policycoreutils-3.1-7

- python/sepolicy: allow to override manpage date - selinux_config(5): add a note that runtime disable is deprecated
2020-11-20 13:48:36 +01:00 · 2020-11-20 13:48:36 +01:00 · b0ed1f8d21
commit b0ed1f8d21
parent f052664e78
3 changed files with 90 additions and 5 deletions
--- a/0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
+++ b/0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
@ -0,0 +1,29 @@
 From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
 From: Ondrej Mosnacek <omosnace@redhat.com>
 Date: Wed, 11 Nov 2020 17:23:40 +0100
 Subject: [PATCH] selinux_config(5): add a note that runtime disable is
 deprecated
 ...and refer to selinux(8), which explains it further.
 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
 ---
 policycoreutils/man/man5/selinux_config.5 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
 index 1ffade150128..58b42a0e234d 100644
 --- a/policycoreutils/man/man5/selinux_config.5
 +++ b/policycoreutils/man/man5/selinux_config.5
@@ -48,7 +48,7 @@ SELinux security policy is enforced.
 .IP \fIpermissive\fR 4
 SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
 .IP \fIdisabled\fR
 -SELinux is disabled and no policy is loaded.
 +No SELinux policy is loaded.  This option was used to disable SELinux completely, which is now deprecated.  Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
 .RE
 .sp
 The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
 -- 
 2.29.2
--- a/0025-python-sepolicy-allow-to-override-manpage-date.patch
+++ b/0025-python-sepolicy-allow-to-override-manpage-date.patch
@ -0,0 +1,51 @@
 From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
 From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
 Date: Fri, 30 Oct 2020 22:53:09 +0100
 Subject: [PATCH] python/sepolicy: allow to override manpage date
 in order to make builds reproducible.
 See https://reproducible-builds.org/ for why this is good
 and https://reproducible-builds.org/specs/source-date-epoch/
 for the definition of this variable.
 This patch was done while working on reproducible builds for openSUSE.
 Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
 ---
 python/sepolicy/sepolicy/manpage.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
 index 6a3e08fca58c..c013c0d48502 100755
 --- a/python/sepolicy/sepolicy/manpage.py
 +++ b/python/sepolicy/sepolicy/manpage.py
@@ -39,6 +39,8 @@ typealias_types = {
 equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
 equiv_dirs = ["/var"]
 +man_date = time.strftime("%y-%m-%d", time.gmtime(
 +        int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
 modules_dict = None
@@ -546,7 +548,7 @@ class ManPage:
     def _typealias(self,typealias):
         self.fd.write('.TH  "%(typealias)s_selinux"  "8"  "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
 -                 % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
 +                 % {'typealias':typealias, 'date': man_date})
         self.fd.write(r"""
 .SH "NAME"
 %(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
@@ -565,7 +567,7 @@ man page for more details.
     def _header(self):
         self.fd.write('.TH  "%(domainname)s_selinux"  "8"  "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
 -                      % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
 +                      % {'domainname': self.domainname, 'date': man_date})
         self.fd.write(r"""
 .SH "NAME"
 %(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
 -- 
 2.29.2
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,8 +1,7 @@
 %global libauditver     3.0
-%global libsepolver     3.1-4
+%global libsepolver     3.1-5
-%global libsemanagever  3.1-4
+%global libsemanagever  3.1-5
-%global libselinuxver   3.1-4
+%global libselinuxver   3.1-5
 %global sepolgenver     3.1-4
 %global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -12,7 +11,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 3.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
@ -61,6 +60,8 @@ Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
 Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
 Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
 Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
 Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
 Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
 # Patch list end
 Obsoletes: policycoreutils < 2.0.61-2
@ -538,6 +539,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 %changelog
 * Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
 - python/sepolicy: allow to override manpage date
 - selinux_config(5): add a note that runtime disable is deprecated
 * Mon Nov  9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
 - Require latest setools