
|
||||||
|
BuildRequires: gnupg2
|
||||||
|
Requires: libsepol%{?_isa} >= %{libsepolver} pcre2
|
||||||
|
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||||
|
|
||||||
|
%description
|
||||||
|
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
||||||
|
of utilities with enhanced security functionality designed to add
|
||||||
|
mandatory access controls to Linux. The Security-enhanced Linux
|
||||||
|
kernel contains new architectural components originally developed to
|
||||||
|
improve the security of the Flask operating system. These
|
||||||
|
architectural components provide general support for the enforcement
|
||||||
|
of many kinds of mandatory access control policies, including those
|
||||||
|
based on the concepts of Type Enforcement®, Role-based Access
|
||||||
|
Control, and Multi-level Security.
|
||||||
|
|
||||||
|
libselinux provides an API for SELinux applications to get and set
|
||||||
|
process and file security contexts and to obtain security policy
|
||||||
|
decisions. Required for any applications that use the SELinux API.
|
||||||
|
|
||||||
|
%package utils
|
||||||
|
Summary: SELinux libselinux utilities
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description utils
|
||||||
|
The libselinux-utils package contains the utilities
|
||||||
|
|
||||||
|
%package -n python3-libselinux
|
||||||
|
Summary: SELinux python 3 bindings for libselinux
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
%{?python_provide:%python_provide python3-libselinux}
|
||||||
|
# Remove before F30
|
||||||
|
Provides: %{name}-python3 = %{version}-%{release}
|
||||||
|
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
|
||||||
|
Obsoletes: %{name}-python3 < %{version}-%{release}
|
||||||
|
|
||||||
|
%description -n python3-libselinux
|
||||||
|
The libselinux-python3 package contains python 3 bindings for developing
|
||||||
|
SELinux applications.
|
||||||
|
|
||||||
|
%package ruby
|
||||||
|
Summary: SELinux ruby bindings for libselinux
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
Provides: ruby(selinux)
|
||||||
|
|
||||||
|
%description ruby
|
||||||
|
The libselinux-ruby package contains the ruby bindings for developing
|
||||||
|
SELinux applications.
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Header files and libraries used to build SELinux
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: libsepol-devel%{?_isa} >= %{libsepolver}
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
The libselinux-devel package contains the libraries and header files
|
||||||
|
needed for developing SELinux applications.
|
||||||
|
|
||||||
|
%package static
|
||||||
|
Summary: Static libraries used to build SELinux
|
||||||
|
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description static
|
||||||
|
The libselinux-static package contains the static libraries
|
||||||
|
needed for developing SELinux applications.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||||
|
%autosetup -p 2 -n libselinux-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
export DISABLE_RPM="y"
|
||||||
|
export USE_PCRE2="y"
|
||||||
|
|
||||||
|
%set_build_flags
|
||||||
|
CFLAGS="$CFLAGS -fno-semantic-interposition"
|
||||||
|
|
||||||
|
# To support building the Python wrapper against multiple Python runtimes
|
||||||
|
# Define a function, for how to perform a "build" of the python wrapper against
|
||||||
|
# a specific runtime:
|
||||||
|
BuildPythonWrapper() {
|
||||||
|
BinaryName=$1
|
||||||
|
|
||||||
|
# Perform the build from the upstream Makefile:
|
||||||
|
%make_build \
|
||||||
|
PYTHON=$BinaryName \
|
||||||
|
LIBDIR="%{_libdir}" \
|
||||||
|
pywrap
|
||||||
|
}
|
||||||
|
|
||||||
|
%make_build LIBDIR="%{_libdir}" swigify
|
||||||
|
%make_build LIBDIR="%{_libdir}" all
|
||||||
|
|
||||||
|
BuildPythonWrapper %{__python3}
|
||||||
|
|
||||||
|
%make_build RUBYINC="%{ruby_inc}" SHLIBDIR="%{_libdir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" rubywrap
|
||||||
|
|
||||||
|
%install
|
||||||
|
InstallPythonWrapper() {
|
||||||
|
BinaryName=$1
|
||||||
|
|
||||||
|
make \
|
||||||
|
PYTHON=$BinaryName \
|
||||||
|
DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" \
|
||||||
|
SHLIBDIR="%{_lib}" BINDIR="%{_bindir}" \
|
||||||
|
SBINDIR="%{_sbindir}" \
|
||||||
|
LIBSEPOLA="%{_libdir}/libsepol.a" \
|
||||||
|
install-pywrap
|
||||||
|
}
|
||||||
|
|
||||||
|
rm -rf %{buildroot}
|
||||||
|
mkdir -p %{buildroot}%{_tmpfilesdir}
|
||||||
|
mkdir -p %{buildroot}%{_libdir}
|
||||||
|
mkdir -p %{buildroot}%{_includedir}
|
||||||
|
mkdir -p %{buildroot}%{_sbindir}
|
||||||
|
install -d -m 0755 %{buildroot}%{_rundir}/setrans
|
||||||
|
echo "d %{_rundir}/setrans 0755 root root" > %{buildroot}%{_tmpfilesdir}/libselinux.conf
|
||||||
|
|
||||||
|
InstallPythonWrapper %{__python3}
|
||||||
|
|
||||||
|
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}"
|
||||||
|
make DESTDIR="%{buildroot}" RUBYINSTALL=%{ruby_vendorarchdir} install-rubywrap
|
||||||
|
|
||||||
|
# Nuke the files we don't want to distribute
|
||||||
|
rm -f %{buildroot}%{_sbindir}/compute_*
|
||||||
|
rm -f %{buildroot}%{_sbindir}/deftype
|
||||||
|
rm -f %{buildroot}%{_sbindir}/execcon
|
||||||
|
rm -f %{buildroot}%{_sbindir}/getenforcemode
|
||||||
|
rm -f %{buildroot}%{_sbindir}/getfilecon
|
||||||
|
rm -f %{buildroot}%{_sbindir}/getpidcon
|
||||||
|
rm -f %{buildroot}%{_sbindir}/mkdircon
|
||||||
|
rm -f %{buildroot}%{_sbindir}/policyvers
|
||||||
|
rm -f %{buildroot}%{_sbindir}/setfilecon
|
||||||
|
rm -f %{buildroot}%{_sbindir}/selinuxconfig
|
||||||
|
rm -f %{buildroot}%{_sbindir}/selinuxdisable
|
||||||
|
rm -f %{buildroot}%{_sbindir}/getseuser
|
||||||
|
rm -f %{buildroot}%{_sbindir}/togglesebool
|
||||||
|
rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
|
||||||
|
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
|
||||||
|
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
|
||||||
|
install -d %{buildroot}%{_mandir}/man8/
|
||||||
|
install -m 644 %{SOURCE3} %{buildroot}%{_mandir}/man8/
|
||||||
|
install -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man8/
|
||||||
|
rm -f %{buildroot}%{_mandir}/man8/togglesebool*
|
||||||
|
|
||||||
|
%ldconfig_scriptlets
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%{_libdir}/libselinux.so.*
|
||||||
|
%dir %{_rundir}/setrans/
|
||||||
|
%{_tmpfilesdir}/libselinux.conf
|
||||||
|
|
||||||
|
%files utils
|
||||||
|
%{_sbindir}/avcstat
|
||||||
|
%{_sbindir}/getenforce
|
||||||
|
%{_sbindir}/getpidprevcon
|
||||||
|
%{_sbindir}/getpolicyload
|
||||||
|
%{_sbindir}/getsebool
|
||||||
|
%{_sbindir}/matchpathcon
|
||||||
|
%{_sbindir}/sefcontext_compile
|
||||||
|
%{_sbindir}/selinuxconlist
|
||||||
|
%{_sbindir}/selinuxdefcon
|
||||||
|
%{_sbindir}/selinuxexeccon
|
||||||
|
%{_sbindir}/selinuxenabled
|
||||||
|
%{_sbindir}/setenforce
|
||||||
|
%{_sbindir}/selabel_digest
|
||||||
|
%{_sbindir}/selabel_lookup
|
||||||
|
%{_sbindir}/selabel_lookup_best_match
|
||||||
|
%{_sbindir}/selabel_partial_match
|
||||||
|
%{_sbindir}/selinux_check_access
|
||||||
|
%{_sbindir}/selabel_get_digests_all_partial_matches
|
||||||
|
%{_sbindir}/validatetrans
|
||||||
|
%{_mandir}/man5/*
|
||||||
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%{_libdir}/libselinux.so
|
||||||
|
%{_libdir}/pkgconfig/libselinux.pc
|
||||||
|
%{_includedir}/selinux/
|
||||||
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
|
%files static
|
||||||
|
%{_libdir}/libselinux.a
|
||||||
|
|
||||||
|
%files -n python3-libselinux
|
||||||
|
%{python3_sitearch}/selinux/
|
||||||
|
%{python3_sitearch}/selinux-%{version}*
|
||||||
|
%{python3_sitearch}/_selinux*
|
||||||
|
|
||||||
|
%files ruby
|
||||||
|
%{ruby_vendorarchdir}/selinux.so
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Fri Aug 09 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-3
|
||||||
|
- restorecon: Include <selinux/label.h> (RHEL-53852)
|
||||||
|
- Fix integer comparison issues when compiling for 32-bit
|
||||||
|
|
||||||
|
%autochangelog
|
7
plans/selinux.fmf
Normal file
7
plans/selinux.fmf
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
summary: selinux tests - Tier 1 | libselinux
|
||||||
|
discover:
|
||||||
|
how: fmf
|
||||||
|
url: https://src.fedoraproject.org/tests/selinux
|
||||||
|
filter: "tier: 1 | component: libselinux"
|
||||||
|
execute:
|
||||||
|
how: tmt
|
6
rubytest.rb
Normal file
6
rubytest.rb
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
require 'selinux'
|
||||||
|
print "selinux\n"
|
||||||
|
print "Is selinux enabled? " + Selinux.is_selinux_enabled().to_s + "\n"
|
||||||
|
print "Is selinux enforce? " + Selinux.security_getenforce().to_s + "\n"
|
||||||
|
print "Setfscreatecon? " + Selinux.setfscreatecon("system_u:object_r:etc_t:s0").to_s + "\n"
|
||||||
|
print "/etc -> " + Selinux.matchpathcon("/etc", 0)[1] + "\n"
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SHA512 (libselinux-3.7.tar.gz) = e949c20b606c50ad521b9592ce55ad6658e8c4b24d9838028f5aba0a4fc762b6d0d0d0d207f5bef7a2e41485e12d91382fa6090df27152dbb40071b273419352
|
||||||
|
SHA512 (libselinux-3.7.tar.gz.asc) = 5be2fdc0deda62f240276413d1b95a57d467fe989ddb31b34f7743cbd03d69385ac3321af10c97aded119ae5f0a4d8ec5894f8647a45f2902c0e8ff1e96787aa
|
Loading…
Reference in New Issue
Block a user