diff --git a/0020-fedora-Install-SELinux-interface-files-to-shared-inc.patch b/0020-fedora-Install-SELinux-interface-files-to-shared-inc.patch deleted file mode 100644 index c33821c..0000000 --- a/0020-fedora-Install-SELinux-interface-files-to-shared-inc.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 61676035ec5f58df4f4cca024c772d7e0b43d7dc Mon Sep 17 00:00:00 2001 -From: Stefano Brivio -Date: Fri, 10 Mar 2023 19:10:01 +0100 -Subject: [PATCH 20/20] fedora: Install SELinux interface files to shared - include directory - -Link: https://github.com/fedora-selinux/selinux-policy/pull/1613 -Signed-off-by: Stefano Brivio -(cherry picked from commit 70c0765b49e19b76639908a7686d8f795ba3ed24) ---- - contrib/fedora/passt.spec | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec -index 7f67bee..51cad90 100644 ---- a/contrib/fedora/passt.spec -+++ b/contrib/fedora/passt.spec -@@ -61,7 +61,9 @@ ln -sr %{buildroot}%{_mandir}/man1/pasta.1 %{buildroot}%{_mandir}/man1/pasta.avx - pushd contrib/selinux - make -f %{_datadir}/selinux/devel/Makefile - install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp -+install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/passt.if - install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp -+install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if - popd - - %post selinux -@@ -93,7 +95,9 @@ semodule -r pasta 2>/dev/null || : - %files selinux - %dir %{_datadir}/selinux/packages/%{name} - %{_datadir}/selinux/packages/%{name}/passt.pp -+%{_datadir}/selinux/devel/include/contrib/passt.if - %{_datadir}/selinux/packages/%{name}/pasta.pp -+%{_datadir}/selinux/devel/include/contrib/pasta.if - - %changelog - {{{ passt_git_changelog }}} --- -2.39.2 - diff --git a/0021-fedora-Refresh-SELinux-labels-in-scriptlets-require-.patch b/0021-fedora-Refresh-SELinux-labels-in-scriptlets-require-.patch deleted file mode 100644 index 80648b7..0000000 --- a/0021-fedora-Refresh-SELinux-labels-in-scriptlets-require-.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 41dd4e1b8d5fd8371b7e4e123340bc6a5a6ac226 Mon Sep 17 00:00:00 2001 -From: Stefano Brivio -Date: Thu, 16 Mar 2023 20:51:23 +0100 -Subject: [PATCH 1/2] fedora: Refresh SELinux labels in scriptlets, require - -selinux package - -Instead of: - https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft - -follow this: - https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy - -which seems to make more sense and fixes the issue that, on a fresh -install, without a reboot, the file contexts for the binaries are not -actually updated. - -In detail: - -- labels are refreshed using the selinux_relabel_pre and - selinux_relabel_post on install, upgrade, and uninstall - -- use the selinux_modules_install and selinux_modules_uninstall - macros, instead of calling 'semodule' directly (no functional - changes in our case) - -- require the -selinux package on SELinux-enabled environments and if - the current system policy is "targeted" - -Signed-off-by: Stefano Brivio -(cherry picked from commit dd2349661933c4e9756e524ae9465f38b53b7557) ---- - contrib/fedora/passt.spec | 20 +++++++++++++++----- - 1 file changed, 15 insertions(+), 5 deletions(-) - -diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec -index 51cad90..f6aa117 100644 ---- a/contrib/fedora/passt.spec -+++ b/contrib/fedora/passt.spec -@@ -8,6 +8,7 @@ - # Author: Stefano Brivio - - %global git_hash {{{ git_head }}} -+%global selinuxtype targeted - - Name: passt - Version: {{{ git_version }}} -@@ -19,6 +20,7 @@ URL: https://passt.top/ - Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz - - BuildRequires: gcc, make, checkpolicy, selinux-policy-devel -+Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) - - %description - passt implements a translation layer between a Layer-2 network interface and -@@ -66,13 +68,21 @@ install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/p - install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if - popd - -+%pre selinux -+%selinux_relabel_pre -s %{selinuxtype} -+ - %post selinux --semodule -i %{_datadir}/selinux/packages/%{name}/passt.pp 2>/dev/null || : --semodule -i %{_datadir}/selinux/packages/%{name}/pasta.pp 2>/dev/null || : -+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{name}/passt.pp -+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{name}/pasta.pp -+ -+%postun selinux -+if [ $1 -eq 0 ]; then -+ %selinux_modules_uninstall -s %{selinuxtype} passt -+ %selinux_modules_uninstall -s %{selinuxtype} pasta -+fi - --%preun selinux --semodule -r passt 2>/dev/null || : --semodule -r pasta 2>/dev/null || : -+%posttrans selinux -+%selinux_relabel_post -s %{selinuxtype} - - %files - %license LICENSES/{AGPL-3.0-or-later.txt,BSD-3-Clause.txt} --- -2.39.2 - diff --git a/0022-fedora-Don-t-install-useless-SELinux-interface-file-.patch b/0022-fedora-Don-t-install-useless-SELinux-interface-file-.patch deleted file mode 100644 index 0e25d05..0000000 --- a/0022-fedora-Don-t-install-useless-SELinux-interface-file-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From b065e1adbfb4ee5ed618b8269fd5135b4a201e2f Mon Sep 17 00:00:00 2001 -From: Stefano Brivio -Date: Mon, 27 Mar 2023 19:50:01 +0200 -Subject: [PATCH 2/2] fedora: Don't install useless SELinux interface file for - pasta - -That was meant to be an example, and I just dropped it in the -previous commit -- passt.if should be more than enough as a possible -example. - -Reported-by: Carl G. -Link: https://bugzilla.redhat.com/show_bug.cgi?id=2182145 -Signed-off-by: Stefano Brivio -(cherry picked from commit 387f4aca7477ee630fe3c261a19f5f1a9055bfe5) ---- - contrib/fedora/passt.spec | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec -index f6aa117..da1accb 100644 ---- a/contrib/fedora/passt.spec -+++ b/contrib/fedora/passt.spec -@@ -65,7 +65,6 @@ make -f %{_datadir}/selinux/devel/Makefile - install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp - install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/passt.if - install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp --install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if - popd - - %pre selinux -@@ -107,7 +106,6 @@ fi - %{_datadir}/selinux/packages/%{name}/passt.pp - %{_datadir}/selinux/devel/include/contrib/passt.if - %{_datadir}/selinux/packages/%{name}/pasta.pp --%{_datadir}/selinux/devel/include/contrib/pasta.if - - %changelog - {{{ passt_git_changelog }}} --- -2.39.2 - diff --git a/passt.spec b/passt.spec index d588a54..04a3a4d 100644 --- a/passt.spec +++ b/passt.spec @@ -38,9 +38,6 @@ Patch16: 0016-tcp-Clamp-MSS-value-when-queueing-data-to-tap-also-f.patch Patch17: 0017-contrib-selinux-Drop-example-from-headers-this-is-th.patch Patch18: 0018-contrib-selinux-Drop-unused-passt_read_data-interfac.patch Patch19: 0019-contrib-selinux-Split-interfaces-into-smaller-bits.patch -Patch20: 0020-fedora-Install-SELinux-interface-files-to-shared-inc.patch -Patch21: 0021-fedora-Refresh-SELinux-labels-in-scriptlets-require-.patch -Patch22: 0022-fedora-Don-t-install-useless-SELinux-interface-file-.patch BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) @@ -85,23 +82,25 @@ ln -sr %{buildroot}%{_mandir}/man1/pasta.1 %{buildroot}%{_mandir}/man1/pasta.avx pushd contrib/selinux make -f %{_datadir}/selinux/devel/Makefile -install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp -install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/passt.if -install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp -install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if +install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/passt.pp +install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/passt.if +install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp popd %pre selinux %selinux_relabel_pre -s %{selinuxtype} %post selinux -semodule -i %{_datadir}/selinux/packages/%{name}/passt.pp 2>/dev/null || : -semodule -i %{_datadir}/selinux/packages/%{name}/pasta.pp 2>/dev/null || : -%selinux_relabel_post -s %{selinuxtype} +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/passt.pp +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp -%preun selinux -semodule -r passt 2>/dev/null || : -semodule -r pasta 2>/dev/null || : +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} passt + %selinux_modules_uninstall -s %{selinuxtype} pasta +fi + +%posttrans selinux %selinux_relabel_post -s %{selinuxtype} %files @@ -123,13 +122,16 @@ semodule -r pasta 2>/dev/null || : %endif %files selinux -%dir %{_datadir}/selinux/packages/%{name} -%{_datadir}/selinux/packages/%{name}/passt.pp -%{_datadir}/selinux/devel/include/contrib/passt.if -%{_datadir}/selinux/packages/%{name}/pasta.pp -%{_datadir}/selinux/devel/include/contrib/pasta.if +%{_datadir}/selinux/packages/%{selinuxtype}/passt.pp +%{_datadir}/selinux/devel/include/distributed/passt.if +%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp %changelog +* Sun Jun 11 2023 Stefano Brivio - 0^20230222.g4ddbcb9-4 +- Drop (pointless) patches 20, 21, 22, actually apply changes to the spec file! +- Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089) +- Don't install useless SELinux interface file for pasta (rhbz#2183106) + * Fri Apr 28 2023 Stefano Brivio - 0^20230222.g4ddbcb9-3 - Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089) - Don't install useless SELinux interface file for pasta (rhbz#2183106)