rpms/policycoreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

policycoreutils-2.5-1

Browse Source 
- Update to upstream release 2016-02-23
This commit is contained in:
Petr Lautrbach 2016-02-23 22:34:45 +01:00
parent affcba34d7
commit afee0d840d
5 changed files with 582 additions and 978 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -237,3 +237,5 @@ policycoreutils-2.0.83.tgz
/policycoreutils-2.4.tar.gz
/sepolgen-1.2.3-rc1.tar.gz
/policycoreutils-2.5-rc1.tar.gz
/policycoreutils-2.5.tar.gz
/sepolgen-1.2.3.tar.gz

1413
policycoreutils-fedora.patch
View File

File diff suppressed because it is too large Load Diff

43
policycoreutils.spec
View File

@ -1,28 +1,28 @@
%global libauditver 2.1.3-4
%global libsepolver 2.5-0
%global libsemanagever 2.5-0
%global libselinuxver 2.5-0
%global libsepolver 2.5
%global libsemanagever 2.5
%global libselinuxver 2.5
%global sepolgenver 1.2.3
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.5
Release: 0.1.rc1%{?dist}
Release: 1%{?dist}
License: GPLv2
Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160107/policycoreutils-2.5-rc1.tar.gz
Source1:https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160107/sepolgen-1.2.3-rc1.tar.gz
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/policycoreutils-2.5.tar.gz
Source1:https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/sepolgen-1.2.3.tar.gz
URL: http://www.selinuxproject.org
Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.5-rc1 ./make-fedora-selinux-patch.sh policycoreutils
# HEAD https://github.com/fedora-selinux/selinux/commit/b1964e0607f28e9c8d6f316497c7e6428e4d3393
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh policycoreutils
# HEAD https://github.com/fedora-selinux/selinux/commit/51852c78f110223be57cd9776069f14703ab49f9
Patch: policycoreutils-fedora.patch
# $ VERSION=1.2.3-rc1 ./make-fedora-selinux-patch.sh sepolgen
# $ VERSION=1.2.3 ./make-fedora-selinux-patch.sh sepolgen
Patch1: sepolgen-fedora.patch
Patch100: policycoreutils-fix-semanage-python3.patch
Obsoletes: policycoreutils < 2.0.61-2
@ -56,20 +56,20 @@ to switch roles.
# create selinux/ directory and extract %{SOURCE0} there
%setup -q -c -n selinux
%patch -p0 -b .policycoreutils-fedora
pushd policycoreutils-2.5-rc1
pushd policycoreutils-2.5
%patch100 -p2 -b .semanage-python3
popd
cp %{SOURCE3} policycoreutils-2.5-rc1/gui/
tar -xvf %{SOURCE4} -C policycoreutils-2.5-rc1/
cp %{SOURCE3} policycoreutils-2.5/gui/
tar -xvf %{SOURCE4} -C policycoreutils-2.5/
# extract {%SOURCE1} in selinux/ directory
%setup -T -D -a 1 -n selinux
%patch1 -p0 -b .sepolgen-fedora
%build
make -C policycoreutils-2.5-rc1 LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all
make -C sepolgen-1.2.3-rc1 SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C policycoreutils-2.5 LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all
make -C sepolgen-1.2.3 SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
%install
mkdir -p %{buildroot}%{_bindir}
@ -79,14 +79,14 @@ mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
make -C policycoreutils-2.5-rc1 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
make -C policycoreutils-2.5-rc1 PYTHON=python3 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
make -C policycoreutils-2.5 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
make -C policycoreutils-2.5 PYTHON=python3 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
# Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
make -C sepolgen-1.2.3-rc1 DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
make -C sepolgen-1.2.3-rc1 PYTHON=python3 DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
make -C sepolgen-1.2.3 DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
make -C sepolgen-1.2.3 PYTHON=python3 DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
tar -jxf %{SOURCE2} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
@ -375,7 +375,7 @@ fi
%{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/genhomedircon.8*
%{!?_licensedir:%global license %%doc}
%license policycoreutils-2.5-rc1/COPYING
%license policycoreutils-2.5/COPYING
%doc %{_usr}/share/doc/%{name}
%package restorecond
@ -396,7 +396,7 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
%{!?_licensedir:%global license %%doc}
%license policycoreutils-2.5-rc1/COPYING
%license policycoreutils-2.5/COPYING
%post restorecond
%systemd_post restorecond.service
@ -408,6 +408,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
- Update to upstream release 2016-02-23
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

98
sepolgen-fedora.patch
View File

@ -1,18 +1,7 @@
diff --git sepolgen-1.2.3-rc1/ChangeLog sepolgen-1.2.3-rc1/ChangeLog
index 57db7a5..fc8f6a0 100644
--- sepolgen-1.2.3-rc1/ChangeLog
+++ sepolgen-1.2.3-rc1/ChangeLog
@@ -1,4 +1,6 @@
1.2.3-rc1 2016-01-07
+ * Support latest refpolicy interfaces, from Nicolas Iooss.
+ * Make sepolgen-ifgen output deterministic with Python>=3.3, from Nicolas Iooss.
* Use key function in sort(), from Petr Lautrbach.
* Reset line numbers when parsing files, from Nicolas Iooss.
* Convert cmp functions to key functions, from Robert Kuska.
diff --git sepolgen-1.2.3-rc1/src/sepolgen/access.py sepolgen-1.2.3-rc1/src/sepolgen/access.py
index 1f89ecd..7606561 100644
--- sepolgen-1.2.3-rc1/src/sepolgen/access.py
+++ sepolgen-1.2.3-rc1/src/sepolgen/access.py
diff --git sepolgen-1.2.3/src/sepolgen/access.py sepolgen-1.2.3/src/sepolgen/access.py
index a5d8698..7606561 100644
--- sepolgen-1.2.3/src/sepolgen/access.py
+++ sepolgen-1.2.3/src/sepolgen/access.py
@@ -90,6 +90,8 @@ class AccessVector(util.Comparison):
self.audit_msgs = []
self.type = audit2why.TERULE
@ -22,15 +11,6 @@ index 1f89ecd..7606561 100644
# when implementing __eq__ also __hash__ is needed on py2
# if object is muttable __hash__ should be None
self.__hash__ = None
@@ -128,7 +130,7 @@ class AccessVector(util.Comparison):
is represented in a list.
"""
l = [self.src_type, self.tgt_type, self.obj_class]
- l.extend(self.perms)
+ l.extend(sorted(self.perms))
return l
def __str__(self):
@@ -138,6 +140,29 @@ class AccessVector(util.Comparison):
return "allow %s %s:%s %s;" % (self.src_type, self.tgt_type,
self.obj_class, self.perms.to_space_str())
@ -81,10 +61,10 @@ index 1f89ecd..7606561 100644
access.type = avc_type
cls[obj_class, avc_type] = access
diff --git sepolgen-1.2.3-rc1/src/sepolgen/audit.py sepolgen-1.2.3-rc1/src/sepolgen/audit.py
diff --git sepolgen-1.2.3/src/sepolgen/audit.py sepolgen-1.2.3/src/sepolgen/audit.py
index 724d3ea..dad0724 100644
--- sepolgen-1.2.3-rc1/src/sepolgen/audit.py
+++ sepolgen-1.2.3-rc1/src/sepolgen/audit.py
--- sepolgen-1.2.3/src/sepolgen/audit.py
+++ sepolgen-1.2.3/src/sepolgen/audit.py
@@ -176,6 +176,7 @@ class AVCMessage(AuditMessage):
self.exe = ""
self.path = ""
@ -203,30 +183,10 @@ index 724d3ea..dad0724 100644
return av_set
class AVCTypeFilter:
diff --git sepolgen-1.2.3-rc1/src/sepolgen/interfaces.py sepolgen-1.2.3-rc1/src/sepolgen/interfaces.py
index 0b688bf..48ae4f2 100644
--- sepolgen-1.2.3-rc1/src/sepolgen/interfaces.py
+++ sepolgen-1.2.3-rc1/src/sepolgen/interfaces.py
@@ -341,12 +341,12 @@ class InterfaceSet:
self.output.write(str + "\n")
def to_file(self, fd):
- for iv in self.interfaces.values():
+ for iv in sorted(self.interfaces.values(), key=lambda x: x.name):
fd.write("[InterfaceVector %s " % iv.name)
- for param in iv.params.values():
+ for param in sorted(iv.params.values(), key=lambda x: x.name):
fd.write("%s:%s " % (param.name, refpolicy.field_to_str[param.type]))
fd.write("]\n")
- avl = iv.access.to_list()
+ avl = sorted(iv.access.to_list())
for av in avl:
fd.write(",".join(av))
fd.write("\n")
diff --git sepolgen-1.2.3-rc1/src/sepolgen/policygen.py sepolgen-1.2.3-rc1/src/sepolgen/policygen.py
diff --git sepolgen-1.2.3/src/sepolgen/policygen.py sepolgen-1.2.3/src/sepolgen/policygen.py
index 34c8401..f374132 100644
--- sepolgen-1.2.3-rc1/src/sepolgen/policygen.py
+++ sepolgen-1.2.3-rc1/src/sepolgen/policygen.py
--- sepolgen-1.2.3/src/sepolgen/policygen.py
+++ sepolgen-1.2.3/src/sepolgen/policygen.py
@@ -82,8 +82,9 @@ class PolicyGenerator:
self.module = refpolicy.Module()
@ -292,41 +252,3 @@ index 34c8401..f374132 100644
if av.type == audit2why.ALLOW:
rule.comment += "\n#!!!! This avc is allowed in the current policy"
if av.type == audit2why.DONTAUDIT:
diff --git sepolgen-1.2.3-rc1/src/sepolgen/refparser.py sepolgen-1.2.3-rc1/src/sepolgen/refparser.py
index 3132c6f..9b1d0c8 100644
--- sepolgen-1.2.3-rc1/src/sepolgen/refparser.py
+++ sepolgen-1.2.3-rc1/src/sepolgen/refparser.py
@@ -219,7 +219,7 @@ t_BAR = r'\|'
t_EXPL = r'\!'
t_EQUAL = r'\='
t_NUMBER = r'[0-9\.]+'
-t_PATH = r'/[a-zA-Z0-9)_\.\*/]*'
+t_PATH = r'/[a-zA-Z0-9)_\.\*/\$]*'
#t_IPV6_ADDR = r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]{0,4}:)*'
# Ignore whitespace - this is a special token for ply that more efficiently
@@ -417,6 +417,7 @@ def p_tunable_policy(p):
def p_ifelse(p):
'''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
| IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
'''
# x = refpolicy.IfDef(p[4])
# v = True
diff --git sepolgen-1.2.3-rc1/src/sepolgen/refpolicy.py sepolgen-1.2.3-rc1/src/sepolgen/refpolicy.py
index 737f956..31b40d8 100644
--- sepolgen-1.2.3-rc1/src/sepolgen/refpolicy.py
+++ sepolgen-1.2.3-rc1/src/sepolgen/refpolicy.py
@@ -251,10 +251,10 @@ class IdSet(set):
self.compliment = False
def to_space_str(self):
- return list_to_space_str(self)
+ return list_to_space_str(sorted(self))
def to_comma_str(self):
- return list_to_comma_str(self)
+ return list_to_comma_str(sorted(self))
class SecurityContext(Leaf):
"""An SELinux security context with optional MCS / MLS fields."""

4
sources
View File

@ -1,3 +1,3 @@
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
e1af957a577a6ae643fad110d4c680e6 sepolgen-1.2.3-rc1.tar.gz
91c305a513871b1b28b2c77df61873c8 policycoreutils-2.5-rc1.tar.gz
9ad9331b2133262fb3f774359a7f4761 policycoreutils-2.5.tar.gz
d17b4072ed14d1f8d94ffd667ddc2864 sepolgen-1.2.3.tar.gz