policycoreutils-3.1-7
- python/sepolicy: allow to override manpage date - selinux_config(5): add a note that runtime disable is deprecated
This commit is contained in:
parent
f052664e78
commit
b0ed1f8d21
@ -0,0 +1,29 @@
|
||||
From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Wed, 11 Nov 2020 17:23:40 +0100
|
||||
Subject: [PATCH] selinux_config(5): add a note that runtime disable is
|
||||
deprecated
|
||||
|
||||
...and refer to selinux(8), which explains it further.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
policycoreutils/man/man5/selinux_config.5 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
|
||||
index 1ffade150128..58b42a0e234d 100644
|
||||
--- a/policycoreutils/man/man5/selinux_config.5
|
||||
+++ b/policycoreutils/man/man5/selinux_config.5
|
||||
@@ -48,7 +48,7 @@ SELinux security policy is enforced.
|
||||
.IP \fIpermissive\fR 4
|
||||
SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
|
||||
.IP \fIdisabled\fR
|
||||
-SELinux is disabled and no policy is loaded.
|
||||
+No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprecated. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
|
||||
.RE
|
||||
.sp
|
||||
The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
|
||||
--
|
||||
2.29.2
|
||||
|
51
0025-python-sepolicy-allow-to-override-manpage-date.patch
Normal file
51
0025-python-sepolicy-allow-to-override-manpage-date.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
|
||||
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
||||
Date: Fri, 30 Oct 2020 22:53:09 +0100
|
||||
Subject: [PATCH] python/sepolicy: allow to override manpage date
|
||||
|
||||
in order to make builds reproducible.
|
||||
See https://reproducible-builds.org/ for why this is good
|
||||
and https://reproducible-builds.org/specs/source-date-epoch/
|
||||
for the definition of this variable.
|
||||
|
||||
This patch was done while working on reproducible builds for openSUSE.
|
||||
|
||||
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 6a3e08fca58c..c013c0d48502 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -39,6 +39,8 @@ typealias_types = {
|
||||
equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
|
||||
|
||||
equiv_dirs = ["/var"]
|
||||
+man_date = time.strftime("%y-%m-%d", time.gmtime(
|
||||
+ int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
|
||||
modules_dict = None
|
||||
|
||||
|
||||
@@ -546,7 +548,7 @@ class ManPage:
|
||||
|
||||
def _typealias(self,typealias):
|
||||
self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
|
||||
- % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
|
||||
+ % {'typealias':typealias, 'date': man_date})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
|
||||
@@ -565,7 +567,7 @@ man page for more details.
|
||||
|
||||
def _header(self):
|
||||
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||
- % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||
+ % {'domainname': self.domainname, 'date': man_date})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,8 +1,7 @@
|
||||
%global libauditver 3.0
|
||||
%global libsepolver 3.1-4
|
||||
%global libsemanagever 3.1-4
|
||||
%global libselinuxver 3.1-4
|
||||
%global sepolgenver 3.1-4
|
||||
%global libsepolver 3.1-5
|
||||
%global libsemanagever 3.1-5
|
||||
%global libselinuxver 3.1-5
|
||||
|
||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||
|
||||
@ -12,7 +11,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 3.1
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: GPLv2
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
|
||||
@ -61,6 +60,8 @@ Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
|
||||
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
||||
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
||||
Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
|
||||
Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
|
||||
# Patch list end
|
||||
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
@ -538,6 +539,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
|
||||
- python/sepolicy: allow to override manpage date
|
||||
- selinux_config(5): add a note that runtime disable is deprecated
|
||||
|
||||
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
||||
- Require latest setools
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user