libsemanage-3.5-0.rc1.1

- SELinux userspace 3.5-rc1 release
This commit is contained in:
Petr Lautrbach 2022-12-23 17:12:44 +01:00
parent bc30cb8b07
commit 8ee3e4d757
7 changed files with 12 additions and 169 deletions

1
.gitignore vendored
View File

@ -156,3 +156,4 @@ libsemanage-2.0.45.tgz
/libsemanage-3.4-rc2.tar.gz /libsemanage-3.4-rc2.tar.gz
/libsemanage-3.4-rc3.tar.gz /libsemanage-3.4-rc3.tar.gz
/libsemanage-3.4.tar.gz /libsemanage-3.4.tar.gz
/libsemanage-3.5-rc1.tar.gz

View File

@ -1,60 +0,0 @@
From bdbe52be1bfbcc8a4614731f791d08ab8fb82ca2 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 8 Jun 2022 19:09:53 +0200
Subject: [PATCH] libsemanage: always write kernel policy when
check_ext_changes is specified
Content-type: text/plain
For the use case of rebuilding the policy after package updates, we need
the check_ext_changes operation to always do at least the do_write_kernel
step, because the various semanage dbs may have also changed content
relative to the current binary policy. As this step is itself relatively
fast, we can do it unconditionally.
Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsemanage/include/semanage/handle.h | 2 +-
libsemanage/src/direct_api.c | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h
index 0157be4fbc46..4cf30815d803 100644
--- a/libsemanage/include/semanage/handle.h
+++ b/libsemanage/include/semanage/handle.h
@@ -67,7 +67,7 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload);
extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
/* set whether to rebuild the policy on commit when potential changes
- * to module files since last rebuild are detected,
+ * to store files since last rebuild are detected,
* 1 for yes (default), 0 for no */
extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check);
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 7206483a3ebb..7aa081abb3b7 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1437,13 +1437,15 @@ static int semanage_direct_commit(semanage_handle_t * sh)
* Determine what else needs to be done.
* We need to write the kernel policy if we are rebuilding
* or if any other policy component that lives in the kernel
- * policy has been modified.
+ * policy has been modified. We also want to force it when
+ * check_ext_changes was specified as the various dbases may have
+ * changes as well.
* We need to install the policy files if any of the managed files
* that live under /etc/selinux (kernel policy, seusers, file contexts)
* will be modified.
*/
- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
- ibendports_modified |
+ do_write_kernel = do_rebuild | sh->check_ext_changes |
+ ports_modified | ibpkeys_modified | ibendports_modified |
bools->dtable->is_modified(bools->dbase) |
ifaces->dtable->is_modified(ifaces->dbase) |
nodes->dtable->is_modified(nodes->dbase) |
--
2.38.1

View File

@ -1,40 +0,0 @@
From 01b5ef48dcc37ff06c5515b90d9da5b02dce820d Mon Sep 17 00:00:00 2001
From: Matt Sheets <masheets@linux.microsoft.com>
Date: Thu, 22 Sep 2022 11:02:55 -0700
Subject: [PATCH] libsemanage: Allow user to set SYSCONFDIR
Content-type: text/plain
This change will allow a user to set the location of their
sysconfdir, defaulted to /etc, if they are installing into
nonstandard locations.
Signed-off-by: Matt Sheets <masheets@linux.microsoft.com>
Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
---
libsemanage/src/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index 71c2a1d2513f..01df0181df1e 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -11,6 +11,7 @@ PKG_CONFIG ?= pkg-config
PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
INCLUDEDIR ?= $(PREFIX)/include
+SYSCONFDIR ?= /etc
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
@@ -19,7 +20,7 @@ RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] +
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-DEFAULT_SEMANAGE_CONF_LOCATION=/etc/selinux/semanage.conf
+DEFAULT_SEMANAGE_CONF_LOCATION=$(SYSCONFDIR)/selinux/semanage.conf
ifeq ($(DEBUG),1)
export CFLAGS ?= -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
--
2.38.1

View File

@ -1,26 +0,0 @@
From a0a216ff7d86004ddc36d516377f0a6ffe88076c Mon Sep 17 00:00:00 2001
From: Paul Moore <paul@paul-moore.com>
Date: Fri, 30 Sep 2022 17:44:12 -0400
Subject: [PATCH] docs: provide a top level LICENSE file
Content-type: text/plain
Provide a top level LICENSE file explaining how multiple the SELinux
userspace is released under multiple different licenses. Also ensure
that all the different license files share a consistent file name,
LICENSE, to make it easier for people to identify the license files.
This is to help meet the OpenSSF Best Practices requirements.
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
libsemanage/{COPYING => LICENSE} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename libsemanage/{COPYING => LICENSE} (100%)
diff --git a/libsemanage/COPYING b/libsemanage/LICENSE
similarity index 100%
rename from libsemanage/COPYING
rename to libsemanage/LICENSE
--
2.38.1

View File

@ -1,31 +0,0 @@
From 33e56c9b2e302ef96f848f741423231df0a9998d Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Fri, 28 Oct 2022 16:13:51 -0400
Subject: [PATCH] libsemanage: Remove dependency on the Python module distutils
Content-type: text/plain
The distutils package is deprecated and scheduled to be removed in
Python 3.12. Use the sysconfig module instead.
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/src/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index 01df0181df1e..589e4a706bfd 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -14,7 +14,7 @@ INCLUDEDIR ?= $(PREFIX)/include
SYSCONFDIR ?= /etc
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))")
PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
--
2.38.1

View File

@ -1,19 +1,15 @@
%define libsepolver 3.4-4 %define libsepolver 3.5-0
%define libselinuxver 3.4-6 %define libselinuxver 3.5-0
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsemanage Name: libsemanage
Version: 3.4 Version: 3.5
Release: 6%{?dist} Release: 0.rc1.1%{?dist}
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5-rc1/libsemanage-3.5-rc1.tar.gz
# fedora-selinux/selinux: git format-patch -N 3.4 -- libsemanage # fedora-selinux/selinux: git format-patch -N 3.5-rc1 -- libsemanage
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start # Patch list start
Patch0001: 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch
Patch0002: 0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch
Patch0003: 0003-docs-provide-a-top-level-LICENSE-file.patch
Patch0004: 0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch
# Patch list end # Patch list end
URL: https://github.com/SELinuxProject/selinux/wiki URL: https://github.com/SELinuxProject/selinux/wiki
Source1: semanage.conf Source1: semanage.conf
@ -79,7 +75,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing
SELinux management applications. SELinux management applications.
%prep %prep
%autosetup -n libsemanage-%{version} -p 2 %autosetup -p 2 -n libsemanage-%{version}-rc1
%build %build
@ -158,6 +154,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
%{_libexecdir}/selinux/semanage_migrate_store %{_libexecdir}/selinux/semanage_migrate_store
%changelog %changelog
* Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
- SELinux userspace 3.5-rc1 release
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6 * Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6
- Rebase on upstream f56a72ac9e86 - Rebase on upstream f56a72ac9e86

View File

@ -1 +1 @@
SHA512 (libsemanage-3.4.tar.gz) = 831dc789545bb9a0b009bdb4f7fe52f6197ad8325946640f886a960d08e40b8a69eccd5a70cce51466bb5cb7f742feb78d19a9ec63383fbd03aa451508677e73 SHA512 (libsemanage-3.5-rc1.tar.gz) = fae484b36f75702f71c97d7ea1004a5588b838ef6ddee67d06316daa18c898a5bd6ad8094c7d7b8f2b2af331dd586a945a339460cafab3a3900b4cf30fdbe1de