core: reorder systemd arguments on reexe

Debrand for AlmaLinux
2025-03-18 03:41:13 +00:00 · 2025-03-18 03:41:13 +00:00 · f30b4ec9b9
commit f30b4ec9b9
parent 21c84710d4 283e2f54f1
3 changed files with 10 additions and 29 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,2 @@
 SOURCES/rhel-net-naming-sysattrs-v0.5.tar.gz
 SOURCES/systemd-252.tar.gz
-SOURCES/systemd-container-coredump.pp.bz2
--- a/.systemd.metadata
+++ b/.systemd.metadata
@ -1,3 +1,2 @@
 9ce6834429dbb9cb049de1bdf77bc8c84763709c SOURCES/rhel-net-naming-sysattrs-v0.5.tar.gz
 7c961dc6e8bb950825b85129f59dc80f4536cabb SOURCES/systemd-252.tar.gz
-36eac49c362dc6e142f23b570a9a6b75f7547250 SOURCES/systemd-container-coredump.pp.bz2
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@ -12,10 +12,6 @@
 %global system_unit_dir %{pkgdir}/system
 %global user_unit_dir %{pkgdir}/user

-# defining macros needed by SELinux
-%global selinuxtype targeted
-%global modulename systemd-container-coredump
-
 # Bootstrap may be needed to break intercircular dependencies with
 # cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump.
 %bcond_with    bootstrap
@ -25,7 +21,7 @@
 Name:           systemd
 Url:            https://systemd.io
 Version:        252
-Release:        46%{?dist}.2.alma.1
+Release:        46%{?dist}.3.alma.1
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@ -74,8 +70,6 @@ Source25:       rc.local
 %global rhel_nns_version 0.5
 Source26:       https://gitlab.com/mschmidt2/rhel-net-naming-sysattrs/-/archive/v%{rhel_nns_version}/rhel-net-naming-sysattrs-v%{rhel_nns_version}.tar.gz

-Source27:       %{modulename}.pp.bz2
-
 %if 0
 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
 i=1; for j in 00*patch; do printf "Patch%04d:      %s\n" $i $j; i=$((i+1));done|xclip
@ -1132,9 +1126,11 @@ Patch1040: 1040-efi-don-t-pull-kernel-cmdline-from-SMBIOS-in-a-confi.patch
 Patch1041: 1041-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch
 Patch1042: 1042-ukify-Skip-test-on-architectures-without-UEFI.patch

-# Downstream-only patches (9000–9999)
+# AlmaLinux Patch
 Patch9000: 9000-core-reorder-systemd-arguments-on-reexec.patch

+# Downstream-only patches (9000–9999)
+
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
 %endif
@ -1200,7 +1196,6 @@ BuildRequires:  git-core
 %if 0%{?have_gnu_efi}
 BuildRequires:  gnu-efi gnu-efi-devel
 %endif
-BuildRequires:  selinux-policy-devel
 BuildRequires:  libfido2-devel

 Requires(post): coreutils
@ -1208,11 +1203,6 @@ Requires(post): sed
 Requires(post): acl
 Requires(post): grep

-# selinux
-Requires(post): libselinux-utils
-Requires(post): policycoreutils
-Requires(post): selinux-policy
-
 # systemd-machine-id-setup requires libssl
 Requires(post): openssl-libs
 Requires(pre):  coreutils
@ -1712,9 +1702,6 @@ install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22}
 install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23}
 install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}

-# install policy modules
-install -m 0644 -D -t %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/ %{SOURCE27}
-
 %find_lang %{name}

 # Split files in build root into rpms. See split-files.py for the
@ -1817,9 +1804,6 @@ chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || :
 # Apply ACL to the journal directory
 setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || :

-# Install our own selinux-policy module that allows systemd-coredump access to containers
-%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
-
 [ $1 -eq 1 ] || exit 0

 # We reset the enablement of all services upon initial installation
@ -1971,7 +1955,6 @@ systemd-hwdb update &>/dev/null || :
 %global _docdir_fmt %{name}

 %files -f %{name}.lang -f .file-list-main
-%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
 %doc %{_pkgdocdir}
 %exclude %{_pkgdocdir}/LICENSE.*
 %license LICENSE.GPL2 LICENSE.LGPL2.1
@ -1991,7 +1974,6 @@ systemd-hwdb update &>/dev/null || :
 %ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants
 %ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants
 %ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd
-%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}

 %files libs -f .file-list-libs
 %license LICENSE.LGPL2.1
@ -2029,8 +2011,12 @@ systemd-hwdb update &>/dev/null || :
 %{_prefix}/lib/dracut/modules.d/70rhel-net-naming-sysattrs/*

 %changelog
-* Tue Nov 12 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 252-46.2.alma.1
- core: reorder systemd arguments on reexec
+* Tue Mar 18 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 252-46.3.alma.1
+- core: reorder systemd arguments on reexe
+- Debrand for AlmaLinux
+
+* Fri Jan 31 2025 systemd maintenance team <systemd-maint@redhat.com> - 252-46.3
+- get rid of SELinux policy module (RHEL-76033)

 * Tue Sep 10 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-46.2
 - add %%posttrans scriptlet to make sure our SELinux policy module is actually installed (RHEL-46339)
@ -2395,9 +2381,6 @@ systemd-hwdb update &>/dev/null || :
 - test: sync with the fake binary before killing it (RHEL-29430)
 - test: check coredump handling in containers & namespaces (RHEL-29430)

-* Mon Mar 18 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 252-32.alma.1
- Debrand for AlmaLinux
-
 * Mon Mar 18 2024 Jan Macku <jamacku@redhat.com> - 252-32
 - rebase rhel-net-naming-sysattrs to v0.5