diff --git a/rpm-4.13.0-selinux--permissive-scriptlets.patch b/rpm-4.13.0-selinux--permissive-scriptlets.patch new file mode 100644 index 0000000..ddc0f5d --- /dev/null +++ b/rpm-4.13.0-selinux--permissive-scriptlets.patch @@ -0,0 +1,40 @@ +From 0d214a17e412bffa00cfede2d884f02ac78b8434 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Mon, 12 Oct 2015 12:47:45 +0200 +Subject: [PATCH] Permit scriptlet exec context setting to fail in + non-enforcing modes + +for new code path, too. + +See also 9c082fb8689efdaa5a595d3043e67ccec4ed930c +--- + plugins/selinux.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/plugins/selinux.c b/plugins/selinux.c +index ea6853b..2751815 100644 +--- a/plugins/selinux.c ++++ b/plugins/selinux.c +@@ -134,9 +134,6 @@ exit: + freecon(fcon); + freecon(mycon); + +- /* If selinux is not enforcing, we don't care either */ +- if (rc && security_getenforce() < 1) +- rc = RPMRC_OK; + #else + if (sehandle == NULL) + return RPMRC_OK; +@@ -149,6 +146,9 @@ exit: + path, (xx < 0 ? strerror(errno) : "")); + } + #endif ++ /* If selinux is not enforcing, we don't care either */ ++ if (rc && security_getenforce() < 1) ++ rc = RPMRC_OK; + + return rc; + } +-- +2.1.0 + diff --git a/rpm.spec b/rpm.spec index 3657651..d0ba37f 100644 --- a/rpm.spec +++ b/rpm.spec @@ -29,7 +29,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}3%{?dist} +Release: %{?snapver:0.%{snapver}.}4%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2 @@ -53,6 +53,7 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch # Patches already upstream: Patch100: rpm-4.13.0-rc1-Fix-new-richdep-syntax.patch +Patch101: rpm-4.13.0-selinux--permissive-scriptlets.patch # These are not yet upstream Patch302: rpm-4.7.1-geode-i686.patch @@ -555,6 +556,8 @@ exit 0 %doc doc/librpm/html/* %changelog +* Mon Oct 12 2015 Florian Festi - 4.4.13.0-0.rc1.4 +- Fix selinux plugin for permissive mode * Mon Sep 07 2015 Florian Festi - 4.4.13.0-0.rc1.3 - Fix new rich dependency syntax