diff --git a/.gitignore b/.gitignore index 20ebab4..3c622d7 100644 --- a/.gitignore +++ b/.gitignore @@ -160,3 +160,4 @@ libsemanage-2.0.45.tgz /libsemanage-3.5-rc2.tar.gz /libsemanage-3.5-rc3.tar.gz /libsemanage-3.5.tar.gz +/libsemanage-3.6-rc1.tar.gz diff --git a/0001-libsemanage-include-more-parameters-in-the-module-ch.patch b/0001-libsemanage-include-more-parameters-in-the-module-ch.patch deleted file mode 100644 index 88218d7..0000000 --- a/0001-libsemanage-include-more-parameters-in-the-module-ch.patch +++ /dev/null @@ -1,103 +0,0 @@ -From a6b472835502d5fc9fc263db07de69527943ac91 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 8 Mar 2023 10:46:42 +0100 -Subject: [PATCH] libsemanage: include more parameters in the module checksum -Content-type: text/plain - -The check_ext_changes option currently assumes that as long as the -module content is unchanged, it is safe to assume that the policy.linked -file doesn't need to be rebuilt. However, there are some additional -parameters that can affect the content of this policy file, namely: -* the disable_dontaudit and preserve_tunables flags -* the target_platform and policyvers configuration values - -Include these in the checksum so that the option works correctly when -only some of these input values are changed versus the current state. - -Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally") -Acked-by: Stephen Smalley -Signed-off-by: Ondrej Mosnacek ---- - libsemanage/src/direct_api.c | 31 +++++++++++++++++++++++++++++-- - 1 file changed, 29 insertions(+), 2 deletions(-) - -diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c -index 7aa081abb3b7..d740070d538e 100644 ---- a/libsemanage/src/direct_api.c -+++ b/libsemanage/src/direct_api.c -@@ -863,6 +863,14 @@ static void update_checksum_with_len(Sha256Context *context, size_t s) - Sha256Update(context, buffer, 8); - } - -+static void update_checksum_with_bool(Sha256Context *context, bool b) -+{ -+ uint8_t byte; -+ -+ byte = b ? UINT8_C(1) : UINT8_C(0); -+ Sha256Update(context, &byte, 1); -+} -+ - static int semanage_compile_module(semanage_handle_t *sh, - semanage_module_info_t *modinfo, - Sha256Context *context) -@@ -977,13 +985,21 @@ static int modinfo_cmp(const void *a, const void *b) - return strcmp(ma->name, mb->name); - } - -+struct extra_checksum_params { -+ int disable_dontaudit; -+ int preserve_tunables; -+ int target_platform; -+ int policyvers; -+}; -+ - static int semanage_compile_hll_modules(semanage_handle_t *sh, - semanage_module_info_t *modinfos, - int num_modinfos, -+ const struct extra_checksum_params *extra, - char *cil_checksum) - { - /* to be incremented when checksum input data format changes */ -- static const size_t CHECKSUM_EPOCH = 1; -+ static const size_t CHECKSUM_EPOCH = 2; - - int i, status = 0; - char cil_path[PATH_MAX]; -@@ -1000,6 +1016,10 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, - - Sha256Initialise(&context); - update_checksum_with_len(&context, CHECKSUM_EPOCH); -+ update_checksum_with_bool(&context, !!extra->disable_dontaudit); -+ update_checksum_with_bool(&context, !!extra->preserve_tunables); -+ update_checksum_with_len(&context, (size_t)extra->target_platform); -+ update_checksum_with_len(&context, (size_t)extra->policyvers); - - /* prefix with module count to avoid collisions */ - update_checksum_with_len(&context, num_modinfos); -@@ -1134,6 +1154,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - mode_t mask = umask(0077); - struct stat sb; - char modules_checksum[CHECKSUM_CONTENT_SIZE + 1 /* '\0' */]; -+ struct extra_checksum_params extra; - - int do_rebuild, do_write_kernel, do_install; - int fcontexts_modified, ports_modified, seusers_modified, -@@ -1274,8 +1295,14 @@ static int semanage_direct_commit(semanage_handle_t * sh) - goto cleanup; - } - -+ extra = (struct extra_checksum_params){ -+ .disable_dontaudit = sepol_get_disable_dontaudit(sh->sepolh), -+ .preserve_tunables = sepol_get_preserve_tunables(sh->sepolh), -+ .target_platform = sh->conf->target_platform, -+ .policyvers = sh->conf->policyvers, -+ }; - retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos, -- modules_checksum); -+ &extra, modules_checksum); - if (retval < 0) { - ERR(sh, "Failed to compile hll files into cil files.\n"); - goto cleanup; --- -2.40.0 - diff --git a/libsemanage.spec b/libsemanage.spec index 8029ed0..24ae4bb 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,16 +1,15 @@ -%define libsepolver 3.5-1 -%define libselinuxver 3.5-1 +%define libsepolver 3.6-0 +%define libselinuxver 3.6-0 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 3.5 -Release: 4%{?dist} +Version: 3.6 +Release: 0.rc1.1%{?dist} License: LGPL-2.1-or-later -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libsemanage-3.5.tar.gz -# git format-patch -N 3.5 -- libsemanage +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6-rc1/libsemanage-3.6-rc1.tar.gz +# git format-patch -N 3.6-rc1 -- libsemanage # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start -Patch0001: 0001-libsemanage-include-more-parameters-in-the-module-ch.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -76,7 +75,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing SELinux management applications. %prep -%autosetup -p 2 -n libsemanage-%{version} +%autosetup -p 2 -n libsemanage-%{version}-rc1 %build @@ -131,7 +130,6 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %config(noreplace) %{_sysconfdir}/selinux/semanage.conf %{_libdir}/libsemanage.so.2 %{_mandir}/man5/* -%{_mandir}/ru/man5/* %dir %{_libexecdir}/selinux %dir %{_sharedstatedir}/selinux %dir %{_sharedstatedir}/selinux/tmp @@ -155,6 +153,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Tue Nov 14 2023 Petr Lautrbach - 3.6-0.rc1.1 +- SELinux userspace 3.6-rc1 release + * Thu Jul 20 2023 Fedora Release Engineering - 3.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index 4a76b67..07b7597 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libsemanage-3.5.tar.gz) = 959fbd0d6bc6849da6caa13dc41c3f8818cbbd29f04b5d2ac7246c4b395b4f370f113a04cc9cfcb52be2afebfa636013ac4ad4011384c58c7ce066a45cae2751 +SHA512 (libsemanage-3.6-rc1.tar.gz) = c0e70853497454c9e68aeccb45c947868c5dfae3cdfd456977f7ec44de8ff5f9e7f6ac2c6a74fd48a2c18312f4b13834558a52530767cd315c91c569432ecab5