Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/policycoreutils.git#c808ccc35cfb563b66b618147b399451acc7747c
This commit is contained in:
DistroBaker 2020-11-24 11:28:16 +00:00
parent c2d6194911
commit f8e6a6385b
4 changed files with 106 additions and 5 deletions

View File

@ -0,0 +1,29 @@
From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Nov 2020 17:23:40 +0100
Subject: [PATCH] selinux_config(5): add a note that runtime disable is
deprecated
...and refer to selinux(8), which explains it further.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
policycoreutils/man/man5/selinux_config.5 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
index 1ffade150128..58b42a0e234d 100644
--- a/policycoreutils/man/man5/selinux_config.5
+++ b/policycoreutils/man/man5/selinux_config.5
@@ -48,7 +48,7 @@ SELinux security policy is enforced.
.IP \fIpermissive\fR 4
SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
.IP \fIdisabled\fR
-SELinux is disabled and no policy is loaded.
+No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprecated. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
.RE
.sp
The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
--
2.29.2

View File

@ -0,0 +1,51 @@
From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Fri, 30 Oct 2020 22:53:09 +0100
Subject: [PATCH] python/sepolicy: allow to override manpage date
in order to make builds reproducible.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
This patch was done while working on reproducible builds for openSUSE.
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
---
python/sepolicy/sepolicy/manpage.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 6a3e08fca58c..c013c0d48502 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -39,6 +39,8 @@ typealias_types = {
equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
equiv_dirs = ["/var"]
+man_date = time.strftime("%y-%m-%d", time.gmtime(
+ int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
modules_dict = None
@@ -546,7 +548,7 @@ class ManPage:
def _typealias(self,typealias):
self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
- % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
+ % {'typealias':typealias, 'date': man_date})
self.fd.write(r"""
.SH "NAME"
%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
@@ -565,7 +567,7 @@ man page for more details.
def _header(self):
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
- % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
+ % {'domainname': self.domainname, 'date': man_date})
self.fd.write(r"""
.SH "NAME"
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
--
2.29.2

16
gating.yaml Normal file
View File

@ -0,0 +1,16 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

View File

@ -1,8 +1,7 @@
%global libauditver 3.0 %global libauditver 3.0
%global libsepolver 3.1-4 %global libsepolver 3.1-5
%global libsemanagever 3.1-4 %global libsemanagever 3.1-5
%global libselinuxver 3.1-4 %global libselinuxver 3.1-5
%global sepolgenver 3.1-4
%global generatorsdir %{_prefix}/lib/systemd/system-generators %global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -12,7 +11,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 3.1 Version: 3.1
Release: 6%{?dist} Release: 7%{?dist}
License: GPLv2 License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
@ -61,6 +60,8 @@ Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
# Patch list end # Patch list end
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
@ -538,6 +539,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
- python/sepolicy: allow to override manpage date
- selinux_config(5): add a note that runtime disable is deprecated
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6 * Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
- Require latest setools - Require latest setools