diff --git a/SOURCES/0001-restorecon.py-exclude-more-paths.patch b/SOURCES/0001-restorecon.py-exclude-more-paths.patch new file mode 100644 index 0000000..2189d21 --- /dev/null +++ b/SOURCES/0001-restorecon.py-exclude-more-paths.patch @@ -0,0 +1,26 @@ +From 0f508191647a41f92264c0c8fc877b0110bbd468 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 10 Aug 2021 20:11:20 +0200 +Subject: [PATCH] restorecon.py: exclude more paths + +It doesn't make sense to run restorecon on /sys/ /proc/ and /memfd: +--- + src/restorecon.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/restorecon.py b/src/restorecon.py +index e3044c742367..9594c0d59d96 100644 +--- a/src/restorecon.py ++++ b/src/restorecon.py +@@ -39,7 +39,7 @@ def customizable(target): + + + # List of path prefixes for which this plugin is not executed +-excluded_paths = ["/sys/fs"] ++excluded_paths = ["/sys/", "/proc/", "/memfd:"] + # Test if the specified path starts with some excluded prefix + def excluded_path(target_path): + for path in excluded_paths: +-- +2.32.0 + diff --git a/SPECS/setroubleshoot-plugins.spec b/SPECS/setroubleshoot-plugins.spec index e8b16a6..ca64590 100644 --- a/SPECS/setroubleshoot-plugins.spec +++ b/SPECS/setroubleshoot-plugins.spec @@ -6,12 +6,13 @@ Summary: Analysis plugins for use with setroubleshoot Name: setroubleshoot-plugins Version: 3.3.14 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: https://github.com/fedora-selinux/setroubleshoot Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz # git format-patch -N setroubleshoot-plugins- -- plugins # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +Patch0001: 0001-restorecon.py-exclude-more-paths.patch BuildArch: noarch # gcc is needed only for ./configure @@ -30,7 +31,7 @@ data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. %prep -%autosetup -p 2 +%autosetup -p 1 %build %configure PYTHON=%{__python3} @@ -49,6 +50,9 @@ rm -rf %{buildroot} %{_datadir}/setroubleshoot/plugins %changelog +* Fri Sep 3 2021 Petr Lautrbach - 3.3.14-4 +- restorecon.py: exclude more paths (#1960136) + * Tue Aug 10 2021 Mohan Boddu - 3.3.14-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688