policycoreutils-2.9-6.fc31

- semanage: Do not use default s0 range in "semanage login -a" (#1312283)

0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch

@@ -0,0 +1,32 @@
+From e240bf9a547374dff8e7998b0bedce1d523b3dd4 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Wed, 21 Aug 2019 17:43:25 +0200
+Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem
+
+Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix
+[-B] [-F] onboot"), which broke  "fixfiles relabel":
+
+    #fixfiles relabel
+    /sbin/fixfiles: line 151: $1: unbound variable
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ policycoreutils/scripts/fixfiles | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index a9d27d13..df0042aa 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -215,7 +215,7 @@ OPTION=$1
+ shift
+ 
+ # [-B | -N time ]
+-if [ -z "$BOOTTIME" ]; then
++if [ -n "$BOOTTIME" ]; then
+ 	newer $BOOTTIME $*
+ 	return
+ fi
+-- 
+2.23.0
+

0025-gui-Fix-remove-module-in-system-config-selinux.patch

@@ -0,0 +1,38 @@
+From eed9aca2fa1b5668b9ddca10cfe96695fa7d2b9f Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 29 Aug 2019 08:58:20 +0200
+Subject: [PATCH] gui: Fix remove module in system-config-selinux
+
+When a user tried to remove a policy module with priority other than 400 via
+GUI, it failed with a message:
+
+libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
+
+This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
+"semodule -r NAME".
+
+From Jono Hein <fredwacko40@hotmail.com>
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ gui/modulesPage.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gui/modulesPage.py b/gui/modulesPage.py
+index 26ac5404..35a0129b 100644
+--- a/gui/modulesPage.py
++++ b/gui/modulesPage.py
+@@ -125,9 +125,10 @@ class modulesPage(semanagePage):
+     def delete(self):
+         store, iter = self.view.get_selection().get_selected()
+         module = store.get_value(iter, 0)
++        priority = store.get_value(iter, 1)
+         try:
+             self.wait()
+-            status, output = getstatusoutput("semodule -r %s" % module)
++            status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module))
+             self.ready()
+             if status != 0:
+                 self.error(output)
+-- 
+2.23.0
+

0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch

@@ -0,0 +1,30 @@
+From 4b1ede292c0de742b6fed12881c5916f3a6bc38b Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 3 Sep 2019 15:17:27 +0200
+Subject: [PATCH] python/semanage: Do not use default s0 range in "semanage
+ login -a"
+
+Using the "s0" default means that new login mappings are always added with "s0"
+range instead of the range of SELinux user.
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ python/semanage/semanage | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/semanage/semanage b/python/semanage/semanage
+index 4c766ae3..fa78afce 100644
+--- a/python/semanage/semanage
++++ b/python/semanage/semanage
+@@ -221,7 +221,7 @@ def parser_add_level(parser, name):
+ 
+ 
+ def parser_add_range(parser, name):
+-    parser.add_argument('-r', '--range', default="s0",
++    parser.add_argument('-r', '--range', default='',
+                         help=_('''
+ MLS/MCS Security Range (MLS/MCS Systems only)
+ SELinux Range  for SELinux login mapping
+-- 
+2.23.0
+

policycoreutils.spec

@@ -12,7 +12,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 2.9
-Release: 3%{?dist}
+Release: 6%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
@@ -61,6 +61,9 @@ Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch
 Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
 Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
 Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
+Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
+Patch0025: 0025-gui-Fix-remove-module-in-system-config-selinux.patch
+Patch0026: 0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
 
 Obsoletes: policycoreutils < 2.0.61-2
 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@@ -535,6 +538,15 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Wed Sep  4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
+- semanage: Do not use default s0 range in "semanage login -a" (#1312283)
+
+* Thu Aug 29 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-5
+- gui: Fix remove module in system-config-selinux (#1740936)
+
+* Fri Aug 23 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-4
+- fixfiles: Fix unbound variable problem
+
 * Mon Aug  5 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
 - Drop python2-policycoreutils
 - Update ru man page translations