rpms
/
policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import policycoreutils-2.9-13.el8

This commit is contained in:
CentOS Sources 2021-02-23 06:12:52 +00:00 committed by Andrew Lukoshko
parent 741af36586
commit bffd88a200
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch Normal file
View File

@ -0,0 +1,62 @@
From c556c6ad0b94cf3ba4b441a1a0930f2468434227 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 10 Feb 2021 18:05:29 +0100
Subject: [PATCH] selinux(8,5): Describe fcontext regular expressions
Describe which type of regular expression is used in file context
definitions and which flags are in effect.
Explain how local file context modifications are processed.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
---
python/semanage/semanage | 2 +-
python/semanage/semanage-fcontext.8 | 18 ++++++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 781e8645..ebb93ea5 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -366,7 +366,7 @@ If you do not specify a file type, the file type will default to "all files".
parser_add_seuser(fcontextParser, "fcontext")
parser_add_type(fcontextParser, "fcontext")
parser_add_range(fcontextParser, "fcontext")
- fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('file_spec'))
+ fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('Path to be labeled (may be in the form of a Perl compatible regular expression)'))
fcontextParser.set_defaults(func=handleFcontext)
diff --git a/python/semanage/semanage-fcontext.8 b/python/semanage/semanage-fcontext.8
index 561123af..49635ba7 100644
--- a/python/semanage/semanage-fcontext.8
+++ b/python/semanage/semanage-fcontext.8
@@ -11,6 +11,24 @@ SELinux policy without requiring modification to or recompilation
from policy sources. semanage fcontext is used to manage the default
file system labeling on an SELinux system. This command maps file paths using regular expressions to SELinux labels.
+FILE_SPEC may contain either a fully qualified path,
+or a Perl compatible regular expression (PCRE),
+describing fully qualified path(s). The only PCRE flag in use is PCRE2_DOTALL,
+which causes a wildcard '.' to match anything, including a new line.
+Strings representing paths are processed as bytes (as opposed to Unicode),
+meaning that non-ASCII characters are not matched by a single wildcard.
+
+Note, that file context definitions specified using 'semanage fcontext'
+(i.e. local file context modifications stored in file_contexts.local)
+have higher priority than those specified in policy modules.
+This means that whenever a match for given file path is found in
+file_contexts.local, no other file context definitions are considered.
+Entries in file_contexts.local are processed from most recent one to the oldest,
+with first match being used (as opposed to the most specific match,
+which is used when matching other file context definitions).
+All regular expressions should therefore be as specific as possible,
+to avoid unintentionally impacting other parts of the filesystem.
+
.SH "OPTIONS"
.TP
.I \-h, \-\-help
--
2.29.2

6
SPECS/policycoreutils.spec
View File

@ -12,7 +12,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.9
Release: 12%{?dist}
Release: 13%{?dist}
License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
@ -76,6 +76,7 @@ Patch0035: 0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch
Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch
Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch
Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch
Patch0039: 0039-selinux-8-5-Describe-fcontext-regular-expressions.patch
Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -513,6 +514,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Mon Feb 22 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-13
- selinux(8,5): Describe fcontext regular expressions (#1904059)
* Tue Feb 2 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-12
- setfiles: Do not abort on labeling error (#1794518)