Compare commits

..

5 Commits
master ... f27

Author SHA1 Message Date
Paul Moore 58423d9e64 libsemanage-2.7-3
* Tue Jun 26 2018 Paul Moore <pmoore@redhat.com> - 2.7-3
- Disable expand-check (#1595316)
2018-06-26 16:00:03 -04:00
Petr Lautrbach 97b8b1539b Revert "Enable expand-check in semanage.conf"
There are several update issues which need to be soled first before we
enable this in a stable release.

For more information see
https://bugzilla.redhat.com/show_bug.cgi?id=1319652#c25

This reverts commit e2707be9e1.
2018-06-26 15:44:45 -04:00
Petr Lautrbach 42ba1649cb Use shared repository for tests
https://fedoraproject.org/wiki/CI/Share_Test_Code
2018-02-23 12:51:01 +01:00
Serhii Turivny cefaa030d3 Add CI tests using the standard test interface
The following steps are used to execute the tests using the standard test interface:

Classic

    sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml

https://src.fedoraproject.org/rpms/libsemanage/pull-request/2
2018-02-23 12:51:01 +01:00
Petr Lautrbach 44b396895f libsemanage-2.7-2.fc27
- free genhomedircon fallback user
- Add support for listing fcontext.homedirs file
- Keep copy of file_contexts.homedirs in policy store
2017-12-14 10:06:42 +01:00
14 changed files with 454 additions and 694 deletions

10
.gitignore vendored
View File

@ -136,13 +136,3 @@ libsemanage-2.0.45.tgz
/libsemanage-2.5.tar.gz
/libsemanage-2.6.tar.gz
/libsemanage-2.7.tar.gz
/libsemanage-2.8-rc1.tar.gz
/libsemanage-2.8-rc2.tar.gz
/libsemanage-2.8-rc3.tar.gz
/libsemanage-2.8.tar.gz
/libsemanage-2.9-rc1.tar.gz
/libsemanage-2.9-rc2.tar.gz
/libsemanage-2.9.tar.gz
/libsemanage-3.0-rc1.tar.gz
/libsemanage-3.0.tar.gz
/libsemanage-3.1.tar.gz

View File

@ -1,233 +0,0 @@
From b46406de8a93abe10e685c422597516517c0bff3 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 9 Oct 2020 15:00:50 +0200
Subject: [PATCH] libsemanage: Remove legacy and duplicate symbols
Versioned duplicate symbols cause problems for LTO. These symbols were
introduced during the CIL integration several releases ago and were only
consumed by other SELinux userspace components.
Related: https://github.com/SELinuxProject/selinux/issues/245
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/include/semanage/modules.h | 2 +-
libsemanage/src/libsemanage.map | 5 --
libsemanage/src/modules.c | 100 +------------------------
libsemanage/src/modules.h | 9 +--
libsemanage/src/semanageswig_python.i | 2 -
5 files changed, 4 insertions(+), 114 deletions(-)
diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h
index ac4039314857..b51f61f033d5 100644
--- a/libsemanage/include/semanage/modules.h
+++ b/libsemanage/include/semanage/modules.h
@@ -33,7 +33,7 @@ typedef struct semanage_module_key semanage_module_key_t;
*/
extern int semanage_module_install(semanage_handle_t *,
- char *module_data, size_t data_len, char *name, char *ext_lang);
+ char *module_data, size_t data_len, const char *name, const char *ext_lang);
extern int semanage_module_install_file(semanage_handle_t *,
const char *module_name);
extern int semanage_module_remove(semanage_handle_t *, char *module_name);
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
index 1375a8ca0ea7..4bec06aaae27 100644
--- a/libsemanage/src/libsemanage.map
+++ b/libsemanage/src/libsemanage.map
@@ -167,18 +167,13 @@ LIBSEMANAGE_1.0 {
semanage_mls_enabled;
semanage_module_disable;
semanage_module_enable;
- semanage_module_get_enabled;
semanage_module_get_name;
semanage_module_get_version;
semanage_module_info_datum_destroy;
- semanage_module_install;
- semanage_module_install_base;
- semanage_module_install_base_file;
semanage_module_install_file;
semanage_module_list;
semanage_module_list_nth;
semanage_module_remove;
- semanage_module_upgrade;
semanage_module_upgrade_file;
semanage_msg_get_channel;
semanage_msg_get_fname;
diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c
index 6d3eb60ae462..8b36801038df 100644
--- a/libsemanage/src/modules.c
+++ b/libsemanage/src/modules.c
@@ -42,70 +42,7 @@
#include "modules.h"
#include "debug.h"
-asm(".symver semanage_module_get_enabled_1_1,semanage_module_get_enabled@@LIBSEMANAGE_1.1");
-asm(".symver semanage_module_get_enabled_1_0,semanage_module_get_enabled@LIBSEMANAGE_1.0");
-asm(".symver semanage_module_install_pp,semanage_module_install@LIBSEMANAGE_1.0");
-asm(".symver semanage_module_install_hll,semanage_module_install@@LIBSEMANAGE_1.1");
-
-/* Takes a module stored in 'module_data' and parses its headers.
- * Sets reference variables 'module_name' to module's name and
- * 'version' to module's version. The caller is responsible for
- * free()ing 'module_name' and 'version'; they will be
- * set to NULL upon entering this function. Returns 0 on success, -1
- * if out of memory, or -2 if data did not represent a module.
- */
-static int parse_module_headers(semanage_handle_t * sh, char *module_data,
- size_t data_len, char **module_name, char **version)
-{
- struct sepol_policy_file *pf;
- int file_type;
- *version = NULL;
-
- if (sepol_policy_file_create(&pf)) {
- ERR(sh, "Out of memory!");
- return -1;
- }
- sepol_policy_file_set_mem(pf, module_data, data_len);
- sepol_policy_file_set_handle(pf, sh->sepolh);
- if (module_data == NULL ||
- data_len == 0 ||
- sepol_module_package_info(pf, &file_type, module_name, version) == -1) {
- sepol_policy_file_free(pf);
- ERR(sh, "Could not parse module data.");
- return -2;
- }
- sepol_policy_file_free(pf);
- if (file_type != SEPOL_POLICY_MOD) {
- ERR(sh, "Data did not represent a pp module. Please upgrade to the latest version of libsemanage to support hll modules.");
- return -2;
- }
-
- return 0;
-}
-
-/* This function is used to preserve ABI compatibility with
- * versions of semodule using LIBSEMANAGE_1.0
- */
-int semanage_module_install_pp(semanage_handle_t * sh,
- char *module_data, size_t data_len)
-{
- char *name = NULL;
- char *version = NULL;
- int status;
-
- if ((status = parse_module_headers(sh, module_data, data_len, &name, &version)) != 0) {
- goto cleanup;
- }
-
- status = semanage_module_install_hll(sh, module_data, data_len, name, "pp");
-
-cleanup:
- free(name);
- free(version);
- return status;
-}
-
-int semanage_module_install_hll(semanage_handle_t * sh,
+int semanage_module_install(semanage_handle_t * sh,
char *module_data, size_t data_len, const char *name, const char *ext_lang)
{
if (sh->funcs->install == NULL) {
@@ -160,16 +97,6 @@ int semanage_module_extract(semanage_handle_t * sh,
return sh->funcs->extract(sh, modkey, extract_cil, mapped_data, data_len, modinfo);
}
-/* Legacy function that remains to preserve ABI
- * compatibility. Please use semanage_module_install instead.
- */
-int semanage_module_upgrade(semanage_handle_t * sh,
- char *module_data, size_t data_len)
-{
- return semanage_module_install_pp(sh, module_data, data_len);
-
-}
-
/* Legacy function that remains to preserve ABI
* compatibility. Please use semanage_module_install_file instead.
*/
@@ -179,24 +106,6 @@ int semanage_module_upgrade_file(semanage_handle_t * sh,
return semanage_module_install_file(sh, module_name);
}
-/* Legacy function that remains to preserve ABI
- * compatibility. Please use semanage_module_install instead.
- */
-int semanage_module_install_base(semanage_handle_t * sh,
- char *module_data, size_t data_len)
-{
- return semanage_module_install_pp(sh, module_data, data_len);
-}
-
-/* Legacy function that remains to preserve ABI
- * compatibility. Please use semanage_module_install_file instead.
- */
-int semanage_module_install_base_file(semanage_handle_t * sh,
- const char *module_name)
-{
- return semanage_module_install_file(sh, module_name);
-}
-
int semanage_module_remove(semanage_handle_t * sh, char *module_name)
{
if (sh->funcs->remove == NULL) {
@@ -780,7 +689,7 @@ int semanage_module_key_set_priority(semanage_handle_t *sh,
}
-int semanage_module_get_enabled_1_1(semanage_handle_t *sh,
+int semanage_module_get_enabled(semanage_handle_t *sh,
const semanage_module_key_t *modkey,
int *enabled)
{
@@ -800,11 +709,6 @@ int semanage_module_get_enabled_1_1(semanage_handle_t *sh,
return sh->funcs->get_enabled(sh, modkey, enabled);
}
-int semanage_module_get_enabled_1_0(semanage_module_info_t *modinfo)
-{
- return modinfo->enabled;
-}
-
int semanage_module_set_enabled(semanage_handle_t *sh,
const semanage_module_key_t *modkey,
int enabled)
diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h
index 2d3576fb15df..64d4a157f5ca 100644
--- a/libsemanage/src/modules.h
+++ b/libsemanage/src/modules.h
@@ -26,16 +26,9 @@
#include "semanage/modules.h"
-int semanage_module_install_pp(semanage_handle_t * sh,
- char *module_data, size_t data_len);
-int semanage_module_install_hll(semanage_handle_t * sh,
- char *module_data, size_t data_len, const char *name, const char *ext_lang);
-int semanage_module_upgrade(semanage_handle_t * sh,
- char *module_data, size_t data_len);
+
int semanage_module_upgrade_file(semanage_handle_t * sh,
const char *module_name);
-int semanage_module_install_base(semanage_handle_t * sh,
- char *module_data, size_t data_len);
int semanage_module_install_base_file(semanage_handle_t * sh,
const char *module_name);
diff --git a/libsemanage/src/semanageswig_python.i b/libsemanage/src/semanageswig_python.i
index 8dd79fc24213..5f0113966962 100644
--- a/libsemanage/src/semanageswig_python.i
+++ b/libsemanage/src/semanageswig_python.i
@@ -30,8 +30,6 @@
%}
%include "stdint.i"
-%ignore semanage_module_install_pp;
-%ignore semanage_module_install_hll;
%wrapper %{
--
2.29.0

View File

@ -1,100 +0,0 @@
From c08b73d7183e2dbab0ba43c3df32f4214abbc9c6 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 9 Oct 2020 15:00:51 +0200
Subject: [PATCH] libsemanage: Drop deprecated functions
semanage_module_enable() and semanage_module_disable() were deprecated
by commit 9fbc6d14418f ("libsemanage: add back original module
enable/disable functions for ABI compatability") in 2014 in order to
preserve ABI compatibility. As we the libsemanage ABI is changed by the
previous commit, it makes sense to drop them completely.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/src/libsemanage.map | 2 --
libsemanage/src/modules.c | 56 ---------------------------------
2 files changed, 58 deletions(-)
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
index 4bec06aaae27..3ea7b60f97bb 100644
--- a/libsemanage/src/libsemanage.map
+++ b/libsemanage/src/libsemanage.map
@@ -165,8 +165,6 @@ LIBSEMANAGE_1.0 {
semanage_is_connected;
semanage_is_managed;
semanage_mls_enabled;
- semanage_module_disable;
- semanage_module_enable;
semanage_module_get_name;
semanage_module_get_version;
semanage_module_info_datum_destroy;
diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c
index 8b36801038df..b6dd456cac32 100644
--- a/libsemanage/src/modules.c
+++ b/libsemanage/src/modules.c
@@ -734,62 +734,6 @@ int semanage_module_set_enabled(semanage_handle_t *sh,
}
-/* This function exists only for ABI compatibility. It has been deprecated and
- * should not be used. Instead, use semanage_module_set_enabled() */
-int semanage_module_enable(semanage_handle_t *sh, char *module_name)
-{
- int rc = -1;
- semanage_module_key_t *modkey = NULL;
-
- rc = semanage_module_key_create(sh, &modkey);
- if (rc != 0)
- goto exit;
-
- rc = semanage_module_key_set_name(sh, modkey, module_name);
- if (rc != 0)
- goto exit;
-
- rc = semanage_module_set_enabled(sh, modkey, 1);
- if (rc != 0)
- goto exit;
-
- rc = 0;
-
-exit:
- semanage_module_key_destroy(sh, modkey);
- free(modkey);
-
- return rc;
-}
-
-/* This function exists only for ABI compatibility. It has been deprecated and
- * should not be used. Instead, use semanage_module_set_enabled() */
-int semanage_module_disable(semanage_handle_t *sh, char *module_name)
-{
- int rc = -1;
- semanage_module_key_t *modkey = NULL;
-
- rc = semanage_module_key_create(sh, &modkey);
- if (rc != 0)
- goto exit;
-
- rc = semanage_module_key_set_name(sh, modkey, module_name);
- if (rc != 0)
- goto exit;
-
- rc = semanage_module_set_enabled(sh, modkey, 0);
- if (rc != 0)
- goto exit;
-
- rc = 0;
-
-exit:
- semanage_module_key_destroy(sh, modkey);
- free(modkey);
-
- return rc;
-}
-
/* Converts a string to a priority
*
* returns -1 if str is not a valid priority.
--
2.29.0

View File

@ -1,45 +0,0 @@
From 6ebb35d261eaa8701b53b9f68184b05de8dfd868 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 9 Oct 2020 15:00:52 +0200
Subject: [PATCH] libsemanage: Bump libsemanage.so version
Previous commits removed some symbols and broke ABI, therefore we need to change
SONAME.
See the following quotes from distribution guidelines:
https://www.debian.org/doc/debian-policy/ch-sharedlibs.html#run-time-shared-libraries
Every time the shared library ABI changes in a way that may break
binaries linked against older versions of the shared library, the SONAME
of the library and the corresponding name for the binary package
containing the runtime shared library should change.
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_downstream_so_name_versioning
When new versions of the library are released, you should use an ABI
comparison tool to check for ABI differences in the built shared
libraries. If it detects any incompatibilities, bump the n number by
one.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/src/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index a0eb3747d74b..ab6cae51f5c3 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -32,7 +32,7 @@ YACC = bison
YFLAGS = -d
VERSION = $(shell cat ../VERSION)
-LIBVERSION = 1
+LIBVERSION = 2
LIBA=libsemanage.a
TARGET=libsemanage.so
--
2.29.0

View File

@ -1,66 +0,0 @@
From fc966a746653cc15a14d1e1a80f01fc2f567ee08 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 7 Nov 2018 18:17:34 +0100
Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
scan defects
---
libsemanage/src/direct_api.c | 21 ++++++++-------------
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index d2b91fb24292..f445cd4d6fb5 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
fp = NULL;
- ret = 0;
+ return 0;
cleanup:
if (fp != NULL) fclose(fp);
@@ -2184,7 +2184,6 @@ cleanup:
semanage_module_info_destroy(sh, modinfo);
free(modinfo);
- if (fp != NULL) fclose(fp);
return status;
}
@@ -2349,16 +2348,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
free(tmp);
tmp = NULL;
- if (fclose(fp) != 0) {
- ERR(sh,
- "Unable to close %s module lang ext file.",
- (*modinfo)->name);
- status = -1;
- goto cleanup;
- }
-
- fp = NULL;
-
/* lookup enabled/disabled status */
ret = semanage_module_get_path(sh,
*modinfo,
@@ -2402,7 +2391,13 @@ cleanup:
free(modinfos);
}
- if (fp != NULL) fclose(fp);
+ if (fp != NULL && fclose(fp) != 0) {
+ ERR(sh,
+ "Unable to close %s module lang ext file.",
+ (*modinfo)->name);
+ status = -1;
+ }
+
return status;
}
--
2.29.0

View File

@ -1,35 +0,0 @@
From 511f8bbf779e10152d5af491e8b6a408b8ad666c Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 30 Oct 2020 17:42:17 +0100
Subject: [PATCH] libsemanage/genhomedircon: check usepasswd
Only add user homedir contexts when usepasswd = True
Resolves:
# grep usepasswd /etc/selinux/semanage.conf
usepasswd=False
# useradd -Z unconfined_u -d /tmp test
# matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
libsemanage/src/genhomedircon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de99a7..18d3d99a1254 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
s->fallback->home = NULL;
}
}
- if (user_context_tpl || username_context_tpl) {
+ if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) {
if (write_username_context(s, out, username_context_tpl,
s->fallback) != STATUS_SUCCESS) {
retval = STATUS_ERR;
--
2.29.2

View File

@ -1,16 +0,0 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

299
libsemanage-fedora.patch Normal file
View File

@ -0,0 +1,299 @@
diff --git libsemanage-2.7/include/semanage/fcontexts_policy.h libsemanage-2.7/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- libsemanage-2.7/include/semanage/fcontexts_policy.h
+++ libsemanage-2.7/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
semanage_fcontext_t *** records,
unsigned int *count);
+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
#endif
diff --git libsemanage-2.7/src/direct_api.c libsemanage-2.7/src/direct_api.c
index 65842df..31fcada 100644
--- libsemanage-2.7/src/direct_api.c
+++ libsemanage-2.7/src/direct_api.c
@@ -148,9 +148,6 @@ int semanage_direct_connect(semanage_handle_t * sh)
if (semanage_create_store(sh, 1))
goto err;
- if (semanage_access_check(sh) < SEMANAGE_CAN_READ)
- goto err;
-
sh->u.direct.translock_file_fd = -1;
sh->u.direct.activelock_file_fd = -1;
@@ -210,6 +207,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
semanage_fcontext_dbase_local(sh)) < 0)
goto err;
+ if (fcontext_file_dbase_init(sh,
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_fcontext_dbase_homedirs(sh)) < 0)
+ goto err;
+
if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_SEUSERS_LOCAL),
@@ -349,6 +352,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
iface_file_dbase_release(semanage_iface_dbase_local(sh));
bool_file_dbase_release(semanage_bool_dbase_local(sh));
fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
+ fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh));
seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
node_file_dbase_release(semanage_node_dbase_local(sh));
@@ -373,10 +377,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
static int semanage_direct_begintrans(semanage_handle_t * sh)
{
-
- if (semanage_access_check(sh) != SEMANAGE_CAN_WRITE) {
- return -1;
- }
if (semanage_get_trans_lock(sh) < 0) {
return -1;
}
@@ -1545,43 +1545,46 @@ rebuild:
}
path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
- if (access(path, F_OK) == 0) {
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
- sh->conf->file_mode);
- if (retval < 0) {
- goto cleanup;
- }
+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
+ sh->conf->file_mode);
+ if (retval < 0 && errno != ENOENT) {
+ goto cleanup;
}
path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
- if (access(path, F_OK) == 0) {
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
- sh->conf->file_mode);
- if (retval < 0) {
- goto cleanup;
- }
+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
+ sh->conf->file_mode);
+ if (retval < 0 && errno != ENOENT) {
+ goto cleanup;
}
path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
- if (access(path, F_OK) == 0) {
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
- sh->conf->file_mode);
- if (retval < 0) {
- goto cleanup;
- }
+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
+ sh->conf->file_mode);
+ if (retval < 0 && errno != ENOENT) {
+ goto cleanup;
}
/* run genhomedircon if its enabled, this should be the last operation
* which requires the out policydb */
if (!sh->conf->disable_genhomedircon) {
- if (out && (retval =
- semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) {
- ERR(sh, "semanage_genhomedircon returned error code %d.",
- retval);
- goto cleanup;
+ if (out){
+ if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd,
+ sh->conf->ignoredirs)) != 0) {
+ ERR(sh, "semanage_genhomedircon returned error code %d.", retval);
+ goto cleanup;
+ }
+ /* file_contexts.homedirs was created in SEMANAGE_TMP store */
+ retval = semanage_copy_file(
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS),
+ sh->conf->file_mode);
+ if (retval < 0) {
+ goto cleanup;
+ }
}
} else {
WARN(sh, "WARNING: genhomedircon is disabled. \
diff --git libsemanage-2.7/src/fcontexts_policy.c libsemanage-2.7/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- libsemanage-2.7/src/fcontexts_policy.c
+++ libsemanage-2.7/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
return dbase_list(handle, dconfig, records, count);
}
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git libsemanage-2.7/src/genhomedircon.c libsemanage-2.7/src/genhomedircon.c
index b9a74b7..d09d82f 100644
--- libsemanage-2.7/src/genhomedircon.c
+++ libsemanage-2.7/src/genhomedircon.c
@@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
s.homedir_template_path =
semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
- s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
- SEMANAGE_FC_HOMEDIRS);
+ s.fcfilepath =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS);
s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
if (s.fallback == NULL) {
@@ -1385,7 +1385,9 @@ done:
if (out != NULL)
fclose(out);
- pop_user_entry(&(s.fallback));
+ while (s.fallback)
+ pop_user_entry(&(s.fallback));
+
ignore_free();
return retval;
diff --git libsemanage-2.7/src/handle.h libsemanage-2.7/src/handle.h
index 889871d..1780ac8 100644
--- libsemanage-2.7/src/handle.h
+++ libsemanage-2.7/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
struct semanage_policy_table *funcs;
/* Object databases */
-#define DBASE_COUNT 23
+#define DBASE_COUNT 24
/* Local modifications */
#define DBASE_LOCAL_USERS_BASE 0
@@ -102,13 +102,14 @@ struct semanage_handle {
#define DBASE_POLICY_INTERFACES 15
#define DBASE_POLICY_BOOLEANS 16
#define DBASE_POLICY_FCONTEXTS 17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES 19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS 21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES 20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS 22
/* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS 22
+#define DBASE_ACTIVE_BOOLEANS 23
dbase_config_t dbase[DBASE_COUNT];
};
@@ -236,6 +237,12 @@ static inline
}
static inline
+ dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
{
return &handle->dbase[DBASE_POLICY_SEUSERS];
diff --git libsemanage-2.7/src/semanage_store.c libsemanage-2.7/src/semanage_store.c
index 6158d08..320fa7b 100644
--- libsemanage-2.7/src/semanage_store.c
+++ libsemanage-2.7/src/semanage_store.c
@@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
"/modules/disabled",
"/policy.kern",
"/file_contexts.local",
+ "/file_contexts.homedirs",
"/file_contexts",
"/seusers"
};
@@ -537,7 +538,6 @@ char *semanage_conf_path(void)
int semanage_create_store(semanage_handle_t * sh, int create)
{
struct stat sb;
- int mode_mask = R_OK | W_OK | X_OK;
const char *path = semanage_files[SEMANAGE_ROOT];
int fd;
@@ -556,9 +556,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ if (!S_ISDIR(sb.st_mode)) {
ERR(sh,
- "Could not access module store at %s, or it is not a directory.",
+ "Module store at %s is not a directory.",
path);
return -1;
}
@@ -579,9 +579,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ if (!S_ISDIR(sb.st_mode)) {
ERR(sh,
- "Could not access module store active subdirectory at %s, or it is not a directory.",
+ "Module store active subdirectory at %s is not a directory.",
path);
return -1;
}
@@ -602,9 +602,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ if (!S_ISDIR(sb.st_mode)) {
ERR(sh,
- "Could not access module store active modules subdirectory at %s, or it is not a directory.",
+ "Module store active modules subdirectory at %s is not a directory.",
path);
return -1;
}
@@ -623,8 +623,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
- if (!S_ISREG(sb.st_mode) || access(path, R_OK | W_OK) == -1) {
- ERR(sh, "Could not access lock file at %s.", path);
+ if (!S_ISREG(sb.st_mode)) {
+ ERR(sh, "Lock file at %s missing.", path);
return -1;
}
}
diff --git libsemanage-2.7/src/semanage_store.h libsemanage-2.7/src/semanage_store.h
index fcaa505..34bf852 100644
--- libsemanage-2.7/src/semanage_store.h
+++ libsemanage-2.7/src/semanage_store.h
@@ -61,6 +61,7 @@ enum semanage_sandbox_defs {
SEMANAGE_MODULES_DISABLED,
SEMANAGE_STORE_KERNEL,
SEMANAGE_STORE_FC_LOCAL,
+ SEMANAGE_STORE_FC_HOMEDIRS,
SEMANAGE_STORE_FC,
SEMANAGE_STORE_SEUSERS,
SEMANAGE_STORE_NUM_PATHS

View File

@ -0,0 +1,32 @@
Index: libsemanage/src/semanage_store.c
===================================================================
RCS file: /cvsroot/selinux/nsa/selinux-usr/libsemanage/src/semanage_store.c,v
retrieving revision 1.21
diff -u -r1.21 semanage_store.c
--- libsemanage/src/semanage_store.c 9 Nov 2005 14:52:55 -0000 1.21
+++ libsemanage/src/semanage_store.c 14 Nov 2005 21:43:09 -0000
@@ -950,11 +950,6 @@
goto cleanup;
}
- if ((r = semanage_exec_prog(sh, sh->conf->genhomedircon, sh->conf->store_path, "")) != 0) {
- ERR(sh, "genhomedircon returned error code %d.", r);
- goto cleanup;
- }
-
retval = 0;
cleanup:
free(storepath);
@@ -1070,6 +1065,12 @@
goto cleanup;
}
+ if ((retval = semanage_exec_prog(sh, sh->conf->genhomedircon, sh->conf->store_path, "")) != 0) {
+ ERR(sh, "genhomedircon returned error code %d.", retval);
+ goto cleanup;
+ }
+
+
cleanup:
return retval;

View File

@ -1,36 +1,35 @@
%define libsepolver 3.1-5
%define libselinuxver 3.1-5
%global with_python3 1
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}
Summary: SELinux binary policy manipulation library
%define libsepolver 2.7-2
%define libselinuxver 2.7-3
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 3.1
Release: 5%{?dist}
Version: 2.7
Release: 3%{?dist}
License: LGPLv2+
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-3.1.tar.gz
# fedora-selinux/selinux: git format-patch -N libsemanage-3.1 -- libsemanage
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start
Patch0001: 0001-libsemanage-Remove-legacy-and-duplicate-symbols.patch
Patch0002: 0002-libsemanage-Drop-deprecated-functions.patch
Patch0003: 0003-libsemanage-Bump-libsemanage.so-version.patch
Patch0004: 0004-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
Patch0005: 0005-libsemanage-genhomedircon-check-usepasswd.patch
# Patch list end
Group: System Environment/Libraries
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsemanage-2.7.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.7 BRANCH=f27 ./make-fedora-selinux-patch.sh libsemanage
# HEAD https://github.com/fedora-selinux/selinux/commit/e5a6540888e254b245d42b7cecf0b895d64ddc43
Patch1: libsemanage-fedora.patch
URL: https://github.com/SELinuxProject/selinux/wiki
Source1: semanage.conf
BuildRequires: gcc make
BuildRequires: libselinux-devel >= %{libselinuxver} swig
BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel
BuildRequires: libsepol-devel >= %{libsepolver}
BuildRequires: audit-libs-devel
BuildRequires: bison flex bzip2-devel
BuildRequires: python python-devel bison flex bzip2-devel
BuildRequires: python3
BuildRequires: python3-devel
%if 0%{?with_python3}
BuildRequires: python3 python3-devel
%endif # if with_python3
Requires: bzip2-libs audit-libs
Requires: libselinux%{?_isa} >= %{libselinuxver}
Obsoletes: libsemanage-compat = 3.1-4
%description
Security-enhanced Linux is a feature of the Linux® kernel and a number
@ -50,6 +49,7 @@ on binary policies such as customizing policy boolean settings.
%package static
Summary: Static library used to build policy manipulation tools
Group: Development/Libraries
Requires: libsemanage-devel%{_isa} = %{version}-%{release}
%description static
@ -58,33 +58,40 @@ needed for developing applications that manipulate binary policies.
%package devel
Summary: Header files and libraries used to build policy manipulation tools
Requires: %{name}%{?_isa} = %{version}-%{release}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release} ustr
%description devel
The semanage-devel package contains the libraries and header files
needed for developing applications that manipulate binary policies.
%package -n python3-libsemanage
%package python
Summary: semanage python bindings for libsemanage
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description python
The libsemanage-python package contains the python bindings for developing
SELinux management applications.
%if 0%{?with_python3}
%package python3
Summary: semanage python 3 bindings for libsemanage
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libselinux-python3
%{?python_provide:%python_provide python3-libsemanage}
# Remove before F30
Provides: %{name}-python3 = %{version}-%{release}
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python3 < %{version}-%{release}
%description -n python3-libsemanage
%description python3
The libsemanage-python3 package contains the python 3 bindings for developing
SELinux management applications.
%endif # if with_python3
%prep
%autosetup -n libsemanage-%{version} -p 2
%autosetup -n libsemanage-%{version} -p 1
%build
%set_build_flags
CFLAGS="$CFLAGS -fno-semantic-interposition"
export LDFLAGS="%{?__global_ldflags}"
# To support building the Python wrapper against multiple Python runtimes
# Define a function, for how to perform a "build" of the python wrapper against
@ -95,16 +102,21 @@ BuildPythonWrapper() {
# Perform the build from the upstream Makefile:
make \
PYTHON=$BinaryName \
LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
pywrap
}
make clean
make swigify
%make_build LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
make CFLAGS="%{optflags}" swigify
make CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
BuildPythonWrapper \
%{__python}
%if 0%{?with_python3}
BuildPythonWrapper \
%{__python3}
%endif # with_python3
%install
InstallPythonWrapper() {
@ -112,189 +124,85 @@ InstallPythonWrapper() {
make \
PYTHON=$BinaryName \
DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" \
DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" \
install-pywrap
}
rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}
mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux
mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux/tmp
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}"
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install
InstallPythonWrapper \
%{__python} \
.so
%if 0%{?with_python3}
InstallPythonWrapper \
%{__python3} \
$(python3-config --extension-suffix)
%endif # with_python3
cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf
ln -sf %{_libdir}/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so
sed -i '1s%\(#! */usr/bin/python\)\([^3].*\|\)$%\13\2%' %{buildroot}%{_libexecdir}/selinux/semanage_migrate_store
%clean
rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,root)
%{!?_licensedir:%global license %%doc}
%license COPYING
%dir %{_sysconfdir}/selinux
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
%{_libdir}/libsemanage.so.2
%{_libdir}/libsemanage.so.1
%{_mandir}/man5/*
%{_mandir}/ru/man5/*
%dir %{_libexecdir}/selinux
%dir %{_sharedstatedir}/selinux
%dir %{_sharedstatedir}/selinux/tmp
%ldconfig_scriptlets
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files static
%defattr(-,root,root)
%{_libdir}/libsemanage.a
%files devel
%defattr(-,root,root)
%{_libdir}/libsemanage.so
%{_libdir}/pkgconfig/libsemanage.pc
%dir %{_includedir}/semanage
%{_includedir}/semanage/*.h
%{_mandir}/man3/*
%files -n python3-libsemanage
%files python
%defattr(-,root,root)
%{python_sitearch}/_semanage.so
%{python_sitearch}/semanage.py*
%if 0%{?with_python3}
%files python3
%defattr(-,root,root)
%{python3_sitearch}/*.so
%{python3_sitearch}/semanage.py*
%{python3_sitearch}/__pycache__/semanage*
%{_libexecdir}/selinux/semanage_migrate_store
%endif # if with_python3
%changelog
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
- Drop and obsolete libsemanage-compat
- genhomedircon: check usepasswd
* Tue Jun 26 2018 Paul Moore <pmoore@redhat.com> - 2.7-3
- Disable expand-check (#1595316)
* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-4
- Drop deprecated functions and duplicated symbols
- Change library version to libsemanage.so.2
- Temporary ship -compat with libsemanage.so.1
- Based on upstream db0f2f382e31
- Re-enable lto flags
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
- Use -fno-semantic-interposition and more make macros
* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
- SELinux userspace 3.1 release
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-4
- Rebuilt for Python 3.9
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 22 2020 Ondrej Mosnacek <omosnace@redhat.com> - 3.0-2
- Enable policy optimization
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
- SELinux userspace 3.0 release
* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
- SELinux userspace 3.0-rc1 release candidate
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-5
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Sun Aug 18 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.9-4
- Rebuilt for Python 3.8
* Tue Aug 13 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
- Drop python2-libsemanage (#1738466)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
- SELinux userspace 2.9-rc2 release
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
- SELinux userspace 2.9-rc1 release
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-8
- Always set errno to 0 before calling getpwent()
- Set selinux policy root around calls to selinux_boolean_sub
* Mon Dec 10 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
- genhomedircon - improve handling large groups
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-6
- Fix RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects
* Mon Sep 17 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
- Include user name in ROLE_REMOVE audit events
* Tue Sep 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
- Reset umask before creating directories (#1186422)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8-2
- Rebuilt for Python 3.7
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
- SELinux userspace 2.8 release
* Mon May 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc3.1
- SELinux userspace 2.8-rc3 release candidate
* Fri May 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc2.1
- SELinux userspace 2.8-rc2 release candidate
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
- SELinux userspace 2.8-rc1 release candidate
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-12
- build: Replace PYSITEDIR with PYTHONLIBDIR
- direct_api.c: Fix iterating over array (#1557468)
* Fri Mar 16 2018 Petr Lautrbach <plautrba@workstation> - 2.7-11
- Revert "remove access() check to make setuid programs work" (#1557468)
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-10
- properly check return value of iterate function
- Use umask(0077) for fopen() write operations
- Return commit number if save-previous false
- Allow tmp files to be kept if a compile fails
- build: follow standard semantics for DESTDIR and PREFIX
- Improve warning for installing disabled module
- silence clang static analyzer report
- remove access() check to make setuid programs work
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.7-9
- Escape macros in %%changelog
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.7-7
- Switch to %%ldconfig_scriptlets
* Tue Jan 09 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.7-6
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
* Fri Nov 24 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-2
- free genhomedircon fallback user
- Rebuild with libsepol-2.7-3 and libselinux-2.7-6
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
- Add support for listing fcontext.homedirs file (#1409813)
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
- Add Provides for the old names without %%_isa
* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-2
- Python 2 binary package renamed to python2-libsemanage
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
- Python 3 binary package renamed to python3-libsemanage
- Add support for listing fcontext.homedirs file
- Keep copy of file_contexts.homedirs in policy store
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
- Update to upstream release 2017-08-04
@ -331,7 +239,7 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf
- Use pp module name instead of filename when installing module
- tests: Do not force using gcc
- genhomedircon: remove hardcoded refpolicy strings
- genhomedircon: add support for %%group syntax
- genhomedircon: add support for %group syntax
- genhomedircon: generate contexts for logins mapped to the default user
- Validate and compile file contexts before installing
- Swap tcp and udp protocol numbers
@ -349,7 +257,7 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf
* Fri May 06 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
- Fix multiple spelling errors
- genhomedircon: %%{USERID} and %%{USERNAME} support and code cleanup
- genhomedircon: %{USERID} and %{USERNAME} support and code cleanup
* Mon Mar 21 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
- Enable expand-check by default (#1319652)

27
make-rhat-patches.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
LIBSEMANAGE_VERSION=2.4
BRANCH=master
REBASEDIR=`mktemp -d rebase.XXXXXX`
pushd $REBASEDIR
git clone git@github.com:fedora-selinux/selinux.git
pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd
# prepare libsemanage-rhat.patch
tar xfz ../libsemanage-$LIBSEMANAGE_VERSION.tar.gz
pushd libsemanage-$LIBSEMANAGE_VERSION
git init; git add .; git commit -m "init"
cp -r ../selinux/libsemanage/* .
git add -A .
git diff --cached --src-prefix=libsemanage-$LIBSEMANAGE_VERSION/ --dst-prefix=libsemanage-$LIBSEMANAGE_VERSION/ > ../../libsemanage-rhat.patch
popd
popd
# echo rm -rf $REBASEDIR
echo libsemanage-rhat.patch created from https://github.com/fedora-selinux/selinux/commit/$COMMIT

View File

@ -50,7 +50,6 @@ usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root
optimize-policy=true
[sefcontext_compile]
path = /usr/sbin/sefcontext_compile

View File

@ -1 +1 @@
SHA512 (libsemanage-3.1.tar.gz) = 8609ca7d13b5c603677740f2b14558fea3922624af182d20d618237ba11fcf2559fab82fc68d1efa6ff118f064d426f005138521652c761de92cd66150102197
SHA512 (libsemanage-2.7.tar.gz) = 6b30ea87f1ab3944935188539bbf869c8e287e05c174ea61cd19722a89cf8156518f336476e23b4117a5a05aec9a99a4db679b58a6952bf0c31ad809e9ab91d9

View File

@ -8,18 +8,18 @@
repositories:
- repo: "https://src.fedoraproject.org/tests/selinux.git"
dest: "selinux"
fmf_filter: "tier: 1 | component: libsemanage & tags: generic"
tests:
- selinux/libsemanage/semanage-handle-functions
- selinux/libsemanage/semanage-seuser-functions
- selinux/libsemanage/verify-options-in-semanage-conf
required_packages:
- libsemanage # Required for sanity-tests
- libsemanage-devel # Required for sanity-tests
- glibc # Required for sanity-tests
- gcc # Required for sanity-tests
- CUnit-devel # Required for sanity-tests
- libsemanage # Required for semanage-*-functions tests
- libsemanage-devel # Required for semanage-*-functions tests
- glibc # Required for semanage-*-functions tests
- gcc # Required for semanage-*-functions tests
- libselinux # Required for verify-options-in-semanage-conf
- libselinux-utils # Required for verify-options-in-semanage-conf
- policycoreutils # Required for verify-options-in-semanage-conf
- policycoreutils-python-utils # Required for verify-options-in-semanage-conf
- policycoreutils-python # Required for verify-options-in-semanage-conf when running on RHEL
- selinux-policy # Required for verify-options-in-semanage-conf
- selinux-policy-devel # Required for verify-options-in-semanage-conf
- lksctp-tools # sctp_test
- psmisc # sctp_test