policycoreutils-3.1-7

- python/sepolicy: allow to override manpage date - selinux_config(5): add a note that runtime disable is deprecated
2020-11-20 13:48:36 +01:00 · 2020-11-20 13:48:36 +01:00 · b0ed1f8d21
commit b0ed1f8d21
parent f052664e78
3 changed files with 90 additions and 5 deletions
--- a/0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
+++ b/0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
@ -0,0 +1,29 @@
+From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Wed, 11 Nov 2020 17:23:40 +0100
+Subject: [PATCH] selinux_config(5): add a note that runtime disable is
+ deprecated
+
+...and refer to selinux(8), which explains it further.
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ policycoreutils/man/man5/selinux_config.5 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
+index 1ffade150128..58b42a0e234d 100644
+--- a/policycoreutils/man/man5/selinux_config.5
+++ b/policycoreutils/man/man5/selinux_config.5
+@@ -48,7 +48,7 @@ SELinux security policy is enforced.
+ .IP \fIpermissive\fR 4
+ SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
+ .IP \fIdisabled\fR
+-SELinux is disabled and no policy is loaded.
+No SELinux policy is loaded.  This option was used to disable SELinux completely, which is now deprecated.  Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
+ .RE
+ .sp
+ The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
+-- 
+2.29.2
+
--- a/0025-python-sepolicy-allow-to-override-manpage-date.patch
+++ b/0025-python-sepolicy-allow-to-override-manpage-date.patch
@ -0,0 +1,51 @@
+From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
+From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
+Date: Fri, 30 Oct 2020 22:53:09 +0100
+Subject: [PATCH] python/sepolicy: allow to override manpage date
+
+in order to make builds reproducible.
+See https://reproducible-builds.org/ for why this is good
+and https://reproducible-builds.org/specs/source-date-epoch/
+for the definition of this variable.
+
+This patch was done while working on reproducible builds for openSUSE.
+
+Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
+---
+ python/sepolicy/sepolicy/manpage.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 6a3e08fca58c..c013c0d48502 100755
+--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
+@@ -39,6 +39,8 @@ typealias_types = {
+ equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
+ 
+ equiv_dirs = ["/var"]
+man_date = time.strftime("%y-%m-%d", time.gmtime(
+        int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
+ modules_dict = None
+ 
+ 
+@@ -546,7 +548,7 @@ class ManPage:
+ 
+     def _typealias(self,typealias):
+         self.fd.write('.TH  "%(typealias)s_selinux"  "8"  "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
+-                 % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
+                 % {'typealias':typealias, 'date': man_date})
+         self.fd.write(r"""
+ .SH "NAME"
+ %(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
+@@ -565,7 +567,7 @@ man page for more details.
+ 
+     def _header(self):
+         self.fd.write('.TH  "%(domainname)s_selinux"  "8"  "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
+-                      % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
+                      % {'domainname': self.domainname, 'date': man_date})
+         self.fd.write(r"""
+ .SH "NAME"
+ %(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
+-- 
+2.29.2
+
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,8 +1,7 @@
 %global libauditver     3.0
-%global libsepolver     3.1-4
-%global libsemanagever  3.1-4
-%global libselinuxver   3.1-4
-%global sepolgenver     3.1-4
+%global libsepolver     3.1-5
+%global libsemanagever  3.1-5
+%global libselinuxver   3.1-5

 %global generatorsdir %{_prefix}/lib/systemd/system-generators

@ -12,7 +11,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 3.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
@ -61,6 +60,8 @@ Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
 Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
 Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
 Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
+Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
+Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
 # Patch list end

 Obsoletes: policycoreutils < 2.0.61-2
@ -538,6 +539,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service

 %changelog
+* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
+- python/sepolicy: allow to override manpage date
+- selinux_config(5): add a note that runtime disable is deprecated
+
 * Mon Nov  9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
 - Require latest setools