Commit Graph

1387 Commits

Author SHA1 Message Date
Troy Dawson
2793e49f8c Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
2024-10-29 09:03:56 -07:00
Petr Lautrbach
ab1421e02c sepolgen-ifgen: allow M4 escaped filenames
When a file name in type transition rule used in an interface is same as
a keyword, it needs to be M4 escaped so that the keyword is not expanded
by M4, e.g.

-	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
+	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")

But sepolgen-ifgen could not parse such string:

    # sepolgen-ifgen
    Illegal character '`'

This change allows M4 escaping inside quoted strings and fixed described
problem.

https://bugzilla.redhat.com/show_bug.cgi?id=2254206

Resolves: RHEL-45544
2024-08-20 19:04:31 +02:00
Petr Lautrbach
c3b4e1a0d4 Move changelog to changelog and use %autochangelog
https://docs.pagure.org/Fedora-Infra.rpmautospec/autochangelog.html

`rpmautospec generate-changelog` can be used to preview how the
generated changelog will look

[skip changelog]

Related: RHEL-40233
2024-06-28 22:27:52 +02:00
Petr Lautrbach
02af42ef7e Verify upstream tarball signature
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification

Related: RHEL-40233
2024-06-28 22:27:40 +02:00
Petr Lautrbach
07a392fef4 SELinux userspace 3.7 release
Resolves: RHEL-40233
2024-06-28 22:26:17 +02:00
Troy Dawson
b408663be5 Bump release for June 2024 mass rebuild 2024-06-24 09:15:27 -07:00
Petr Lautrbach
291edd4a3d Drop baseos-ci gating
Support for STI and workflow-tomorrow based test executions has been
 discontinued.
2024-05-10 13:52:14 +02:00
Petr Lautrbach
6603656816 policycoreutils-3.6-4
- Add Wayland support

Related: RHEL-35984, RHEL-32363, RHEL-32364
2024-05-09 16:40:45 +02:00
Petr Lautrbach
6a9179581a sandbox: Add support for Wayland
- use XWayland for X application if it's run in Wayland session
- run Wayland apps directly if it's run in Wayland session
- add sandbox -Y option to run run Wayland application

Resolves: RHEL-35984
2024-05-09 16:33:50 +02:00
Petr Lautrbach
6c667202a9 Limit sandbox dependencies RHEL > 9
Resolves: RHEL-32364, RHEL-32363
2024-05-09 16:33:03 +02:00
Milos Malik
2223d963d8 replace Fedora CI with RHEL CI
Copy the gating.yaml file from the c9s branch to the c10s branch.
2024-04-03 19:46:31 +02:00
Fedora Release Engineering
bc27ad616a Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-25 23:53:50 +00:00
Fedora Release Engineering
8afcf5f068 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-21 22:06:51 +00:00
Petr Lautrbach
0b9f7c1112 sandbox to require xorg only in Fedora and RHEL <= 9 2023-12-14 18:08:50 +01:00
Petr Lautrbach
99b3f5a5d3 SELinux userspace 3.6 release 2023-12-14 17:52:44 +01:00
Petr Lautrbach
e8ba46eae6 SELinux userspace 3.6-rc2 release 2023-11-23 17:45:19 +01:00
Petr Lautrbach
907549e21f SELinux userspace 3.6-rc1 release 2023-11-14 20:44:51 +01:00
Petr Lautrbach
4b1f77eef9 policycoreutils-3.5-8
- Update translations
  https://translate.fedoraproject.org/projects/selinux/
2023-10-30 16:18:33 +01:00
Petr Lautrbach
05444f27d0 policycoreutils-3.5-7
- python: improve format strings for proper localization
- python: Drop hard formating from localized strings
- sepolicy: port to dnf4 python API (rhbz#2209404)
2023-08-01 11:38:39 +02:00
Fedora Release Engineering
aa0a78d0f1 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-21 06:01:10 +00:00
Vit Mojzis
21f11b304c policycoreutils-3.5-5
- python/sepolicy: Fix spec file dependencies
- python/sepolicy: Fix template for confined user policy modules
- Improve man pages and add examples

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2023-06-23 11:20:28 +02:00
Python Maint
ac0a1ffe5c Rebuilt for Python 3.12 2023-06-13 20:25:18 +02:00
Petr Lautrbach
28f9992604 Use /bin/bash instead of /bin/sh
Fixes:

$ shellcheck -S warning selinux-autorelabel-generator.sh

In selinux-autorelabel-generator.sh line 22:
    source /etc/selinux/config
    ^------------------------^ SC3046 (warning): In POSIX sh, 'source' in place of '.' is undefined.

For more information:
  https://www.shellcheck.net/wiki/SC3046 -- In POSIX sh, 'source' in place of...

https://bugzilla.redhat.com/show_bug.cgi?id=2210593
2023-05-30 10:28:15 +00:00
Miro Hrončok
3cac2f0428 Fix build with pip 23.1.2+
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2209016
2023-05-26 11:27:31 +02:00
Tomas Popela
8acd4a7172 Drop unused BR on dbus-glib-devel and explicitly BR glib2-devel
The project has moved away from dbus-glib in version 3.2[0] and the BR
is not needed at all. Explicitly add the glib2-devel to BR to fix the
build after this change (it got there previously through
dbus-glib-devel).

[0] - 252925ccdf
2023-05-10 14:38:07 +02:00
Petr Lautrbach
e12fe0e4d9 SELinux userspace 3.5 release 2023-02-24 13:02:01 +01:00
Petr Lautrbach
80ecbcb7ea SELinux userspace 3.5-rc3 release 2023-02-13 17:02:32 +01:00
Petr Lautrbach
6da7ac70cd policycoreutils-3.5-0.rc2.3
- Attach tty to selinux-autorelabel.service when AUTORELABEL=0
2023-02-08 11:35:14 +01:00
Petr Lautrbach
0d980e2bff Use StandardInput=tty when AUTORELABEL=0
selinux-autorelabel service can be configured to drop to a shell to allow
administrator to manually relabel a filesystem, see selinux_config(5). In
this case, the service needs to have a tty attached to stdin. Given that
tty should not be attached to the service by default, see
https://bugzilla.redhat.com/show_bug.cgi?id=1634661 , the
selinux-autorelabel-generator.sh will configure the service to attach
tty only if AUTORELABEL=0

Resolves: rhbz#2165508
2023-02-08 11:27:20 +01:00
Vit Mojzis
df8ecd9392 policycoreutils-3.5-0.rc2.2
- python/sepolicy: Cache conditional rule queries
2023-01-30 19:03:50 +01:00
Vit Mojzis
05a6b63e4d Update README.translations for use with Weblate
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2023-01-20 15:52:53 +01:00
Fedora Release Engineering
a1ed6da384 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-20 10:02:43 +00:00
Petr Lautrbach
9006a129ff SELinux userspace 3.5-rc2 release 2023-01-16 12:54:23 +01:00
Petr Lautrbach
9bbf1ed093 Drop pathfix
All necessary changes were applied upstream.
2022-12-27 11:20:38 +01:00
Petr Lautrbach
9c3b4420da policycoreutils-3.5-0.rc1.1
- SELinux userspace 3.5-rc1 release
2022-12-27 11:18:52 +01:00
Lumir Balhar
8d6bfd9e4e Change location of pathfix.py
For more info see https://fedoraproject.org/wiki/Changes/Python3.12#pathfix.py_tool_will_be_removed
2022-11-22 10:17:57 +00:00
Petr Lautrbach
420643f434 python3-policycoreutils requires python3-distro 2022-11-21 17:38:59 +01:00
Petr Lautrbach
577b79db7e policycoreutils-3.4-7
- Rebase on upstream f56a72ac9e86
- sepolicy: fix sepolicy manpage -w
- sandbox: add -R option to alternate XDG_RUNTIME_DIR
- Remove dependency on the Python module distutils
2022-11-21 16:06:48 +01:00
Petr Lautrbach
f63d7fa68f Drop obsolete information from README.translation 2022-11-16 11:19:08 +01:00
Petr Lautrbach
36b92b86ad Drop unused files 2022-11-16 11:18:37 +01:00
Petr Lautrbach
b82a2a44d7 run tests via TMT/FMF 2022-11-10 17:21:15 +01:00
Petr Lautrbach
603c2165fd Migrate License tag to SPDX
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
2022-11-09 17:24:08 +01:00
Petr Lautrbach
c3299a8a50 policycoreutils-3.4-6
- Run autorelabel in parallel by default
  https://fedoraproject.org/wiki/Changes/SELinux_Parallel_Autorelabel
2022-08-02 09:41:21 +02:00
Petr Lautrbach
24691294b1 Run autorelabel in parallel by default
https://fedoraproject.org/wiki/Changes/SELinux_Parallel_Autorelabel
2022-07-27 12:03:59 +02:00
Petr Lautrbach
2a7fa6a48c policycoreutils-3.4-5
- gettext: handle unsupported languages properly (#2100378)
- semodule: rename --rebuild-if-modules-changed to --refresh
- python: Split "semanage import" into two transactions (#2063353)
- selinux-autorelabel: Do not force reboot (#2093133)
2022-07-25 18:05:51 +02:00
Vit Mojzis
7732783e1f selinux-autorelabel: Do not force reboot
Forced reboot ends up NOT triggering normal unit shutdown, but only
sends TERM signal, then KILL later. Some processes such as dmeventd
do not quit on receiving TERM signal (protected), which means they
are killed after a long delay by systemd using the KILL signal.

In case the normal reboot doesn't go through, "reboot.target" will be
triggered after a timeout and send the KILL signal anyway.

Resolves: rhbz#2093133
2022-07-25 18:05:18 +02:00
Fedora Release Engineering
a8c0d4388c Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-22 15:10:52 +00:00
Python Maint
37088605ae Rebuilt for Python 3.11 2022-06-13 14:53:19 +02:00
Petr Lautrbach
11a3f105c4 Rebuild 2022-05-25 16:52:53 +02:00
Petr Lautrbach
3fb36808c0 SELinux userspace 3.4 release 2022-05-19 15:54:02 +02:00