Merge branch 'private-master-2.4'

libsemanage-2.4-1

libsemanage-rhat.patch

@@ -1,89 +1,95 @@
-diff --git a/src/direct_api.c b/src/direct_api.c
+diff --git libsemanage-2.4/src/direct_api.c libsemanage-2.4/src/direct_api.c
-index 64dc7d9..5b94725 100644
+index b0ed338..ba5f475 100644
---- a/src/direct_api.c
+--- libsemanage-2.4/src/direct_api.c
-+++ b/src/direct_api.c
++++ libsemanage-2.4/src/direct_api.c
-@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+@@ -1355,7 +1355,7 @@ static int semanage_direct_install_file(semanage_handle_t * sh,
- 	/* Declare some variables */
+ 	int in_fd = -1;
- 	int modified = 0, fcontexts_modified, ports_modified,
+ 	char *path = NULL;
- 	    seusers_modified, users_extra_modified, dontaudit_modified,
+ 	char *filename;
--	    preserve_tunables_modified;
+-	char *lang_ext;
-+	    preserve_tunables_modified, bools_modified;
++	char *lang_ext = NULL;
- 	dbase_config_t *users = semanage_user_dbase_local(sh);
+ 	char *separator;
- 	dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
- 	dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
-@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- 	users_extra_modified =
- 	    users_extra->dtable->is_modified(users_extra->dbase);
- 	ports_modified = ports->dtable->is_modified(ports->dbase);
-+	bools_modified = bools->dtable->is_modified(bools->dbase);
  
- 	modified = sh->modules_modified;
+ 	if ((in_fd = open(install_filename, O_RDONLY)) == -1) {
- 	modified |= ports_modified;
+@@ -1387,17 +1387,20 @@ static int semanage_direct_install_file(semanage_handle_t * sh,
- 	modified |= users->dtable->is_modified(users_base->dbase);
--	modified |= bools->dtable->is_modified(bools->dbase);
- 	modified |= ifaces->dtable->is_modified(ifaces->dbase);
- 	modified |= nodes->dtable->is_modified(nodes->dbase);
- 	modified |= dontaudit_modified;
-@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- 
- 		/* ==================== Policydb-backed ================ */
- 
--		/* Create new policy object, then attach to policy databases
--		 * that work with a policydb */
-+		/* Create new policy object */
- 		retval = semanage_expand_sandbox(sh, base, &out);
- 		if (retval < 0)
  			goto cleanup;
- 	
+ 		}
- 		sepol_module_package_free(base);
+ 		*separator = '\0';
- 		base = NULL;
++		lang_ext = separator + 1;
+ 	}
+ 
+ 	separator = strrchr(filename, '.');
+ 	if (separator == NULL) {
+-		ERR(sh, "Module does not have a valid extension.");
+-		retval = -1;
+-		goto cleanup;
++		if (lang_ext == NULL) {
++			ERR(sh, "Module does not have a valid extension.");
++			retval = -1;
++			goto cleanup;
++		}
 +	} else {
-+		/* Load already linked policy */
++		*separator = '\0';
-+		retval = sepol_policydb_create(&out);
++		lang_ext = separator + 1;
-+		if (retval < 0)
+ 	}
-+			goto cleanup;
+-	*separator = '\0';
-+
-+		retval = semanage_read_policydb(sh, out);
-+		if (retval < 0)
-+			goto cleanup;
-+	}
- 
-+	if (sh->do_rebuild || modified || bools_modified) {
-+		/* Attach to policy databases that work with a policydb. */
- 		dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,
- 				      out);
- 		dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
-@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- 		if (retval < 0)
- 			goto cleanup;
- 	} else {
--		retval = sepol_policydb_create(&out);
--		if (retval < 0)
--			goto cleanup;
 -
--		retval = semanage_read_policydb(sh, out);
+-	lang_ext = separator + 1;
--		if (retval < 0)
--			goto cleanup;
--		
-+		/* Changes to non-kernel policy configurations only. */
- 		if (seusers_modified || users_extra_modified) {
- 			retval = semanage_link_base(sh, &base);
- 			if (retval < 0)
-@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- 	sepol_policydb_free(out);
- 	out = NULL;
  
--	if (sh->do_rebuild || modified || 
+ 	retval = semanage_direct_install(sh, data, data_len, filename, lang_ext);
-+	if (sh->do_rebuild || modified || bools_modified ||
- 	    seusers_modified || fcontexts_modified || users_extra_modified) {
- 		retval = semanage_install_sandbox(sh);
- 	}
-@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- 		free(mod_filenames[i]);
- 	}
  
--	if (modified) {
+diff --git libsemanage-2.4/tests/test_utilities.c libsemanage-2.4/tests/test_utilities.c
-+	if (modified || bools_modified) {
+index 4d25b07..32cc33c 100644
- 		/* Detach from policydb, so it can be freed */
+--- libsemanage-2.4/tests/test_utilities.c
- 		dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
++++ libsemanage-2.4/tests/test_utilities.c
- 		dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
+@@ -45,7 +45,7 @@ void test_slurp_file_filter(void);
+ 
+ char fname[] = {
+ 	'T', 'E', 'S', 'T', '_', 'T', 'E', 'M', 'P', '_', 'X', 'X', 'X', 'X',
+-	'X', 'X'
++	'X', 'X', '\0'
+ };
+ int fd;
+ FILE *fptr;
+diff --git libsemanage-2.4/utils/semanage_migrate_store libsemanage-2.4/utils/semanage_migrate_store
+index 03b492e..6584002 100755
+--- libsemanage-2.4/utils/semanage_migrate_store
++++ libsemanage-2.4/utils/semanage_migrate_store
+@@ -221,7 +221,7 @@ def rebuild_policy():
+ 
+ 
+ def oldroot_path():
+-	return "/etc/selinux"
++	return "%s/etc/selinux" % ROOT
+ 
+ def oldstore_path(store):
+ 	return "%s/%s/modules/active" % (oldroot_path(), store)
+@@ -233,7 +233,7 @@ def disabledmodules_path(store):
+ 	return "%s/disabled" % newmodules_path(store)
+ 
+ def newroot_path():
+-	return PATH
++	return "%s%s" % (ROOT, PATH)
+ 
+ def newstore_path(store):
+ 	return "%s/%s/active" % (newroot_path(), store)
+@@ -260,6 +260,8 @@ if __name__ == "__main__":
+ 			  help="Disable rebuilding policy after migration (default: no)")
+ 	parser.add_option("-P", "--path", dest="path",
+ 			  help="Set path for the policy store (default: /var/lib/selinux)")
++	parser.add_option("-r", "--root", dest="root",
++			  help="Set an alternative root for the migration (default: /)")
+ 
+ 	(options, args) = parser.parse_args()
+ 
+@@ -272,6 +274,10 @@ if __name__ == "__main__":
+ 	if PATH is None:
+ 		PATH = "/var/lib/selinux"
+ 
++	ROOT = options.root
++	if ROOT is None:
++		ROOT = ""
++
+ 	# List of paths that go in the active 'root'
+ 	TOPPATHS = [
+ 		"commit_num",

libsemanage.spec

@@ -1,21 +1,22 @@
 %global with_python3 1
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}
 
-%define libsepolver 2.1.9-1
+%define libsepolver 2.4-1
-%define libselinuxver 2.1.13-1
+%define libselinuxver 2.4-1
 
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
-Version: 2.3
+Version: 2.4
-Release: 7%{?dist}
+Release: 1%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
-Source: libsemanage-%{version}.tgz
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/libsemanage-%{version}.tar.gz
+# use make-rhat-patches.sh to create following patch from https://github.com/bachradsusi/selinux.git
+# HEAD https://github.com/fedora-selinux/selinux/commit/36fd8bb4b36bb1ca3aa10e3226136459e6ed2498
 Patch: libsemanage-rhat.patch
-URL: http://oss.tresys.com/git/selinux.git
+URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
 
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel
 BuildRequires: libsepol-devel >= %{libsepolver} 
 BuildRequires: audit-libs-devel
@@ -122,8 +123,10 @@ InstallPythonWrapper() {
 }
 
 rm -rf ${RPM_BUILD_ROOT}
-mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} 
+mkdir -p ${RPM_BUILD_ROOT}%{_libdir}
 mkdir -p ${RPM_BUILD_ROOT}%{_includedir} 
+mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux
+mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux/tmp
 make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install
 
 InstallPythonWrapper \
@@ -148,8 +151,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %license COPYING
 %dir %{_sysconfdir}/selinux
 %config(noreplace) %{_sysconfdir}/selinux/semanage.conf
-/%{_libdir}/libsemanage.so.1
+%{_libdir}/libsemanage.so.1
 %{_mandir}/man5/*
+%dir %{_libexecdir}/selinux
+%dir %{_sharedstatedir}/selinux
+%dir %{_sharedstatedir}/selinux/tmp
+%{_libexecdir}/selinux/semanage_migrate_store
 
 %post -p /sbin/ldconfig
 
@@ -181,6 +188,18 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif # if with_python3
 
 %changelog
+* Wed Jun 24 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.6
+- Allow to use compressed modules without a compression extension
+
+* Tue Jun 16 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.5
+- add /var/lib/selinux/tmp directory
+
+* Tue May 12 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.4
+- semanage_migrate_store: add -r <root> option for migrating inside chroots
+
+* Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.3
+- Update to upstream release 2.4
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 

make-rhat-patches.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+LIBSEMANAGE_VERSION=2.4
+BRANCH=master
+
+REBASEDIR=`mktemp -d rebase.XXXXXX`
+pushd $REBASEDIR
+
+git clone git@github.com:fedora-selinux/selinux.git
+pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd
+
+# prepare libsemanage-rhat.patch
+tar xfz ../libsemanage-$LIBSEMANAGE_VERSION.tar.gz
+pushd libsemanage-$LIBSEMANAGE_VERSION
+
+git init; git add .; git commit -m "init"
+cp -r ../selinux/libsemanage/* .
+git add -A .
+
+git diff --cached --src-prefix=libsemanage-$LIBSEMANAGE_VERSION/ --dst-prefix=libsemanage-$LIBSEMANAGE_VERSION/ > ../../libsemanage-rhat.patch
+
+popd
+
+popd
+# echo rm -rf $REBASEDIR
+
+echo libsemanage-rhat.patch created from https://github.com/fedora-selinux/selinux/commit/$COMMIT