diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata new file mode 100644 index 0000000..b6f1b41 --- /dev/null +++ b/.policycoreutils.metadata @@ -0,0 +1,5 @@ +c1d6c443723b91295ca887eeea5c2d84a420593f selinux-3.6.tar.gz +8aec9d92a940e35756c4cf66891db7b070e00c5c selinux-policycoreutils.zip +6a9a8a86bf4b66b484533e5a5b91acd9f2ba4ed1 selinux-python.zip +c2957ae26fcabe856439915bc03fb7d25c91b724 selinux-gui.zip +c9b684345b0b6940afd38d8679e2838ad7ef5ffe selinux-sandbox.zip diff --git a/0018-python-semanage-Allow-modifying-records-on-add.patch b/0018-python-semanage-Allow-modifying-records-on-add.patch index 6cc122c..68e5efb 100644 --- a/0018-python-semanage-Allow-modifying-records-on-add.patch +++ b/0018-python-semanage-Allow-modifying-records-on-add.patch @@ -1,6 +1,6 @@ -From 1afa3a9462e78d17a0a1fe2594fa6f1e8d57d47f Mon Sep 17 00:00:00 2001 +From 78e4c9f2c2e97d23a67254647339d3c75bb7986d Mon Sep 17 00:00:00 2001 From: Vit Mojzis -Date: Wed, 24 Jan 2024 13:45:38 +0100 +Date: Wed, 14 Feb 2024 13:08:40 +0100 Subject: [PATCH] python/semanage: Allow modifying records on "add" Content-type: text/plain @@ -21,11 +21,10 @@ Fixes: login, ibpkey, ibendport, node, interface and fcontext. Signed-off-by: Vit Mojzis -Acked-by: James Carter --- python/semanage/semanage | 2 +- - python/semanage/seobject.py | 206 +++++++++++++++++++++++++----------- - 2 files changed, 145 insertions(+), 63 deletions(-) + python/semanage/seobject.py | 208 +++++++++++++++++++++++++----------- + 2 files changed, 147 insertions(+), 63 deletions(-) diff --git a/python/semanage/semanage b/python/semanage/semanage index 4fdb490f7df4..b269b9fca65b 100644 @@ -41,7 +40,7 @@ index 4fdb490f7df4..b269b9fca65b 100644 OBJECT.modify(args.file_spec, args.type, args.ftype, args.range, args.seuser) if args.action == "delete": diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index cc944ae202c9..dfb15b1d77e4 100644 +index cc944ae202c9..12133b53fe91 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -557,11 +557,6 @@ class loginRecords(semanageRecords): @@ -257,7 +256,7 @@ index cc944ae202c9..dfb15b1d77e4 100644 (rc, node) = semanage_node_create(self.sh) if rc < 0: raise ValueError(_("Could not create addr for %s") % addr) -@@ -1955,9 +1996,25 @@ class nodeRecords(semanageRecords): +@@ -1955,9 +1996,27 @@ class nodeRecords(semanageRecords): def add(self, addr, mask, proto, serange, ctype): self.begin() @@ -270,6 +269,8 @@ index cc944ae202c9..dfb15b1d77e4 100644 self.commit() + def __exists(self, addr, mask, proto): ++ addr, mask, proto, audit_proto = self.validate(addr, mask, proto) ++ + (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) + if rc < 0: + raise ValueError(_("Could not create key for %s") % addr) @@ -284,7 +285,7 @@ index cc944ae202c9..dfb15b1d77e4 100644 def __modify(self, addr, mask, proto, serange, setype): addr, mask, proto, audit_proto = self.validate(addr, mask, proto) -@@ -2111,12 +2168,6 @@ class interfaceRecords(semanageRecords): +@@ -2111,12 +2170,6 @@ class interfaceRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not create key for %s") % interface) @@ -297,7 +298,7 @@ index cc944ae202c9..dfb15b1d77e4 100644 (rc, iface) = semanage_iface_create(self.sh) if rc < 0: raise ValueError(_("Could not create interface for %s") % interface) -@@ -2163,9 +2214,25 @@ class interfaceRecords(semanageRecords): +@@ -2163,9 +2216,25 @@ class interfaceRecords(semanageRecords): def add(self, interface, serange, ctype): self.begin() @@ -324,7 +325,7 @@ index cc944ae202c9..dfb15b1d77e4 100644 def __modify(self, interface, serange, setype): if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) -@@ -2353,7 +2420,13 @@ class fcontextRecords(semanageRecords): +@@ -2353,7 +2422,13 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Substitute %s is not valid. Substitute is not allowed to end with '/'") % substitute) if target in self.equiv.keys(): @@ -339,7 +340,7 @@ index cc944ae202c9..dfb15b1d77e4 100644 self.validate(target) for fdict in (self.equiv, self.equiv_dist): -@@ -2429,18 +2502,6 @@ class fcontextRecords(semanageRecords): +@@ -2429,18 +2504,6 @@ class fcontextRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not create key for %s") % target) @@ -358,7 +359,7 @@ index cc944ae202c9..dfb15b1d77e4 100644 (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: raise ValueError(_("Could not create file context for %s") % target) -@@ -2479,9 +2540,30 @@ class fcontextRecords(semanageRecords): +@@ -2479,9 +2542,30 @@ class fcontextRecords(semanageRecords): def add(self, target, type, ftype="", serange="", seuser="system_u"): self.begin() @@ -391,5 +392,5 @@ index cc944ae202c9..dfb15b1d77e4 100644 if serange == "" and setype == "" and seuser == "": raise ValueError(_("Requires setype, serange or seuser")) -- -2.43.0 +2.43.2 diff --git a/policycoreutils.spec b/policycoreutils.spec index dd355b3..15daab1 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -11,7 +11,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 3.6 -Release: 2%{?dist} +Release: 2.1%{?dist} License: GPL-2.0-or-later # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/selinux-3.6.tar.gz @@ -464,7 +464,7 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog -* Tue Feb 13 2024 Petr Lautrbach - 3.6-2 +* Mon Feb 19 2024 Petr Lautrbach - 3.6-2.1 - semanage: Allow modifying records on "add" - semanage: Do not sort local fcontext definitions