Rebuild with SELinux userspace release 3.2-rc1
And update to 16c0696
This commit is contained in:
parent
b028c6a81b
commit
d085b2403d
1
.gitignore
vendored
1
.gitignore
vendored
@ -10,3 +10,4 @@ setools-3.3.8-f1e5b20.tar.bz2
|
|||||||
/4.2.2.tar.gz
|
/4.2.2.tar.gz
|
||||||
/4.3.0.tar.gz
|
/4.3.0.tar.gz
|
||||||
/05e90ee.tar.gz
|
/05e90ee.tar.gz
|
||||||
|
/16c0696.tar.gz
|
||||||
|
@ -1,120 +0,0 @@
|
|||||||
From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Date: Fri, 17 Jul 2020 11:28:08 +0200
|
|
||||||
Subject: [PATCH] Adapt to new libsepol filename transition structures
|
|
||||||
|
|
||||||
Adapt setools to the new libsepol internal API for filename transitions
|
|
||||||
which allows for more efficient filename trans rule representation in
|
|
||||||
memory and binary policy.
|
|
||||||
|
|
||||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
---
|
|
||||||
setools/policyrep/sepol.pxd | 9 ++++----
|
|
||||||
setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------
|
|
||||||
2 files changed, 39 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd
|
|
||||||
index 60bc58c28ebf..b07ddb78350f 100644
|
|
||||||
--- a/setools/policyrep/sepol.pxd
|
|
||||||
+++ b/setools/policyrep/sepol.pxd
|
|
||||||
@@ -544,21 +544,22 @@ cdef extern from "<sepol/policydb/policydb.h>":
|
|
||||||
ctypedef cond_bool_datum cond_bool_datum_t
|
|
||||||
|
|
||||||
#
|
|
||||||
- # filename_trans_t
|
|
||||||
+ # filename_trans_key_t
|
|
||||||
#
|
|
||||||
- cdef struct filename_trans:
|
|
||||||
- uint32_t stype
|
|
||||||
+ cdef struct filename_trans_key:
|
|
||||||
uint32_t ttype
|
|
||||||
uint32_t tclass
|
|
||||||
char *name
|
|
||||||
|
|
||||||
- ctypedef filename_trans filename_trans_t
|
|
||||||
+ ctypedef filename_trans_key filename_trans_key_t
|
|
||||||
|
|
||||||
#
|
|
||||||
# filename_trans_datum_t
|
|
||||||
#
|
|
||||||
cdef struct filename_trans_datum:
|
|
||||||
+ ebitmap_t stypes
|
|
||||||
uint32_t otype
|
|
||||||
+ filename_trans_datum *next
|
|
||||||
|
|
||||||
ctypedef filename_trans_datum filename_trans_datum_t
|
|
||||||
|
|
||||||
diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi
|
|
||||||
index 3976586b7985..760c366f6c39 100644
|
|
||||||
--- a/setools/policyrep/terule.pxi
|
|
||||||
+++ b/setools/policyrep/terule.pxi
|
|
||||||
@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule):
|
|
||||||
readonly str filename
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key,
|
|
||||||
- sepol.filename_trans_datum_t *datum):
|
|
||||||
+ cdef inline FileNameTERule factory(SELinuxPolicy policy,
|
|
||||||
+ sepol.filename_trans_key_t *key,
|
|
||||||
+ Type stype, size_t otype):
|
|
||||||
"""Factory function for creating FileNameTERule objects."""
|
|
||||||
cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule)
|
|
||||||
r.policy = policy
|
|
||||||
r.key = <uintptr_t>key
|
|
||||||
r.ruletype = TERuletype.type_transition
|
|
||||||
- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1))
|
|
||||||
+ r.source = stype
|
|
||||||
r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1))
|
|
||||||
r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1))
|
|
||||||
- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1))
|
|
||||||
+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1))
|
|
||||||
r.filename = intern(key.name)
|
|
||||||
r.origin = None
|
|
||||||
return r
|
|
||||||
@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator):
|
|
||||||
|
|
||||||
"""Iterate over FileNameTERules in the policy."""
|
|
||||||
|
|
||||||
+ cdef:
|
|
||||||
+ sepol.filename_trans_datum_t *datum
|
|
||||||
+ TypeEbitmapIterator stypei
|
|
||||||
+
|
|
||||||
@staticmethod
|
|
||||||
cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table):
|
|
||||||
"""Factory function for creating FileNameTERule iterators."""
|
|
||||||
@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator):
|
|
||||||
i.reset()
|
|
||||||
return i
|
|
||||||
|
|
||||||
+ def _next_stype(self):
|
|
||||||
+ while True:
|
|
||||||
+ if self.datum == NULL:
|
|
||||||
+ super().__next__()
|
|
||||||
+ self.datum = <sepol.filename_trans_datum_t *>self.curr.datum
|
|
||||||
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
|
|
||||||
+ try:
|
|
||||||
+ return next(self.stypei)
|
|
||||||
+ except StopIteration:
|
|
||||||
+ pass
|
|
||||||
+ self.datum = self.datum.next
|
|
||||||
+ if self.datum != NULL:
|
|
||||||
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
|
|
||||||
+
|
|
||||||
def __next__(self):
|
|
||||||
- super().__next__()
|
|
||||||
- return FileNameTERule.factory(self.policy, <sepol.filename_trans_t *>self.curr.key,
|
|
||||||
- <sepol.filename_trans_datum_t *>self.curr.datum)
|
|
||||||
+ stype = self._next_stype()
|
|
||||||
+ return FileNameTERule.factory(self.policy,
|
|
||||||
+ <sepol.filename_trans_key_t *>self.curr.key,
|
|
||||||
+ stype, self.datum.otype)
|
|
||||||
+
|
|
||||||
+ def __len__(self):
|
|
||||||
+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table))
|
|
||||||
+
|
|
||||||
+ def reset(self):
|
|
||||||
+ super().reset()
|
|
||||||
+ self.datum = NULL
|
|
||||||
--
|
|
||||||
2.29.0
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Thu, 23 Feb 2017 08:17:07 +0100
|
|
||||||
Subject: [PATCH 2/3] Do not use -Werror during build
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
There are new warnings when setools are built with gcc 7 therefore we
|
|
||||||
want to suppress -Werror for now
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
libqpol/policy_extend.c: In function ‘policy_extend’:
|
|
||||||
libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
|
|
||||||
snprintf(buff, 9, "@ttr%04zd", i + 1);
|
|
||||||
^~~~~
|
|
||||||
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
|
|
||||||
snprintf(buff, 9, "@ttr%04zd", i + 1);
|
|
||||||
^~~~~~~~~~~
|
|
||||||
In file included from /usr/include/stdio.h:939:0,
|
|
||||||
from /usr/include/sepol/policydb/policydb.h:53,
|
|
||||||
from libqpol/policy_extend.c:29:
|
|
||||||
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9
|
|
||||||
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
|
|
||||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
__bos (__s), __fmt, __va_arg_pack ());
|
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
cc1: all warnings being treated as errors
|
|
||||||
error: command 'gcc' failed with exit status 1
|
|
||||||
---
|
|
||||||
setup.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/setup.py b/setup.py
|
|
||||||
index c94daf1..a7442ac 100644
|
|
||||||
--- a/setup.py
|
|
||||||
+++ b/setup.py
|
|
||||||
@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
|
|
||||||
libraries=['selinux', 'sepol'],
|
|
||||||
library_dirs=lib_dirs,
|
|
||||||
define_macros=macros,
|
|
||||||
- extra_compile_args=['-Werror', '-Wextra',
|
|
||||||
+ extra_compile_args=['-Wextra',
|
|
||||||
'-Waggregate-return',
|
|
||||||
'-Wfloat-equal',
|
|
||||||
'-Wformat', '-Wformat=2',
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From fa776e6abd019a7bdaca37486d714d307cbd332f Mon Sep 17 00:00:00 2001
|
From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Date: Fri, 26 Apr 2019 15:27:25 +0200
|
Date: Fri, 26 Apr 2019 15:27:25 +0200
|
||||||
Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
|
Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and
|
||||||
setools.DomainTransitionAnalysis
|
setools.DomainTransitionAnalysis
|
||||||
|
|
||||||
dta and infoflow modules require networkx which brings lot of dependencies.
|
dta and infoflow modules require networkx which brings lot of dependencies.
|
||||||
@ -86,10 +86,10 @@ index d72d343e7e79..642485b9018d 100644
|
|||||||
from .diff import PolicyDifference
|
from .diff import PolicyDifference
|
||||||
|
|
||||||
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
|
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
|
||||||
index 4608b9dbf34e..2cde44c142e9 100644
|
index 62dbf04d9a5e..0ea000e790f0 100644
|
||||||
--- a/setoolsgui/apol/dta.py
|
--- a/setoolsgui/apol/dta.py
|
||||||
+++ b/setoolsgui/apol/dta.py
|
+++ b/setoolsgui/apol/dta.py
|
||||||
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
||||||
from PyQt5.QtGui import QPalette, QTextCursor
|
from PyQt5.QtGui import QPalette, QTextCursor
|
||||||
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
|
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
|
||||||
QTreeWidgetItem
|
QTreeWidgetItem
|
||||||
@ -97,9 +97,9 @@ index 4608b9dbf34e..2cde44c142e9 100644
|
|||||||
+from setools.dta import DomainTransitionAnalysis
|
+from setools.dta import DomainTransitionAnalysis
|
||||||
|
|
||||||
from ..logtosignal import LogHandlerToSignal
|
from ..logtosignal import LogHandlerToSignal
|
||||||
from .analysistab import AnalysisTab
|
from .analysistab import AnalysisSection, AnalysisTab
|
||||||
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
|
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
|
||||||
index 7bca299d23fc..7fee2778f35f 100644
|
index 28009aa2329c..92d350bf727c 100644
|
||||||
--- a/setoolsgui/apol/infoflow.py
|
--- a/setoolsgui/apol/infoflow.py
|
||||||
+++ b/setoolsgui/apol/infoflow.py
|
+++ b/setoolsgui/apol/infoflow.py
|
||||||
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
||||||
@ -138,5 +138,5 @@ index aa0e44a7e4f8..fca2848aeca5 100644
|
|||||||
from setools.exception import InvalidType
|
from setools.exception import InvalidType
|
||||||
from setools.permmap import PermissionMap
|
from setools.permmap import PermissionMap
|
||||||
--
|
--
|
||||||
2.26.0.rc2
|
2.30.0
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001
|
From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Thu, 2 Apr 2020 16:06:14 +0200
|
Date: Thu, 2 Apr 2020 16:06:14 +0200
|
||||||
Subject: [PATCH] Require networkx on package level
|
Subject: [PATCH 2/2] Require networkx on package level
|
||||||
|
|
||||||
It allows us to ship python3-setools without dependency on python3-networkx
|
It allows us to ship python3-setools without dependency on python3-networkx
|
||||||
---
|
---
|
||||||
@ -9,10 +9,10 @@ It allows us to ship python3-setools without dependency on python3-networkx
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/setup.py b/setup.py
|
diff --git a/setup.py b/setup.py
|
||||||
index 457c83049ca5..4bfd438002bb 100644
|
index c593b786cc61..0551811e3fd1 100644
|
||||||
--- a/setup.py
|
--- a/setup.py
|
||||||
+++ b/setup.py
|
+++ b/setup.py
|
||||||
@@ -170,5 +170,5 @@ setup(name='setools',
|
@@ -163,5 +163,5 @@ setup(name='setools',
|
||||||
# setup also requires libsepol and libselinux
|
# setup also requires libsepol and libselinux
|
||||||
# C libraries and headers to compile.
|
# C libraries and headers to compile.
|
||||||
setup_requires=['setuptools', 'Cython>=0.27'],
|
setup_requires=['setuptools', 'Cython>=0.27'],
|
||||||
@ -20,5 +20,5 @@ index 457c83049ca5..4bfd438002bb 100644
|
|||||||
+ install_requires=['setuptools']
|
+ install_requires=['setuptools']
|
||||||
)
|
)
|
||||||
--
|
--
|
||||||
2.26.0.rc2
|
2.30.0
|
||||||
|
|
||||||
|
16
setools.spec
16
setools.spec
@ -1,13 +1,13 @@
|
|||||||
%global setools_pre_ver 05e90ee
|
%global setools_pre_ver 16c0696
|
||||||
%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d
|
%global gitver 16c069631e1652801b1a6c41c6607b7326fc15f0
|
||||||
|
|
||||||
%global sepol_ver 3.1-4
|
%global sepol_ver 3.2-0.rc1
|
||||||
%global selinux_ver 3.1-4
|
%global selinux_ver 3.2-0.rc1
|
||||||
|
|
||||||
|
|
||||||
Name: setools
|
Name: setools
|
||||||
Version: 4.4.0
|
Version: 4.4.0
|
||||||
Release: 0.2.20201102git%{setools_pre_ver}%{?dist}
|
Release: 0.2.20210121git%{setools_pre_ver}%{?dist}
|
||||||
Summary: Policy analysis tools for SELinux
|
Summary: Policy analysis tools for SELinux
|
||||||
|
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
@ -15,8 +15,6 @@ URL: https://github.com/SELinuxProject/setools/wiki
|
|||||||
Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
|
Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
|
||||||
Source1: setools.pam
|
Source1: setools.pam
|
||||||
Source2: apol.desktop
|
Source2: apol.desktop
|
||||||
Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch
|
|
||||||
Patch1001: 1001-Do-not-use-Werror-during-build.patch
|
|
||||||
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
||||||
Patch1003: 1003-Require-networkx-on-package-level.patch
|
Patch1003: 1003-Require-networkx-on-package-level.patch
|
||||||
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
||||||
@ -147,6 +145,10 @@ Python modules designed to facilitate SELinux policy analysis.
|
|||||||
%{_mandir}/ru/man1/apol*
|
%{_mandir}/ru/man1/apol*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
|
||||||
|
- Rebuild with SELinux userspace 3.2-rc1
|
||||||
|
- Update to 16c0696
|
||||||
|
|
||||||
* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
|
* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
|
||||||
- Fix imports in /usr/bin/sedta
|
- Fix imports in /usr/bin/sedta
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686
|
SHA512 (16c0696.tar.gz) = 1c9a2e8daf6e131bfe2e2e1cea1ed2caa190486af152048e3b79ab88fcd0a20c030b08986d1dd6ee4079841985b47c366435177bb206e68ea567ecee32037358
|
||||||
|
Loading…
Reference in New Issue
Block a user