rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

SELinux userspace 3.6 release

Browse Source
This commit is contained in:
Petr Lautrbach 2023-12-14 17:52:44 +01:00
parent e8ba46eae6
commit 99b3f5a5d3
4 changed files with 12 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -354,3 +354,4 @@ policycoreutils-2.0.83.tgz
/selinux-gui.zip
/selinux-3.6-rc1.tar.gz
/selinux-3.6-rc2.tar.gz
/selinux-3.6.tar.gz

84
0007-sepolicy-port-to-dnf4-python-API.patch
View File

@ -1,84 +0,0 @@
From 4417766f66fb5a1d41503c2d1f0008823ae11269 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Sat, 29 Jul 2023 20:33:06 +0200
Subject: [PATCH] sepolicy: port to dnf4 python API
Content-type: text/plain
yum module is not available since RHEL 7.
Drop -systemd related code as it's obsoleted these days - only 2
packages ship their .service in -systemd subpackage
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
python/sepolicy/sepolicy/generate.py | 38 ++++++++++++----------------
1 file changed, 16 insertions(+), 22 deletions(-)
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index 36a3ea1196b1..48602a736953 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -1264,13 +1264,20 @@ allow %s_t %s_t:%s_socket name_%s;
return fcfile
def __extract_rpms(self):
- import yum
- yb = yum.YumBase()
- yb.setCacheDir()
+ import dnf
- for pkg in yb.rpmdb.searchProvides(self.program):
+ base = dnf.Base()
+ base.read_all_repos()
+ base.fill_sack(load_system_repo=True)
+
+ query = base.sack.query()
+
+ pq = query.available()
+ pq = pq.filter(file=self.program)
+
+ for pkg in pq:
self.rpms.append(pkg.name)
- for fname in pkg.dirlist + pkg.filelist + pkg.ghostlist:
+ for fname in pkg.files:
for b in self.DEFAULT_DIRS:
if b == "/etc":
continue
@@ -1279,9 +1286,10 @@ allow %s_t %s_t:%s_socket name_%s;
self.add_file(fname)
else:
self.add_dir(fname)
-
- for bpkg in yb.rpmdb.searchNames([pkg.base_package_name]):
- for fname in bpkg.dirlist + bpkg.filelist + bpkg.ghostlist:
+ sq = query.available()
+ sq = sq.filter(provides=pkg.source_name)
+ for bpkg in sq:
+ for fname in bpkg.files:
for b in self.DEFAULT_DIRS:
if b == "/etc":
continue
@@ -1291,20 +1299,6 @@ allow %s_t %s_t:%s_socket name_%s;
else:
self.add_dir(fname)
- # some packages have own systemd subpackage
- # tor-systemd for example
- binary_name = self.program.split("/")[-1]
- for bpkg in yb.rpmdb.searchNames(["%s-systemd" % binary_name]):
- for fname in bpkg.filelist + bpkg.ghostlist + bpkg.dirlist:
- for b in self.DEFAULT_DIRS:
- if b == "/etc":
- continue
- if fname.startswith(b):
- if os.path.isfile(fname):
- self.add_file(fname)
- else:
- self.add_dir(fname)
-
def gen_writeable(self):
try:
self.__extract_rpms()
--
2.41.0

18
policycoreutils.spec
View File

@ -1,7 +1,7 @@
%global libauditver 3.0
%global libsepolver 3.6-0.rc2
%global libsemanagever 3.6-0.rc2
%global libselinuxver 3.6-0.rc2
%global libsepolver 3.6-1
%global libsemanagever 3.6-1
%global libselinuxver 3.6-1
%global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -11,10 +11,10 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 3.6
Release: 0.rc2.1%{?dist}
Release: 1%{?dist}
License: GPL-2.0-or-later
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6-rc2/selinux-3.6-rc2.tar.gz
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/selinux-3.6.tar.gz
URL: https://github.com/SELinuxProject/selinux
Source13: system-config-selinux.png
Source14: sepolicy-icons.tgz
@ -33,7 +33,7 @@ Source22: selinux-gui.zip
# wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./
Source23: selinux-sandbox.zip
# https://github.com/fedora-selinux/selinux
# $ git format-patch -N 3.6-rc2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ git format-patch -N 3.6 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
# Patch list start
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
@ -42,7 +42,6 @@ Patch0003: 0003-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0004: 0004-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0005: 0005-Use-SHA-2-instead-of-SHA-1.patch
Patch0006: 0006-python-sepolicy-Fix-spec-file-dependencies.patch
Patch0007: 0007-sepolicy-port-to-dnf4-python-API.patch
# Patch list end
Obsoletes: policycoreutils < 2.0.61-2
@ -78,7 +77,7 @@ load_policy to load policies, setfiles to label filesystems, newrole
to switch roles.
%prep -p /usr/bin/bash
%autosetup -p 1 -n selinux-%{version}-rc2
%autosetup -p 1 -n selinux-%{version}
cp %{SOURCE13} gui/
tar -xvf %{SOURCE14} -C python/sepolicy/
@ -420,6 +419,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
- SELinux userspace 3.6 release
* Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
- SELinux userspace 3.6-rc2 release

2
sources
View File

@ -1,4 +1,4 @@
SHA512 (selinux-3.6-rc2.tar.gz) = b42d07af30a49e2d3e3f99c6400a57e4f830100870dc992f6a3f4b3ab16d3cd8a7f2c08f818045a2b8f358548551d31c75b14247a540e67da62bedaaee979ee0
SHA512 (selinux-3.6.tar.gz) = 15ba9c5901ec4dc1e9e24374ffe61216301335fb07c0d653692251a59f210628775852f22d7c5eb784a43b65c133fad983ba1e6159d72fd3fd16e87f9a335fb6
SHA512 (selinux-policycoreutils.zip) = 0df9dc274e0d1a2e4e2467f95a18a5bf7b6de2428ac90a0a73d7f3bd766a897062af142ba3cf39cdb79565ba78af960bcd2e35865cc26e14bf2305321780c918
SHA512 (selinux-python.zip) = 35d209f8bcff498f66465499fcc4cef0780781276a4ba060b2d1d56eed1dd72d253f6b0eae5f679d46cf426b967a7aadac909363513be5d483c95a31249eacdd
SHA512 (selinux-sandbox.zip) = ecbc0c8280eb6c013b039a2e63ee5a361cd84807613962a012ac0a98092357e9809bea23c3c71bd8ae4745b1dd12a4fce43db5e1cab31614f386a2a8db88b733