diff --git a/0001-restorecon.py-exclude-more-paths.patch b/0001-restorecon.py-exclude-more-paths.patch new file mode 100644 index 0000000..2189d21 --- /dev/null +++ b/0001-restorecon.py-exclude-more-paths.patch @@ -0,0 +1,26 @@ +From 0f508191647a41f92264c0c8fc877b0110bbd468 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 10 Aug 2021 20:11:20 +0200 +Subject: [PATCH] restorecon.py: exclude more paths + +It doesn't make sense to run restorecon on /sys/ /proc/ and /memfd: +--- + src/restorecon.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/restorecon.py b/src/restorecon.py +index e3044c742367..9594c0d59d96 100644 +--- a/src/restorecon.py ++++ b/src/restorecon.py +@@ -39,7 +39,7 @@ def customizable(target): + + + # List of path prefixes for which this plugin is not executed +-excluded_paths = ["/sys/fs"] ++excluded_paths = ["/sys/", "/proc/", "/memfd:"] + # Test if the specified path starts with some excluded prefix + def excluded_path(target_path): + for path in excluded_paths: +-- +2.32.0 + diff --git a/setroubleshoot-plugins.spec b/setroubleshoot-plugins.spec index e8b16a6..c8d3bb3 100644 --- a/setroubleshoot-plugins.spec +++ b/setroubleshoot-plugins.spec @@ -12,6 +12,7 @@ URL: https://github.com/fedora-selinux/setroubleshoot Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz # git format-patch -N setroubleshoot-plugins- -- plugins # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +Patch0001: 0001-restorecon.py-exclude-more-paths.patch BuildArch: noarch # gcc is needed only for ./configure @@ -30,7 +31,7 @@ data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. %prep -%autosetup -p 2 +%autosetup -p 1 %build %configure PYTHON=%{__python3}