SELinux userspace 3.6 release
This commit is contained in:
parent
e8ba46eae6
commit
99b3f5a5d3
1
.gitignore
vendored
1
.gitignore
vendored
@ -354,3 +354,4 @@ policycoreutils-2.0.83.tgz
|
|||||||
/selinux-gui.zip
|
/selinux-gui.zip
|
||||||
/selinux-3.6-rc1.tar.gz
|
/selinux-3.6-rc1.tar.gz
|
||||||
/selinux-3.6-rc2.tar.gz
|
/selinux-3.6-rc2.tar.gz
|
||||||
|
/selinux-3.6.tar.gz
|
||||||
|
@ -1,84 +0,0 @@
|
|||||||
From 4417766f66fb5a1d41503c2d1f0008823ae11269 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
Date: Sat, 29 Jul 2023 20:33:06 +0200
|
|
||||||
Subject: [PATCH] sepolicy: port to dnf4 python API
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
yum module is not available since RHEL 7.
|
|
||||||
|
|
||||||
Drop -systemd related code as it's obsoleted these days - only 2
|
|
||||||
packages ship their .service in -systemd subpackage
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/generate.py | 38 ++++++++++++----------------
|
|
||||||
1 file changed, 16 insertions(+), 22 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
|
||||||
index 36a3ea1196b1..48602a736953 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/generate.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/generate.py
|
|
||||||
@@ -1264,13 +1264,20 @@ allow %s_t %s_t:%s_socket name_%s;
|
|
||||||
return fcfile
|
|
||||||
|
|
||||||
def __extract_rpms(self):
|
|
||||||
- import yum
|
|
||||||
- yb = yum.YumBase()
|
|
||||||
- yb.setCacheDir()
|
|
||||||
+ import dnf
|
|
||||||
|
|
||||||
- for pkg in yb.rpmdb.searchProvides(self.program):
|
|
||||||
+ base = dnf.Base()
|
|
||||||
+ base.read_all_repos()
|
|
||||||
+ base.fill_sack(load_system_repo=True)
|
|
||||||
+
|
|
||||||
+ query = base.sack.query()
|
|
||||||
+
|
|
||||||
+ pq = query.available()
|
|
||||||
+ pq = pq.filter(file=self.program)
|
|
||||||
+
|
|
||||||
+ for pkg in pq:
|
|
||||||
self.rpms.append(pkg.name)
|
|
||||||
- for fname in pkg.dirlist + pkg.filelist + pkg.ghostlist:
|
|
||||||
+ for fname in pkg.files:
|
|
||||||
for b in self.DEFAULT_DIRS:
|
|
||||||
if b == "/etc":
|
|
||||||
continue
|
|
||||||
@@ -1279,9 +1286,10 @@ allow %s_t %s_t:%s_socket name_%s;
|
|
||||||
self.add_file(fname)
|
|
||||||
else:
|
|
||||||
self.add_dir(fname)
|
|
||||||
-
|
|
||||||
- for bpkg in yb.rpmdb.searchNames([pkg.base_package_name]):
|
|
||||||
- for fname in bpkg.dirlist + bpkg.filelist + bpkg.ghostlist:
|
|
||||||
+ sq = query.available()
|
|
||||||
+ sq = sq.filter(provides=pkg.source_name)
|
|
||||||
+ for bpkg in sq:
|
|
||||||
+ for fname in bpkg.files:
|
|
||||||
for b in self.DEFAULT_DIRS:
|
|
||||||
if b == "/etc":
|
|
||||||
continue
|
|
||||||
@@ -1291,20 +1299,6 @@ allow %s_t %s_t:%s_socket name_%s;
|
|
||||||
else:
|
|
||||||
self.add_dir(fname)
|
|
||||||
|
|
||||||
- # some packages have own systemd subpackage
|
|
||||||
- # tor-systemd for example
|
|
||||||
- binary_name = self.program.split("/")[-1]
|
|
||||||
- for bpkg in yb.rpmdb.searchNames(["%s-systemd" % binary_name]):
|
|
||||||
- for fname in bpkg.filelist + bpkg.ghostlist + bpkg.dirlist:
|
|
||||||
- for b in self.DEFAULT_DIRS:
|
|
||||||
- if b == "/etc":
|
|
||||||
- continue
|
|
||||||
- if fname.startswith(b):
|
|
||||||
- if os.path.isfile(fname):
|
|
||||||
- self.add_file(fname)
|
|
||||||
- else:
|
|
||||||
- self.add_dir(fname)
|
|
||||||
-
|
|
||||||
def gen_writeable(self):
|
|
||||||
try:
|
|
||||||
self.__extract_rpms()
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
%global libauditver 3.0
|
%global libauditver 3.0
|
||||||
%global libsepolver 3.6-0.rc2
|
%global libsepolver 3.6-1
|
||||||
%global libsemanagever 3.6-0.rc2
|
%global libsemanagever 3.6-1
|
||||||
%global libselinuxver 3.6-0.rc2
|
%global libselinuxver 3.6-1
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
|
|
||||||
@ -11,10 +11,10 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 3.6
|
Version: 3.6
|
||||||
Release: 0.rc2.1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6-rc2/selinux-3.6-rc2.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/selinux-3.6.tar.gz
|
||||||
URL: https://github.com/SELinuxProject/selinux
|
URL: https://github.com/SELinuxProject/selinux
|
||||||
Source13: system-config-selinux.png
|
Source13: system-config-selinux.png
|
||||||
Source14: sepolicy-icons.tgz
|
Source14: sepolicy-icons.tgz
|
||||||
@ -33,7 +33,7 @@ Source22: selinux-gui.zip
|
|||||||
# wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./
|
# wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./
|
||||||
Source23: selinux-sandbox.zip
|
Source23: selinux-sandbox.zip
|
||||||
# https://github.com/fedora-selinux/selinux
|
# https://github.com/fedora-selinux/selinux
|
||||||
# $ git format-patch -N 3.6-rc2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
# $ git format-patch -N 3.6 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
||||||
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
||||||
# Patch list start
|
# Patch list start
|
||||||
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
||||||
@ -42,7 +42,6 @@ Patch0003: 0003-sepolicy-generate-Handle-more-reserved-port-types.patch
|
|||||||
Patch0004: 0004-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
Patch0004: 0004-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||||
Patch0005: 0005-Use-SHA-2-instead-of-SHA-1.patch
|
Patch0005: 0005-Use-SHA-2-instead-of-SHA-1.patch
|
||||||
Patch0006: 0006-python-sepolicy-Fix-spec-file-dependencies.patch
|
Patch0006: 0006-python-sepolicy-Fix-spec-file-dependencies.patch
|
||||||
Patch0007: 0007-sepolicy-port-to-dnf4-python-API.patch
|
|
||||||
# Patch list end
|
# Patch list end
|
||||||
|
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
@ -78,7 +77,7 @@ load_policy to load policies, setfiles to label filesystems, newrole
|
|||||||
to switch roles.
|
to switch roles.
|
||||||
|
|
||||||
%prep -p /usr/bin/bash
|
%prep -p /usr/bin/bash
|
||||||
%autosetup -p 1 -n selinux-%{version}-rc2
|
%autosetup -p 1 -n selinux-%{version}
|
||||||
|
|
||||||
cp %{SOURCE13} gui/
|
cp %{SOURCE13} gui/
|
||||||
tar -xvf %{SOURCE14} -C python/sepolicy/
|
tar -xvf %{SOURCE14} -C python/sepolicy/
|
||||||
@ -420,6 +419,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
|
||||||
|
- SELinux userspace 3.6 release
|
||||||
|
|
||||||
* Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
|
* Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
|
||||||
- SELinux userspace 3.6-rc2 release
|
- SELinux userspace 3.6-rc2 release
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1,4 +1,4 @@
|
|||||||
SHA512 (selinux-3.6-rc2.tar.gz) = b42d07af30a49e2d3e3f99c6400a57e4f830100870dc992f6a3f4b3ab16d3cd8a7f2c08f818045a2b8f358548551d31c75b14247a540e67da62bedaaee979ee0
|
SHA512 (selinux-3.6.tar.gz) = 15ba9c5901ec4dc1e9e24374ffe61216301335fb07c0d653692251a59f210628775852f22d7c5eb784a43b65c133fad983ba1e6159d72fd3fd16e87f9a335fb6
|
||||||
SHA512 (selinux-policycoreutils.zip) = 0df9dc274e0d1a2e4e2467f95a18a5bf7b6de2428ac90a0a73d7f3bd766a897062af142ba3cf39cdb79565ba78af960bcd2e35865cc26e14bf2305321780c918
|
SHA512 (selinux-policycoreutils.zip) = 0df9dc274e0d1a2e4e2467f95a18a5bf7b6de2428ac90a0a73d7f3bd766a897062af142ba3cf39cdb79565ba78af960bcd2e35865cc26e14bf2305321780c918
|
||||||
SHA512 (selinux-python.zip) = 35d209f8bcff498f66465499fcc4cef0780781276a4ba060b2d1d56eed1dd72d253f6b0eae5f679d46cf426b967a7aadac909363513be5d483c95a31249eacdd
|
SHA512 (selinux-python.zip) = 35d209f8bcff498f66465499fcc4cef0780781276a4ba060b2d1d56eed1dd72d253f6b0eae5f679d46cf426b967a7aadac909363513be5d483c95a31249eacdd
|
||||||
SHA512 (selinux-sandbox.zip) = ecbc0c8280eb6c013b039a2e63ee5a361cd84807613962a012ac0a98092357e9809bea23c3c71bd8ae4745b1dd12a4fce43db5e1cab31614f386a2a8db88b733
|
SHA512 (selinux-sandbox.zip) = ecbc0c8280eb6c013b039a2e63ee5a361cd84807613962a012ac0a98092357e9809bea23c3c71bd8ae4745b1dd12a4fce43db5e1cab31614f386a2a8db88b733
|
||||||
|
Loading…
Reference in New Issue
Block a user