import policycoreutils-2.9-13.el8
This commit is contained in:
parent
741af36586
commit
bffd88a200
|
@ -0,0 +1,62 @@
|
|||
From c556c6ad0b94cf3ba4b441a1a0930f2468434227 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 10 Feb 2021 18:05:29 +0100
|
||||
Subject: [PATCH] selinux(8,5): Describe fcontext regular expressions
|
||||
|
||||
Describe which type of regular expression is used in file context
|
||||
definitions and which flags are in effect.
|
||||
|
||||
Explain how local file context modifications are processed.
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
python/semanage/semanage | 2 +-
|
||||
python/semanage/semanage-fcontext.8 | 18 ++++++++++++++++++
|
||||
2 files changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||
index 781e8645..ebb93ea5 100644
|
||||
--- a/python/semanage/semanage
|
||||
+++ b/python/semanage/semanage
|
||||
@@ -366,7 +366,7 @@ If you do not specify a file type, the file type will default to "all files".
|
||||
parser_add_seuser(fcontextParser, "fcontext")
|
||||
parser_add_type(fcontextParser, "fcontext")
|
||||
parser_add_range(fcontextParser, "fcontext")
|
||||
- fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('file_spec'))
|
||||
+ fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('Path to be labeled (may be in the form of a Perl compatible regular expression)'))
|
||||
fcontextParser.set_defaults(func=handleFcontext)
|
||||
|
||||
|
||||
diff --git a/python/semanage/semanage-fcontext.8 b/python/semanage/semanage-fcontext.8
|
||||
index 561123af..49635ba7 100644
|
||||
--- a/python/semanage/semanage-fcontext.8
|
||||
+++ b/python/semanage/semanage-fcontext.8
|
||||
@@ -11,6 +11,24 @@ SELinux policy without requiring modification to or recompilation
|
||||
from policy sources. semanage fcontext is used to manage the default
|
||||
file system labeling on an SELinux system. This command maps file paths using regular expressions to SELinux labels.
|
||||
|
||||
+FILE_SPEC may contain either a fully qualified path,
|
||||
+or a Perl compatible regular expression (PCRE),
|
||||
+describing fully qualified path(s). The only PCRE flag in use is PCRE2_DOTALL,
|
||||
+which causes a wildcard '.' to match anything, including a new line.
|
||||
+Strings representing paths are processed as bytes (as opposed to Unicode),
|
||||
+meaning that non-ASCII characters are not matched by a single wildcard.
|
||||
+
|
||||
+Note, that file context definitions specified using 'semanage fcontext'
|
||||
+(i.e. local file context modifications stored in file_contexts.local)
|
||||
+have higher priority than those specified in policy modules.
|
||||
+This means that whenever a match for given file path is found in
|
||||
+file_contexts.local, no other file context definitions are considered.
|
||||
+Entries in file_contexts.local are processed from most recent one to the oldest,
|
||||
+with first match being used (as opposed to the most specific match,
|
||||
+which is used when matching other file context definitions).
|
||||
+All regular expressions should therefore be as specific as possible,
|
||||
+to avoid unintentionally impacting other parts of the filesystem.
|
||||
+
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
--
|
||||
2.29.2
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.9
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
License: GPLv2
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
|
||||
|
@ -76,6 +76,7 @@ Patch0035: 0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch
|
|||
Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch
|
||||
Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch
|
||||
Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch
|
||||
Patch0039: 0039-selinux-8-5-Describe-fcontext-regular-expressions.patch
|
||||
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||
|
@ -513,6 +514,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Mon Feb 22 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-13
|
||||
- selinux(8,5): Describe fcontext regular expressions (#1904059)
|
||||
|
||||
* Tue Feb 2 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-12
|
||||
- setfiles: Do not abort on labeling error (#1794518)
|
||||
|
||||
|
|
Loading…
Reference in New Issue