policycoreutils-3.4-0.rc2.1

- SELinux userspace 3.4-rc2 release
2022-04-21 20:31:39 +02:00 · 2022-04-21 20:31:39 +02:00 · 5dcaf75761
parent 013d1dc731
commit 5dcaf75761
15 changed files with 90 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@ -341,3 +341,4 @@ policycoreutils-2.0.83.tgz
 /selinux-3.3-rc3.tar.gz
 /selinux-3.3.tar.gz
 /selinux-3.4-rc1.tar.gz
+/selinux-3.4-rc2.tar.gz
--- a/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
+++ b/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
@ -1,4 +1,4 @@
-From 3c7290a99b22de343611dd61e8cd6d5b1bfb9825 Mon Sep 17 00:00:00 2001
+From f361ee407490bc74b43ec408b1edc70cd647d4e0 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Thu, 20 Aug 2015 12:58:41 +0200
 Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
--- a/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
+++ b/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
@ -1,4 +1,4 @@
-From a7d5ba145b86f48e6ebb3964ac64feebd062025a Mon Sep 17 00:00:00 2001
+From 71a2f14767c0ec70c23ecce43d7cbc5404c95552 Mon Sep 17 00:00:00 2001
 From: Dan Walsh <dwalsh@redhat.com>
 Date: Mon, 21 Apr 2014 13:54:40 -0400
 Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
--- a/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
+++ b/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
@ -1,4 +1,4 @@
-From 25a80e4bfa1c0b9814ddaaae119b694f7e7a33d7 Mon Sep 17 00:00:00 2001
+From d55a06c002641dce1301b9b5639bd8e206460724 Mon Sep 17 00:00:00 2001
 From: Miroslav Grepl <mgrepl@redhat.com>
 Date: Mon, 12 May 2014 14:11:22 +0200
 Subject: [PATCH] If there is no executable we don't want to print a part of
@ -10,7 +10,7 @@ Content-type: text/plain
 1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 82338aeeef32..c9a6291a8b40 100755
+index 82338aeeef32..ec8aa1cb94a2 100755
 --- a/python/sepolicy/sepolicy/manpage.py
 +++ b/python/sepolicy/sepolicy/manpage.py
@@ -795,7 +795,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@ -19,7 +19,7 @@ index 82338aeeef32..c9a6291a8b40 100755
 
 -        self.fd.write(r"""
 +        if flist_non_exec:
-+                self.fd.write(r"""
+            self.fd.write(r"""
 .PP
 .B STANDARD FILE CONTEXT
 
--- a/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
+++ b/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
@ -1,4 +1,4 @@
-From 874b3757c4a7c7faa3166f66a897a21630faf55e Mon Sep 17 00:00:00 2001
+From b180f7679c5e09535416f47d48afd0c0738f5fa9 Mon Sep 17 00:00:00 2001
 From: Miroslav Grepl <mgrepl@redhat.com>
 Date: Thu, 19 Feb 2015 17:45:15 +0100
 Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
@ -50,7 +50,7 @@ index 203ca25f4210..9447812b7450 100644
 
 def reinit():
 diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index c9a6291a8b40..d0c9bb840b26 100755
+index ec8aa1cb94a2..c632d05dbb1b 100755
 --- a/python/sepolicy/sepolicy/manpage.py
 +++ b/python/sepolicy/sepolicy/manpage.py
@@ -151,10 +151,6 @@ def prettyprint(f, trim):
--- a/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
+++ b/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
@ -1,4 +1,4 @@
-From aba96cf4c6f692b4cdd60bf9097f02409a11a996 Mon Sep 17 00:00:00 2001
+From 1747f59fece8183772e5591ce5b5feb5f421f602 Mon Sep 17 00:00:00 2001
 From: Miroslav Grepl <mgrepl@redhat.com>
 Date: Fri, 20 Feb 2015 16:42:01 +0100
 Subject: [PATCH] We want to remove the trailing newline for
--- a/0006-Fix-title-in-manpage.py-to-not-contain-online.patch
+++ b/0006-Fix-title-in-manpage.py-to-not-contain-online.patch
@ -1,4 +1,4 @@
-From 852c8eb32fb2d0f224cdfec211f4c483c4423a8b Mon Sep 17 00:00:00 2001
+From 0bd28bc715034c644405d3c03f160d69ae710500 Mon Sep 17 00:00:00 2001
 From: Miroslav Grepl <mgrepl@redhat.com>
 Date: Fri, 20 Feb 2015 16:42:53 +0100
 Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
@ -9,7 +9,7 @@ Content-type: text/plain
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index d0c9bb840b26..581b5e85652c 100755
+index c632d05dbb1b..3ae2f42b2fdf 100755
 --- a/python/sepolicy/sepolicy/manpage.py
 +++ b/python/sepolicy/sepolicy/manpage.py
@@ -222,7 +222,7 @@ class HTMLManPages:
--- a/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
+++ b/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
@ -1,4 +1,4 @@
-From add9d39a077e4288c71b00e9e92e5bf673070ac2 Mon Sep 17 00:00:00 2001
+From f204dd292340689c2d7ab75612b9fd81337fcbc3 Mon Sep 17 00:00:00 2001
 From: Dan Walsh <dwalsh@redhat.com>
 Date: Fri, 14 Feb 2014 12:32:12 -0500
 Subject: [PATCH] Don't be verbose if you are not on a tty
@ -9,7 +9,7 @@ Content-type: text/plain
 1 file changed, 1 insertion(+)

 diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index 7df4303a7ad3..dfd8929b4bbc 100755
+index c72ca0eb9d61..163ebcd1f232 100755
 --- a/policycoreutils/scripts/fixfiles
 +++ b/policycoreutils/scripts/fixfiles
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
--- a/0008-sepolicy-generate-Handle-more-reserved-port-types.patch
+++ b/0008-sepolicy-generate-Handle-more-reserved-port-types.patch
@ -1,4 +1,4 @@
-From f901c512886ecddcda6f165e24c95de718cc0cc7 Mon Sep 17 00:00:00 2001
+From d8f51aa7d299383247213b69ec7cbb68c1fa3bc4 Mon Sep 17 00:00:00 2001
 From: Masatake YAMATO <yamato@redhat.com>
 Date: Thu, 14 Dec 2017 15:57:58 +0900
 Subject: [PATCH] sepolicy-generate: Handle more reserved port types
--- a/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
+++ b/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
@ -1,4 +1,4 @@
-From f53d7f95833fa2fbf11400e477c1fbce9ca4e0aa Mon Sep 17 00:00:00 2001
+From 8054dc44cf105b959864a1424fe857fac3ba3d73 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Wed, 18 Jul 2018 09:09:35 +0200
 Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
--- a/0010-Use-SHA-2-instead-of-SHA-1.patch
+++ b/0010-Use-SHA-2-instead-of-SHA-1.patch
@ -1,4 +1,4 @@
-From f55d88aafd92a1a2a0bcb8d03e5197a488a0c7a9 Mon Sep 17 00:00:00 2001
+From 53d085d8d6edc05886d473e412a8025b7f8d9ce4 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
@ -254,7 +254,7 @@ index 910101452625..7f2daa09191b 100644
 , и, при условии, что НЕ установлен параметр
 .B \-n
 diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
-index 15f939d1bee0..ffa76a89842d 100644
+index 19b59a2cc90d..bad9f37a9ac4 100644
 --- a/policycoreutils/setfiles/setfiles.8
 +++ b/policycoreutils/setfiles/setfiles.8
@@ -87,14 +87,14 @@ display usage information and exit.
--- a/0011-Update-python-library-and-binding-versions-to-3.4-rc.patch
+++ b/0011-Update-python-library-and-binding-versions-to-3.4-rc.patch
@ -1,27 +0,0 @@
-From 9ce501c15bf91108f768e5255d89b28c0e2b906e Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Tue, 12 Apr 2022 12:28:00 +0200
-Subject: [PATCH] Update python library and binding versions to 3.4-rc1
-Content-type: text/plain
-
-Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
- python/sepolicy/setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/python/sepolicy/setup.py b/python/sepolicy/setup.py
-index e81b6cc73380..62cf7dc47c5c 100644
--- a/python/sepolicy/setup.py
-+++ b/python/sepolicy/setup.py
-@@ -6,7 +6,7 @@ from distutils.core import setup
- 
- setup(
-     name="sepolicy",
-    version="3.3",
-+    version="3.4-rc1",
-     description="Python SELinux Policy Analyses bindings",
-     author="Daniel Walsh",
-     author_email="dwalsh@redhat.com",
-- 
-2.35.1
-
--- a/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch
+++ b/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch
@ -0,0 +1,64 @@
+From 3748b7eab7434698998edfcf613fe738cf19d5c9 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 27 Feb 2017 17:12:39 +0100
+Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
+ file_type_is_entrypoint(f)
+Content-type: text/plain
+
+- use direct queries
+- load exec_types and entry_types only once
+---
+ python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 3ae2f42b2fdf..5a434bd360ae 100755
+--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
+@@ -127,8 +127,24 @@ def gen_domains():
+     domains.sort()
+     return domains
+ 
+-types = None
+ 
+exec_types = None
+
+def _gen_exec_types():
+    global exec_types
+    if exec_types is None:
+        exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
+    return exec_types
+
+entry_types = None
+
+def _gen_entry_types():
+    global entry_types
+    if entry_types is None:
+        entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
+    return entry_types
+
+types = None
+ 
+ def _gen_types():
+     global types
+@@ -374,6 +390,8 @@ class ManPage:
+         self.all_file_types = sepolicy.get_all_file_types()
+         self.role_allows = sepolicy.get_all_role_allows()
+         self.types = _gen_types()
+        self.exec_types = _gen_exec_types()
+        self.entry_types = _gen_entry_types()
+ 
+         if self.source_files:
+             self.fcpath = self.root + "file_contexts"
+@@ -691,7 +709,7 @@ Default Defined Ports:""")
+         for f in self.all_file_types:
+             if f.startswith(self.domainname):
+                 flist.append(f)
+-                if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
+                if f not in self.exec_types or f not in self.entry_types:
+                     flist_non_exec.append(f)
+                 if f in self.fcdict:
+                     mpaths = mpaths + self.fcdict[f]["regex"]
+-- 
+2.35.1
+
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -11,10 +11,10 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 3.4
-Release: 0.rc.1%{?dist}
+Release: 0.rc2.1%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc1/selinux-3.4-rc1.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc2/selinux-3.4-rc2.tar.gz
 URL:     https://github.com/SELinuxProject/selinux
 Source13: system-config-selinux.png
 Source14: sepolicy-icons.tgz
@ -28,7 +28,7 @@ Source21: python-po.tgz
 Source22: gui-po.tgz
 Source23: sandbox-po.tgz
 # https://github.com/fedora-selinux/selinux
-# $ git format-patch -N 3.4-rc1 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
+# $ git format-patch -N 3.4-rc2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
 # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
 # Patch list start
 Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
@ -41,7 +41,7 @@ Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
 Patch0008: 0008-sepolicy-generate-Handle-more-reserved-port-types.patch
 Patch0009: 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
 Patch0010: 0010-Use-SHA-2-instead-of-SHA-1.patch
-Patch0011: 0011-Update-python-library-and-binding-versions-to-3.4-rc.patch
+Patch0011: 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch
 # Patch list end

 Obsoletes: policycoreutils < 2.0.61-2
@ -77,7 +77,7 @@ load_policy to load policies, setfiles to label filesystems, newrole
 to switch roles.

 %prep -p /usr/bin/bash
-%autosetup -n selinux-%{version}-rc1 -p 1
+%autosetup -n selinux-%{version}-rc2 -p 1

 cp %{SOURCE13} gui/
 tar -xvf %{SOURCE14} -C python/sepolicy/
@ -469,6 +469,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service

 %changelog
+* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc.1
+- SELinux userspace 3.4-rc2 release
+
 * Wed Apr 13 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc.1
 - SELinux userspace 3.4-rc1 release

--- a/2
+++ b/2
@ -2,4 +2,4 @@ SHA512 (gui-po.tgz) = 8e0855256b825eea422b8e2b82cc0decf66b902c9930840905c5ad5dda
 SHA512 (policycoreutils-po.tgz) = 66b908f7a167225bebded46f9cf92f42eb194daa2a083d48de43c2a5d33fa42724c5add0a9d029ac9d62c500f6f1c8d3bc138dd598b1fd97e609d7cc7160be72
 SHA512 (python-po.tgz) = 7f2a082b77c7b4417d5d3dac35d86dd635635a9c05a80e5f9284d03604e2f2a06ec879fb29b056d1a46d3fc448cd76e6fd25196834c18a161fd6677f2e11b2be
 SHA512 (sandbox-po.tgz) = 3d4b389b56bab1a6dddce9884dcebdefbefd1017fec6d987ac22a0705f409ed56722387aaca8fe7d9c468862136387bc703062e2b6de8fd102e13fed04ce811b
-SHA512 (selinux-3.4-rc1.tar.gz) = 06b94fe7552a65369a907bbd649a80a8f663940579e5fb0e7e0e3f41536564c2408963afa21deb6aee8aee99080e4771a89f704e4ad0e04145ee1a585f88ed56
+SHA512 (selinux-3.4-rc2.tar.gz) = 1a9cfb0622acf1c8cdfa4a85696445dd50f3cb86e509aee3a78d435798a098da62ad0af8bed217aadff9ddde21421eb90a4c54b0c548e9e7d51ed6e99d3a8b3a