From 153a29f02aa0489cd320bb76fc08e1d0b519a9f5 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 13 Apr 2015 13:31:52 +0200 Subject: [PATCH 1/6] Update to upstream release 2.4 from https://github.com/bachradsusi/selinux.git branch 2.4 --- libsemanage-rhat.patch | 100 +++++------------------------------------ libsemanage.spec | 25 +++++++---- make-rhat-patches.sh | 28 ++++++++++++ 3 files changed, 56 insertions(+), 97 deletions(-) create mode 100755 make-rhat-patches.sh diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index 5991109..ccb36d4 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -1,89 +1,13 @@ -diff --git a/src/direct_api.c b/src/direct_api.c -index 64dc7d9..5b94725 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - /* Declare some variables */ - int modified = 0, fcontexts_modified, ports_modified, - seusers_modified, users_extra_modified, dontaudit_modified, -- preserve_tunables_modified; -+ preserve_tunables_modified, bools_modified; - dbase_config_t *users = semanage_user_dbase_local(sh); - dbase_config_t *users_base = semanage_user_base_dbase_local(sh); - dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh); -@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh) - users_extra_modified = - users_extra->dtable->is_modified(users_extra->dbase); - ports_modified = ports->dtable->is_modified(ports->dbase); -+ bools_modified = bools->dtable->is_modified(bools->dbase); +diff --git libsemanage-2.4/tests/test_utilities.c libsemanage-2.4/tests/test_utilities.c +index 4d25b07..32cc33c 100644 +--- libsemanage-2.4/tests/test_utilities.c ++++ libsemanage-2.4/tests/test_utilities.c +@@ -45,7 +45,7 @@ void test_slurp_file_filter(void); - modified = sh->modules_modified; - modified |= ports_modified; - modified |= users->dtable->is_modified(users_base->dbase); -- modified |= bools->dtable->is_modified(bools->dbase); - modified |= ifaces->dtable->is_modified(ifaces->dbase); - modified |= nodes->dtable->is_modified(nodes->dbase); - modified |= dontaudit_modified; -@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh) - - /* ==================== Policydb-backed ================ */ - -- /* Create new policy object, then attach to policy databases -- * that work with a policydb */ -+ /* Create new policy object */ - retval = semanage_expand_sandbox(sh, base, &out); - if (retval < 0) - goto cleanup; - - sepol_module_package_free(base); - base = NULL; -+ } else { -+ /* Load already linked policy */ -+ retval = sepol_policydb_create(&out); -+ if (retval < 0) -+ goto cleanup; -+ -+ retval = semanage_read_policydb(sh, out); -+ if (retval < 0) -+ goto cleanup; -+ } - -+ if (sh->do_rebuild || modified || bools_modified) { -+ /* Attach to policy databases that work with a policydb. */ - dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, - out); - dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out); -@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - if (retval < 0) - goto cleanup; - } else { -- retval = sepol_policydb_create(&out); -- if (retval < 0) -- goto cleanup; -- -- retval = semanage_read_policydb(sh, out); -- if (retval < 0) -- goto cleanup; -- -+ /* Changes to non-kernel policy configurations only. */ - if (seusers_modified || users_extra_modified) { - retval = semanage_link_base(sh, &base); - if (retval < 0) -@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - sepol_policydb_free(out); - out = NULL; - -- if (sh->do_rebuild || modified || -+ if (sh->do_rebuild || modified || bools_modified || - seusers_modified || fcontexts_modified || users_extra_modified) { - retval = semanage_install_sandbox(sh); - } -@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - free(mod_filenames[i]); - } - -- if (modified) { -+ if (modified || bools_modified) { - /* Detach from policydb, so it can be freed */ - dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase); - dbase_policydb_detach((dbase_policydb_t *) pports->dbase); + char fname[] = { + 'T', 'E', 'S', 'T', '_', 'T', 'E', 'M', 'P', '_', 'X', 'X', 'X', 'X', +- 'X', 'X' ++ 'X', 'X', '\0' + }; + int fd; + FILE *fptr; diff --git a/libsemanage.spec b/libsemanage.spec index 3dbd9f8..7295b5c 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,21 +1,21 @@ %global with_python3 1 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")} -%define libsepolver 2.1.9-1 -%define libselinuxver 2.1.13-1 +%define libsepolver 2.4-0 +%define libselinuxver 2.4-0 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 2.3 -Release: 6%{?dist} +Version: 2.4 +Release: 0%{?dist}.3 License: LGPLv2+ Group: System Environment/Libraries -Source: libsemanage-%{version}.tgz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/libsemanage-%{version}.tar.gz +# use make-rhat-patches.sh to create following patch from https://github.com/bachradsusi/selinux.git Patch: libsemanage-rhat.patch -URL: http://oss.tresys.com/git/selinux.git +URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel BuildRequires: libsepol-devel >= %{libsepolver} BuildRequires: audit-libs-devel @@ -122,8 +122,9 @@ InstallPythonWrapper() { } rm -rf ${RPM_BUILD_ROOT} -mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} +mkdir -p ${RPM_BUILD_ROOT}%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir} +mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install InstallPythonWrapper \ @@ -148,8 +149,11 @@ rm -rf ${RPM_BUILD_ROOT} %license COPYING %dir %{_sysconfdir}/selinux %config(noreplace) %{_sysconfdir}/selinux/semanage.conf -/%{_libdir}/libsemanage.so.1 +%{_libdir}/libsemanage.so.1 %{_mandir}/man5/* +%dir %{_libexecdir}/selinux +%dir %{_sharedstatedir}/selinux +%{_libexecdir}/selinux/semanage_migrate_store %post -p /sbin/ldconfig @@ -181,6 +185,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog +* Mon Apr 13 2015 Petr Lautrbach 2.4-0.3 +- Update to upstream release 2.4 + * Sun Aug 17 2014 Fedora Release Engineering - 2.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/make-rhat-patches.sh b/make-rhat-patches.sh new file mode 100755 index 0000000..5061340 --- /dev/null +++ b/make-rhat-patches.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +LIBSEMANAGE_VERSION=2.4 +BRANCH=2.4 + +REBASEDIR=`mktemp -d rebase.XXXXXX` +pushd $REBASEDIR + +# git clone git@github.com:fedora-selinux/selinux.git +git clone https://github.com/bachradsusi/selinux.git +pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd + +# prepare libsemanage-rhat.patch +tar xfz ../libsemanage-$LIBSEMANAGE_VERSION.tar.gz +pushd libsemanage-$LIBSEMANAGE_VERSION + +git init; git add .; git commit -m "init" +cp -r ../selinux/libsemanage/* . +git add -A . + +git diff --cached --src-prefix=libsemanage-$LIBSEMANAGE_VERSION/ --dst-prefix=libsemanage-$LIBSEMANAGE_VERSION/ > ../../libsemanage-rhat.patch + +popd + +popd +# echo rm -rf $REBASEDIR + +echo libsemanage-rhat.patch created from https://github.com/fedora-selinux/selinux/commit/$COMMIT From 0df50b80dd7b4385f3955e2abb52afca99222f6b Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 12 May 2015 19:31:02 +0200 Subject: [PATCH 2/6] HEAD https://github.com/fedora-selinux/selinux/commit/2fa9bda56226ca7e66495b7c559d500ca4512afc - semanage_migrate_store: add -r option for migrating inside chroots --- libsemanage-rhat.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index ccb36d4..a18c90b 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -11,3 +11,45 @@ index 4d25b07..32cc33c 100644 }; int fd; FILE *fptr; +diff --git libsemanage-2.4/utils/semanage_migrate_store libsemanage-2.4/utils/semanage_migrate_store +index 03b492e..6584002 100755 +--- libsemanage-2.4/utils/semanage_migrate_store ++++ libsemanage-2.4/utils/semanage_migrate_store +@@ -221,7 +221,7 @@ def rebuild_policy(): + + + def oldroot_path(): +- return "/etc/selinux" ++ return "%s/etc/selinux" % ROOT + + def oldstore_path(store): + return "%s/%s/modules/active" % (oldroot_path(), store) +@@ -233,7 +233,7 @@ def disabledmodules_path(store): + return "%s/disabled" % newmodules_path(store) + + def newroot_path(): +- return PATH ++ return "%s%s" % (ROOT, PATH) + + def newstore_path(store): + return "%s/%s/active" % (newroot_path(), store) +@@ -260,6 +260,8 @@ if __name__ == "__main__": + help="Disable rebuilding policy after migration (default: no)") + parser.add_option("-P", "--path", dest="path", + help="Set path for the policy store (default: /var/lib/selinux)") ++ parser.add_option("-r", "--root", dest="root", ++ help="Set an alternative root for the migration (default: /)") + + (options, args) = parser.parse_args() + +@@ -272,6 +274,10 @@ if __name__ == "__main__": + if PATH is None: + PATH = "/var/lib/selinux" + ++ ROOT = options.root ++ if ROOT is None: ++ ROOT = "" ++ + # List of paths that go in the active 'root' + TOPPATHS = [ + "commit_num", From 98249f57181d8ffaf52299f69923a0dfe0d4d1be Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 12 May 2015 19:32:12 +0200 Subject: [PATCH 3/6] libsemanage-2.4-0.4 --- libsemanage.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libsemanage.spec b/libsemanage.spec index 7295b5c..793482a 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -7,7 +7,7 @@ Summary: SELinux binary policy manipulation library Name: libsemanage Version: 2.4 -Release: 0%{?dist}.3 +Release: 0%{?dist}.4 License: LGPLv2+ Group: System Environment/Libraries Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/libsemanage-%{version}.tar.gz @@ -185,6 +185,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog +* Tue May 12 2015 Petr Lautrbach 2.4-0.4 +- semanage_migrate_store: add -r option for migrating inside chroots + * Mon Apr 13 2015 Petr Lautrbach 2.4-0.3 - Update to upstream release 2.4 From 814c1da59668aa30933377b70882346ab2a28c65 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 16 Jun 2015 16:19:16 +0200 Subject: [PATCH 4/6] add /var/lib/selinux/tmp directory --- libsemanage.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libsemanage.spec b/libsemanage.spec index 793482a..242fbf6 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -125,6 +125,7 @@ rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir} mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux +mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux/tmp make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install InstallPythonWrapper \ @@ -153,6 +154,7 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man5/* %dir %{_libexecdir}/selinux %dir %{_sharedstatedir}/selinux +%dir %{_sharedstatedir}/selinux/tmp %{_libexecdir}/selinux/semanage_migrate_store %post -p /sbin/ldconfig From 7c6e3d711b6bcbc31fecc4a76a5189b831dbd04a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 16 Jun 2015 16:19:45 +0200 Subject: [PATCH 5/6] * Tue Jun 16 2015 Petr Lautrbach 2.4-0.5 - add /var/lib/selinux/tmp directory --- libsemanage.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libsemanage.spec b/libsemanage.spec index 242fbf6..ae09283 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -7,7 +7,7 @@ Summary: SELinux binary policy manipulation library Name: libsemanage Version: 2.4 -Release: 0%{?dist}.4 +Release: 0%{?dist}.5 License: LGPLv2+ Group: System Environment/Libraries Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/libsemanage-%{version}.tar.gz @@ -187,6 +187,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog +* Tue Jun 16 2015 Petr Lautrbach 2.4-0.5 +- add /var/lib/selinux/tmp directory + * Tue May 12 2015 Petr Lautrbach 2.4-0.4 - semanage_migrate_store: add -r option for migrating inside chroots From c1c140a26e2136741918ee78d38f8ba86e1eacde Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 24 Jun 2015 17:59:35 +0200 Subject: [PATCH 6/6] * Wed Jun 24 2015 Petr Lautrbach 2.4-0.6 - Allow to use compressed modules without a compression extension --- libsemanage-rhat.patch | 40 ++++++++++++++++++++++++++++++++++++++++ libsemanage.spec | 5 ++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index a18c90b..74da8e0 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -1,3 +1,43 @@ +diff --git libsemanage-2.4/src/direct_api.c libsemanage-2.4/src/direct_api.c +index b0ed338..ba5f475 100644 +--- libsemanage-2.4/src/direct_api.c ++++ libsemanage-2.4/src/direct_api.c +@@ -1355,7 +1355,7 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + int in_fd = -1; + char *path = NULL; + char *filename; +- char *lang_ext; ++ char *lang_ext = NULL; + char *separator; + + if ((in_fd = open(install_filename, O_RDONLY)) == -1) { +@@ -1387,17 +1387,20 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + goto cleanup; + } + *separator = '\0'; ++ lang_ext = separator + 1; + } + + separator = strrchr(filename, '.'); + if (separator == NULL) { +- ERR(sh, "Module does not have a valid extension."); +- retval = -1; +- goto cleanup; ++ if (lang_ext == NULL) { ++ ERR(sh, "Module does not have a valid extension."); ++ retval = -1; ++ goto cleanup; ++ } ++ } else { ++ *separator = '\0'; ++ lang_ext = separator + 1; + } +- *separator = '\0'; +- +- lang_ext = separator + 1; + + retval = semanage_direct_install(sh, data, data_len, filename, lang_ext); + diff --git libsemanage-2.4/tests/test_utilities.c libsemanage-2.4/tests/test_utilities.c index 4d25b07..32cc33c 100644 --- libsemanage-2.4/tests/test_utilities.c diff --git a/libsemanage.spec b/libsemanage.spec index ae09283..3c39e1a 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -7,7 +7,7 @@ Summary: SELinux binary policy manipulation library Name: libsemanage Version: 2.4 -Release: 0%{?dist}.5 +Release: 0%{?dist}.6 License: LGPLv2+ Group: System Environment/Libraries Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/libsemanage-%{version}.tar.gz @@ -187,6 +187,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog +* Wed Jun 24 2015 Petr Lautrbach 2.4-0.6 +- Allow to use compressed modules without a compression extension + * Tue Jun 16 2015 Petr Lautrbach 2.4-0.5 - add /var/lib/selinux/tmp directory