diff --git a/0005-libsemanage-genhomedircon-check-usepasswd.patch b/0005-libsemanage-genhomedircon-check-usepasswd.patch deleted file mode 100644 index 30ce4ef..0000000 --- a/0005-libsemanage-genhomedircon-check-usepasswd.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 511f8bbf779e10152d5af491e8b6a408b8ad666c Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 30 Oct 2020 17:42:17 +0100 -Subject: [PATCH] libsemanage/genhomedircon: check usepasswd - -Only add user homedir contexts when usepasswd = True - -Resolves: - # grep usepasswd /etc/selinux/semanage.conf - usepasswd=False - # useradd -Z unconfined_u -d /tmp test - # matchpathcon /tmp - /tmp unconfined_u:object_r:user_home_dir_t:s0 - -Signed-off-by: Vit Mojzis ---- - libsemanage/src/genhomedircon.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c -index d08c88de99a7..18d3d99a1254 100644 ---- a/libsemanage/src/genhomedircon.c -+++ b/libsemanage/src/genhomedircon.c -@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) - s->fallback->home = NULL; - } - } -- if (user_context_tpl || username_context_tpl) { -+ if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) { - if (write_username_context(s, out, username_context_tpl, - s->fallback) != STATUS_SUCCESS) { - retval = STATUS_ERR; --- -2.29.2 - diff --git a/libsemanage.spec b/libsemanage.spec index 0e2c27f..4a78aef 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -4,7 +4,7 @@ Summary: SELinux binary policy manipulation library Name: libsemanage Version: 3.1 -Release: 5%{?dist} +Release: 6%{?dist} License: LGPLv2+ Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-3.1.tar.gz # fedora-selinux/selinux: git format-patch -N libsemanage-3.1 -- libsemanage @@ -14,7 +14,6 @@ Patch0001: 0001-libsemanage-Remove-legacy-and-duplicate-symbols.patch Patch0002: 0002-libsemanage-Drop-deprecated-functions.patch Patch0003: 0003-libsemanage-Bump-libsemanage.so-version.patch Patch0004: 0004-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch -Patch0005: 0005-libsemanage-genhomedircon-check-usepasswd.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -159,6 +158,12 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Fri Dec 18 2020 Petr Lautrbach - 3.1-6 +- Drop "genhomedircon: check usepasswd" patch +- genhomedircon to ignore + /root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var by default +- Fix usepasswd=False explanation in semanage.conf + * Fri Nov 20 2020 Petr Lautrbach - 3.1-5 - Drop and obsolete libsemanage-compat - genhomedircon: check usepasswd diff --git a/semanage.conf b/semanage.conf index ca21c5b..406f16f 100644 --- a/semanage.conf +++ b/semanage.conf @@ -42,14 +42,16 @@ module-store = direct expand-check=0 # usepasswd check tells semanage to scan all pass word records for home directories -# and setup the labeling correctly. If this is turned off, SELinux will label /home -# correctly only. You will need to use semanage fcontext command. +# and setup the labeling correctly. If this is turned off, SELinux will label only /home +# and home directories of users with SELinux login mappings defined, see +# semanage login -l for the list of such users. +# If you want to use a different home directory, you will need to use semanage fcontext command. # For example, if you had home dirs in /althome directory you would have to execute # semanage fcontext -a -e /home /althome usepasswd=False bzip-small=true bzip-blocksize=5 -ignoredirs=/root +ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var optimize-policy=true [sefcontext_compile]