Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/policycoreutils.git#c808ccc35cfb563b66b618147b399451acc7747c
This commit is contained in:
parent
c2d6194911
commit
f8e6a6385b
@ -0,0 +1,29 @@
|
|||||||
|
From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 11 Nov 2020 17:23:40 +0100
|
||||||
|
Subject: [PATCH] selinux_config(5): add a note that runtime disable is
|
||||||
|
deprecated
|
||||||
|
|
||||||
|
...and refer to selinux(8), which explains it further.
|
||||||
|
|
||||||
|
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
---
|
||||||
|
policycoreutils/man/man5/selinux_config.5 | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
|
||||||
|
index 1ffade150128..58b42a0e234d 100644
|
||||||
|
--- a/policycoreutils/man/man5/selinux_config.5
|
||||||
|
+++ b/policycoreutils/man/man5/selinux_config.5
|
||||||
|
@@ -48,7 +48,7 @@ SELinux security policy is enforced.
|
||||||
|
.IP \fIpermissive\fR 4
|
||||||
|
SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
|
||||||
|
.IP \fIdisabled\fR
|
||||||
|
-SELinux is disabled and no policy is loaded.
|
||||||
|
+No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprecated. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
|
||||||
|
.RE
|
||||||
|
.sp
|
||||||
|
The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
51
0025-python-sepolicy-allow-to-override-manpage-date.patch
Normal file
51
0025-python-sepolicy-allow-to-override-manpage-date.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
||||||
|
Date: Fri, 30 Oct 2020 22:53:09 +0100
|
||||||
|
Subject: [PATCH] python/sepolicy: allow to override manpage date
|
||||||
|
|
||||||
|
in order to make builds reproducible.
|
||||||
|
See https://reproducible-builds.org/ for why this is good
|
||||||
|
and https://reproducible-builds.org/specs/source-date-epoch/
|
||||||
|
for the definition of this variable.
|
||||||
|
|
||||||
|
This patch was done while working on reproducible builds for openSUSE.
|
||||||
|
|
||||||
|
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
||||||
|
---
|
||||||
|
python/sepolicy/sepolicy/manpage.py | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||||
|
index 6a3e08fca58c..c013c0d48502 100755
|
||||||
|
--- a/python/sepolicy/sepolicy/manpage.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||||
|
@@ -39,6 +39,8 @@ typealias_types = {
|
||||||
|
equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
|
||||||
|
|
||||||
|
equiv_dirs = ["/var"]
|
||||||
|
+man_date = time.strftime("%y-%m-%d", time.gmtime(
|
||||||
|
+ int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
|
||||||
|
modules_dict = None
|
||||||
|
|
||||||
|
|
||||||
|
@@ -546,7 +548,7 @@ class ManPage:
|
||||||
|
|
||||||
|
def _typealias(self,typealias):
|
||||||
|
self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
|
||||||
|
- % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
|
||||||
|
+ % {'typealias':typealias, 'date': man_date})
|
||||||
|
self.fd.write(r"""
|
||||||
|
.SH "NAME"
|
||||||
|
%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
|
||||||
|
@@ -565,7 +567,7 @@ man page for more details.
|
||||||
|
|
||||||
|
def _header(self):
|
||||||
|
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||||
|
- % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||||
|
+ % {'domainname': self.domainname, 'date': man_date})
|
||||||
|
self.fd.write(r"""
|
||||||
|
.SH "NAME"
|
||||||
|
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
16
gating.yaml
Normal file
16
gating.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- fedora-*
|
||||||
|
decision_context: bodhi_update_push_testing
|
||||||
|
subject_type: koji_build
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||||
|
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- fedora-*
|
||||||
|
decision_context: bodhi_update_push_stable
|
||||||
|
subject_type: koji_build
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||||
|
|
@ -1,8 +1,7 @@
|
|||||||
%global libauditver 3.0
|
%global libauditver 3.0
|
||||||
%global libsepolver 3.1-4
|
%global libsepolver 3.1-5
|
||||||
%global libsemanagever 3.1-4
|
%global libsemanagever 3.1-5
|
||||||
%global libselinuxver 3.1-4
|
%global libselinuxver 3.1-5
|
||||||
%global sepolgenver 3.1-4
|
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
|
|
||||||
@ -12,7 +11,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 3.1
|
Version: 3.1
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
|
||||||
@ -61,6 +60,8 @@ Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
|
|||||||
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
||||||
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||||
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
||||||
|
Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
|
||||||
|
Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
|
||||||
# Patch list end
|
# Patch list end
|
||||||
|
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
@ -538,6 +539,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
|
||||||
|
- python/sepolicy: allow to override manpage date
|
||||||
|
- selinux_config(5): add a note that runtime disable is deprecated
|
||||||
|
|
||||||
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
||||||
- Require latest setools
|
- Require latest setools
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user