* Tue Feb 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.12-1

- Rename all /var/lock file context entries to /run/lock - Rename all /var/run file context entries to /run - Invert the "/var/run = /run" equivalency
2024-02-06 14:20:25 +01:00 · 2024-02-06 14:20:25 +01:00 · 6dd5c78a95
commit 6dd5c78a95
parent 0ec128677b
4 changed files with 23 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 /container-selinux.tgz
 /macro-expander
 *.rpm
+/varrun-convert.sh
--- a/file_contexts.subs_dist
+++ b/file_contexts.subs_dist
@ -1,5 +1,5 @@
-/run /var/run
-/run/lock /var/lock
+/var/run /run
+/var/lock /run/lock
 /run/systemd/system /usr/lib/systemd/system
 /run/systemd/generator /usr/lib/systemd/system
 /run/systemd/generator.early /usr/lib/systemd/system
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,6 +1,6 @@
 # github repo with selinux-policy sources
 %global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit 20114105ce9cccef6775736565f449c27c4a669e
+%global commit 8973a73c7c534b51860b9350eacc6d946ab1e412
 %global shortcommit %(c=%{commit}; echo ${c:0:7})

 %define distro redhat
@ -23,7 +23,7 @@
 %define CHECKPOLICYVER 3.2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 40.11
+Version: 40.12
 Release: 1%{?dist}
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
@ -61,6 +61,9 @@ Source35: container-selinux.tgz

 Source36: selinux-check-proper-disable.service

+# Script to convert /var/run file context entries to /run
+Source37: varrun-convert.sh
+
 # Provide rpm macros for packages installing SELinux modules
 Source102: rpm.macros

@ -92,6 +95,7 @@ the policy has been adjusted to provide support for Fedora.
 %{_usr}/lib/tmpfiles.d/selinux-policy.conf
 %{_rpmconfigdir}/macros.d/macros.selinux-policy
 %{_unitdir}/selinux-check-proper-disable.service
+%{_libexecdir}/selinux/varrun-convert.sh

 %package sandbox
 Summary: SELinux sandbox policy
@ -277,6 +281,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \
 %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \
 %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \
+%ghost %{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun \
 %nil

 %define relabel() \
@ -424,6 +429,8 @@ mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/
 cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/
 mkdir -p %{buildroot}%{_bindir}
 install -m 755  %{SOURCE33} %{buildroot}%{_bindir}/
+mkdir -p %{buildroot}%{_libexecdir}/selinux
+install -m 755  %{SOURCE37} %{buildroot}%{_libexecdir}/selinux

 # Always create policy module package directories
 mkdir -p %{buildroot}%{_datadir}/selinux/{targeted,mls,minimum,modules}/
@ -584,6 +591,7 @@ exit 0

 %posttrans targeted
 %checkConfigConsistency targeted
+%{_libexecdir}/selinux/varrun-convert.sh targeted
 %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm

 %postun targeted
@ -697,6 +705,7 @@ exit 0

 %posttrans minimum
 %checkConfigConsistency minimum
+%{_libexecdir}/selinux/varrun-convert.sh minimum
 %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm

 %postun minimum
@ -771,6 +780,7 @@ exit 0

 %posttrans mls
 %checkConfigConsistency mls
+%{_libexecdir}/selinux/varrun-convert.sh mls
 %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm

 %postun mls
@ -814,6 +824,11 @@ exit 0
 %endif

 %changelog
+* Tue Feb 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.12-1
+- Rename all /var/lock file context entries to /run/lock
+- Rename all /var/run file context entries to /run
+- Invert the "/var/run = /run" equivalency
+
 * Mon Feb 05 2024 Zdenek Pytela <zpytela@redhat.com> - 40.11-1
 - Replace init domtrans rule for confined users to allow exec init
 - Update dbus_role_template() to allow user service status
--- a/5
+++ b/5
@ -1,3 +1,4 @@
-SHA512 (selinux-policy-2011410.tar.gz) = bbc50497b5a551a20f65271ca2df2c010a0c63b1dcc0e069870aba888c0bb86f15275f2636a1dcc5a321d56060ab323452d0f02d6dd3da13b938cd8d9bff0b5b
-SHA512 (container-selinux.tgz) = f8ad7e38fd170f5ee4b8fa3d2c4052ec3e80d3bc06a4d42f80ade040c8fefad2c76230cfadd7580d11a5349ba95bc819d5681f9e5df83330676e34896ac458fe
+SHA512 (selinux-policy-8973a73.tar.gz) = 343077aa6eabf9016914cc2e056e3e3140b6eda92e1581919033fc05e81fe805876ffe8254dbfba9f7d05f0a016249c3914359358ba062f5cb8049e9c998f4f5
+SHA512 (container-selinux.tgz) = 8fe309ddb133ef57fcd61b59355a6aad36e05e5f94a33bcf4004ebfdf006999cd708ca7b023824596956ba7b2829632ec64406182aa271b5e0275f429d5880e5
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
+SHA512 (varrun-convert.sh) = e1514fb877fdd01a9880d23a0962a41fe6ba991cd7b288c430b537b9bddde4f5d98749c08821dfb16237621a73cb47e0df4e3b90124d7dec0f47e021c6afb9b1