Compare commits

...

No commits in common. "c10s" and "c9-beta" have entirely different histories.

9 changed files with 113 additions and 163 deletions

View File

@ -1 +0,0 @@
1

43
.gitignore vendored
View File

@ -1,42 +1 @@
/passt-7ce9fd165f4f0c85e13dcaf4ff97c53d34b4a51d.tar.xz SOURCES/passt-a1e48a02ff3550eb7875a7df6726086e9b3a1213.tar.xz
/passt-e2cae8f1c3651b1237a3042b4ba6211155aa58f1.tar.xz
/passt-d6f865a40a2b70e8b18983fe091b4761183eaac4.tar.xz
/passt-8978f6552b8cfae28b9d842db99b01aefb465812.tar.xz
/passt-06aa26fcf398f5d19ab46e42996190d7f95e837a.tar.xz
/passt-b3f359167be0ca9a6fea2554b2e2545177181269.tar.xz
/passt-b68da100ba37623ca9655c70125d744c11486f7d.tar.xz
/passt-f21204494064e28e9f0bb20f71a6071bead0d0e8.tar.xz
/passt-4129764ecaebf05a33e22d8d95bb3d8deaa14c14.tar.xz
/passt-ace074cf491013d3f5174e9cfea705db311a278b.tar.xz
/passt-4663ccc89a7fcbf9d901a80730ee925fc7f64c59.tar.xz
/passt-4ddbcb9c0c555838b123c018a9ebc9b7e14a87e5.tar.xz
/passt-c538ee8d695de053dc9da8965c85997a79fb6cb2.tar.xz
/passt-7c7625ddff10e10a7486622b25e3a66bfcdd6c8b.tar.xz
/passt-1297ae2873a02b4d6dd7423e49f0970a38977b3a.tar.xz
/passt-70c0765b49e19b76639908a7686d8f795ba3ed24.tar.xz
/passt-dd2349661933c4e9756e524ae9465f38b53b7557.tar.xz
/passt-1ee2f7cada9e6f739a00d39bb9821f1ce3493d92.tar.xz
/passt-b10b983fbd00634e275083c37446a538dbff0dbe.tar.xz
/passt-96f8d55c4f5093fa59c168361c0428b53b6d2d06.tar.xz
/passt-429e1a7e71ad9020f0e53bc467986c55bf5c0e38.tar.xz
/passt-32660cea04f6e7c353435061b876575539ac8cd9.tar.xz
/passt-289301b39c40dfb9f48f54d9848fbc19a17523ba.tar.xz
/passt-0af928eaa020c1062fdc91598dfdc533966e2afe.tar.xz
/passt-a7e4bfb857cb5d0e111ab74b6ace47eea15d2078.tar.xz
/passt-ee58f37db060535bee298bc98f61497eac37f152.tar.xz
/passt-05627dc5127bee9f4df77351575572d6f4ce4c7e.tar.xz
/passt-f851084c96e0a932e51c15ad9551e2cd85362147.tar.xz
/passt-74e6f48038e64bbdfa5fa265db330f95ce68c182.tar.xz
/passt-56d9f6d588306301aed332ca926da91a816bafd1.tar.xz
/passt-5ec3634b07215337c2e69d88f9b1d74711897d7d.tar.xz
/passt-4f1709db1b61c14729a6313d860323ec65772a37.tar.xz
/passt-b86afe3559c0bd3d24bc6fed7c60466cf141224c.tar.xz
/passt-f091893c1ffe1a531989a599737031089f6cfcb4.tar.xz
/passt-72884484b00dbab548da056972e28ddb85518386.tar.xz
/passt-765eb0bf1651d20ca319eeb8b41ff35f52f2a29c.tar.xz
/passt-1ee2ecade3f41e2a3e51c1e580b08cba977a7c8d.tar.xz
/passt-57a21d2df1467302dee71ee9d5683a8b96e6ce7f.tar.xz
/passt-ee36266a55478672ad2c5f4efbd6ca0bef3d37cd.tar.xz
/passt-238c69f9af458e41dea5ad8c988dbf65b05b5172.tar.xz
/passt-4f2c8e79130ef3d6132e34c49746e397745f9d73.tar.xz
/passt-a1e48a02ff3550eb7875a7df6726086e9b3a1213.tar.xz

1
.passt.metadata Normal file
View File

@ -0,0 +1 @@
6561fdc75b29dc6566bc1fb30b88d6846ef5e23b SOURCES/passt-a1e48a02ff3550eb7875a7df6726086e9b3a1213.tar.xz

View File

@ -1,3 +0,0 @@
# passt
The passt package

View File

@ -0,0 +1,51 @@
From 6977619743bbc602a865f79562b59a80921d6063 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Mon, 21 Aug 2023 17:52:28 +0200
Subject: [PATCH] selinux: Drop user_namespace create allow rules
Those are incompatible with current el9 kernels. I introduced them
upstream with commit 62059058cf24 ("selinux: Fix user namespace
creation after breaking kernel change"), in turn as a result of
kernel commit ed5d44d42c95 ("selinux: Implement userns_create hook"),
but on current el9 kernels (which lack the hook) they result in
failures such as:
Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/passt/cil:103
Failed to resolve AST
/usr/sbin/semodule: Failed!
Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/pasta/cil:104
Failed to resolve AST
/usr/sbin/semodule: Failed!
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
contrib/selinux/passt.te | 1 -
contrib/selinux/pasta.te | 1 -
2 files changed, 2 deletions(-)
diff --git a/contrib/selinux/passt.te b/contrib/selinux/passt.te
index c6cea34..131fadc 100644
--- a/contrib/selinux/passt.te
+++ b/contrib/selinux/passt.te
@@ -92,7 +92,6 @@ allow syslogd_t self:cap_userns sys_ptrace;
allow passt_t self:process setcap;
allow passt_t self:capability { sys_tty_config setpcap net_bind_service setuid setgid};
allow passt_t self:cap_userns { setpcap sys_admin sys_ptrace };
-allow passt_t self:user_namespace create;
auth_read_passwd(passt_t)
diff --git a/contrib/selinux/pasta.te b/contrib/selinux/pasta.te
index 69be081..892edae 100644
--- a/contrib/selinux/pasta.te
+++ b/contrib/selinux/pasta.te
@@ -110,7 +110,6 @@ init_daemon_domain(pasta_t, pasta_exec_t)
allow pasta_t self:capability { setpcap net_bind_service sys_tty_config dac_read_search net_admin sys_resource setuid setgid };
allow pasta_t self:cap_userns { setpcap sys_admin sys_ptrace net_admin net_bind_service };
-allow pasta_t self:user_namespace create;
auth_read_passwd(pasta_t)
--
2.39.2

View File

@ -19,6 +19,8 @@ Group: System Environment/Daemons
URL: https://passt.top/ URL: https://passt.top/
Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz
Patch1: 0001-selinux-Drop-user_namespace-create-allow-rules.patch
BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
@ -131,131 +133,91 @@ fi
%changelog %changelog
* Mon Feb 17 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250217.ga1e48a0-1 * Mon Feb 17 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250217.ga1e48a0-1
- Resolves: RHEL-79788 - Resolves: RHEL-79787
* Wed Jan 22 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250121.g4f2c8e7-3 * Wed Jan 22 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250121.g4f2c8e7-3
- Resolves: RHEL-75657 - Resolves: RHEL-75654
* Tue Jan 21 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250121.g4f2c8e7-1 * Tue Jan 21 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250121.g4f2c8e7-1
- Resolves: RHEL-75657 - Resolves: RHEL-75654
* Thu Nov 21 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20241121.g238c69f-1 * Thu Nov 21 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20241121.g238c69f-1
- Resolves: RHEL-67556 - Resolves: RHEL-65502
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0^20240806.gee36266-3
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Wed Aug 14 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-2 * Wed Aug 14 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-2
- Resolves: RHEL-54269 - Resolves: RHEL-54268
* Wed Aug 7 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806.gee36266-1 * Wed Aug 7 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806.gee36266-1
- Resolves: RHEL-53190 - Resolves: RHEL-53189
* Fri Aug 2 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240726.g57a21d2-1 * Fri Aug 2 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240726.g57a21d2-1
- Resolves: RHEL-52639 - Resolves: RHEL-52638
* Mon Jun 24 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240624.g1ee2eca-1 * Mon Jun 24 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240624.g1ee2eca-1
- Resolves: RHEL-44838 - Resolves: RHEL-44837
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0^20240523.g765eb0b-2
- Bump release for June 2024 mass rebuild
* Thu May 23 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240523.g765eb0b-1
- Resolves: RHEL-36045
* Wed May 22 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240510.g7288448-1 * Wed May 22 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240510.g7288448-1
- Resolves: RHEL-37647 - Resolves: RHEL-37647
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0^20231230.gf091893-3 * Fri Dec 15 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231204.gb86afe3-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - Resolves: RHEL-19590
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0^20231230.gf091893-2 * Tue Aug 22 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - Switch to copies instead of links for pasta: previous workaround unreliable
- Resolves: RHELPLAN-155811
* Sat Dec 30 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231230.gf091893-1 * Tue Aug 22 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-3
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_12_04.b86afe3..2023_12_30.f091893 - Explicit restorecon in scriptlet as rpm(8) mix up contexts with hard links
- Resolves: RHELPLAN-155811
* Mon Dec 4 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231204.gb86afe3-1 * Mon Aug 21 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-2
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_11_19.4f1709d..2023_12_04.b86afe3 - Drop user_namespace create allow rule, incompatible with current el9 kernel
- Resolves: RHELPLAN-155811
* Sun Nov 19 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231119.g4f1709d-1 * Sat Aug 19 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_11_10.5ec3634..2023_11_19.4f1709d - Rebase from Fedora 39
- Resolves: RHELPLAN-155811
* Fri Nov 10 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231110.g5ec3634-1 * Sun Jun 11 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-4
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_11_07.74e6f48..2023_11_10.5ec3634 - Drop (pointless) patches 20, 21, 22, actually apply changes to the spec file!
- Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089)
- Don't install useless SELinux interface file for pasta (rhbz#2183106)
* Tue Nov 7 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231107.g56d9f6d-1 * Fri Apr 28 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-3
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_10_04.f851084..2023_11_07.56d9f6d - Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089)
- SELinux: allow passt_t to use unconfined_t UNIX domain sockets for - Don't install useless SELinux interface file for pasta (rhbz#2183106)
--fd option (https://bugzilla.redhat.com/show_bug.cgi?id=2247221)
* Wed Oct 4 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231004.gf851084-1 * Thu Mar 16 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-2
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_09_08.05627dc..2023_10_04.f851084 - udp: Actually use host resolver to forward DNS queries (rhbz#2177075)
- conf: Split add_dns{4,6}() out of get_dns() (rhbz#2177075)
- conf, udp: Allow any loopback address to be used as resolver (rhbz#2177075)
- tcp, tcp_splice: Get rid of false positive CWE-394 Coverity warning from fls() (rhbz#2177084)
- tcp: Avoid false (but convoluted) positive Coverity CWE-476 warning (rhbz#2177084)
- tcp: Avoid (theoretical) resource leak (CWE-772) Coverity warning (rhbz#2177084)
- Fix definitions of SOCKET_MAX, TCP_MAX_CONNS (rhbz#2177084)
- doc/demo: Fix and suppress ShellCheck warnings (rhbz#2177084)
- contrib/selinux: Drop duplicate init_daemon_domain() rule (rhbz#2176813)
- contrib/selinux: Let passt write to stdout and stderr when it starts (rhbz#2176813)
- contrib/selinux: Allow binding and connecting to all UDP and TCP ports (rhbz#2176813)
- contrib/selinux: Let interface users set paths for log, PID, socket files (rhbz#2176813)
- contrib/selinux: Drop "example" from headers: this is the actual policy (rhbz#2176813)
- contrib/selinux: Drop unused passt_read_data() interface (rhbz#2176813)
- contrib/selinux: Split interfaces into smaller bits (rhbz#2176813)
- fedora: Install SELinux interface files to shared include directory (rhbz#2176813)
- tcp, udp, util: Pass socket creation errors all the way up (rhbz#2177080)
- tcp, udp: Fix partial success return codes in {tcp,udp}_sock_init() (rhbz#2177080)
- conf: Terminate on EMFILE or ENFILE on sockets for port mapping (rhbz#2177080)
- tcp: Clamp MSS value when queueing data to tap, also for pasta (rhbz#2177083)
- Fix up SELinux labels on install/uninstall, require matching -selinux package (rhbz#2176813)
- Resolves: rhbz#2177075 rhbz#2177084 rhbz#2177080 rhbz#2177083 rhbz#2176813
* Fri Sep 8 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230908.g05627dc-1 * Wed Feb 22 2023 Camilla Conte <cconte@redhat.com> - 0^20230222.g4ddbcb9-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_09_07.ee58f37..2023_09_08.05627dc - Import from fedora to CentOS/RHEL
- Resolves: rhbz#2172244
* Thu Sep 7 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230907.gee58f37-1 * Wed Nov 16 2022 Miroslav Rezanina <mrezanin@redhat.com> - 0^20221110.g4129764-1
- Replace pasta hard links by separate builds - Import from fedora to CentOS/RHEL
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_08_23.a7e4bfb..2023_09_07.ee58f37 - Resolves: rhbz#2131015
* Wed Aug 23 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230823.ga7e4bfb-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_08_18.0af928e..2023_08_23.a7e4bfb
* Fri Aug 18 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-1
- Install pasta as hard link to ensure SELinux file context match
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_06_27.289301b..2023_08_18.0af928e
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0^20230627.g289301b-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 27 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230627.g289301b-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_06_25.32660ce..2023_06_27.289301b
* Sun Jun 25 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230625.g32660ce-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_06_03.429e1a7..2023_06_25.32660ce
* Sat Jun 3 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230603.g429e1a7-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_05_09.96f8d55..2023_06_03.429e1a7
* Tue May 9 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230509.g96f8d55-1
- Relicense to GPL 2.0, or any later version
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_29.b10b983..2023_05_09.96f8d55
* Wed Mar 29 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230329.gb10b983-1
- Adjust path for SELinux policy and interface file to latest guidelines
- Don't install useless SELinux interface file for pasta
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_21.1ee2f7c..2023_03_29.b10b983
* Tue Mar 21 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230321.g1ee2f7c-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_17.dd23496..2023_03_21.1ee2f7c
* Fri Mar 17 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230317.gdd23496-1
- Refresh SELinux labels in scriptlets, require -selinux package
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_10.70c0765..2023_03_17.dd23496
* Fri Mar 10 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230310.g70c0765-1
- Install SELinux interface files to shared include directory
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_09.7c7625d..2023_03_10.70c0765
* Thu Mar 9 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230309.g7c7625d-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_02_27.c538ee8..2023_03_09.7c7625d
* Mon Feb 27 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230227.gc538ee8-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_02_22.4ddbcb9..2023_02_27.c538ee8
* Wed Feb 22 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_02_16.4663ccc..2023_02_22.4ddbcb9
* Thu Feb 16 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230216.g4663ccc-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2022_11_16.ace074c..2023_02_16.4663ccc
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0^20221116.gace074c-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Nov 16 2022 Stefano Brivio <sbrivio@redhat.com> - 0^20221116.gace074c-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2022_11_10.4129764..2022_11_16.ace074c
* Thu Nov 10 2022 Stefano Brivio <sbrivio@redhat.com> - 0^20221110.g4129764-1 * Thu Nov 10 2022 Stefano Brivio <sbrivio@redhat.com> - 0^20221110.g4129764-1
- Upstream changes: https://passt.top/passt/log/?qt=range&q=2022_11_04.e308018..2022_11_10.4129764 - Upstream changes: https://passt.top/passt/log/?qt=range&q=2022_11_04.e308018..2022_11_10.4129764

View File

@ -1,8 +0,0 @@
# recipients: kvmqe-ci, yfu, lkotek, leiyang
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: kvm-ci.passt.x86_64.brew-build.gating.tier1.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1 +0,0 @@
SHA512 (passt-a1e48a02ff3550eb7875a7df6726086e9b3a1213.tar.xz) = 8f55b4a1c1d1ba5a33e880e228a0db4ab1ad7ea0fad046808d3816999815ad3a0bf80f0d153bfd1c2b6ec62cb5c96c2a783d032d6bdf4d3a32e38e6d6cca12b5

View File

@ -1,10 +0,0 @@
summary: Internal tests plan
plan:
import:
url: https://gitlab.cee.redhat.com/libvirt-auto/libvirt-tmt-test.git
ref: master
name: /libvirt_tmt_test/plans/passt
adjust:
enabled: false
when: distro == centos-stream or distro == fedora