When a user tried to remove a policy module with priority other than 400 via
GUI, it failed with a message:
libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
"semodule -r NAME".
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1740936
Using patches from git makes it clean which changes are included in Fedora
New workflow:
1. clone https://github.com/fedora-selinux/selinux
2. create patchset
$ git format-patch 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
3. update spec file
$ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
# deleted: restorecond-fedora.patch
See 028e473158?branch=master
commit 028e4731581214841455233a656912241a5a8b69 (HEAD -> master, origin/master)
Author: Petr Lautrbach <plautrba@redhat.com>
Date: Wed Mar 13 11:23:00 2019 +0100
Apply "generic" and "fedora" tags
Tests tagged as "generic" is supposed to be used on a generic system like Fedora
or Red Hat Enterprise Linux, while tests with "fedora" tag is for Fedora only.
Usage:
List only "generic" tests:
$ fmf show --filter "tier: 1 | component: policycoreutils & tags: generic"
List all "generic" and "fedora" tests:
$ fmf show --filter "tier: 1 | component: policycoreutils & tags: generic, fedora"
- setsebool: support use of -P on SELinux-disabled hosts
- sepolicy: initialize mislabeled_files in __init__()
- audit2allow: use local sepolgen-ifgen-attr-helper for tests
- audit2allow: allow using audit2why as non-root user
- audit2allow/sepolgen-ifgen: show errors on stderr
- audit2allow/sepolgen-ifgen: add missing \n to error message
- sepolgen: close /etc/selinux/sepolgen.conf after parsing it
- sepolicy: Make policy files sorting more robust
- semanage: Load a store policy and set the store SELinux policy root
- chcat: fix removing categories on users with Fedora default setup
- semanage: Include MCS/MLS range when exporting local customizations
- semanage: Start exporting "ibendport" and "ibpkey" entries
- semanage: do not show "None" levels when using a non-MLS policy
- sepolicy: Add sepolicy.load_store_policy(store)
- semanage: import sepolicy only when it's needed
- semanage: move valid_types initialisations to class constructors
- chcat: use check_call instead of getstatusoutput
- Use matchbox-window-manager instead of openbox
- Use ipaddress python module instead of IPy
- semanage: Fix handling of -a/-e/-d/-r options
- semanage: Use standard argparse.error() method
There is a new feature in the Standard Test Roles which allows to
use an FMF filter instead of listing all tests manually. All tier
one selinux tests are selected as well, thus extending requires.
- semanage: "semanage user" does not use -s, fix documentation
- semanage: add a missing space in ibendport help
- sepolicy: Update to work with setools-4.2.0
- Fix typo in newrole.1 manpage
- sepolgen: print all AV rules correctly
- sepolgen: fix access vector initialization
- Add xperms support to audit2allow
- semanage: Stop logging loginRecords changes
- semanage: Fix logger class definition
- semanage: Replace bare except with specific one
- semanage: fix Python syntax of catching several exceptions
- sepolgen: return NotImplemented instead of raising it
- sepolgen: fix refpolicy parsing of "permissive"
David Abdurachmanov
Petr Lautrbach
Miro Hrončok
Fedora Release Engineering
Petr Šplíchal