From bffd88a2005fa40bac9f22920e0e470a75fc8484 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 23 Feb 2021 06:12:52 +0000 Subject: [PATCH] import policycoreutils-2.9-13.el8 --- ...escribe-fcontext-regular-expressions.patch | 62 +++++++++++++++++++ SPECS/policycoreutils.spec | 6 +- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch diff --git a/SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch b/SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch new file mode 100644 index 0000000..b1f95a2 --- /dev/null +++ b/SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch @@ -0,0 +1,62 @@ +From c556c6ad0b94cf3ba4b441a1a0930f2468434227 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Wed, 10 Feb 2021 18:05:29 +0100 +Subject: [PATCH] selinux(8,5): Describe fcontext regular expressions + +Describe which type of regular expression is used in file context +definitions and which flags are in effect. + +Explain how local file context modifications are processed. + +Signed-off-by: Vit Mojzis +Acked-by: Petr Lautrbach +--- + python/semanage/semanage | 2 +- + python/semanage/semanage-fcontext.8 | 18 ++++++++++++++++++ + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/python/semanage/semanage b/python/semanage/semanage +index 781e8645..ebb93ea5 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -366,7 +366,7 @@ If you do not specify a file type, the file type will default to "all files". + parser_add_seuser(fcontextParser, "fcontext") + parser_add_type(fcontextParser, "fcontext") + parser_add_range(fcontextParser, "fcontext") +- fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('file_spec')) ++ fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('Path to be labeled (may be in the form of a Perl compatible regular expression)')) + fcontextParser.set_defaults(func=handleFcontext) + + +diff --git a/python/semanage/semanage-fcontext.8 b/python/semanage/semanage-fcontext.8 +index 561123af..49635ba7 100644 +--- a/python/semanage/semanage-fcontext.8 ++++ b/python/semanage/semanage-fcontext.8 +@@ -11,6 +11,24 @@ SELinux policy without requiring modification to or recompilation + from policy sources. semanage fcontext is used to manage the default + file system labeling on an SELinux system. This command maps file paths using regular expressions to SELinux labels. + ++FILE_SPEC may contain either a fully qualified path, ++or a Perl compatible regular expression (PCRE), ++describing fully qualified path(s). The only PCRE flag in use is PCRE2_DOTALL, ++which causes a wildcard '.' to match anything, including a new line. ++Strings representing paths are processed as bytes (as opposed to Unicode), ++meaning that non-ASCII characters are not matched by a single wildcard. ++ ++Note, that file context definitions specified using 'semanage fcontext' ++(i.e. local file context modifications stored in file_contexts.local) ++have higher priority than those specified in policy modules. ++This means that whenever a match for given file path is found in ++file_contexts.local, no other file context definitions are considered. ++Entries in file_contexts.local are processed from most recent one to the oldest, ++with first match being used (as opposed to the most specific match, ++which is used when matching other file context definitions). ++All regular expressions should therefore be as specific as possible, ++to avoid unintentionally impacting other parts of the filesystem. ++ + .SH "OPTIONS" + .TP + .I \-h, \-\-help +-- +2.29.2 + diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec index 54bc196..74abd41 100644 --- a/SPECS/policycoreutils.spec +++ b/SPECS/policycoreutils.spec @@ -12,7 +12,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.9 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz @@ -76,6 +76,7 @@ Patch0035: 0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch +Patch0039: 0039-selinux-8-5-Describe-fcontext-regular-expressions.patch Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 @@ -513,6 +514,9 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Mon Feb 22 2021 Vit Mojzis - 2.9-13 +- selinux(8,5): Describe fcontext regular expressions (#1904059) + * Tue Feb 2 2021 Petr Lautrbach - 2.9-12 - setfiles: Do not abort on labeling error (#1794518)