From ccff9f365f43b2de96f95cee963cf72ea07b4c22 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 23 Apr 2018 16:05:04 +0200 Subject: [PATCH] SELinux userspace 2.8-rc1 release candidate --- .gitignore | 1 + checkpolicy-fedora.patch | 228 --------------------------------------- checkpolicy.spec | 23 ++-- sources | 2 +- 4 files changed, 16 insertions(+), 238 deletions(-) diff --git a/.gitignore b/.gitignore index a38fd4c..53a402d 100644 --- a/.gitignore +++ b/.gitignore @@ -96,3 +96,4 @@ checkpolicy-2.0.22.tgz /checkpolicy-2.5.tar.gz /checkpolicy-2.6.tar.gz /checkpolicy-2.7.tar.gz +/checkpolicy-2.8-rc1.tar.gz diff --git a/checkpolicy-fedora.patch b/checkpolicy-fedora.patch index 099e62d..e69de29 100644 --- a/checkpolicy-fedora.patch +++ b/checkpolicy-fedora.patch @@ -1,228 +0,0 @@ -diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile -index 68e11f2..4c817cd 100644 ---- checkpolicy-2.7/Makefile -+++ checkpolicy-2.7/Makefile -@@ -1,12 +1,9 @@ - # - # Makefile for building the checkpolicy program - # --PREFIX ?= $(DESTDIR)/usr -+PREFIX ?= /usr - BINDIR ?= $(PREFIX)/bin - MANDIR ?= $(PREFIX)/share/man --LIBDIR ?= $(PREFIX)/lib --INCLUDEDIR ?= $(PREFIX)/include --LIBSEPOLA ?= $(LIBDIR)/libsepol.a - TARGETS = checkpolicy checkmodule - - LEX = flex -@@ -14,7 +11,12 @@ YACC = bison -y - - CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing - --override CFLAGS += -I. -+# If no specific libsepol.a is specified, fall back on LDFLAGS search path -+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there -+# is no need to define a value for LDLIBS_LIBSEPOLA -+ifeq ($(LIBSEPOLA),) -+ LDLIBS_LIBSEPOLA := -l:libsepol.a -+endif - - CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \ - policy_define.o -@@ -27,8 +29,10 @@ all: $(TARGETS) - $(MAKE) -C test - - checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA) -+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) - - checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) -+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) - - %.o: %.c - $(CC) $(CFLAGS) -o $@ -c $< -@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c - $(LEX) policy_scan.l - - install: all -- -mkdir -p $(BINDIR) -- -mkdir -p $(MANDIR)/man8 -- install -m 755 $(TARGETS) $(BINDIR) -- install -m 644 checkpolicy.8 $(MANDIR)/man8 -- install -m 644 checkmodule.8 $(MANDIR)/man8 -+ -mkdir -p $(DESTDIR)$(BINDIR) -+ -mkdir -p $(DESTDIR)$(MANDIR)/man8 -+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) -+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 -+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 - - relabel: install -- /sbin/restorecon $(BINDIR)/checkpolicy -- /sbin/restorecon $(BINDIR)/checkmodule -+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy -+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule - - clean: - -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c -diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8 -index ee95882..cf76591 100644 ---- checkpolicy-2.7/checkmodule.8 -+++ checkpolicy-2.7/checkmodule.8 -@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy". - This manual page was copied from the checkpolicy man page - written by Arpad Magosanyi , - and edited by Dan Walsh . --The program was written by Stephen Smalley . -+The program was written by Stephen Smalley . -diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8 -index 7b28696..1c8805d 100644 ---- checkpolicy-2.7/checkpolicy.8 -+++ checkpolicy-2.7/checkpolicy.8 -@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy". - - .SH AUTHOR - This manual page was written by Arpad Magosanyi , --and edited by Stephen Smalley . --The program was written by Stephen Smalley . -+and edited by Stephen Smalley . -+The program was written by Stephen Smalley . -diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c -index b75f2af..fbda455 100644 ---- checkpolicy-2.7/checkpolicy.c -+++ checkpolicy-2.7/checkpolicy.c -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -@@ -69,6 +69,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -944,6 +947,8 @@ int main(int argc, char **argv) - protocol = IPPROTO_UDP; - else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) - protocol = IPPROTO_DCCP; -+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) -+ protocol = IPPROTO_SCTP; - else { - printf("unknown protocol\n"); - break; -diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c -index f12ebdb..11fd37d 100644 ---- checkpolicy-2.7/policy_define.c -+++ checkpolicy-2.7/policy_define.c -@@ -1,5 +1,5 @@ - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -@@ -40,6 +40,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high) - protocol = IPPROTO_UDP; - } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { - protocol = IPPROTO_DCCP; -+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { -+ protocol = IPPROTO_SCTP; - } else { - yyerror2("unrecognized protocol %s", id); - goto bad; -diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y -index 6b406c8..247bd4e 100644 ---- checkpolicy-2.7/policy_parse.y -+++ checkpolicy-2.7/policy_parse.y -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l -index e6c4898..e93ccb6 100644 ---- checkpolicy-2.7/policy_scan.l -+++ checkpolicy-2.7/policy_scan.l -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* Updated: David Caplan, -diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c -index acc991c..82e6673 100644 ---- checkpolicy-2.7/queue.c -+++ checkpolicy-2.7/queue.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h -index 655c94b..60c07fe 100644 ---- checkpolicy-2.7/queue.h -+++ checkpolicy-2.7/queue.h -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile -index 59fa446..89e7557 100644 ---- checkpolicy-2.7/test/Makefile -+++ checkpolicy-2.7/test/Makefile -@@ -1,19 +1,22 @@ - # - # Makefile for building the dispol program - # --PREFIX ?= $(DESTDIR)/usr --BINDIR ?= $(PREFIX)/bin --LIBDIR ?= $(PREFIX)/lib --INCLUDEDIR ?= $(PREFIX)/include --LIBSEPOLA ?= $(LIBDIR)/libsepol.a -- - CFLAGS ?= -g -Wall -W -Werror -O2 -pipe - -+# If no specific libsepol.a is specified, fall back on LDFLAGS search path -+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there -+# is no need to define a value for LDLIBS_LIBSEPOLA -+ifeq ($(LIBSEPOLA),) -+ LDLIBS_LIBSEPOLA := -l:libsepol.a -+endif -+ - all: dispol dismod - - dispol: dispol.o $(LIBSEPOLA) -+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) - - dismod: dismod.o $(LIBSEPOLA) -+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) - - clean: - -rm -f dispol dismod *.o diff --git a/checkpolicy.spec b/checkpolicy.spec index 4cf5a81..8d447df 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -1,17 +1,19 @@ -%define libselinuxver 2.7-13 -%define libsepolver 2.7-6 +%define libselinuxver 2.8-0 +%define libsepolver 2.8-0 + +%global rcversion rc1 Summary: SELinux policy compiler Name: checkpolicy -Version: 2.7 -Release: 7%{?dist} +Version: 2.8 +Release: 0%{?rcversion:.%rcversion}.1%{?dist} License: GPLv2 -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/checkpolicy-2.7.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180419/checkpolicy-2.8-rc1.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: -# $ VERSION=2.7 ./make-fedora-selinux-patch.sh checkpolicy -# HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707 -Patch1: checkpolicy-fedora.patch +# $ VERSION=2.8-rc1 ./make-fedora-selinux-patch.sh checkpolicy +# HEAD https://github.com/fedora-selinux/selinux/commit/5127dfaae645986169b50a7295d4961a4959006a +# Patch1: checkpolicy-fedora.patch Conflicts: selinux-policy-base < 3.13.1-138 BuildRequires: gcc BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver} @@ -31,7 +33,7 @@ This package contains checkpolicy, the SELinux policy compiler. Only required for building policies. %prep -%autosetup -p 1 -n checkpolicy-%{version} +%autosetup -p 1 -n checkpolicy-%{version}%{?rcversion:-%rcversion} %build make clean @@ -56,6 +58,9 @@ install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol %{_bindir}/sedispol %changelog +* Mon Apr 23 2018 Petr Lautrbach - 2.8-0.rc1.1 +- SELinux userspace 2.8-rc1 release candidate + * Wed Mar 21 2018 Petr Lautrbach - 2.7-7 - Add support for the SCTP portcon keyword diff --git a/sources b/sources index 49830b6..8c5286f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (checkpolicy-2.7.tar.gz) = fba8a4132f90c98f8222de563dc15aac1b739d3a6207779b6a4715d2813e7553081351c54f42371a1b704a1f5038d40821b61213c4ad53eb705823975858cf7f +SHA512 (checkpolicy-2.8-rc1.tar.gz) = a13d8abba9a10257d7b9b917754fecf21518d2cdf094508dca1028d24f19763f6ba71cf7dd8a654633152316a6ec618a488598d8ba6cda2960039f101745b57c