rpms/setools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebuild with SELinux userspace release 3.2-rc1

Browse Source 
And update to 16c0696
This commit is contained in:
Petr Lautrbach 2021-01-21 11:38:03 +01:00
parent b028c6a81b
commit d085b2403d
7 changed files with 23 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@ setools-3.3.8-f1e5b20.tar.bz2
/4.2.2.tar.gz
/4.3.0.tar.gz
/05e90ee.tar.gz
/16c0696.tar.gz

120
0001-Adapt-to-new-libsepol-filename-transition-structures.patch
View File

@ -1,120 +0,0 @@
From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Fri, 17 Jul 2020 11:28:08 +0200
Subject: [PATCH] Adapt to new libsepol filename transition structures
Adapt setools to the new libsepol internal API for filename transitions
which allows for more efficient filename trans rule representation in
memory and binary policy.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
setools/policyrep/sepol.pxd | 9 ++++----
setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------
2 files changed, 39 insertions(+), 11 deletions(-)
diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd
index 60bc58c28ebf..b07ddb78350f 100644
--- a/setools/policyrep/sepol.pxd
+++ b/setools/policyrep/sepol.pxd
@@ -544,21 +544,22 @@ cdef extern from "<sepol/policydb/policydb.h>":
ctypedef cond_bool_datum cond_bool_datum_t
#
- # filename_trans_t
+ # filename_trans_key_t
#
- cdef struct filename_trans:
- uint32_t stype
+ cdef struct filename_trans_key:
uint32_t ttype
uint32_t tclass
char *name
- ctypedef filename_trans filename_trans_t
+ ctypedef filename_trans_key filename_trans_key_t
#
# filename_trans_datum_t
#
cdef struct filename_trans_datum:
+ ebitmap_t stypes
uint32_t otype
+ filename_trans_datum *next
ctypedef filename_trans_datum filename_trans_datum_t
diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi
index 3976586b7985..760c366f6c39 100644
--- a/setools/policyrep/terule.pxi
+++ b/setools/policyrep/terule.pxi
@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule):
readonly str filename
@staticmethod
- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key,
- sepol.filename_trans_datum_t *datum):
+ cdef inline FileNameTERule factory(SELinuxPolicy policy,
+ sepol.filename_trans_key_t *key,
+ Type stype, size_t otype):
"""Factory function for creating FileNameTERule objects."""
cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule)
r.policy = policy
r.key = <uintptr_t>key
r.ruletype = TERuletype.type_transition
- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1))
+ r.source = stype
r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1))
r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1))
- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1))
+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1))
r.filename = intern(key.name)
r.origin = None
return r
@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator):
"""Iterate over FileNameTERules in the policy."""
+ cdef:
+ sepol.filename_trans_datum_t *datum
+ TypeEbitmapIterator stypei
+
@staticmethod
cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table):
"""Factory function for creating FileNameTERule iterators."""
@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator):
i.reset()
return i
+ def _next_stype(self):
+ while True:
+ if self.datum == NULL:
+ super().__next__()
+ self.datum = <sepol.filename_trans_datum_t *>self.curr.datum
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
+ try:
+ return next(self.stypei)
+ except StopIteration:
+ pass
+ self.datum = self.datum.next
+ if self.datum != NULL:
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
+
def __next__(self):
- super().__next__()
- return FileNameTERule.factory(self.policy, <sepol.filename_trans_t *>self.curr.key,
- <sepol.filename_trans_datum_t *>self.curr.datum)
+ stype = self._next_stype()
+ return FileNameTERule.factory(self.policy,
+ <sepol.filename_trans_key_t *>self.curr.key,
+ stype, self.datum.otype)
+
+ def __len__(self):
+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table))
+
+ def reset(self):
+ super().reset()
+ self.datum = NULL
--
2.29.0

49
1001-Do-not-use-Werror-during-build.patch
View File

@ -1,49 +0,0 @@
From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 23 Feb 2017 08:17:07 +0100
Subject: [PATCH 2/3] Do not use -Werror during build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are new warnings when setools are built with gcc 7 therefore we
want to suppress -Werror for now
Fixes:
libqpol/policy_extend.c: In function policy_extend:
libqpol/policy_extend.c:161:27: error: %04zd directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~~~~~~~
In file included from /usr/include/stdio.h:939:0,
from /usr/include/sepol/policydb/policydb.h:53,
from libqpol/policy_extend.c:29:
/usr/include/bits/stdio2.h:64:10: note: __builtin___snprintf_chk output between 9 and 15 bytes into a destination of size 9
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
error: command 'gcc' failed with exit status 1
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index c94daf1..a7442ac 100644
--- a/setup.py
+++ b/setup.py
@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
libraries=['selinux', 'sepol'],
library_dirs=lib_dirs,
define_macros=macros,
- extra_compile_args=['-Werror', '-Wextra',
+ extra_compile_args=['-Wextra',
'-Waggregate-return',
'-Wfloat-equal',
'-Wformat', '-Wformat=2',
--
2.17.2

14
1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
View File

@ -1,7 +1,7 @@
From fa776e6abd019a7bdaca37486d714d307cbd332f Mon Sep 17 00:00:00 2001
From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 26 Apr 2019 15:27:25 +0200
Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and
setools.DomainTransitionAnalysis
dta and infoflow modules require networkx which brings lot of dependencies.
@ -86,10 +86,10 @@ index d72d343e7e79..642485b9018d 100644
from .diff import PolicyDifference
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
index 4608b9dbf34e..2cde44c142e9 100644
index 62dbf04d9a5e..0ea000e790f0 100644
--- a/setoolsgui/apol/dta.py
+++ b/setoolsgui/apol/dta.py
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
@ -97,9 +97,9 @@ index 4608b9dbf34e..2cde44c142e9 100644
+from setools.dta import DomainTransitionAnalysis
from ..logtosignal import LogHandlerToSignal
from .analysistab import AnalysisTab
from .analysistab import AnalysisSection, AnalysisTab
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
index 7bca299d23fc..7fee2778f35f 100644
index 28009aa2329c..92d350bf727c 100644
--- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
@ -138,5 +138,5 @@ index aa0e44a7e4f8..fca2848aeca5 100644
from setools.exception import InvalidType
from setools.permmap import PermissionMap
--
2.26.0.rc2
2.30.0

10
1003-Require-networkx-on-package-level.patch
View File

@ -1,7 +1,7 @@
From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001
From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 2 Apr 2020 16:06:14 +0200
Subject: [PATCH] Require networkx on package level
Subject: [PATCH 2/2] Require networkx on package level
It allows us to ship python3-setools without dependency on python3-networkx
---
@ -9,10 +9,10 @@ It allows us to ship python3-setools without dependency on python3-networkx
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 457c83049ca5..4bfd438002bb 100644
index c593b786cc61..0551811e3fd1 100644
--- a/setup.py
+++ b/setup.py
@@ -170,5 +170,5 @@ setup(name='setools',
@@ -163,5 +163,5 @@ setup(name='setools',
# setup also requires libsepol and libselinux
# C libraries and headers to compile.
setup_requires=['setuptools', 'Cython>=0.27'],
@ -20,5 +20,5 @@ index 457c83049ca5..4bfd438002bb 100644
+ install_requires=['setuptools']
)
--
2.26.0.rc2
2.30.0

16
setools.spec
View File

@ -1,13 +1,13 @@
%global setools_pre_ver 05e90ee
%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d
%global setools_pre_ver 16c0696
%global gitver 16c069631e1652801b1a6c41c6607b7326fc15f0
%global sepol_ver 3.1-4
%global selinux_ver 3.1-4
%global sepol_ver 3.2-0.rc1
%global selinux_ver 3.2-0.rc1
Name: setools
Version: 4.4.0
Release: 0.2.20201102git%{setools_pre_ver}%{?dist}
Release: 0.2.20210121git%{setools_pre_ver}%{?dist}
Summary: Policy analysis tools for SELinux
License: GPLv2
@ -15,8 +15,6 @@ URL: https://github.com/SELinuxProject/setools/wiki
Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
Source1: setools.pam
Source2: apol.desktop
Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch
Patch1001: 1001-Do-not-use-Werror-during-build.patch
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Patch1003: 1003-Require-networkx-on-package-level.patch
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
@ -147,6 +145,10 @@ Python modules designed to facilitate SELinux policy analysis.
%{_mandir}/ru/man1/apol*
%changelog
* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
- Rebuild with SELinux userspace 3.2-rc1
- Update to 16c0696
* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
- Fix imports in /usr/bin/sedta

2
sources
View File

@ -1 +1 @@
SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686
SHA512 (16c0696.tar.gz) = 1c9a2e8daf6e131bfe2e2e1cea1ed2caa190486af152048e3b79ab88fcd0a20c030b08986d1dd6ee4079841985b47c366435177bb206e68ea567ecee32037358