diff --git a/.gitignore b/.gitignore index f4c80ed..26db9fc 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.4.0.tar.gz /4.4.1.tar.gz /4.4.2.tar.gz +/4.4.3.tar.gz diff --git a/0001-Disable-remove-neverallow-options-in-sediff.patch b/0001-Disable-remove-neverallow-options-in-sediff.patch deleted file mode 100644 index d34479a..0000000 --- a/0001-Disable-remove-neverallow-options-in-sediff.patch +++ /dev/null @@ -1,92 +0,0 @@ -From edf1a80fa41fa34ad849fbf5098eddd4c5339c18 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 9 May 2023 19:22:01 +0200 -Subject: [PATCH] Disable/remove neverallow options in sediff. -Content-type: text/plain - -Apply change from commit 06335957b701 ("Disable/remove neverallow -options in frontends.") to sediff - -Signed-off-by: Petr Lautrbach ---- - man/ru/sediff.1 | 4 ---- - man/sediff.1 | 4 ---- - sediff | 10 +++++++--- - 3 files changed, 7 insertions(+), 11 deletions(-) - -diff --git a/man/ru/sediff.1 b/man/ru/sediff.1 -index c6bf2939443f..af5d8efcf82c 100644 ---- a/man/ru/sediff.1 -+++ b/man/ru/sediff.1 -@@ -57,16 +57,12 @@ sediff \- утилита выявления различий политик SELi - Найти различия правил включения журналирования событий. - .IP "--dontaudit" - Найти различия правил запрета журналирования событий. --.IP "--neverallow" --Найти различия запрещающих правил. - .IP "--allowxperm" - Найти различия расширенных разрешительных правил. - .IP "--auditallowxperm" - Найти различия расширенных правил включения журналирования событий. - .IP "--dontauditxperm" - Найти различия расширенных правил запрета журналирования событий. --.IP "--neverallowxperm" --Найти различия расширенных запрещающих правил. - .IP "-T, --type_trans" - Найти различия правил перехода типов. - .IP "--type_member" -diff --git a/man/sediff.1 b/man/sediff.1 -index ed3b497db2c4..18466d8aeb68 100644 ---- a/man/sediff.1 -+++ b/man/sediff.1 -@@ -50,16 +50,12 @@ Find differences in allow rules. - Find differences in auditallow rules. - .IP "--dontaudit" - Find differences in dontaudit rules. --.IP "--neverallow" --Find differences in neverallow rules. - .IP "--allowxperm" - Find differences in allowxperm rules. - .IP "--auditallowxperm" - Find differences in auditallowxperm rules. - .IP "--dontauditxperm" - Find differences in dontauditxperm rules. --.IP "--neverallowxperm" --Find differences in neverallowxperm rules. - .IP "-T, --type_trans" - Find differences in type_transition rules. - .IP "--type_member" -diff --git a/sediff b/sediff -index b2fef9771f18..a39d6f5c8f57 100755 ---- a/sediff -+++ b/sediff -@@ -45,12 +45,12 @@ comp.add_argument("--level", action="store_true", help="Print MLS level definiti - terule = parser.add_argument_group("type enforcement rule differences") - terule.add_argument("-A", action="store_true", help="Print allow and allowxperm rule differences") - terule.add_argument("--allow", action="store_true", help="Print allow rule differences") --terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") -+# terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") - terule.add_argument("--auditallow", action="store_true", help="Print auditallow rule differences") - terule.add_argument("--dontaudit", action="store_true", help="Print dontaudit rule differences") - terule.add_argument("--allowxperm", action="store_true", help="Print allowxperm rule differences") --terule.add_argument("--neverallowxperm", action="store_true", -- help="Print neverallowxperm rule differences") -+# terule.add_argument("--neverallowxperm", action="store_true", -+# help="Print neverallowxperm rule differences") - terule.add_argument("--auditallowxperm", action="store_true", - help="Print auditallowxperm rule differences") - terule.add_argument("--dontauditxperm", action="store_true", -@@ -97,6 +97,10 @@ other.add_argument("--typebounds", action="store_true", help="Print typebounds d - - args = parser.parse_args() - -+# neverallow and neverallowxperm options are disabled -+args.neverallow = False -+args.neverallowxperm = False -+ - if args.A: - args.allow = True - args.allowxperm = True --- -2.41.0 - diff --git a/0002-Improve-man-pages.patch b/0002-Improve-man-pages.patch deleted file mode 100644 index 15552a2..0000000 --- a/0002-Improve-man-pages.patch +++ /dev/null @@ -1,225 +0,0 @@ -From 2fea8eb0d4aedbbdca2209ee904eb10df69737b8 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Thu, 11 May 2023 18:38:21 +0200 -Subject: [PATCH] Improve man pages -Content-type: text/plain - -- Add missing parameters -- Add examples -- Fix typos - -Signed-off-by: Vit Mojzis ---- - man/sechecker.1 | 6 +++--- - man/sediff.1 | 12 ++++++++++++ - man/sedta.1 | 9 +++++++++ - man/seinfo.1 | 25 +++++++++++++++++++++++++ - man/seinfoflow.1 | 9 +++++++++ - man/sesearch.1 | 12 ++++++++++++ - 6 files changed, 70 insertions(+), 3 deletions(-) - -diff --git a/man/sechecker.1 b/man/sechecker.1 -index 507b8615c26f..e32d6d6114ba 100644 ---- a/man/sechecker.1 -+++ b/man/sechecker.1 -@@ -81,7 +81,7 @@ A space-separated list of object class criteria for the query. - A space-separated list of permissions for the query. - - .PP --\fBA least one of the above options must be set in this check.\fR -+\fBAt least one of the above options must be set in this check.\fR - - .PP - Additional Options: -@@ -123,7 +123,7 @@ The source role criteria for the query. - The target role criteria for the query. - - .PP --\fBA least one of the above options must be set in this check.\fR -+\fBAt least one of the above options must be set in this check.\fR - - .PP - Additional Options: -@@ -205,7 +205,7 @@ executable types are read-only.\fR - .\} - .nf - [ro_execs] --check_type = empty_typeattr -+check_type = ro_execs - desc = Verify that the all executables and libraries are read-only. - .fi - .if n \{\ -diff --git a/man/sediff.1 b/man/sediff.1 -index 18466d8aeb68..9b189885ff3c 100644 ---- a/man/sediff.1 -+++ b/man/sediff.1 -@@ -84,6 +84,10 @@ Find differences in validatetrans rules. - Find differences in mlsvalidatetrans rules. - - .SS Labeling Statement Differences -+.IP "--ibendportcon" -+Find differences in ibendportcon (InfiniBand endport context) statements. -+.IP "--ibpkeycon" -+Find differences in ibpkeycon (InfiniBand parition key context) statements. - .IP "--initialsid" - Find differences in initial SID statements. - .IP "--fs_use" -@@ -136,6 +140,14 @@ For example, a class is modified if one or more permissions are added or removed - .RE - .PP - -+.SH EXAMPLE -+.nf -+Show differences in boolean settings -+# sediff -b /backup/policy.33 /etc/selinux/targeted/policy/policy.33 -+Show statistics for allow and allowxperm rule changes (how many rules where added, removed, or modified) -+#sediff -A --stats /backup/policy.33 /etc/selinux/targeted/policy/policy.33 -+ -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/sedta.1 b/man/sedta.1 -index 1d84d92664e0..d3d21db6f172 100644 ---- a/man/sedta.1 -+++ b/man/sedta.1 -@@ -49,6 +49,8 @@ Specify the maximum number of domain transitions to output. The default is unlim - A space-separated list of types to exclude from the analysis. - - .SS General Options -+.IP "--full" -+Print rule lists for transitions. - .IP "--stats" - Print domain transition graph statistics at the end of the analysis. - .IP "-h, --help" -@@ -60,6 +62,13 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+Show the shortest transition paths from httpd_t to unconfined_t, while not using container_runtime_t -+# sedta -s httpd_t -t unconfined_t -S container_runtime_t -+List all domain transition paths shorter than 3 steps from init_t to smbd_t -+# sedta -s init_t -t smbd_t -A 3 -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/seinfo.1 b/man/seinfo.1 -index 1adea9868d66..9e7cbde8c06e 100644 ---- a/man/seinfo.1 -+++ b/man/seinfo.1 -@@ -56,6 +56,10 @@ There is no expanded information for this component. - .IP "--genfscon [FS_TYPE]" - Print a list of genfscon statements or, if FS_TYPE is provided, print the statement for the named filesystem type. - There is no expanded information for this component. -+.IP "--ibpkeycon [PKEY[-PKEY]]" -+Print a list of InfiniBand parition key contexts. -+.IP "--ibendportcon [NAME]" -+Print a list of InfiniBand endport contexts. - .IP "--initialsid [NAME]" - Print a list of initial SIDs or, if NAME is provided, print the named initial SID. - With \fI-x\fR, print the context assigned to each displayed SID. -@@ -86,6 +90,18 @@ There is no expanded information for this component. - .IP "--all" - Print all components. - -+.IP "\fB Xen Component Queries: \fR" -+.IP "--ioportcon" -+Print all ioportcon statements. -+.IP "--iomemcon" -+Print all iomemcon statements. -+.IP "--pcidevicecon" -+Print all pcidevicecon statements. -+.IP "--pirqcon" -+Print all pirqcon statements. -+.IP "--devicetreecon" -+Print all devicetreecon statements. -+ - .SH OPTIONS - .IP "-x, --expand" - Print additional details for each component matching the expression. -@@ -101,6 +117,15 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+List aliases of and attributes assigned to type httpd_t -+# seinfo -t httpd_t -x -+List all executable types (all types assigned to "exec_type" attribute) -+# seinfo -a exec_type -x -+List all constrains and mlsconstrains for class "file" -+# seinfo --constrain file -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 -index 2e4a261606bf..75763d6f2378 100644 ---- a/man/seinfoflow.1 -+++ b/man/seinfoflow.1 -@@ -54,6 +54,8 @@ A space-separated list of types to exclude from the analysis. - Print information flow graph statistics at the end of the analysis. - .IP "-h, --help" - Print help information and exit. -+.IP "--full" -+Print full rule lists for information flows. - .IP "--version" - Print version information and exit. - .IP "-v, --verbose" -@@ -61,6 +63,13 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+Show the shortest paths for process running as httpd_t to access user home files, using permission map from /var/lib/sepolgen/perm_map -+# seinfoflow -m /var/lib/sepolgen/perm_map -s httpd_t -t user_home_t -S -+List all data paths shorter than 3 steps from smbd_t to httpd_log_t, when samba_enable_home_dirs and samba_create_home_dirs booleans are enabled -+# seinfoflow -m /var/lib/sepolgen/perm_map -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/sesearch.1 b/man/sesearch.1 -index 35f16c4ba33e..edc18346673c 100644 ---- a/man/sesearch.1 -+++ b/man/sesearch.1 -@@ -48,6 +48,7 @@ Find type_change rules. - Find role allow rules. - .IP "--role_trans" - Find role_transition rules. -+.IP "Note: TE/MLS rule searches cannot be mixed with RBAC rule searches" - - .SS MLS Rule Types - .IP "--range_trans" -@@ -80,6 +81,8 @@ A matching rule must have the specified target attribute/type/role explicitly, i - A matching rule must have all specified Booleans, instead of matching any of the specified Boolean. - .IP "-ep" - A matching rule must have exactly the specified permissions, instead of matching any of the specified permission. -+.IP "-ex" -+A matching rule must have exactly the specified extended permissions, instead of matching any listed extended permission. - .IP "-Sp" - A matching rule must have permissions where are a superset of the specified permissions, instead of matching any of the permissions. - .IP "-rs" -@@ -103,6 +106,15 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+List allow (and allowxperm) rules for accessing files labeled container_file_t from domains with attribute container_domain -+# sesearch -A -s container_domain -t container_file_t -c file -+List allow and dontaudit rules for accessing chr_files labeled container_file_t, that are controlled by boolean container_use_devices -+# sesearch -A --dontaudit -t container_file_t -c chr_file -b container_use_devices -+List dontaudit rules assigned via application_domain_type attribute (rules concerning specific types with that attribute are excluded) -+# sesearch --dontaudit -s application_domain_type -ds -+ - .SH AUTHOR - Chris PeBenito - --- -2.41.0 - diff --git a/0003-tox.ini-Change-environments-to-use-python-instead-of.patch b/0003-tox.ini-Change-environments-to-use-python-instead-of.patch deleted file mode 100644 index a49f91f..0000000 --- a/0003-tox.ini-Change-environments-to-use-python-instead-of.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 6425b45e2748605b99d4e45b286fbf5bb8e8243e Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Mon, 17 Jul 2023 16:45:01 -0400 -Subject: [PATCH] tox.ini: Change environments to use "python" instead of "py". -Content-type: text/plain - -Signed-off-by: Chris PeBenito ---- - .github/workflows/tests.yml | 12 ++++++------ - tox.ini | 8 ++++---- - 2 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml -index eb443ae7f0f7..c3c8d552ca15 100644 ---- a/.github/workflows/tests.yml -+++ b/.github/workflows/tests.yml -@@ -27,12 +27,12 @@ jobs: - - matrix: - build-opts: -- - {python: '3.6', tox: py36} -- - {python: '3.7', tox: py37} -- - {python: '3.8', tox: py38} -- - {python: '3.9', tox: py39} -- - {python: '3.10', tox: py310} -- - {python: '3.11', tox: py311} -+ - {python: '3.6', tox: python3.6} -+ - {python: '3.7', tox: python3.7} -+ - {python: '3.8', tox: python3.8} -+ - {python: '3.9', tox: python3.9} -+ - {python: '3.10', tox: python3.10} -+ - {python: '3.11', tox: python3.11} - - {python: '3.6', tox: pep8} - - {python: '3.6', tox: lint} - - {python: '3.6', tox: mypy} -diff --git a/tox.ini b/tox.ini -index b2f6b51858e6..a668bb3de425 100644 ---- a/tox.ini -+++ b/tox.ini -@@ -1,6 +1,6 @@ - [tox] - minversion = 1.4 --envlist = py3, pep8, lint, mypy -+envlist = python3, pep8, lint, mypy - - [pycodestyle] - max-line-length = 100 -@@ -53,8 +53,8 @@ passenv = USERSPACE_SRC - deps = networkx>=2.0 - cython>=0.27 - pytest -- py38: cython>=0.29.14 -- py39: networkx>=2.6 -- py39: cython>=0.29.14 -+ python38: cython>=0.29.14 -+ python39: networkx>=2.6 -+ python39: cython>=0.29.14 - commands_pre = {envpython} setup.py build_ext -i - commands = pytest tests --- -2.41.0 - diff --git a/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch b/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch deleted file mode 100644 index 14e7864..0000000 --- a/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 8ec295066289cf74df0e3f2c6e068abe503f1121 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Wed, 21 Jun 2023 08:56:08 -0400 -Subject: [PATCH] seinfoflow: Add -r option to get flows into the source type. -Content-type: text/plain - -Signed-off-by: Chris PeBenito ---- - man/seinfoflow.1 | 2 ++ - seinfoflow | 5 ++++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 -index 75763d6f2378..63c70c0e7b14 100644 ---- a/man/seinfoflow.1 -+++ b/man/seinfoflow.1 -@@ -50,6 +50,8 @@ Specify the maximum number of information flows to output. The default is unlimi - A space-separated list of types to exclude from the analysis. - - .SS General Options -+.IP "-r, --reverse" -+Display information flows into the source type. No effect if a target type is specified. - .IP "--stats" - Print information flow graph statistics at the end of the analysis. - .IP "-h, --help" -diff --git a/seinfoflow b/seinfoflow -index 5f4e7642ecf9..9bd1bec41da8 100755 ---- a/seinfoflow -+++ b/seinfoflow -@@ -42,6 +42,9 @@ alg.add_argument("-A", "--all_paths", type=int, metavar="MAX_STEPS", - help="Calculate all paths, with the specified maximum path length. (Expensive)") - - opts = parser.add_argument_group("Analysis options") -+opts.add_argument("-r", "--reverse", action="store_false", -+ help="Display information flows into the source type. " -+ "No effect if a target type is specified.") - opts.add_argument("-w", "--min_weight", default=3, type=int, - help="Minimum permission weight. Default is 3.") - opts.add_argument("-l", "--limit_flows", default=0, type=int, -@@ -119,7 +122,7 @@ try: - - else: # single direct info flow - flownum = 0 -- for flownum, flow in enumerate(g.infoflows(args.source), start=1): -+ for flownum, flow in enumerate(g.infoflows(args.source, out=args.reverse), start=1): - print("Flow {0}: {1} -> {2}".format(flownum, flow.source, flow.target)) - - if args.full: --- -2.41.0 - diff --git a/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch b/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch deleted file mode 100644 index f1ed9e7..0000000 --- a/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 32ebd2c802ca0fcf3b920b298f0d2d8b2972cfa9 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Wed, 21 Jun 2023 08:56:53 -0400 -Subject: [PATCH] seinfoflow.1: Remove references to sepolgen permission map. -Content-type: text/plain - -SETools ships with its own so that it is usable on non-SELinux systems. - -Signed-off-by: Chris PeBenito ---- - man/seinfoflow.1 | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 -index 63c70c0e7b14..e482520a8b82 100644 ---- a/man/seinfoflow.1 -+++ b/man/seinfoflow.1 -@@ -67,10 +67,10 @@ Enable debugging output. - - .SH EXAMPLE - .nf --Show the shortest paths for process running as httpd_t to access user home files, using permission map from /var/lib/sepolgen/perm_map --# seinfoflow -m /var/lib/sepolgen/perm_map -s httpd_t -t user_home_t -S -+Show the shortest paths for process running as httpd_t to access user home files, using the default permission map: -+# seinfoflow -s httpd_t -t user_home_t -S - List all data paths shorter than 3 steps from smbd_t to httpd_log_t, when samba_enable_home_dirs and samba_create_home_dirs booleans are enabled --# seinfoflow -m /var/lib/sepolgen/perm_map -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" -+# seinfoflow -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" - - .SH AUTHOR - Chris PeBenito --- -2.41.0 - diff --git a/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch b/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch deleted file mode 100644 index 8b8df96..0000000 --- a/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 725d224e8dd8af3a5a56c71b9de7936d098cae61 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Tue, 16 May 2023 13:21:09 -0400 -Subject: [PATCH] AVRule/AVRuleXperm: Treat rules with no permissions as - invalid policy. -Content-type: text/plain - -Signed-off-by: Chris PeBenito ---- - setools/policyrep/terule.pxi | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi -index 6c869ed08ad9..4f4a95f553bc 100644 ---- a/setools/policyrep/terule.pxi -+++ b/setools/policyrep/terule.pxi -@@ -120,6 +120,17 @@ cdef class AVRule(BaseTERule): - r._conditional = conditional - r._conditional_block = conditional_block - r.origin = None -+ -+ if not r.perms: -+ rule_string = f"{r.ruletype} {r.source} {r.target}:{r.tclass} {{ }};" -+ try: -+ rule_string += f" [ {r.conditional} ]:{r.conditional_block}" -+ except RuleNotConditional: -+ pass -+ -+ raise LowLevelPolicyError("Invalid policy: Found a rule with no permissions: " -+ f"{rule_string}") -+ - return r - - def __hash__(self): -@@ -319,6 +330,17 @@ cdef class AVRuleXperm(BaseTERule): - r._conditional = conditional - r._conditional_block = conditional_block - r.origin = None -+ -+ if not perms: -+ rule_string = f"{r.ruletype} {r.source} {r.target}:{r.tclass} {r.xperm_type} {{ }};" -+ try: -+ rule_string += f" [ {r.conditional} ]:{r.conditional_block}" -+ except RuleNotConditional: -+ pass -+ -+ raise LowLevelPolicyError( -+ f"Invalid policy: Found a rule with no extended permissions: {rule_string}.") -+ - return r - - def __hash__(self): --- -2.41.0 - diff --git a/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch b/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch deleted file mode 100644 index caa96f3..0000000 --- a/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch +++ /dev/null @@ -1,52 +0,0 @@ -From fc443b5a0379f3644e071a458e996ea6115ccba3 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Mon, 17 Jul 2023 16:08:21 -0400 -Subject: [PATCH] SELinuxPolicy: Add explicit cast for libspol message - callback. -Content-type: text/plain - -Cython 3.0 is more strict. The change fixes this issue: - -setools/policyrep/selinuxpolicy.pxi:685:46: Cannot assign type 'void (void *, sepol_handle_t *, const char *, ...) except *' to 'msg_callback' - -Additionally, the msg_callback is not typedef-ed in sepol/debug.h, so it must -be explicitly defined in sepol.pxd for the casting to work. - -Signed-off-by: Chris PeBenito ---- - setools/policyrep/selinuxpolicy.pxi | 2 +- - setools/policyrep/sepol.pxd | 4 +++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi -index 9267a0c43abc..236316f1c6c5 100644 ---- a/setools/policyrep/selinuxpolicy.pxi -+++ b/setools/policyrep/selinuxpolicy.pxi -@@ -668,7 +668,7 @@ cdef class SELinuxPolicy: - if self.sh == NULL: - raise MemoryError - -- sepol.sepol_msg_set_callback(self.sh, sepol_logging_callback, self.handle) -+ sepol.sepol_msg_set_callback(self.sh, sepol_logging_callback, self.handle) - - if sepol.sepol_policydb_create(&self.handle) < 0: - raise MemoryError -diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd -index 769498f2c5fd..36589ed1a607 100644 ---- a/setools/policyrep/sepol.pxd -+++ b/setools/policyrep/sepol.pxd -@@ -16,8 +16,10 @@ cdef extern from "": - void sepol_handle_destroy(sepol_handle_t *sh) - - -+ctypedef void (*msg_callback)(void *varg, sepol_handle_t *handle, const char *fmt, ...) -+ -+ - cdef extern from "": -- ctypedef void (*msg_callback)(void *varg, sepol_handle_t *handle, const char *fmt, ...) - void sepol_msg_set_callback(sepol_handle * handle, msg_callback cb, void *cb_arg) - - --- -2.41.0 - diff --git a/setools.spec b/setools.spec index 04ac4bf..420188c 100644 --- a/setools.spec +++ b/setools.spec @@ -2,8 +2,8 @@ %global selinux_ver 3.5-1 Name: setools -Version: 4.4.2 -Release: 4%{?dist} +Version: 4.4.3 +Release: 1%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,13 +11,6 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Disable-remove-neverallow-options-in-sediff.patch -Patch0002: 0002-Improve-man-pages.patch -Patch0003: 0003-tox.ini-Change-environments-to-use-python-instead-of.patch -Patch0004: 0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch -Patch0005: 0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch -Patch0006: 0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch -Patch0007: 0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -151,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Wed Aug 9 2023 Petr Lautrbach - 4.4.3-1 +- SETools 4.4.3 release + * Wed Jul 26 2023 Petr Lautrbach - 4.4.2-4 - Disable/remove neverallow options in sediff. - Improve man pages diff --git a/sources b/sources index 361fad1..edf09a7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.4.2.tar.gz) = b5117c5de1503e25183c2a1af92cd015320dd37e0cf26b8e09bd5d0ff879734d2f9c301def2a40b476c1ed1960f9ee04ae13b284df73f39f743004104ac85fb1 +SHA512 (4.4.3.tar.gz) = dcea6f10af0f46cb7f06aa1b29a757de7dbc30b52fe705c51a4f395d6cc25bfc7b78c15b6fc5c09ec05a2bbe8316bc79b87156304de5fe098040007d33a70143