diff --git a/0057-policycoreutils-semodule-Enable-CIL-logging.patch b/0057-policycoreutils-semodule-Enable-CIL-logging.patch new file mode 100644 index 0000000..b138bad --- /dev/null +++ b/0057-policycoreutils-semodule-Enable-CIL-logging.patch @@ -0,0 +1,68 @@ +From 58d216e18e1c2732368aaee0beb44f6508f77476 Mon Sep 17 00:00:00 2001 +From: Jason Zaman +Date: Mon, 21 Oct 2019 13:55:05 +0800 +Subject: [PATCH] policycoreutils: semodule: Enable CIL logging + +semodule -v will turn on semodule's own verbose logging but not logging +from CIL. This change makes the verbose flag also set cil's log level. + +By default (ie no -v flag), this will enable CIL_ERR, and each -v will +increase the level from there. + +Tested with a duplicated fcontext in the policy. +Before this change: + # semodule -v -B + Committing changes: + Problems processing filecon rules + Failed post db handling + semodule: Failed! + +After this change: + # semodule -v -B + [ ... snip ... ] + Found conflicting filecon rules + at /var/lib/selinux/mcs/tmp/modules/400/mycustom/cil:159 + at /var/lib/selinux/mcs/tmp/modules/400/mycustom/cil:158 + Problems processing filecon rules + Failed post db handling + semodule: Failed! + +Closes: https://github.com/SELinuxProject/selinux/issues/176 +Signed-off-by: Jason Zaman +--- + policycoreutils/semodule/semodule.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c +index 324ec9fb..bd689837 100644 +--- a/policycoreutils/semodule/semodule.c ++++ b/policycoreutils/semodule/semodule.c +@@ -22,6 +22,7 @@ + #include + #include + ++#include + #include + + enum client_modes { +@@ -264,7 +265,7 @@ static void parse_command_line(int argc, char **argv) + set_mode(LIST_M, optarg); + break; + case 'v': +- verbose = 1; ++ verbose++; + break; + case 'r': + set_mode(REMOVE_M, optarg); +@@ -415,6 +416,8 @@ int main(int argc, char *argv[]) + } + parse_command_line(argc, argv); + ++ cil_set_log_level(CIL_ERR + verbose); ++ + if (build || check_ext_changes) + commit = 1; + +-- +2.52.0 + diff --git a/policycoreutils.spec b/policycoreutils.spec index 0447309..fe55a3b 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -12,7 +12,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.9 -Release: 26.1%{?dist} +Release: 27%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz @@ -92,8 +92,9 @@ Patch0051: 0051-python-sepolicy-add-missing-booleans-to-man-pages.patch Patch0052: 0052-python-sepolicy-Cache-conditional-rule-queries.patch Patch0053: 0053-python-Harden-more-tools-against-rogue-modules.patch Patch0054: 0054-sepolicy-port-to-dnf4-python-API.patch -Patch0056: 0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch -Patch0057: 0056-python-semanage-Allow-modifying-records-on-add.patch +Patch0055: 0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch +Patch0056: 0056-python-semanage-Allow-modifying-records-on-add.patch +Patch0057: 0057-policycoreutils-semodule-Enable-CIL-logging.patch Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 @@ -533,6 +534,9 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Tue Mar 03 2026 Vit Mojzis - 2.9-27 +- semodule: Enable CIL logging (RHEL-139145) + * Wed Mar 06 2024 Vit Mojzis - 2.9-26 - python/semanage: Allow modifying records on "add" (RHEL-28167) - python/semanage: Do not sort local fcontext definitions (RHEL-24461)