From 92406dea08dab541764ec9d02104243d56303cfb Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 2 Jan 2023 13:20:27 +0100 Subject: [PATCH] libsemanage-3.5-0.rc1.1 - SELinux userspace 3.5-rc1 release Resolves: rhbz#2145228 --- .gitignore | 1 + ...ys-write-kernel-policy-when-check_ex.patch | 60 ------------------- libsemanage.spec | 22 +++---- sources | 2 +- 4 files changed, 14 insertions(+), 71 deletions(-) delete mode 100644 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch diff --git a/.gitignore b/.gitignore index 9ce7e1d..225a461 100644 --- a/.gitignore +++ b/.gitignore @@ -153,3 +153,4 @@ libsemanage-2.0.45.tgz /libsemanage-3.3-rc3.tar.gz /libsemanage-3.3.tar.gz /libsemanage-3.4.tar.gz +/libsemanage-3.5-rc1.tar.gz diff --git a/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch b/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch deleted file mode 100644 index 2713ca7..0000000 --- a/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 556b2b91aad55680e1b50fd547ff749fa35cc2d2 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 8 Jun 2022 19:09:53 +0200 -Subject: [PATCH] libsemanage: always write kernel policy when - check_ext_changes is specified -Content-type: text/plain - -For the use case of rebuilding the policy after package updates, we need -the check_ext_changes operation to always do at least the do_write_kernel -step, because the various semanage dbs may have also changed content -relative to the current binary policy. As this step is itself relatively -fast, we can do it unconditionally. - -Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally") -Signed-off-by: Ondrej Mosnacek -Acked-by: Nicolas Iooss ---- - libsemanage/include/semanage/handle.h | 2 +- - libsemanage/src/direct_api.c | 8 +++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h -index 0157be4fbc46..4cf30815d803 100644 ---- a/libsemanage/include/semanage/handle.h -+++ b/libsemanage/include/semanage/handle.h -@@ -67,7 +67,7 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload); - extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); - - /* set whether to rebuild the policy on commit when potential changes -- * to module files since last rebuild are detected, -+ * to store files since last rebuild are detected, - * 1 for yes (default), 0 for no */ - extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); - -diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c -index 7206483a3ebb..7aa081abb3b7 100644 ---- a/libsemanage/src/direct_api.c -+++ b/libsemanage/src/direct_api.c -@@ -1437,13 +1437,15 @@ static int semanage_direct_commit(semanage_handle_t * sh) - * Determine what else needs to be done. - * We need to write the kernel policy if we are rebuilding - * or if any other policy component that lives in the kernel -- * policy has been modified. -+ * policy has been modified. We also want to force it when -+ * check_ext_changes was specified as the various dbases may have -+ * changes as well. - * We need to install the policy files if any of the managed files - * that live under /etc/selinux (kernel policy, seusers, file contexts) - * will be modified. - */ -- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | -- ibendports_modified | -+ do_write_kernel = do_rebuild | sh->check_ext_changes | -+ ports_modified | ibpkeys_modified | ibendports_modified | - bools->dtable->is_modified(bools->dbase) | - ifaces->dtable->is_modified(ifaces->dbase) | - nodes->dtable->is_modified(nodes->dbase) | --- -2.36.1 - diff --git a/libsemanage.spec b/libsemanage.spec index 81d0419..d7c6a53 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,16 +1,15 @@ -%define libsepolver 3.4-1 -%define libselinuxver 3.4-1 +%define libsepolver 3.5-0 +%define libselinuxver 3.5-0 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 3.4 -Release: 2%{?dist} +Version: 3.5 +Release: 0.rc1.1%{?dist} License: LGPLv2+ -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz -# fedora-selinux/selinux: git checkout c9s; git format-patch -N 3.4 -- libsemanage +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5-rc1/libsemanage-3.5-rc1.tar.gz +# fedora-selinux/selinux: git checkout c9s; git format-patch -N 3.5-rc1 -- libsemanage # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start -Patch0001: 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -22,7 +21,7 @@ BuildRequires: audit-libs-devel BuildRequires: bison flex bzip2-devel BuildRequires: python3 -BuildRequires: python3-devel +BuildRequires: python3-devel python3-pip Requires: bzip2-libs audit-libs Requires: libselinux%{?_isa} >= %{libselinuxver} @@ -75,7 +74,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing SELinux management applications. %prep -%autosetup -n libsemanage-%{version} -p 2 +%autosetup -p 2 -n libsemanage-%{version}-rc1 %build @@ -125,7 +124,7 @@ InstallPythonWrapper \ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %files -%license COPYING +%license LICENSE %dir %{_sysconfdir}/selinux %config(noreplace) %{_sysconfdir}/selinux/semanage.conf %{_libdir}/libsemanage.so.2 @@ -154,6 +153,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Mon Jan 2 2023 Petr Lautrbach - 3.5-0.rc1.1 +- SELinux userspace 3.5-rc1 release + * Mon Jul 18 2022 Petr Lautrbach - 3.4-2 - Always write kernel policy when check_ext_changes is specified (#2104935) diff --git a/sources b/sources index 57839a9..94b6277 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libsemanage-3.4.tar.gz) = 831dc789545bb9a0b009bdb4f7fe52f6197ad8325946640f886a960d08e40b8a69eccd5a70cce51466bb5cb7f742feb78d19a9ec63383fbd03aa451508677e73 +SHA512 (libsemanage-3.5-rc1.tar.gz) = fae484b36f75702f71c97d7ea1004a5588b838ef6ddee67d06316daa18c898a5bd6ad8094c7d7b8f2b2af331dd586a945a339460cafab3a3900b4cf30fdbe1de