libsemanage-3.5-0.rc1.1
- SELinux userspace 3.5-rc1 release
This commit is contained in:
parent
bc30cb8b07
commit
8ee3e4d757
1
.gitignore
vendored
1
.gitignore
vendored
@ -156,3 +156,4 @@ libsemanage-2.0.45.tgz
|
|||||||
/libsemanage-3.4-rc2.tar.gz
|
/libsemanage-3.4-rc2.tar.gz
|
||||||
/libsemanage-3.4-rc3.tar.gz
|
/libsemanage-3.4-rc3.tar.gz
|
||||||
/libsemanage-3.4.tar.gz
|
/libsemanage-3.4.tar.gz
|
||||||
|
/libsemanage-3.5-rc1.tar.gz
|
||||||
|
@ -1,60 +0,0 @@
|
|||||||
From bdbe52be1bfbcc8a4614731f791d08ab8fb82ca2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Date: Wed, 8 Jun 2022 19:09:53 +0200
|
|
||||||
Subject: [PATCH] libsemanage: always write kernel policy when
|
|
||||||
check_ext_changes is specified
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
For the use case of rebuilding the policy after package updates, we need
|
|
||||||
the check_ext_changes operation to always do at least the do_write_kernel
|
|
||||||
step, because the various semanage dbs may have also changed content
|
|
||||||
relative to the current binary policy. As this step is itself relatively
|
|
||||||
fast, we can do it unconditionally.
|
|
||||||
|
|
||||||
Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally")
|
|
||||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
||||||
---
|
|
||||||
libsemanage/include/semanage/handle.h | 2 +-
|
|
||||||
libsemanage/src/direct_api.c | 8 +++++---
|
|
||||||
2 files changed, 6 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h
|
|
||||||
index 0157be4fbc46..4cf30815d803 100644
|
|
||||||
--- a/libsemanage/include/semanage/handle.h
|
|
||||||
+++ b/libsemanage/include/semanage/handle.h
|
|
||||||
@@ -67,7 +67,7 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload);
|
|
||||||
extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
|
|
||||||
|
|
||||||
/* set whether to rebuild the policy on commit when potential changes
|
|
||||||
- * to module files since last rebuild are detected,
|
|
||||||
+ * to store files since last rebuild are detected,
|
|
||||||
* 1 for yes (default), 0 for no */
|
|
||||||
extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check);
|
|
||||||
|
|
||||||
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
|
||||||
index 7206483a3ebb..7aa081abb3b7 100644
|
|
||||||
--- a/libsemanage/src/direct_api.c
|
|
||||||
+++ b/libsemanage/src/direct_api.c
|
|
||||||
@@ -1437,13 +1437,15 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
|
||||||
* Determine what else needs to be done.
|
|
||||||
* We need to write the kernel policy if we are rebuilding
|
|
||||||
* or if any other policy component that lives in the kernel
|
|
||||||
- * policy has been modified.
|
|
||||||
+ * policy has been modified. We also want to force it when
|
|
||||||
+ * check_ext_changes was specified as the various dbases may have
|
|
||||||
+ * changes as well.
|
|
||||||
* We need to install the policy files if any of the managed files
|
|
||||||
* that live under /etc/selinux (kernel policy, seusers, file contexts)
|
|
||||||
* will be modified.
|
|
||||||
*/
|
|
||||||
- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
|
|
||||||
- ibendports_modified |
|
|
||||||
+ do_write_kernel = do_rebuild | sh->check_ext_changes |
|
|
||||||
+ ports_modified | ibpkeys_modified | ibendports_modified |
|
|
||||||
bools->dtable->is_modified(bools->dbase) |
|
|
||||||
ifaces->dtable->is_modified(ifaces->dbase) |
|
|
||||||
nodes->dtable->is_modified(nodes->dbase) |
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From 01b5ef48dcc37ff06c5515b90d9da5b02dce820d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Matt Sheets <masheets@linux.microsoft.com>
|
|
||||||
Date: Thu, 22 Sep 2022 11:02:55 -0700
|
|
||||||
Subject: [PATCH] libsemanage: Allow user to set SYSCONFDIR
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
This change will allow a user to set the location of their
|
|
||||||
sysconfdir, defaulted to /etc, if they are installing into
|
|
||||||
nonstandard locations.
|
|
||||||
|
|
||||||
Signed-off-by: Matt Sheets <masheets@linux.microsoft.com>
|
|
||||||
Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
|
|
||||||
---
|
|
||||||
libsemanage/src/Makefile | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
|
|
||||||
index 71c2a1d2513f..01df0181df1e 100644
|
|
||||||
--- a/libsemanage/src/Makefile
|
|
||||||
+++ b/libsemanage/src/Makefile
|
|
||||||
@@ -11,6 +11,7 @@ PKG_CONFIG ?= pkg-config
|
|
||||||
PREFIX ?= /usr
|
|
||||||
LIBDIR ?= $(PREFIX)/lib
|
|
||||||
INCLUDEDIR ?= $(PREFIX)/include
|
|
||||||
+SYSCONFDIR ?= /etc
|
|
||||||
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
|
|
||||||
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
|
|
||||||
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
|
|
||||||
@@ -19,7 +20,7 @@ RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] +
|
|
||||||
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
|
|
||||||
RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
|
|
||||||
|
|
||||||
-DEFAULT_SEMANAGE_CONF_LOCATION=/etc/selinux/semanage.conf
|
|
||||||
+DEFAULT_SEMANAGE_CONF_LOCATION=$(SYSCONFDIR)/selinux/semanage.conf
|
|
||||||
|
|
||||||
ifeq ($(DEBUG),1)
|
|
||||||
export CFLAGS ?= -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From a0a216ff7d86004ddc36d516377f0a6ffe88076c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paul Moore <paul@paul-moore.com>
|
|
||||||
Date: Fri, 30 Sep 2022 17:44:12 -0400
|
|
||||||
Subject: [PATCH] docs: provide a top level LICENSE file
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
Provide a top level LICENSE file explaining how multiple the SELinux
|
|
||||||
userspace is released under multiple different licenses. Also ensure
|
|
||||||
that all the different license files share a consistent file name,
|
|
||||||
LICENSE, to make it easier for people to identify the license files.
|
|
||||||
|
|
||||||
This is to help meet the OpenSSF Best Practices requirements.
|
|
||||||
|
|
||||||
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
||||||
---
|
|
||||||
libsemanage/{COPYING => LICENSE} | 0
|
|
||||||
1 file changed, 0 insertions(+), 0 deletions(-)
|
|
||||||
rename libsemanage/{COPYING => LICENSE} (100%)
|
|
||||||
|
|
||||||
diff --git a/libsemanage/COPYING b/libsemanage/LICENSE
|
|
||||||
similarity index 100%
|
|
||||||
rename from libsemanage/COPYING
|
|
||||||
rename to libsemanage/LICENSE
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
From 33e56c9b2e302ef96f848f741423231df0a9998d Mon Sep 17 00:00:00 2001
|
|
||||||
From: James Carter <jwcart2@gmail.com>
|
|
||||||
Date: Fri, 28 Oct 2022 16:13:51 -0400
|
|
||||||
Subject: [PATCH] libsemanage: Remove dependency on the Python module distutils
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
The distutils package is deprecated and scheduled to be removed in
|
|
||||||
Python 3.12. Use the sysconfig module instead.
|
|
||||||
|
|
||||||
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
||||||
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
libsemanage/src/Makefile | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
|
|
||||||
index 01df0181df1e..589e4a706bfd 100644
|
|
||||||
--- a/libsemanage/src/Makefile
|
|
||||||
+++ b/libsemanage/src/Makefile
|
|
||||||
@@ -14,7 +14,7 @@ INCLUDEDIR ?= $(PREFIX)/include
|
|
||||||
SYSCONFDIR ?= /etc
|
|
||||||
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
|
|
||||||
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
|
|
||||||
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
|
|
||||||
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))")
|
|
||||||
PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])')
|
|
||||||
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
|
|
||||||
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
@ -1,19 +1,15 @@
|
|||||||
%define libsepolver 3.4-4
|
%define libsepolver 3.5-0
|
||||||
%define libselinuxver 3.4-6
|
%define libselinuxver 3.5-0
|
||||||
|
|
||||||
Summary: SELinux binary policy manipulation library
|
Summary: SELinux binary policy manipulation library
|
||||||
Name: libsemanage
|
Name: libsemanage
|
||||||
Version: 3.4
|
Version: 3.5
|
||||||
Release: 6%{?dist}
|
Release: 0.rc1.1%{?dist}
|
||||||
License: LGPL-2.1-or-later
|
License: LGPL-2.1-or-later
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5-rc1/libsemanage-3.5-rc1.tar.gz
|
||||||
# fedora-selinux/selinux: git format-patch -N 3.4 -- libsemanage
|
# fedora-selinux/selinux: git format-patch -N 3.5-rc1 -- libsemanage
|
||||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||||
# Patch list start
|
# Patch list start
|
||||||
Patch0001: 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch
|
|
||||||
Patch0002: 0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch
|
|
||||||
Patch0003: 0003-docs-provide-a-top-level-LICENSE-file.patch
|
|
||||||
Patch0004: 0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch
|
|
||||||
# Patch list end
|
# Patch list end
|
||||||
URL: https://github.com/SELinuxProject/selinux/wiki
|
URL: https://github.com/SELinuxProject/selinux/wiki
|
||||||
Source1: semanage.conf
|
Source1: semanage.conf
|
||||||
@ -79,7 +75,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing
|
|||||||
SELinux management applications.
|
SELinux management applications.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -n libsemanage-%{version} -p 2
|
%autosetup -p 2 -n libsemanage-%{version}-rc1
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -158,6 +154,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
|
|||||||
%{_libexecdir}/selinux/semanage_migrate_store
|
%{_libexecdir}/selinux/semanage_migrate_store
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
|
||||||
|
- SELinux userspace 3.5-rc1 release
|
||||||
|
|
||||||
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6
|
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6
|
||||||
- Rebase on upstream f56a72ac9e86
|
- Rebase on upstream f56a72ac9e86
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (libsemanage-3.4.tar.gz) = 831dc789545bb9a0b009bdb4f7fe52f6197ad8325946640f886a960d08e40b8a69eccd5a70cce51466bb5cb7f742feb78d19a9ec63383fbd03aa451508677e73
|
SHA512 (libsemanage-3.5-rc1.tar.gz) = fae484b36f75702f71c97d7ea1004a5588b838ef6ddee67d06316daa18c898a5bd6ad8094c7d7b8f2b2af331dd586a945a339460cafab3a3900b4cf30fdbe1de
|
||||||
|
Loading…
Reference in New Issue
Block a user