diff --git a/0005-libsemanage-genhomedircon-check-usepasswd.patch b/0005-libsemanage-genhomedircon-check-usepasswd.patch new file mode 100644 index 0000000..30ce4ef --- /dev/null +++ b/0005-libsemanage-genhomedircon-check-usepasswd.patch @@ -0,0 +1,35 @@ +From 511f8bbf779e10152d5af491e8b6a408b8ad666c Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 30 Oct 2020 17:42:17 +0100 +Subject: [PATCH] libsemanage/genhomedircon: check usepasswd + +Only add user homedir contexts when usepasswd = True + +Resolves: + # grep usepasswd /etc/selinux/semanage.conf + usepasswd=False + # useradd -Z unconfined_u -d /tmp test + # matchpathcon /tmp + /tmp unconfined_u:object_r:user_home_dir_t:s0 + +Signed-off-by: Vit Mojzis +--- + libsemanage/src/genhomedircon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c +index d08c88de99a7..18d3d99a1254 100644 +--- a/libsemanage/src/genhomedircon.c ++++ b/libsemanage/src/genhomedircon.c +@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) + s->fallback->home = NULL; + } + } +- if (user_context_tpl || username_context_tpl) { ++ if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) { + if (write_username_context(s, out, username_context_tpl, + s->fallback) != STATUS_SUCCESS) { + retval = STATUS_ERR; +-- +2.29.2 + diff --git a/libsemanage.spec b/libsemanage.spec index bd85aa6..0e2c27f 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,10 +1,10 @@ -%define libsepolver 3.1-4 -%define libselinuxver 3.1-4 +%define libsepolver 3.1-5 +%define libselinuxver 3.1-5 Summary: SELinux binary policy manipulation library Name: libsemanage Version: 3.1 -Release: 4%{?dist} +Release: 5%{?dist} License: LGPLv2+ Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-3.1.tar.gz # fedora-selinux/selinux: git format-patch -N libsemanage-3.1 -- libsemanage @@ -14,11 +14,12 @@ Patch0001: 0001-libsemanage-Remove-legacy-and-duplicate-symbols.patch Patch0002: 0002-libsemanage-Drop-deprecated-functions.patch Patch0003: 0003-libsemanage-Bump-libsemanage.so-version.patch Patch0004: 0004-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch +Patch0005: 0005-libsemanage-genhomedircon-check-usepasswd.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf -BuildRequires: gcc +BuildRequires: gcc make BuildRequires: libselinux-devel >= %{libselinuxver} swig BuildRequires: libsepol-devel >= %{libsepolver} BuildRequires: audit-libs-devel @@ -29,6 +30,7 @@ BuildRequires: python3-devel Requires: bzip2-libs audit-libs Requires: libselinux%{?_isa} >= %{libselinuxver} +Obsoletes: libsemanage-compat = 3.1-4 %description Security-enhanced Linux is a feature of the Linux® kernel and a number @@ -54,12 +56,6 @@ Requires: libsemanage-devel%{_isa} = %{version}-%{release} The semanage-static package contains the static libraries needed for developing applications that manipulate binary policies. -%package compat -Summary: Temporary compat libsemanage.so.1 used for transition to libsemanage.so.2 - -%description compat -Temporary compat libsemanage.so.1 used for transition to libsemanage.so.2 - %package devel Summary: Header files and libraries used to build policy manipulation tools Requires: %{name}%{?_isa} = %{version}-%{release} @@ -132,12 +128,6 @@ InstallPythonWrapper \ cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf -%set_build_flags -CFLAGS="$CFLAGS -fno-semantic-interposition" -sed -i 's/LIBVERSION = 2/LIBVERSION = 1/' src/Makefile -%make_build -cp src/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so.1 - %files %{!?_licensedir:%global license %%doc} %license COPYING @@ -155,9 +145,6 @@ cp src/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so.1 %files static %{_libdir}/libsemanage.a -%files compat -%{_libdir}/libsemanage.so.1 - %files devel %{_libdir}/libsemanage.so %{_libdir}/pkgconfig/libsemanage.pc @@ -172,6 +159,10 @@ cp src/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so.1 %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Fri Nov 20 2020 Petr Lautrbach - 3.1-5 +- Drop and obsolete libsemanage-compat +- genhomedircon: check usepasswd + * Fri Oct 30 2020 Petr Lautrbach - 3.1-4 - Drop deprecated functions and duplicated symbols - Change library version to libsemanage.so.2