From 3ec1c6fee11666f7c4a7f51b25cb142d3ca8f17d Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 10 May 2023 11:10:06 +0200 Subject: [PATCH] setools-4.4.2-2 - Disable sediff --neverallow and --neverallowxperm options Resolves: rhbz#2184140 --- ...-remove-neverallow-options-in-sediff.patch | 48 +++++++++++++++++++ setools.spec | 6 ++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 0001-Disable-remove-neverallow-options-in-sediff.patch diff --git a/0001-Disable-remove-neverallow-options-in-sediff.patch b/0001-Disable-remove-neverallow-options-in-sediff.patch new file mode 100644 index 0000000..840f4f0 --- /dev/null +++ b/0001-Disable-remove-neverallow-options-in-sediff.patch @@ -0,0 +1,48 @@ +From 1fd4270f23f1f0fcde4eb6d87b50a59ba4a0d1b4 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 9 May 2023 19:22:01 +0200 +Subject: [PATCH] Disable/remove neverallow options in sediff. +Content-type: text/plain + +Apply change from commit 06335957b701 ("Disable/remove neverallow +options in frontends.") to sediff + +Signed-off-by: Petr Lautrbach +--- + sediff | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/sediff b/sediff +index dfaa319d1d59..97899c13caf4 100755 +--- a/sediff ++++ b/sediff +@@ -46,12 +46,12 @@ comp.add_argument("--level", action="store_true", help="Print MLS level definiti + terule = parser.add_argument_group("type enforcement rule differences") + terule.add_argument("-A", action="store_true", help="Print allow and allowxperm rule differences") + terule.add_argument("--allow", action="store_true", help="Print allow rule differences") +-terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") ++# terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") + terule.add_argument("--auditallow", action="store_true", help="Print auditallow rule differences") + terule.add_argument("--dontaudit", action="store_true", help="Print dontaudit rule differences") + terule.add_argument("--allowxperm", action="store_true", help="Print allowxperm rule differences") +-terule.add_argument("--neverallowxperm", action="store_true", +- help="Print neverallowxperm rule differences") ++# terule.add_argument("--neverallowxperm", action="store_true", ++# help="Print neverallowxperm rule differences") + terule.add_argument("--auditallowxperm", action="store_true", + help="Print auditallowxperm rule differences") + terule.add_argument("--dontauditxperm", action="store_true", +@@ -98,6 +98,10 @@ other.add_argument("--typebounds", action="store_true", help="Print typebounds d + + args = parser.parse_args() + ++# neverallow and neverallowxperm options are disabled ++args.neverallow = False ++args.neverallowxperm = False ++ + if args.A: + args.allow = True + args.allowxperm = True +-- +2.40.0 + diff --git a/setools.spec b/setools.spec index 81f4b6d..00d8861 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,6 +11,7 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop +Patch1: 0001-Disable-remove-neverallow-options-in-sediff.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git-core @@ -143,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Wed May 10 2023 Petr Lautrbach - 4.4.2-2 +- Disable sediff --neverallow and --neverallowxperm options + * Thu Apr 20 2023 Petr Lautrbach - 4.4.2-1 - SETools 4.4.2 release