import policycoreutils-2.9-20.el8
This commit is contained in:
parent
795910f1eb
commit
38a35bd038
@ -0,0 +1,64 @@
|
||||
From 09c944561c76146b1fc11e99e95b6a674366cddf Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Mon, 30 May 2022 14:20:21 +0200
|
||||
Subject: [PATCH] python: Split "semanage import" into two transactions
|
||||
|
||||
First transaction applies all deletion operations, so that there are no
|
||||
collisions when applying the rest of the changes.
|
||||
|
||||
Fixes:
|
||||
# semanage port -a -t http_cache_port_t -r s0 -p tcp 3024
|
||||
# semanage export | semanage import
|
||||
ValueError: Port tcp/3024 already defined
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
python/semanage/semanage | 21 +++++++++++++++++++--
|
||||
1 file changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||
index ebb93ea5..b8842d28 100644
|
||||
--- a/python/semanage/semanage
|
||||
+++ b/python/semanage/semanage
|
||||
@@ -841,10 +841,29 @@ def handleImport(args):
|
||||
trans = seobject.semanageRecords(args)
|
||||
trans.start()
|
||||
|
||||
+ deleteCommands = []
|
||||
+ commands = []
|
||||
+ # separate commands for deletion from the rest so they can be
|
||||
+ # applied in a separate transaction
|
||||
for l in sys.stdin.readlines():
|
||||
if len(l.strip()) == 0:
|
||||
continue
|
||||
+ if "-d" in l or "-D" in l:
|
||||
+ deleteCommands.append(l)
|
||||
+ else:
|
||||
+ commands.append(l)
|
||||
+
|
||||
+ if deleteCommands:
|
||||
+ importHelper(deleteCommands)
|
||||
+ trans.finish()
|
||||
+ trans.start()
|
||||
+
|
||||
+ importHelper(commands)
|
||||
+ trans.finish()
|
||||
|
||||
+
|
||||
+def importHelper(commands):
|
||||
+ for l in commands:
|
||||
try:
|
||||
commandParser = createCommandParser()
|
||||
args = commandParser.parse_args(mkargv(l))
|
||||
@@ -858,8 +877,6 @@ def handleImport(args):
|
||||
except KeyboardInterrupt:
|
||||
sys.exit(0)
|
||||
|
||||
- trans.finish()
|
||||
-
|
||||
|
||||
def setupImportParser(subparsers):
|
||||
importParser = subparsers.add_parser('import', help=_('Import local customizations'))
|
||||
--
|
||||
2.35.3
|
||||
|
@ -0,0 +1,81 @@
|
||||
From c0ca652dce6b1d5d11e697cc3a4695d87944f9ad Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Wed, 8 Jun 2022 19:09:54 +0200
|
||||
Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh
|
||||
|
||||
After the last commit this option's name and description no longer
|
||||
matches the semantic, so give it a new one and update the descriptions.
|
||||
The old name is still recognized and aliased to the new one for
|
||||
backwards compatibility.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||
---
|
||||
policycoreutils/semodule/semodule.8 | 12 ++++++------
|
||||
policycoreutils/semodule/semodule.c | 13 ++++++++++---
|
||||
2 files changed, 16 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
|
||||
index d1735d21..c56e580f 100644
|
||||
--- a/policycoreutils/semodule/semodule.8
|
||||
+++ b/policycoreutils/semodule/semodule.8
|
||||
@@ -23,12 +23,12 @@ force a reload of policy
|
||||
.B \-B, \-\-build
|
||||
force a rebuild of policy (also reloads unless \-n is used)
|
||||
.TP
|
||||
-.B \-\-rebuild-if-modules-changed
|
||||
-Force a rebuild of the policy if any changes to module content are detected
|
||||
-(by comparing with checksum from the last transaction). One can use this
|
||||
-instead of \-B to ensure that any changes to the module store done by an
|
||||
-external tool (e.g. a package manager) are applied, while automatically
|
||||
-skipping the rebuild if there are no new changes.
|
||||
+.B \-\-refresh
|
||||
+Like \-\-build, but reuses existing linked policy if no changes to module
|
||||
+files are detected (by comparing with checksum from the last transaction).
|
||||
+One can use this instead of \-B to ensure that any changes to the module
|
||||
+store done by an external tool (e.g. a package manager) are applied, while
|
||||
+automatically skipping the module re-linking if there are no module changes.
|
||||
.TP
|
||||
.B \-D, \-\-disable_dontaudit
|
||||
Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
|
||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
||||
index 22a42a75..324ec9fb 100644
|
||||
--- a/policycoreutils/semodule/semodule.c
|
||||
+++ b/policycoreutils/semodule/semodule.c
|
||||
@@ -149,9 +149,12 @@ static void usage(char *progname)
|
||||
printf(" -c, --cil extract module as cil. This only affects module extraction.\n");
|
||||
printf(" -H, --hll extract module as hll. This only affects module extraction.\n");
|
||||
printf(" -m, --checksum print module checksum (SHA256).\n");
|
||||
- printf(" --rebuild-if-modules-changed\n"
|
||||
- " force policy rebuild if module content changed since\n"
|
||||
- " last rebuild (based on checksum)\n");
|
||||
+ printf(" --refresh like --build, but reuses existing linked policy if no\n"
|
||||
+ " changes to module files are detected (via checksum)\n");
|
||||
+ printf("Deprecated options:\n");
|
||||
+ printf(" -b,--base same as --install\n");
|
||||
+ printf(" --rebuild-if-modules-changed\n"
|
||||
+ " same as --refresh\n");
|
||||
}
|
||||
|
||||
/* Sets the global mode variable to new_mode, but only if no other
|
||||
@@ -184,6 +187,7 @@ static void parse_command_line(int argc, char **argv)
|
||||
{
|
||||
static struct option opts[] = {
|
||||
{"rebuild-if-modules-changed", 0, NULL, '\0'},
|
||||
+ {"refresh", 0, NULL, '\0'},
|
||||
{"store", required_argument, NULL, 's'},
|
||||
{"base", required_argument, NULL, 'b'},
|
||||
{"help", 0, NULL, 'h'},
|
||||
@@ -224,6 +228,9 @@ static void parse_command_line(int argc, char **argv)
|
||||
case '\0':
|
||||
switch(longind) {
|
||||
case 0: /* --rebuild-if-modules-changed */
|
||||
+ fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n");
|
||||
+ /* fallthrough */
|
||||
+ case 1: /* --refresh */
|
||||
check_ext_changes = 1;
|
||||
break;
|
||||
default:
|
||||
--
|
||||
2.35.3
|
||||
|
@ -63,7 +63,7 @@ relabel_selinux() {
|
||||
grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
|
||||
fi
|
||||
sync
|
||||
systemctl --force reboot
|
||||
systemctl reboot
|
||||
}
|
||||
|
||||
# Check to see if a full relabel is needed
|
||||
|
@ -12,7 +12,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.9
|
||||
Release: 19%{?dist}
|
||||
Release: 20%{?dist}
|
||||
License: GPLv2
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
|
||||
@ -84,6 +84,8 @@ Patch0043: 0043-semodule-Don-t-forget-to-munmap-data.patch
|
||||
Patch0044: 0044-policycoreutils-Improve-error-message-when-selabel_o.patch
|
||||
Patch0045: 0045-semodule-libsemanage-move-module-hashing-into-libsem.patch
|
||||
Patch0046: 0046-semodule-add-command-line-option-to-detect-module-ch.patch
|
||||
Patch0047: 0047-python-Split-semanage-import-into-two-transactions.patch
|
||||
Patch0048: 0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch
|
||||
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||
@ -523,6 +525,11 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Thu Jul 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-20
|
||||
- python: Split "semanage import" into two transactions (#2063353)
|
||||
- semodule: rename --rebuild-if-modules-changed to --refresh (#2089802)
|
||||
- selinux-autorelabel: Do not force reboot (#2093133)
|
||||
|
||||
* Thu Feb 17 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-19
|
||||
- semodule: move module hashing into libsemanage (requires libsemanage-2.9-7)
|
||||
- semodule: add command-line option to detect module changes (#2049189)
|
||||
|
Loading…
Reference in New Issue
Block a user