policycoreutils-3.1-7
- python/sepolicy: allow to override manpage date - selinux_config(5): add a note that runtime disable is deprecated
This commit is contained in:
parent
f052664e78
commit
b0ed1f8d21
@ -0,0 +1,29 @@
|
|||||||
|
From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 11 Nov 2020 17:23:40 +0100
|
||||||
|
Subject: [PATCH] selinux_config(5): add a note that runtime disable is
|
||||||
|
deprecated
|
||||||
|
|
||||||
|
...and refer to selinux(8), which explains it further.
|
||||||
|
|
||||||
|
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
---
|
||||||
|
policycoreutils/man/man5/selinux_config.5 | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
|
||||||
|
index 1ffade150128..58b42a0e234d 100644
|
||||||
|
--- a/policycoreutils/man/man5/selinux_config.5
|
||||||
|
+++ b/policycoreutils/man/man5/selinux_config.5
|
||||||
|
@@ -48,7 +48,7 @@ SELinux security policy is enforced.
|
||||||
|
.IP \fIpermissive\fR 4
|
||||||
|
SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
|
||||||
|
.IP \fIdisabled\fR
|
||||||
|
-SELinux is disabled and no policy is loaded.
|
||||||
|
+No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprecated. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
|
||||||
|
.RE
|
||||||
|
.sp
|
||||||
|
The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
51
0025-python-sepolicy-allow-to-override-manpage-date.patch
Normal file
51
0025-python-sepolicy-allow-to-override-manpage-date.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
||||||
|
Date: Fri, 30 Oct 2020 22:53:09 +0100
|
||||||
|
Subject: [PATCH] python/sepolicy: allow to override manpage date
|
||||||
|
|
||||||
|
in order to make builds reproducible.
|
||||||
|
See https://reproducible-builds.org/ for why this is good
|
||||||
|
and https://reproducible-builds.org/specs/source-date-epoch/
|
||||||
|
for the definition of this variable.
|
||||||
|
|
||||||
|
This patch was done while working on reproducible builds for openSUSE.
|
||||||
|
|
||||||
|
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
||||||
|
---
|
||||||
|
python/sepolicy/sepolicy/manpage.py | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||||
|
index 6a3e08fca58c..c013c0d48502 100755
|
||||||
|
--- a/python/sepolicy/sepolicy/manpage.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||||
|
@@ -39,6 +39,8 @@ typealias_types = {
|
||||||
|
equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
|
||||||
|
|
||||||
|
equiv_dirs = ["/var"]
|
||||||
|
+man_date = time.strftime("%y-%m-%d", time.gmtime(
|
||||||
|
+ int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
|
||||||
|
modules_dict = None
|
||||||
|
|
||||||
|
|
||||||
|
@@ -546,7 +548,7 @@ class ManPage:
|
||||||
|
|
||||||
|
def _typealias(self,typealias):
|
||||||
|
self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
|
||||||
|
- % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
|
||||||
|
+ % {'typealias':typealias, 'date': man_date})
|
||||||
|
self.fd.write(r"""
|
||||||
|
.SH "NAME"
|
||||||
|
%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
|
||||||
|
@@ -565,7 +567,7 @@ man page for more details.
|
||||||
|
|
||||||
|
def _header(self):
|
||||||
|
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||||
|
- % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||||
|
+ % {'domainname': self.domainname, 'date': man_date})
|
||||||
|
self.fd.write(r"""
|
||||||
|
.SH "NAME"
|
||||||
|
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
@ -1,8 +1,7 @@
|
|||||||
%global libauditver 3.0
|
%global libauditver 3.0
|
||||||
%global libsepolver 3.1-4
|
%global libsepolver 3.1-5
|
||||||
%global libsemanagever 3.1-4
|
%global libsemanagever 3.1-5
|
||||||
%global libselinuxver 3.1-4
|
%global libselinuxver 3.1-5
|
||||||
%global sepolgenver 3.1-4
|
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
|
|
||||||
@ -12,7 +11,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 3.1
|
Version: 3.1
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
|
||||||
@ -61,6 +60,8 @@ Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
|
|||||||
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
||||||
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||||
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
||||||
|
Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
|
||||||
|
Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
|
||||||
# Patch list end
|
# Patch list end
|
||||||
|
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
@ -538,6 +539,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
|
||||||
|
- python/sepolicy: allow to override manpage date
|
||||||
|
- selinux_config(5): add a note that runtime disable is deprecated
|
||||||
|
|
||||||
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
||||||
- Require latest setools
|
- Require latest setools
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user