* Tue Feb 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.12-1
- Rename all /var/lock file context entries to /run/lock - Rename all /var/run file context entries to /run - Invert the "/var/run = /run" equivalency
This commit is contained in:
Zdenek Pytela
parent
0ec128677b
commit
6dd5c78a95
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@
|
|||||||
/container-selinux.tgz
|
/container-selinux.tgz
|
||||||
/macro-expander
|
/macro-expander
|
||||||
*.rpm
|
*.rpm
|
||||||
|
/varrun-convert.sh
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
/run /var/run
|
/var/run /run
|
||||||
/run/lock /var/lock
|
/var/lock /run/lock
|
||||||
/run/systemd/system /usr/lib/systemd/system
|
/run/systemd/system /usr/lib/systemd/system
|
||||||
/run/systemd/generator /usr/lib/systemd/system
|
/run/systemd/generator /usr/lib/systemd/system
|
||||||
/run/systemd/generator.early /usr/lib/systemd/system
|
/run/systemd/generator.early /usr/lib/systemd/system
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# github repo with selinux-policy sources
|
# github repo with selinux-policy sources
|
||||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit 20114105ce9cccef6775736565f449c27c4a669e
|
%global commit 8973a73c7c534b51860b9350eacc6d946ab1e412
|
||||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -23,7 +23,7 @@
|
|||||||
%define CHECKPOLICYVER 3.2
|
%define CHECKPOLICYVER 3.2
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 40.11
|
Version: 40.12
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
@ -61,6 +61,9 @@ Source35: container-selinux.tgz
|
|||||||
|
|
||||||
Source36: selinux-check-proper-disable.service
|
Source36: selinux-check-proper-disable.service
|
||||||
|
|
||||||
|
# Script to convert /var/run file context entries to /run
|
||||||
|
Source37: varrun-convert.sh
|
||||||
|
|
||||||
# Provide rpm macros for packages installing SELinux modules
|
# Provide rpm macros for packages installing SELinux modules
|
||||||
Source102: rpm.macros
|
Source102: rpm.macros
|
||||||
|
|
||||||
@ -92,6 +95,7 @@ the policy has been adjusted to provide support for Fedora.
|
|||||||
%{_usr}/lib/tmpfiles.d/selinux-policy.conf
|
%{_usr}/lib/tmpfiles.d/selinux-policy.conf
|
||||||
%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
%{_rpmconfigdir}/macros.d/macros.selinux-policy
|
||||||
%{_unitdir}/selinux-check-proper-disable.service
|
%{_unitdir}/selinux-check-proper-disable.service
|
||||||
|
%{_libexecdir}/selinux/varrun-convert.sh
|
||||||
|
|
||||||
%package sandbox
|
%package sandbox
|
||||||
Summary: SELinux sandbox policy
|
Summary: SELinux sandbox policy
|
||||||
@ -277,6 +281,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
|
|||||||
%ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \
|
%ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \
|
||||||
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \
|
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \
|
||||||
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \
|
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \
|
||||||
|
%ghost %{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun \
|
||||||
%nil
|
%nil
|
||||||
|
|
||||||
%define relabel() \
|
%define relabel() \
|
||||||
@ -424,6 +429,8 @@ mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/
|
|||||||
cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/
|
cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/
|
||||||
mkdir -p %{buildroot}%{_bindir}
|
mkdir -p %{buildroot}%{_bindir}
|
||||||
install -m 755 %{SOURCE33} %{buildroot}%{_bindir}/
|
install -m 755 %{SOURCE33} %{buildroot}%{_bindir}/
|
||||||
|
mkdir -p %{buildroot}%{_libexecdir}/selinux
|
||||||
|
install -m 755 %{SOURCE37} %{buildroot}%{_libexecdir}/selinux
|
||||||
|
|
||||||
# Always create policy module package directories
|
# Always create policy module package directories
|
||||||
mkdir -p %{buildroot}%{_datadir}/selinux/{targeted,mls,minimum,modules}/
|
mkdir -p %{buildroot}%{_datadir}/selinux/{targeted,mls,minimum,modules}/
|
||||||
@ -584,6 +591,7 @@ exit 0
|
|||||||
|
|
||||||
%posttrans targeted
|
%posttrans targeted
|
||||||
%checkConfigConsistency targeted
|
%checkConfigConsistency targeted
|
||||||
|
%{_libexecdir}/selinux/varrun-convert.sh targeted
|
||||||
%{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm
|
%{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm
|
||||||
|
|
||||||
%postun targeted
|
%postun targeted
|
||||||
@ -697,6 +705,7 @@ exit 0
|
|||||||
|
|
||||||
%posttrans minimum
|
%posttrans minimum
|
||||||
%checkConfigConsistency minimum
|
%checkConfigConsistency minimum
|
||||||
|
%{_libexecdir}/selinux/varrun-convert.sh minimum
|
||||||
%{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm
|
%{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm
|
||||||
|
|
||||||
%postun minimum
|
%postun minimum
|
||||||
@ -771,6 +780,7 @@ exit 0
|
|||||||
|
|
||||||
%posttrans mls
|
%posttrans mls
|
||||||
%checkConfigConsistency mls
|
%checkConfigConsistency mls
|
||||||
|
%{_libexecdir}/selinux/varrun-convert.sh mls
|
||||||
%{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm
|
%{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm
|
||||||
|
|
||||||
%postun mls
|
%postun mls
|
||||||
@ -814,6 +824,11 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.12-1
|
||||||
|
- Rename all /var/lock file context entries to /run/lock
|
||||||
|
- Rename all /var/run file context entries to /run
|
||||||
|
- Invert the "/var/run = /run" equivalency
|
||||||
|
|
||||||
* Mon Feb 05 2024 Zdenek Pytela <zpytela@redhat.com> - 40.11-1
|
* Mon Feb 05 2024 Zdenek Pytela <zpytela@redhat.com> - 40.11-1
|
||||||
- Replace init domtrans rule for confined users to allow exec init
|
- Replace init domtrans rule for confined users to allow exec init
|
||||||
- Update dbus_role_template() to allow user service status
|
- Update dbus_role_template() to allow user service status
|
||||||
|
|||||||
5
sources
5
sources
@ -1,3 +1,4 @@
|
|||||||
SHA512 (selinux-policy-2011410.tar.gz) = bbc50497b5a551a20f65271ca2df2c010a0c63b1dcc0e069870aba888c0bb86f15275f2636a1dcc5a321d56060ab323452d0f02d6dd3da13b938cd8d9bff0b5b
|
SHA512 (selinux-policy-8973a73.tar.gz) = 343077aa6eabf9016914cc2e056e3e3140b6eda92e1581919033fc05e81fe805876ffe8254dbfba9f7d05f0a016249c3914359358ba062f5cb8049e9c998f4f5
|
||||||
SHA512 (container-selinux.tgz) = f8ad7e38fd170f5ee4b8fa3d2c4052ec3e80d3bc06a4d42f80ade040c8fefad2c76230cfadd7580d11a5349ba95bc819d5681f9e5df83330676e34896ac458fe
|
SHA512 (container-selinux.tgz) = 8fe309ddb133ef57fcd61b59355a6aad36e05e5f94a33bcf4004ebfdf006999cd708ca7b023824596956ba7b2829632ec64406182aa271b5e0275f429d5880e5
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
|
SHA512 (varrun-convert.sh) = e1514fb877fdd01a9880d23a0962a41fe6ba991cd7b288c430b537b9bddde4f5d98749c08821dfb16237621a73cb47e0df4e3b90124d7dec0f47e021c6afb9b1
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user