import policycoreutils-2.9-13.el8
This commit is contained in:
parent
741af36586
commit
bffd88a200
|
@ -0,0 +1,62 @@
|
||||||
|
From c556c6ad0b94cf3ba4b441a1a0930f2468434227 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Date: Wed, 10 Feb 2021 18:05:29 +0100
|
||||||
|
Subject: [PATCH] selinux(8,5): Describe fcontext regular expressions
|
||||||
|
|
||||||
|
Describe which type of regular expression is used in file context
|
||||||
|
definitions and which flags are in effect.
|
||||||
|
|
||||||
|
Explain how local file context modifications are processed.
|
||||||
|
|
||||||
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
---
|
||||||
|
python/semanage/semanage | 2 +-
|
||||||
|
python/semanage/semanage-fcontext.8 | 18 ++++++++++++++++++
|
||||||
|
2 files changed, 19 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||||
|
index 781e8645..ebb93ea5 100644
|
||||||
|
--- a/python/semanage/semanage
|
||||||
|
+++ b/python/semanage/semanage
|
||||||
|
@@ -366,7 +366,7 @@ If you do not specify a file type, the file type will default to "all files".
|
||||||
|
parser_add_seuser(fcontextParser, "fcontext")
|
||||||
|
parser_add_type(fcontextParser, "fcontext")
|
||||||
|
parser_add_range(fcontextParser, "fcontext")
|
||||||
|
- fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('file_spec'))
|
||||||
|
+ fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('Path to be labeled (may be in the form of a Perl compatible regular expression)'))
|
||||||
|
fcontextParser.set_defaults(func=handleFcontext)
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/python/semanage/semanage-fcontext.8 b/python/semanage/semanage-fcontext.8
|
||||||
|
index 561123af..49635ba7 100644
|
||||||
|
--- a/python/semanage/semanage-fcontext.8
|
||||||
|
+++ b/python/semanage/semanage-fcontext.8
|
||||||
|
@@ -11,6 +11,24 @@ SELinux policy without requiring modification to or recompilation
|
||||||
|
from policy sources. semanage fcontext is used to manage the default
|
||||||
|
file system labeling on an SELinux system. This command maps file paths using regular expressions to SELinux labels.
|
||||||
|
|
||||||
|
+FILE_SPEC may contain either a fully qualified path,
|
||||||
|
+or a Perl compatible regular expression (PCRE),
|
||||||
|
+describing fully qualified path(s). The only PCRE flag in use is PCRE2_DOTALL,
|
||||||
|
+which causes a wildcard '.' to match anything, including a new line.
|
||||||
|
+Strings representing paths are processed as bytes (as opposed to Unicode),
|
||||||
|
+meaning that non-ASCII characters are not matched by a single wildcard.
|
||||||
|
+
|
||||||
|
+Note, that file context definitions specified using 'semanage fcontext'
|
||||||
|
+(i.e. local file context modifications stored in file_contexts.local)
|
||||||
|
+have higher priority than those specified in policy modules.
|
||||||
|
+This means that whenever a match for given file path is found in
|
||||||
|
+file_contexts.local, no other file context definitions are considered.
|
||||||
|
+Entries in file_contexts.local are processed from most recent one to the oldest,
|
||||||
|
+with first match being used (as opposed to the most specific match,
|
||||||
|
+which is used when matching other file context definitions).
|
||||||
|
+All regular expressions should therefore be as specific as possible,
|
||||||
|
+to avoid unintentionally impacting other parts of the filesystem.
|
||||||
|
+
|
||||||
|
.SH "OPTIONS"
|
||||||
|
.TP
|
||||||
|
.I \-h, \-\-help
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.9
|
Version: 2.9
|
||||||
Release: 12%{?dist}
|
Release: 13%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
|
||||||
|
@ -76,6 +76,7 @@ Patch0035: 0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch
|
||||||
Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch
|
Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch
|
||||||
Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch
|
Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch
|
||||||
Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch
|
Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch
|
||||||
|
Patch0039: 0039-selinux-8-5-Describe-fcontext-regular-expressions.patch
|
||||||
|
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||||
|
@ -513,6 +514,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 22 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-13
|
||||||
|
- selinux(8,5): Describe fcontext regular expressions (#1904059)
|
||||||
|
|
||||||
* Tue Feb 2 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-12
|
* Tue Feb 2 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-12
|
||||||
- setfiles: Do not abort on labeling error (#1794518)
|
- setfiles: Do not abort on labeling error (#1794518)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue