SELinux userspace 3.6-rc1 release
This commit is contained in:
Petr Lautrbach
parent
92a9a4a1b4
commit
659ff47ca4
1
.gitignore
vendored
1
.gitignore
vendored
@ -160,3 +160,4 @@ libsemanage-2.0.45.tgz
|
||||
/libsemanage-3.5-rc2.tar.gz
|
||||
/libsemanage-3.5-rc3.tar.gz
|
||||
/libsemanage-3.5.tar.gz
|
||||
/libsemanage-3.6-rc1.tar.gz
|
||||
|
||||
@ -1,103 +0,0 @@
|
||||
From a6b472835502d5fc9fc263db07de69527943ac91 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Wed, 8 Mar 2023 10:46:42 +0100
|
||||
Subject: [PATCH] libsemanage: include more parameters in the module checksum
|
||||
Content-type: text/plain
|
||||
|
||||
The check_ext_changes option currently assumes that as long as the
|
||||
module content is unchanged, it is safe to assume that the policy.linked
|
||||
file doesn't need to be rebuilt. However, there are some additional
|
||||
parameters that can affect the content of this policy file, namely:
|
||||
* the disable_dontaudit and preserve_tunables flags
|
||||
* the target_platform and policyvers configuration values
|
||||
|
||||
Include these in the checksum so that the option works correctly when
|
||||
only some of these input values are changed versus the current state.
|
||||
|
||||
Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally")
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
libsemanage/src/direct_api.c | 31 +++++++++++++++++++++++++++++--
|
||||
1 file changed, 29 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
||||
index 7aa081abb3b7..d740070d538e 100644
|
||||
--- a/libsemanage/src/direct_api.c
|
||||
+++ b/libsemanage/src/direct_api.c
|
||||
@@ -863,6 +863,14 @@ static void update_checksum_with_len(Sha256Context *context, size_t s)
|
||||
Sha256Update(context, buffer, 8);
|
||||
}
|
||||
|
||||
+static void update_checksum_with_bool(Sha256Context *context, bool b)
|
||||
+{
|
||||
+ uint8_t byte;
|
||||
+
|
||||
+ byte = b ? UINT8_C(1) : UINT8_C(0);
|
||||
+ Sha256Update(context, &byte, 1);
|
||||
+}
|
||||
+
|
||||
static int semanage_compile_module(semanage_handle_t *sh,
|
||||
semanage_module_info_t *modinfo,
|
||||
Sha256Context *context)
|
||||
@@ -977,13 +985,21 @@ static int modinfo_cmp(const void *a, const void *b)
|
||||
return strcmp(ma->name, mb->name);
|
||||
}
|
||||
|
||||
+struct extra_checksum_params {
|
||||
+ int disable_dontaudit;
|
||||
+ int preserve_tunables;
|
||||
+ int target_platform;
|
||||
+ int policyvers;
|
||||
+};
|
||||
+
|
||||
static int semanage_compile_hll_modules(semanage_handle_t *sh,
|
||||
semanage_module_info_t *modinfos,
|
||||
int num_modinfos,
|
||||
+ const struct extra_checksum_params *extra,
|
||||
char *cil_checksum)
|
||||
{
|
||||
/* to be incremented when checksum input data format changes */
|
||||
- static const size_t CHECKSUM_EPOCH = 1;
|
||||
+ static const size_t CHECKSUM_EPOCH = 2;
|
||||
|
||||
int i, status = 0;
|
||||
char cil_path[PATH_MAX];
|
||||
@@ -1000,6 +1016,10 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh,
|
||||
|
||||
Sha256Initialise(&context);
|
||||
update_checksum_with_len(&context, CHECKSUM_EPOCH);
|
||||
+ update_checksum_with_bool(&context, !!extra->disable_dontaudit);
|
||||
+ update_checksum_with_bool(&context, !!extra->preserve_tunables);
|
||||
+ update_checksum_with_len(&context, (size_t)extra->target_platform);
|
||||
+ update_checksum_with_len(&context, (size_t)extra->policyvers);
|
||||
|
||||
/* prefix with module count to avoid collisions */
|
||||
update_checksum_with_len(&context, num_modinfos);
|
||||
@@ -1134,6 +1154,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
||||
mode_t mask = umask(0077);
|
||||
struct stat sb;
|
||||
char modules_checksum[CHECKSUM_CONTENT_SIZE + 1 /* '\0' */];
|
||||
+ struct extra_checksum_params extra;
|
||||
|
||||
int do_rebuild, do_write_kernel, do_install;
|
||||
int fcontexts_modified, ports_modified, seusers_modified,
|
||||
@@ -1274,8 +1295,14 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ extra = (struct extra_checksum_params){
|
||||
+ .disable_dontaudit = sepol_get_disable_dontaudit(sh->sepolh),
|
||||
+ .preserve_tunables = sepol_get_preserve_tunables(sh->sepolh),
|
||||
+ .target_platform = sh->conf->target_platform,
|
||||
+ .policyvers = sh->conf->policyvers,
|
||||
+ };
|
||||
retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos,
|
||||
- modules_checksum);
|
||||
+ &extra, modules_checksum);
|
||||
if (retval < 0) {
|
||||
ERR(sh, "Failed to compile hll files into cil files.\n");
|
||||
goto cleanup;
|
||||
--
|
||||
2.40.0
|
||||
|
||||
@ -1,16 +1,15 @@
|
||||
%define libsepolver 3.5-1
|
||||
%define libselinuxver 3.5-1
|
||||
%define libsepolver 3.6-0
|
||||
%define libselinuxver 3.6-0
|
||||
|
||||
Summary: SELinux binary policy manipulation library
|
||||
Name: libsemanage
|
||||
Version: 3.5
|
||||
Release: 4%{?dist}
|
||||
Version: 3.6
|
||||
Release: 0.rc1.1%{?dist}
|
||||
License: LGPL-2.1-or-later
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libsemanage-3.5.tar.gz
|
||||
# git format-patch -N 3.5 -- libsemanage
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6-rc1/libsemanage-3.6-rc1.tar.gz
|
||||
# git format-patch -N 3.6-rc1 -- libsemanage
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
# Patch list start
|
||||
Patch0001: 0001-libsemanage-include-more-parameters-in-the-module-ch.patch
|
||||
# Patch list end
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki
|
||||
Source1: semanage.conf
|
||||
@ -76,7 +75,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing
|
||||
SELinux management applications.
|
||||
|
||||
%prep
|
||||
%autosetup -p 2 -n libsemanage-%{version}
|
||||
%autosetup -p 2 -n libsemanage-%{version}-rc1
|
||||
|
||||
|
||||
%build
|
||||
@ -131,7 +130,6 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
|
||||
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
|
||||
%{_libdir}/libsemanage.so.2
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/ru/man5/*
|
||||
%dir %{_libexecdir}/selinux
|
||||
%dir %{_sharedstatedir}/selinux
|
||||
%dir %{_sharedstatedir}/selinux/tmp
|
||||
@ -155,6 +153,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
|
||||
%{_libexecdir}/selinux/semanage_migrate_store
|
||||
|
||||
%changelog
|
||||
* Tue Nov 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1
|
||||
- SELinux userspace 3.6-rc1 release
|
||||
|
||||
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (libsemanage-3.5.tar.gz) = 959fbd0d6bc6849da6caa13dc41c3f8818cbbd29f04b5d2ac7246c4b395b4f370f113a04cc9cfcb52be2afebfa636013ac4ad4011384c58c7ce066a45cae2751
|
||||
SHA512 (libsemanage-3.6-rc1.tar.gz) = c0e70853497454c9e68aeccb45c947868c5dfae3cdfd456977f7ec44de8ff5f9e7f6ac2c6a74fd48a2c18312f4b13834558a52530767cd315c91c569432ecab5
|
||||
|
||||
Loading…
Reference in New Issue
Block a user