Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
Petr Lautrbach | 1d1bd86701 | |
Petr Lautrbach | 60c1e5e012 | |
Petr Lautrbach | 97a9bfcb09 | |
Petr Lautrbach | d103886454 | |
Petr Lautrbach | da315322e8 |
|
@ -301,24 +301,3 @@ policycoreutils-2.0.83.tgz
|
|||
/selinux-python-2.9.tar.gz
|
||||
/selinux-sandbox-2.9.tar.gz
|
||||
/semodule-utils-2.9.tar.gz
|
||||
/policycoreutils-3.0-rc1.tar.gz
|
||||
/restorecond-3.0-rc1.tar.gz
|
||||
/selinux-dbus-3.0-rc1.tar.gz
|
||||
/selinux-gui-3.0-rc1.tar.gz
|
||||
/selinux-python-3.0-rc1.tar.gz
|
||||
/selinux-sandbox-3.0-rc1.tar.gz
|
||||
/semodule-utils-3.0-rc1.tar.gz
|
||||
/policycoreutils-3.0.tar.gz
|
||||
/restorecond-3.0.tar.gz
|
||||
/selinux-dbus-3.0.tar.gz
|
||||
/selinux-gui-3.0.tar.gz
|
||||
/selinux-python-3.0.tar.gz
|
||||
/selinux-sandbox-3.0.tar.gz
|
||||
/semodule-utils-3.0.tar.gz
|
||||
/policycoreutils-3.1.tar.gz
|
||||
/restorecond-3.1.tar.gz
|
||||
/selinux-dbus-3.1.tar.gz
|
||||
/selinux-gui-3.1.tar.gz
|
||||
/selinux-python-3.1.tar.gz
|
||||
/selinux-sandbox-3.1.tar.gz
|
||||
/semodule-utils-3.1.tar.gz
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 5 Mar 2019 17:38:55 +0100
|
||||
Subject: [PATCH] gui: Install polgengui.py to /usr/bin/selinux-polgengui
|
||||
|
||||
polgengui.py is a standalone gui tool which should be in /usr/bin with other
|
||||
tools.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
gui/Makefile | 2 +-
|
||||
gui/modulesPage.py | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/gui/Makefile b/gui/Makefile
|
||||
index c2f982de..b2375fbf 100644
|
||||
--- a/gui/Makefile
|
||||
+++ b/gui/Makefile
|
||||
@@ -31,7 +31,7 @@ install: all
|
||||
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
|
||||
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
|
||||
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
|
||||
- install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
|
||||
+ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
|
||||
install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
|
||||
install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
|
||||
install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
|
||||
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
|
||||
index 34c5d9e3..cb856b2d 100644
|
||||
--- a/gui/modulesPage.py
|
||||
+++ b/gui/modulesPage.py
|
||||
@@ -118,7 +118,7 @@ class modulesPage(semanagePage):
|
||||
|
||||
def new_module(self, args):
|
||||
try:
|
||||
- Popen(["/usr/share/system-config-selinux/polgengui.py"])
|
||||
+ Popen(["selinux-polgengui"])
|
||||
except ValueError as e:
|
||||
self.error(e.args[0])
|
||||
|
||||
--
|
||||
2.22.0
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
From ccd973f721c48945fc706d8fef6b396580853a9f Mon Sep 17 00:00:00 2001
|
||||
From: "W. Michael Petullo" <mike@flyn.org>
|
||||
Date: Thu, 16 Jul 2020 15:29:20 -0500
|
||||
Subject: [PATCH] python/audit2allow: add #include <limits.h> to
|
||||
sepolgen-ifgen-attr-helper.c
|
||||
|
||||
I found that building on OpenWrt/musl failed with:
|
||||
|
||||
sepolgen-ifgen-attr-helper.c:152:16: error: 'PATH_MAX' undeclared ...
|
||||
|
||||
Musl is less "generous" than glibc in recursively including header
|
||||
files, and I suspect this is the reason for this error. Explicitly
|
||||
including limits.h fixes the problem.
|
||||
|
||||
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
||||
---
|
||||
python/audit2allow/sepolgen-ifgen-attr-helper.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/python/audit2allow/sepolgen-ifgen-attr-helper.c b/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||
index 53f20818722a..f010c9584c1f 100644
|
||||
--- a/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||
+++ b/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||
@@ -28,6 +28,7 @@
|
||||
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
+#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 5 Mar 2019 17:25:00 +0100
|
||||
Subject: [PATCH] gui: Install .desktop files to /usr/share/applications by
|
||||
default
|
||||
|
||||
/usr/share/applications is a standard directory for .desktop files.
|
||||
Installation path can be changed using DESKTOPDIR variable in installation
|
||||
phase, e.g.
|
||||
|
||||
make DESKTOPDIR=/usr/local/share/applications install
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
gui/Makefile | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/gui/Makefile b/gui/Makefile
|
||||
index b2375fbf..ca965c94 100644
|
||||
--- a/gui/Makefile
|
||||
+++ b/gui/Makefile
|
||||
@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
|
||||
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
|
||||
DATADIR ?= $(PREFIX)/share
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
+DESKTOPDIR ?= $(PREFIX)/share/applications
|
||||
|
||||
TARGETS= \
|
||||
booleansPage.py \
|
||||
@@ -29,6 +30,7 @@ install: all
|
||||
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
|
||||
-mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
|
||||
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
|
||||
+ -mkdir -p $(DESTDIR)$(DESKTOPDIR)
|
||||
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
|
||||
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
|
||||
install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
|
||||
@@ -44,7 +46,7 @@ install: all
|
||||
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
|
||||
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
|
||||
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
|
||||
- install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux
|
||||
+ install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR)
|
||||
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
|
||||
install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
|
||||
for i in 16 22 32 48 256; do \
|
||||
--
|
||||
2.22.0
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
From 9e2b8c61bfd275d0f007a736721c557755edf4a0 Mon Sep 17 00:00:00 2001
|
||||
From: Laurent Bigonville <bigon@bigon.be>
|
||||
Date: Thu, 16 Jul 2020 14:22:13 +0200
|
||||
Subject: [PATCH] restorecond: Set X-GNOME-HiddenUnderSystemd=true in
|
||||
restorecond.desktop file
|
||||
|
||||
This completely inactivate the .desktop file incase the user session is
|
||||
managed by systemd as restorecond also provide a service file
|
||||
|
||||
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
|
||||
---
|
||||
restorecond/restorecond.desktop | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/restorecond/restorecond.desktop b/restorecond/restorecond.desktop
|
||||
index af7286801c24..7df854727a3f 100644
|
||||
--- a/restorecond/restorecond.desktop
|
||||
+++ b/restorecond/restorecond.desktop
|
||||
@@ -5,3 +5,4 @@ Comment=Fix file context in owned by the user
|
||||
Type=Application
|
||||
StartupNotify=false
|
||||
X-GNOME-Autostart-enabled=false
|
||||
+X-GNOME-HiddenUnderSystemd=true
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -1,136 +0,0 @@
|
|||
From ba2d6c10635a021d2b1a5fc2123fde13b04295a5 Mon Sep 17 00:00:00 2001
|
||||
From: bauen1 <j2468h@googlemail.com>
|
||||
Date: Thu, 6 Aug 2020 16:48:36 +0200
|
||||
Subject: [PATCH] fixfiles: correctly restore context of mountpoints
|
||||
|
||||
By bind mounting every filesystem we want to relabel we can access all
|
||||
files without anything hidden due to active mounts.
|
||||
|
||||
This comes at the cost of user experience, because setfiles only
|
||||
displays the percentage if no path is given or the path is /
|
||||
|
||||
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
policycoreutils/scripts/fixfiles | 29 +++++++++++++++++++++++++----
|
||||
policycoreutils/scripts/fixfiles.8 | 8 ++++++--
|
||||
2 files changed, 31 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index 5d7770348349..30dadb4f4cb6 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -112,6 +112,7 @@ FORCEFLAG=""
|
||||
RPMFILES=""
|
||||
PREFC=""
|
||||
RESTORE_MODE=""
|
||||
+BIND_MOUNT_FILESYSTEMS=""
|
||||
SETFILES=/sbin/setfiles
|
||||
RESTORECON=/sbin/restorecon
|
||||
FILESYSTEMSRW=`get_rw_labeled_mounts`
|
||||
@@ -243,7 +244,23 @@ case "$RESTORE_MODE" in
|
||||
if [ -n "${FILESYSTEMSRW}" ]; then
|
||||
LogReadOnly
|
||||
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
|
||||
- ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
|
||||
+
|
||||
+ if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then
|
||||
+ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
|
||||
+ else
|
||||
+ # we bind mount so we can fix the labels of files that have already been
|
||||
+ # mounted over
|
||||
+ for m in `echo $FILESYSTEMSRW`; do
|
||||
+ TMP_MOUNT="$(mktemp -d)"
|
||||
+ test -z ${TMP_MOUNT+x} && echo "Unable to find temporary directory!" && exit 1
|
||||
+
|
||||
+ mkdir -p "${TMP_MOUNT}${m}" || exit 1
|
||||
+ mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1
|
||||
+ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}"
|
||||
+ umount "${TMP_MOUNT}${m}" || exit 1
|
||||
+ rm -rf "${TMP_MOUNT}" || echo "Error cleaning up."
|
||||
+ done;
|
||||
+ fi
|
||||
else
|
||||
echo >&2 "fixfiles: No suitable file systems found"
|
||||
fi
|
||||
@@ -313,6 +330,7 @@ case "$1" in
|
||||
> /.autorelabel || exit $?
|
||||
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
|
||||
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
|
||||
+ [ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M" >> /.autorelabel
|
||||
# Force full relabel if SELinux is not enabled
|
||||
selinuxenabled || echo -F > /.autorelabel
|
||||
echo "System will relabel on next boot"
|
||||
@@ -324,7 +342,7 @@ esac
|
||||
}
|
||||
usage() {
|
||||
echo $"""
|
||||
-Usage: $0 [-v] [-F] [-f] relabel
|
||||
+Usage: $0 [-v] [-F] [-M] [-f] relabel
|
||||
or
|
||||
Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify }
|
||||
or
|
||||
@@ -334,7 +352,7 @@ Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify }
|
||||
or
|
||||
Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
|
||||
or
|
||||
-Usage: $0 [-F] [-B] onboot
|
||||
+Usage: $0 [-F] [-M] [-B] onboot
|
||||
"""
|
||||
}
|
||||
|
||||
@@ -353,7 +371,7 @@ set_restore_mode() {
|
||||
}
|
||||
|
||||
# See how we were called.
|
||||
-while getopts "N:BC:FfR:l:v" i; do
|
||||
+while getopts "N:BC:FfR:l:vM" i; do
|
||||
case "$i" in
|
||||
B)
|
||||
BOOTTIME=`/bin/who -b | awk '{print $3}'`
|
||||
@@ -379,6 +397,9 @@ while getopts "N:BC:FfR:l:v" i; do
|
||||
echo "Redirecting output to $OPTARG"
|
||||
exec >>"$OPTARG" 2>&1
|
||||
;;
|
||||
+ M)
|
||||
+ BIND_MOUNT_FILESYSTEMS="-M"
|
||||
+ ;;
|
||||
F)
|
||||
FORCEFLAG="-F"
|
||||
;;
|
||||
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
|
||||
index 9f447f03d444..123425308416 100644
|
||||
--- a/policycoreutils/scripts/fixfiles.8
|
||||
+++ b/policycoreutils/scripts/fixfiles.8
|
||||
@@ -6,7 +6,7 @@ fixfiles \- fix file SELinux security contexts.
|
||||
.na
|
||||
|
||||
.B fixfiles
|
||||
-.I [\-v] [\-F] [\-f] relabel
|
||||
+.I [\-v] [\-F] [-M] [\-f] relabel
|
||||
|
||||
.B fixfiles
|
||||
.I [\-v] [\-F] { check | restore | verify } dir/file ...
|
||||
@@ -21,7 +21,7 @@ fixfiles \- fix file SELinux security contexts.
|
||||
.I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT { check | restore | verify }
|
||||
|
||||
.B fixfiles
|
||||
-.I [-F] [-B] onboot
|
||||
+.I [-F] [-M] [-B] onboot
|
||||
|
||||
.ad
|
||||
|
||||
@@ -68,6 +68,10 @@ Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and
|
||||
Only act on files created after the specified date. Date must be specified in
|
||||
"YYYY\-MM\-DD HH:MM" format. Date field will be passed to find \-\-newermt command.
|
||||
|
||||
+.TP
|
||||
+.B \-M
|
||||
+Bind mount filesystems before relabeling them, this allows fixing the context of files or directories that have been mounted over.
|
||||
+
|
||||
.TP
|
||||
.B -v
|
||||
Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From ea624dcc70d93867f23b94c368b8cf102269c13b Mon Sep 17 00:00:00 2001
|
||||
From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
||||
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
||||
|
@ -9,7 +9,7 @@ Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||||
index eaa500d08143..4774528027ef 100644
|
||||
index eaa500d0..47745280 100644
|
||||
--- a/sandbox/sandboxX.sh
|
||||
+++ b/sandbox/sandboxX.sh
|
||||
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
|
||||
|
@ -22,5 +22,5 @@ index eaa500d08143..4774528027ef 100644
|
|||
cat > ~/seremote << __EOF
|
||||
#!/bin/sh
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 932c1244bc98d3a05a238f3f0b333cf8c429113b Mon Sep 17 00:00:00 2001
|
||||
From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
||||
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
||||
|
@ -9,7 +9,7 @@ Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
|
|||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 3e8a3be907e3..a1d70623cff0 100755
|
||||
index 1d367962..24e311a3 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -735,10 +735,13 @@ Default Defined Ports:""")
|
||||
|
@ -42,5 +42,5 @@ index 3e8a3be907e3..a1d70623cff0 100755
|
|||
self.fd.write(r"""
|
||||
.I The following file types are defined for %(domainname)s:
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,112 +0,0 @@
|
|||
From 9e239e55692b578ba546b4dff2b07604a2ca6baa Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Wed, 19 Aug 2020 17:05:33 +0200
|
||||
Subject: [PATCH] sepolgen: print extended permissions in hexadecimal
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
All tools like ausearch(8) or sesearch(1) and online documentation[1]
|
||||
use hexadecimal values for extended permissions.
|
||||
Hence use them, e.g. for audit2allow output, as well.
|
||||
|
||||
[1]: https://github.com/strace/strace/blob/master/linux/64/ioctls_inc.h
|
||||
|
||||
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
python/sepolgen/src/sepolgen/refpolicy.py | 5 ++---
|
||||
python/sepolgen/tests/test_access.py | 10 +++++-----
|
||||
python/sepolgen/tests/test_refpolicy.py | 12 ++++++------
|
||||
3 files changed, 13 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
|
||||
index 43cecfc77385..747636875ef7 100644
|
||||
--- a/python/sepolgen/src/sepolgen/refpolicy.py
|
||||
+++ b/python/sepolgen/src/sepolgen/refpolicy.py
|
||||
@@ -407,10 +407,9 @@ class XpermSet():
|
||||
|
||||
# print single value without braces
|
||||
if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
|
||||
- return compl + str(self.ranges[0][0])
|
||||
+ return compl + hex(self.ranges[0][0])
|
||||
|
||||
- vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
|
||||
- self.ranges)
|
||||
+ vals = map(lambda x: hex(x[0]) if x[0] == x[1] else "%s-%s" % (hex(x[0]), hex(x[1]), ), self.ranges)
|
||||
|
||||
return "%s{ %s }" % (compl, " ".join(vals))
|
||||
|
||||
diff --git a/python/sepolgen/tests/test_access.py b/python/sepolgen/tests/test_access.py
|
||||
index 73a5407df617..623588e09aeb 100644
|
||||
--- a/python/sepolgen/tests/test_access.py
|
||||
+++ b/python/sepolgen/tests/test_access.py
|
||||
@@ -171,7 +171,7 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
|
||||
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
||||
|
||||
def text_merge_xperm2(self):
|
||||
"""Test merging AV that does not contain xperms with AV that does"""
|
||||
@@ -185,7 +185,7 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
|
||||
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
||||
|
||||
def test_merge_xperm_diff_op(self):
|
||||
"""Test merging two AVs that contain xperms with different operation"""
|
||||
@@ -203,8 +203,8 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(list(a.perms), ["read"])
|
||||
self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
|
||||
- self.assertEqual(a.xperms["asdf"].to_string(), "23")
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["asdf"].to_string(), "0x17")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
||||
|
||||
def test_merge_xperm_same_op(self):
|
||||
"""Test merging two AVs that contain xperms with same operation"""
|
||||
@@ -222,7 +222,7 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(list(a.perms), ["read"])
|
||||
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x17 0x2a 0x3039 }")
|
||||
|
||||
class TestUtilFunctions(unittest.TestCase):
|
||||
def test_is_idparam(self):
|
||||
diff --git a/python/sepolgen/tests/test_refpolicy.py b/python/sepolgen/tests/test_refpolicy.py
|
||||
index 4b50c8aada96..c7219fd568e9 100644
|
||||
--- a/python/sepolgen/tests/test_refpolicy.py
|
||||
+++ b/python/sepolgen/tests/test_refpolicy.py
|
||||
@@ -90,17 +90,17 @@ class TestXpermSet(unittest.TestCase):
|
||||
a.complement = True
|
||||
self.assertEqual(a.to_string(), "")
|
||||
a.add(1234)
|
||||
- self.assertEqual(a.to_string(), "~ 1234")
|
||||
+ self.assertEqual(a.to_string(), "~ 0x4d2")
|
||||
a.complement = False
|
||||
- self.assertEqual(a.to_string(), "1234")
|
||||
+ self.assertEqual(a.to_string(), "0x4d2")
|
||||
a.add(2345)
|
||||
- self.assertEqual(a.to_string(), "{ 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }")
|
||||
a.complement = True
|
||||
- self.assertEqual(a.to_string(), "~ { 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }")
|
||||
a.add(42,64)
|
||||
- self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }")
|
||||
a.complement = False
|
||||
- self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
|
||||
|
||||
class TestSecurityContext(unittest.TestCase):
|
||||
def test_init(self):
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From ae3780eb560fa5f00a3dd591c8233c2a9068a348 Mon Sep 17 00:00:00 2001
|
||||
From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Mon, 12 May 2014 14:11:22 +0200
|
||||
Subject: [PATCH] If there is no executable we don't want to print a part of
|
||||
|
@ -9,7 +9,7 @@ Subject: [PATCH] If there is no executable we don't want to print a part of
|
|||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index a1d70623cff0..2d33eabb2536 100755
|
||||
index 24e311a3..46092be0 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
|
@ -23,5 +23,5 @@ index a1d70623cff0..2d33eabb2536 100755
|
|||
.B STANDARD FILE CONTEXT
|
||||
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,109 +0,0 @@
|
|||
From 2a60de8eca6bd91e276b60441a5dc72d85c6eda3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Wed, 19 Aug 2020 17:05:34 +0200
|
||||
Subject: [PATCH] sepolgen: sort extended rules like normal ones
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Currently:
|
||||
|
||||
#============= sshd_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t ptmx_t:chr_file ioctl;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t sshd_devpts_t:chr_file ioctl;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t user_devpts_t:chr_file ioctl;
|
||||
|
||||
#============= user_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t devtty_t:chr_file ioctl;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t user_devpts_t:chr_file ioctl;
|
||||
allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
|
||||
allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
|
||||
allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
|
||||
allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
|
||||
allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
|
||||
|
||||
Changed:
|
||||
|
||||
#============= sshd_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t ptmx_t:chr_file ioctl;
|
||||
allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t sshd_devpts_t:chr_file ioctl;
|
||||
allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t user_devpts_t:chr_file ioctl;
|
||||
allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
|
||||
|
||||
#============= user_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t devtty_t:chr_file ioctl;
|
||||
allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t user_devpts_t:chr_file ioctl;
|
||||
allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
|
||||
|
||||
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
python/sepolgen/src/sepolgen/output.py | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolgen/src/sepolgen/output.py b/python/sepolgen/src/sepolgen/output.py
|
||||
index 3a21b64c19f7..aeeaafc889e7 100644
|
||||
--- a/python/sepolgen/src/sepolgen/output.py
|
||||
+++ b/python/sepolgen/src/sepolgen/output.py
|
||||
@@ -84,7 +84,7 @@ def avrule_cmp(a, b):
|
||||
return ret
|
||||
|
||||
# At this point, who cares - just return something
|
||||
- return cmp(len(a.perms), len(b.perms))
|
||||
+ return 0
|
||||
|
||||
# Compare two interface calls
|
||||
def ifcall_cmp(a, b):
|
||||
@@ -100,7 +100,7 @@ def rule_cmp(a, b):
|
||||
else:
|
||||
return id_set_cmp([a.args[0]], b.src_types)
|
||||
else:
|
||||
- if isinstance(b, refpolicy.AVRule):
|
||||
+ if isinstance(b, refpolicy.AVRule) or isinstance(b, refpolicy.AVExtRule):
|
||||
return avrule_cmp(a,b)
|
||||
else:
|
||||
return id_set_cmp(a.src_types, [b.args[0]])
|
||||
@@ -130,6 +130,7 @@ def sort_filter(module):
|
||||
# we assume is the first argument for interfaces).
|
||||
rules = []
|
||||
rules.extend(node.avrules())
|
||||
+ rules.extend(node.avextrules())
|
||||
rules.extend(node.interface_calls())
|
||||
rules.sort(key=util.cmp_to_key(rule_cmp))
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 7d21b9f41c4d00f1e0499a64089a5e13a8f636ab Mon Sep 17 00:00:00 2001
|
||||
From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Thu, 19 Feb 2015 17:45:15 +0100
|
||||
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
||||
|
@ -11,10 +11,10 @@ Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
|||
2 files changed, 13 insertions(+), 77 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||
index e4540977d042..ad718797ca68 100644
|
||||
index 6aed31bd..88a2b8f6 100644
|
||||
--- a/python/sepolicy/sepolicy/__init__.py
|
||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||
@@ -1208,27 +1208,14 @@ def boolean_desc(boolean):
|
||||
@@ -1209,27 +1209,14 @@ def boolean_desc(boolean):
|
||||
|
||||
|
||||
def get_os_version():
|
||||
|
@ -49,7 +49,7 @@ index e4540977d042..ad718797ca68 100644
|
|||
|
||||
def reinit():
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 2d33eabb2536..acc77f368d95 100755
|
||||
index 46092be0..d60acfaf 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -149,10 +149,6 @@ def prettyprint(f, trim):
|
||||
|
@ -165,5 +165,5 @@ index 2d33eabb2536..acc77f368d95 100755
|
|||
if len(self.manpage_roles[letter]):
|
||||
fd.write("""
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
From 8bc865e1fe8f6f734b7306441ccbeec3b7c37f97 Mon Sep 17 00:00:00 2001
|
||||
From: Dominick Grift <dominick.grift@defensec.nl>
|
||||
Date: Tue, 1 Sep 2020 18:16:41 +0200
|
||||
Subject: [PATCH] newrole: support cross-compilation with PAM and audit
|
||||
|
||||
Compilation of newrole with PAM and audit support currently requires that you have the respective headers installed on the host. Instead make the header location customizable to accomodate cross-compilation.
|
||||
|
||||
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
policycoreutils/newrole/Makefile | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
|
||||
index 73ebd413da85..0e7ebce3dd56 100644
|
||||
--- a/policycoreutils/newrole/Makefile
|
||||
+++ b/policycoreutils/newrole/Makefile
|
||||
@@ -5,8 +5,9 @@ BINDIR ?= $(PREFIX)/bin
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
ETCDIR ?= /etc
|
||||
LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale
|
||||
-PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
|
||||
-AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
|
||||
+INCLUDEDIR ?= $(PREFIX)/include
|
||||
+PAMH ?= $(shell test -f $(INCLUDEDIR)/security/pam_appl.h && echo y)
|
||||
+AUDITH ?= $(shell test -f $(INCLUDEDIR)/libaudit.h && echo y)
|
||||
# Enable capabilities to permit newrole to generate audit records.
|
||||
# This will make newrole a setuid root program.
|
||||
# The capabilities used are: CAP_AUDIT_WRITE.
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From f0f030495dddb2e633403f360fdaaf6951da11ad Mon Sep 17 00:00:00 2001
|
||||
From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Fri, 20 Feb 2015 16:42:01 +0100
|
||||
Subject: [PATCH] We want to remove the trailing newline for
|
||||
|
@ -9,10 +9,10 @@ Subject: [PATCH] We want to remove the trailing newline for
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||
index ad718797ca68..ea05d892bf3b 100644
|
||||
index 88a2b8f6..0c66f4d5 100644
|
||||
--- a/python/sepolicy/sepolicy/__init__.py
|
||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||
@@ -1211,7 +1211,7 @@ def get_os_version():
|
||||
@@ -1212,7 +1212,7 @@ def get_os_version():
|
||||
system_release = ""
|
||||
try:
|
||||
with open('/etc/system-release') as f:
|
||||
|
@ -22,5 +22,5 @@ index ad718797ca68..ea05d892bf3b 100644
|
|||
system_release = "Misc"
|
||||
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 4a18939d21c06d036f1063cbfd2d0b5ae9d0010f Mon Sep 17 00:00:00 2001
|
||||
From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Fri, 20 Feb 2015 16:42:53 +0100
|
||||
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
|
||||
|
@ -8,7 +8,7 @@ Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index acc77f368d95..4aeb3e2e51ba 100755
|
||||
index d60acfaf..de8184d8 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -220,7 +220,7 @@ class HTMLManPages:
|
||||
|
@ -21,5 +21,5 @@ index acc77f368d95..4aeb3e2e51ba 100755
|
|||
<body>
|
||||
<h1>SELinux man pages for %s</h1>
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From ffe429b49874175f5ec1156e9c89e75cc67a0ddd Mon Sep 17 00:00:00 2001
|
||||
From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
||||
Subject: [PATCH] Don't be verbose if you are not on a tty
|
||||
|
@ -8,7 +8,7 @@ Subject: [PATCH] Don't be verbose if you are not on a tty
|
|||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index 30dadb4f4cb6..e73bb81c3336 100755
|
||||
index b2779581..53d28c7b 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
|
||||
|
@ -20,5 +20,5 @@ index 30dadb4f4cb6..e73bb81c3336 100755
|
|||
RPMFILES=""
|
||||
PREFC=""
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 4a337405da16857dc2a979e4b4963a6fd7b975c6 Mon Sep 17 00:00:00 2001
|
||||
From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
||||
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
||||
|
@ -11,7 +11,7 @@ Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
|||
1 file changed, 20 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 4aeb3e2e51ba..330b055af214 100755
|
||||
index de8184d8..f8a94fc0 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -125,8 +125,24 @@ def gen_domains():
|
||||
|
@ -59,5 +59,5 @@ index 4aeb3e2e51ba..330b055af214 100755
|
|||
if f in self.fcdict:
|
||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 7c315fff5e7ce74b0598b62d9aa0b21ca6b06b6d Mon Sep 17 00:00:00 2001
|
||||
From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 28 Feb 2017 21:29:46 +0100
|
||||
Subject: [PATCH] sepolicy: Another small optimization for mcs types
|
||||
|
@ -8,7 +8,7 @@ Subject: [PATCH] sepolicy: Another small optimization for mcs types
|
|||
1 file changed, 11 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 330b055af214..f8584436960d 100755
|
||||
index f8a94fc0..67d39301 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -142,6 +142,15 @@ def _gen_entry_types():
|
||||
|
@ -35,7 +35,7 @@ index 330b055af214..f8584436960d 100755
|
|||
|
||||
if self.source_files:
|
||||
self.fcpath = self.root + "file_contexts"
|
||||
@@ -944,11 +954,7 @@ All executables with the default executable label, usually stored in /usr/bin an
|
||||
@@ -944,11 +954,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
|
||||
%s""" % ", ".join(paths))
|
||||
|
||||
def _mcs_types(self):
|
||||
|
@ -49,5 +49,5 @@ index 330b055af214..f8584436960d 100755
|
|||
self.fd.write ("""
|
||||
.SH "MCS Constrained"
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From a07e9652785c6196d916dfca3d36c898959406b4 Mon Sep 17 00:00:00 2001
|
||||
From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 6 Aug 2018 13:23:00 +0200
|
||||
Subject: [PATCH] Move po/ translation files into the right sub-directories
|
||||
|
@ -35,7 +35,7 @@ See https://github.com/fedora-selinux/selinux/issues/43
|
|||
create mode 100644 sandbox/po/POTFILES
|
||||
|
||||
diff --git a/gui/Makefile b/gui/Makefile
|
||||
index ca965c942912..5a5bf6dcae19 100644
|
||||
index ca965c94..5a5bf6dc 100644
|
||||
--- a/gui/Makefile
|
||||
+++ b/gui/Makefile
|
||||
@@ -22,6 +22,7 @@ system-config-selinux.ui \
|
||||
|
@ -57,7 +57,7 @@ index ca965c942912..5a5bf6dcae19 100644
|
|||
indent:
|
||||
diff --git a/gui/po/Makefile b/gui/po/Makefile
|
||||
new file mode 100644
|
||||
index 000000000000..a0f5439f2d1c
|
||||
index 00000000..a0f5439f
|
||||
--- /dev/null
|
||||
+++ b/gui/po/Makefile
|
||||
@@ -0,0 +1,82 @@
|
||||
|
@ -145,7 +145,7 @@ index 000000000000..a0f5439f2d1c
|
|||
+relabel:
|
||||
diff --git a/gui/po/POTFILES b/gui/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..1795c5c1951b
|
||||
index 00000000..1795c5c1
|
||||
--- /dev/null
|
||||
+++ b/gui/po/POTFILES
|
||||
@@ -0,0 +1,17 @@
|
||||
|
@ -167,7 +167,7 @@ index 000000000000..1795c5c1951b
|
|||
+../system-config-selinux.ui
|
||||
+../usersPage.py
|
||||
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
|
||||
index 575e143122e6..18bc1dff8d1f 100644
|
||||
index 575e1431..18bc1dff 100644
|
||||
--- a/policycoreutils/po/Makefile
|
||||
+++ b/policycoreutils/po/Makefile
|
||||
@@ -3,7 +3,6 @@
|
||||
|
@ -267,7 +267,7 @@ index 575e143122e6..18bc1dff8d1f 100644
|
|||
for cat in $(POFILES); do \
|
||||
diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..12237dc61ee4
|
||||
index 00000000..12237dc6
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/po/POTFILES
|
||||
@@ -0,0 +1,9 @@
|
||||
|
@ -281,7 +281,7 @@ index 000000000000..12237dc61ee4
|
|||
+../setfiles/setfiles.c
|
||||
+../secon/secon.c
|
||||
diff --git a/python/Makefile b/python/Makefile
|
||||
index 9b66d52fbd4d..00312dbdb5c6 100644
|
||||
index 9b66d52f..00312dbd 100644
|
||||
--- a/python/Makefile
|
||||
+++ b/python/Makefile
|
||||
@@ -1,4 +1,4 @@
|
||||
|
@ -292,7 +292,7 @@ index 9b66d52fbd4d..00312dbdb5c6 100644
|
|||
@for subdir in $(SUBDIRS); do \
|
||||
diff --git a/python/po/Makefile b/python/po/Makefile
|
||||
new file mode 100644
|
||||
index 000000000000..4e052d5a2bd7
|
||||
index 00000000..4e052d5a
|
||||
--- /dev/null
|
||||
+++ b/python/po/Makefile
|
||||
@@ -0,0 +1,83 @@
|
||||
|
@ -381,7 +381,7 @@ index 000000000000..4e052d5a2bd7
|
|||
+relabel:
|
||||
diff --git a/python/po/POTFILES b/python/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..128eb870a69e
|
||||
index 00000000..128eb870
|
||||
--- /dev/null
|
||||
+++ b/python/po/POTFILES
|
||||
@@ -0,0 +1,10 @@
|
||||
|
@ -396,7 +396,7 @@ index 000000000000..128eb870a69e
|
|||
+../sepolicy/sepolicy/interface.py
|
||||
+../sepolicy/sepolicy.py
|
||||
diff --git a/sandbox/Makefile b/sandbox/Makefile
|
||||
index 9da5e58db9e6..b817824e2102 100644
|
||||
index 9da5e58d..b817824e 100644
|
||||
--- a/sandbox/Makefile
|
||||
+++ b/sandbox/Makefile
|
||||
@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
|
||||
|
@ -417,7 +417,7 @@ index 9da5e58db9e6..b817824e2102 100644
|
|||
@$(PYTHON) test_sandbox.py -v
|
||||
diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
|
||||
new file mode 100644
|
||||
index 000000000000..0556bbe953f0
|
||||
index 00000000..0556bbe9
|
||||
--- /dev/null
|
||||
+++ b/sandbox/po/Makefile
|
||||
@@ -0,0 +1,82 @@
|
||||
|
@ -505,11 +505,11 @@ index 000000000000..0556bbe953f0
|
|||
+relabel:
|
||||
diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..deff3f2f4656
|
||||
index 00000000..deff3f2f
|
||||
--- /dev/null
|
||||
+++ b/sandbox/po/POTFILES
|
||||
@@ -0,0 +1 @@
|
||||
+../sandbox
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From eab0fc05a38ab2cd47b3e0ff69981850cc7cd538 Mon Sep 17 00:00:00 2001
|
||||
From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 6 Aug 2018 13:37:07 +0200
|
||||
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
|
||||
|
@ -29,7 +29,7 @@ https://github.com/fedora-selinux/selinux/issues/43
|
|||
21 files changed, 21 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/gui/booleansPage.py b/gui/booleansPage.py
|
||||
index 7849bea26a06..dd12b6d6ab86 100644
|
||||
index 7849bea2..dd12b6d6 100644
|
||||
--- a/gui/booleansPage.py
|
||||
+++ b/gui/booleansPage.py
|
||||
@@ -38,7 +38,7 @@ DISABLED = 2
|
||||
|
@ -42,7 +42,7 @@ index 7849bea26a06..dd12b6d6ab86 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/domainsPage.py b/gui/domainsPage.py
|
||||
index bad5140d8c59..6bbe4de5884f 100644
|
||||
index bad5140d..6bbe4de5 100644
|
||||
--- a/gui/domainsPage.py
|
||||
+++ b/gui/domainsPage.py
|
||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
||||
|
@ -55,7 +55,7 @@ index bad5140d8c59..6bbe4de5884f 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
|
||||
index 370bbee40786..e424366da26f 100644
|
||||
index 370bbee4..e424366d 100644
|
||||
--- a/gui/fcontextPage.py
|
||||
+++ b/gui/fcontextPage.py
|
||||
@@ -47,7 +47,7 @@ class context:
|
||||
|
@ -68,7 +68,7 @@ index 370bbee40786..e424366da26f 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/loginsPage.py b/gui/loginsPage.py
|
||||
index b67eb8bc42af..cbfb0cc23f65 100644
|
||||
index b67eb8bc..cbfb0cc2 100644
|
||||
--- a/gui/loginsPage.py
|
||||
+++ b/gui/loginsPage.py
|
||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
||||
|
@ -81,7 +81,7 @@ index b67eb8bc42af..cbfb0cc23f65 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
|
||||
index 0584acf9b3a4..35a0129bab9c 100644
|
||||
index cb856b2d..26ac5404 100644
|
||||
--- a/gui/modulesPage.py
|
||||
+++ b/gui/modulesPage.py
|
||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
||||
|
@ -94,7 +94,7 @@ index 0584acf9b3a4..35a0129bab9c 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/polgengui.py b/gui/polgengui.py
|
||||
index d284ded65279..01f541bafae8 100644
|
||||
index b1cc9937..46a1bd2c 100644
|
||||
--- a/gui/polgengui.py
|
||||
+++ b/gui/polgengui.py
|
||||
@@ -63,7 +63,7 @@ def get_all_modules():
|
||||
|
@ -107,7 +107,7 @@ index d284ded65279..01f541bafae8 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/portsPage.py b/gui/portsPage.py
|
||||
index 30f58383bc1d..a537ecc8c0a1 100644
|
||||
index 30f58383..a537ecc8 100644
|
||||
--- a/gui/portsPage.py
|
||||
+++ b/gui/portsPage.py
|
||||
@@ -35,7 +35,7 @@ from semanagePage import *
|
||||
|
@ -120,7 +120,7 @@ index 30f58383bc1d..a537ecc8c0a1 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/semanagePage.py b/gui/semanagePage.py
|
||||
index 4127804fbbee..5361d69c1313 100644
|
||||
index 4127804f..5361d69c 100644
|
||||
--- a/gui/semanagePage.py
|
||||
+++ b/gui/semanagePage.py
|
||||
@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
|
||||
|
@ -133,7 +133,7 @@ index 4127804fbbee..5361d69c1313 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/statusPage.py b/gui/statusPage.py
|
||||
index 766854b19cba..a8f079b9b163 100644
|
||||
index 766854b1..a8f079b9 100644
|
||||
--- a/gui/statusPage.py
|
||||
+++ b/gui/statusPage.py
|
||||
@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
|
||||
|
@ -146,7 +146,7 @@ index 766854b19cba..a8f079b9b163 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
|
||||
index 3f70122b87e8..8c46c987b974 100644
|
||||
index c42301b6..1e0d5eb1 100644
|
||||
--- a/gui/system-config-selinux.py
|
||||
+++ b/gui/system-config-selinux.py
|
||||
@@ -45,7 +45,7 @@ import selinux
|
||||
|
@ -159,7 +159,7 @@ index 3f70122b87e8..8c46c987b974 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/usersPage.py b/gui/usersPage.py
|
||||
index 26794ed5c3f3..d15d4c5a71dd 100644
|
||||
index 26794ed5..d15d4c5a 100644
|
||||
--- a/gui/usersPage.py
|
||||
+++ b/gui/usersPage.py
|
||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
||||
|
@ -172,7 +172,7 @@ index 26794ed5c3f3..d15d4c5a71dd 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/chcat/chcat b/python/chcat/chcat
|
||||
index fdd2e46ee3f9..839ddd3b54b6 100755
|
||||
index ba398684..df2509f2 100755
|
||||
--- a/python/chcat/chcat
|
||||
+++ b/python/chcat/chcat
|
||||
@@ -30,7 +30,7 @@ import getopt
|
||||
|
@ -185,7 +185,7 @@ index fdd2e46ee3f9..839ddd3b54b6 100755
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||
index b2fabea67a87..3cc30a160a74 100644
|
||||
index 144cc000..56db3e0d 100644
|
||||
--- a/python/semanage/semanage
|
||||
+++ b/python/semanage/semanage
|
||||
@@ -27,7 +27,7 @@ import traceback
|
||||
|
@ -198,7 +198,7 @@ index b2fabea67a87..3cc30a160a74 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||
index 6a14f7b47dd5..b51a7e3e7ca3 100644
|
||||
index 13fdf531..b90b1070 100644
|
||||
--- a/python/semanage/seobject.py
|
||||
+++ b/python/semanage/seobject.py
|
||||
@@ -29,7 +29,7 @@ import sys
|
||||
|
@ -209,9 +209,9 @@ index 6a14f7b47dd5..b51a7e3e7ca3 100644
|
|||
+PROGNAME = "selinux-python"
|
||||
import sepolicy
|
||||
import setools
|
||||
import ipaddress
|
||||
from IPy import IP
|
||||
diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
||||
index 998c4356415c..56ebd807c69c 100644
|
||||
index 998c4356..56ebd807 100644
|
||||
--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
||||
+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
||||
@@ -19,7 +19,7 @@
|
||||
|
@ -224,11 +224,11 @@ index 998c4356415c..56ebd807c69c 100644
|
|||
except:
|
||||
def _(str):
|
||||
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
|
||||
index 7b2230651099..32956e58f52e 100755
|
||||
index 1934cd86..8bd6a579 100755
|
||||
--- a/python/sepolicy/sepolicy.py
|
||||
+++ b/python/sepolicy/sepolicy.py
|
||||
@@ -28,7 +28,7 @@ import sepolicy
|
||||
from multiprocessing import Pool
|
||||
@@ -27,7 +27,7 @@ import selinux
|
||||
import sepolicy
|
||||
from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
|
||||
import argparse
|
||||
-PROGNAME = "policycoreutils"
|
||||
|
@ -237,7 +237,7 @@ index 7b2230651099..32956e58f52e 100755
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||
index ea05d892bf3b..9a9c2ae9f237 100644
|
||||
index 0c66f4d5..b6ca57c3 100644
|
||||
--- a/python/sepolicy/sepolicy/__init__.py
|
||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||
@@ -13,7 +13,7 @@ import os
|
||||
|
@ -250,10 +250,10 @@ index ea05d892bf3b..9a9c2ae9f237 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||
index 4e1ed4e9dc31..43180ca6fda4 100644
|
||||
index 019e7836..7175d36b 100644
|
||||
--- a/python/sepolicy/sepolicy/generate.py
|
||||
+++ b/python/sepolicy/sepolicy/generate.py
|
||||
@@ -48,7 +48,7 @@ import sepolgen.defaults as defaults
|
||||
@@ -49,7 +49,7 @@ import sepolgen.defaults as defaults
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
|
@ -263,7 +263,7 @@ index 4e1ed4e9dc31..43180ca6fda4 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
|
||||
index 1e86422b864a..c9ca158ddd09 100644
|
||||
index 00fd7a11..805cee67 100644
|
||||
--- a/python/sepolicy/sepolicy/gui.py
|
||||
+++ b/python/sepolicy/sepolicy/gui.py
|
||||
@@ -41,7 +41,7 @@ import os
|
||||
|
@ -276,7 +276,7 @@ index 1e86422b864a..c9ca158ddd09 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
|
||||
index bdffb770f364..9d40aea1498d 100644
|
||||
index 583091ae..e2b8d23b 100644
|
||||
--- a/python/sepolicy/sepolicy/interface.py
|
||||
+++ b/python/sepolicy/sepolicy/interface.py
|
||||
@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
|
||||
|
@ -289,7 +289,7 @@ index bdffb770f364..9d40aea1498d 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||
index ca5f1e030a51..16c43b51eaaa 100644
|
||||
index 1dec07ac..a12403b3 100644
|
||||
--- a/sandbox/sandbox
|
||||
+++ b/sandbox/sandbox
|
||||
@@ -37,7 +37,7 @@ import sepolicy
|
||||
|
@ -302,5 +302,5 @@ index ca5f1e030a51..16c43b51eaaa 100644
|
|||
import gettext
|
||||
kwargs = {}
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From ffca591cb3055c4962cdc968662bd52bb876e640 Mon Sep 17 00:00:00 2001
|
||||
From c8c59758d2fb7f6cbe368c9ff8f356ea7acebb4b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 6 Aug 2018 14:23:19 +0200
|
||||
Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/
|
||||
|
@ -15,7 +15,7 @@ https://github.com/fedora-selinux/selinux/issues/43
|
|||
|
||||
diff --git a/gui/po/gui.pot b/gui/po/gui.pot
|
||||
new file mode 100644
|
||||
index 000000000000..1663b4caa7c3
|
||||
index 00000000..1663b4ca
|
||||
--- /dev/null
|
||||
+++ b/gui/po/gui.pot
|
||||
@@ -0,0 +1,964 @@
|
||||
|
@ -985,7 +985,7 @@ index 000000000000..1663b4caa7c3
|
|||
+msgstr ""
|
||||
diff --git a/python/po/python.pot b/python/po/python.pot
|
||||
new file mode 100644
|
||||
index 000000000000..a279b0e8d540
|
||||
index 00000000..a279b0e8
|
||||
--- /dev/null
|
||||
+++ b/python/po/python.pot
|
||||
@@ -0,0 +1,3375 @@
|
||||
|
@ -4366,7 +4366,7 @@ index 000000000000..a279b0e8d540
|
|||
+msgstr ""
|
||||
diff --git a/sandbox/po/sandbox.pot b/sandbox/po/sandbox.pot
|
||||
new file mode 100644
|
||||
index 000000000000..328b4f0159d3
|
||||
index 00000000..328b4f01
|
||||
--- /dev/null
|
||||
+++ b/sandbox/po/sandbox.pot
|
||||
@@ -0,0 +1,157 @@
|
||||
|
@ -4528,5 +4528,5 @@ index 000000000000..328b4f0159d3
|
|||
+msgid "Invalid value %s"
|
||||
+msgstr ""
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 4277ef04de699e1939c95c4813de6a78d1ea1656 Mon Sep 17 00:00:00 2001
|
||||
From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 21 Mar 2018 08:51:31 +0100
|
||||
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
|
||||
|
@ -13,10 +13,10 @@ Resolves: rhbz#1271327
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||
index e328a5628682..02e0960289d3 100644
|
||||
index ccaaf4de..a8a76c86 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.8
|
||||
+++ b/policycoreutils/setfiles/setfiles.8
|
||||
@@ -58,7 +58,7 @@ check the validity of the contexts against the specified binary policy.
|
||||
@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
|
||||
.TP
|
||||
.B \-d
|
||||
show what specification matched each file (do not abort validation
|
||||
|
@ -26,5 +26,5 @@ index e328a5628682..02e0960289d3 100644
|
|||
.BI \-e \ directory
|
||||
directory to exclude (repeat option for more than one directory).
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From fa94b0faf12a79158d971f363e8ec65227d67de3 Mon Sep 17 00:00:00 2001
|
||||
From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001
|
||||
From: Masatake YAMATO <yamato@redhat.com>
|
||||
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
||||
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
||||
|
@ -52,10 +52,10 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha
|
|||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||
index 43180ca6fda4..d60a08e1d72c 100644
|
||||
index 7175d36b..93caedee 100644
|
||||
--- a/python/sepolicy/sepolicy/generate.py
|
||||
+++ b/python/sepolicy/sepolicy/generate.py
|
||||
@@ -99,7 +99,9 @@ def get_all_ports():
|
||||
@@ -100,7 +100,9 @@ def get_all_ports():
|
||||
for p in sepolicy.info(sepolicy.PORT):
|
||||
if p['type'] == "reserved_port_t" or \
|
||||
p['type'] == "port_t" or \
|
||||
|
@ -67,5 +67,5 @@ index 43180ca6fda4..d60a08e1d72c 100644
|
|||
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
||||
return dict
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 122e35c4d11b5b623e8bc463f81c6792385523cb Mon Sep 17 00:00:00 2001
|
||||
From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 8 Nov 2018 09:20:58 +0100
|
||||
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
|
||||
|
@ -8,7 +8,7 @@ Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
|
|||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
|
||||
index 3515234e36de..7b75b3fd9bb4 100644
|
||||
index 3515234e..7b75b3fd 100644
|
||||
--- a/semodule-utils/semodule_package/semodule_package.c
|
||||
+++ b/semodule-utils/semodule_package/semodule_package.c
|
||||
@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
|
||||
|
@ -20,5 +20,5 @@ index 3515234e36de..7b75b3fd9bb4 100644
|
|||
}
|
||||
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From e63814eb18bdbb48a7e6bf79b17d79d6a9ca56d6 Mon Sep 17 00:00:00 2001
|
||||
From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
||||
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
||||
|
@ -10,7 +10,7 @@ Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
|||
3 files changed, 3 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||
index 16c43b51eaaa..7709a6585665 100644
|
||||
index a12403b3..707959a6 100644
|
||||
--- a/sandbox/sandbox
|
||||
+++ b/sandbox/sandbox
|
||||
@@ -268,7 +268,7 @@ class Sandbox:
|
||||
|
@ -32,7 +32,7 @@ index 16c43b51eaaa..7709a6585665 100644
|
|||
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
|
||||
index d83fee76f335..90ef4951c8c2 100644
|
||||
index d83fee76..90ef4951 100644
|
||||
--- a/sandbox/sandbox.8
|
||||
+++ b/sandbox/sandbox.8
|
||||
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
||||
|
@ -45,7 +45,7 @@ index d83fee76f335..90ef4951c8c2 100644
|
|||
\fB\-X\fR
|
||||
Create an X based Sandbox for gui apps, temporary files for
|
||||
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||||
index 4774528027ef..c211ebc14549 100644
|
||||
index 47745280..c211ebc1 100644
|
||||
--- a/sandbox/sandboxX.sh
|
||||
+++ b/sandbox/sandboxX.sh
|
||||
@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
|
||||
|
@ -70,5 +70,5 @@ index 4774528027ef..c211ebc14549 100644
|
|||
export DISPLAY=:$D
|
||||
cat > ~/seremote << __EOF
|
||||
--
|
||||
2.29.0
|
||||
2.22.0
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 3 Dec 2018 14:40:09 +0100
|
||||
Subject: [PATCH] python: Use ipaddress instead of IPy
|
||||
|
||||
ipaddress module was added in python 3.3 and this allows us to drop python3-IPy
|
||||
---
|
||||
python/semanage/seobject.py | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||
index b90b1070..58497e3b 100644
|
||||
--- a/python/semanage/seobject.py
|
||||
+++ b/python/semanage/seobject.py
|
||||
@@ -32,7 +32,7 @@ from semanage import *
|
||||
PROGNAME = "selinux-python"
|
||||
import sepolicy
|
||||
import setools
|
||||
-from IPy import IP
|
||||
+import ipaddress
|
||||
|
||||
try:
|
||||
import gettext
|
||||
@@ -1851,13 +1851,13 @@ class nodeRecords(semanageRecords):
|
||||
|
||||
# verify valid comination
|
||||
if len(mask) == 0 or mask[0] == "/":
|
||||
- i = IP(addr + mask)
|
||||
- newaddr = i.strNormal(0)
|
||||
- newmask = str(i.netmask())
|
||||
- if newmask == "0.0.0.0" and i.version() == 6:
|
||||
+ i = ipaddress.ip_network(addr + mask)
|
||||
+ newaddr = str(i.network_address)
|
||||
+ newmask = str(i.netmask)
|
||||
+ if newmask == "0.0.0.0" and i.version == 6:
|
||||
newmask = "::"
|
||||
|
||||
- protocol = "ipv%d" % i.version()
|
||||
+ protocol = "ipv%d" % i.version
|
||||
|
||||
try:
|
||||
newprotocol = self.protocol.index(protocol)
|
||||
--
|
||||
2.22.0
|
||||
|
|
@ -0,0 +1,93 @@
|
|||
From e9b08da87ed222059c1f1f0c0de7cc760f485552 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 4 Apr 2019 23:02:56 +0200
|
||||
Subject: [PATCH] python/semanage: Do not traceback when the default policy is
|
||||
not available
|
||||
|
||||
"import seobject" causes "import sepolicy" which crashes when the system policy
|
||||
is not available. It's better to provide an error message instead.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
python/semanage/semanage | 37 +++++++++++++++++++++----------------
|
||||
1 file changed, 21 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||
index 56db3e0d..4c766ae3 100644
|
||||
--- a/python/semanage/semanage
|
||||
+++ b/python/semanage/semanage
|
||||
@@ -25,7 +25,6 @@
|
||||
|
||||
import traceback
|
||||
import argparse
|
||||
-import seobject
|
||||
import sys
|
||||
PROGNAME = "selinux-python"
|
||||
try:
|
||||
@@ -129,21 +128,6 @@ class SetImportFile(argparse.Action):
|
||||
sys.exit(1)
|
||||
setattr(namespace, self.dest, values)
|
||||
|
||||
-# define dictonary for seobject OBEJCTS
|
||||
-object_dict = {
|
||||
- 'login': seobject.loginRecords,
|
||||
- 'user': seobject.seluserRecords,
|
||||
- 'port': seobject.portRecords,
|
||||
- 'module': seobject.moduleRecords,
|
||||
- 'interface': seobject.interfaceRecords,
|
||||
- 'node': seobject.nodeRecords,
|
||||
- 'fcontext': seobject.fcontextRecords,
|
||||
- 'boolean': seobject.booleanRecords,
|
||||
- 'permissive': seobject.permissiveRecords,
|
||||
- 'dontaudit': seobject.dontauditClass,
|
||||
- 'ibpkey': seobject.ibpkeyRecords,
|
||||
- 'ibendport': seobject.ibendportRecords
|
||||
-}
|
||||
|
||||
def generate_custom_usage(usage_text, usage_dict):
|
||||
# generate custom usage from given text and dictonary
|
||||
@@ -608,6 +592,7 @@ def setupInterfaceParser(subparsers):
|
||||
|
||||
|
||||
def handleModule(args):
|
||||
+ import seobject
|
||||
OBJECT = seobject.moduleRecords(args)
|
||||
if args.action_add:
|
||||
OBJECT.add(args.action_add[0], args.priority)
|
||||
@@ -846,6 +831,7 @@ def mkargv(line):
|
||||
|
||||
|
||||
def handleImport(args):
|
||||
+ import seobject
|
||||
trans = seobject.semanageRecords(args)
|
||||
trans.start()
|
||||
|
||||
@@ -887,6 +873,25 @@ def createCommandParser():
|
||||
#To add a new subcommand define the parser for it in a function above and call it here.
|
||||
subparsers = commandParser.add_subparsers(dest='subcommand')
|
||||
subparsers.required = True
|
||||
+
|
||||
+ import seobject
|
||||
+ # define dictonary for seobject OBEJCTS
|
||||
+ global object_dict
|
||||
+ object_dict = {
|
||||
+ 'login': seobject.loginRecords,
|
||||
+ 'user': seobject.seluserRecords,
|
||||
+ 'port': seobject.portRecords,
|
||||
+ 'module': seobject.moduleRecords,
|
||||
+ 'interface': seobject.interfaceRecords,
|
||||
+ 'node': seobject.nodeRecords,
|
||||
+ 'fcontext': seobject.fcontextRecords,
|
||||
+ 'boolean': seobject.booleanRecords,
|
||||
+ 'permissive': seobject.permissiveRecords,
|
||||
+ 'dontaudit': seobject.dontauditClass,
|
||||
+ 'ibpkey': seobject.ibpkeyRecords,
|
||||
+ 'ibendport': seobject.ibendportRecords
|
||||
+ }
|
||||
+
|
||||
setupImportParser(subparsers)
|
||||
setupExportParser(subparsers)
|
||||
setupLoginParser(subparsers)
|
||||
--
|
||||
2.22.0
|
||||
|
|
@ -0,0 +1,108 @@
|
|||
From d3f8b2c3cd9e044aba909f63a2ca78f53db11fe0 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 2 Jul 2019 17:11:32 +0200
|
||||
Subject: [PATCH] policycoreutils/fixfiles: Fix [-B] [-F] onboot
|
||||
|
||||
Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel"
|
||||
command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes
|
||||
`fixfiles -B onboot` to show usage instead of updating /.autorelabel
|
||||
|
||||
The code is restructured to handle -B for different modes correctly.
|
||||
|
||||
Fixes:
|
||||
# fixfiles -B onboot
|
||||
Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel
|
||||
...
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
policycoreutils/scripts/fixfiles | 29 +++++++++++++++--------------
|
||||
1 file changed, 15 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index 53d28c7b..9dd44213 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -112,7 +112,7 @@ VERBOSE="-p"
|
||||
FORCEFLAG=""
|
||||
RPMFILES=""
|
||||
PREFC=""
|
||||
-RESTORE_MODE="DEFAULT"
|
||||
+RESTORE_MODE=""
|
||||
SETFILES=/sbin/setfiles
|
||||
RESTORECON=/sbin/restorecon
|
||||
FILESYSTEMSRW=`get_rw_labeled_mounts`
|
||||
@@ -214,16 +214,17 @@ restore () {
|
||||
OPTION=$1
|
||||
shift
|
||||
|
||||
-case "$RESTORE_MODE" in
|
||||
- PREFC)
|
||||
- diff_filecontext $*
|
||||
- return
|
||||
- ;;
|
||||
- BOOTTIME)
|
||||
+# [-B | -N time ]
|
||||
+if [ -z "$BOOTTIME" ]; then
|
||||
newer $BOOTTIME $*
|
||||
return
|
||||
- ;;
|
||||
-esac
|
||||
+fi
|
||||
+
|
||||
+# -C PREVIOUS_FILECONTEXT
|
||||
+if [ "$RESTORE_MODE" == PREFC ]; then
|
||||
+ diff_filecontext $*
|
||||
+ return
|
||||
+fi
|
||||
|
||||
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
|
||||
|
||||
@@ -239,7 +240,7 @@ case "$RESTORE_MODE" in
|
||||
FILEPATH)
|
||||
${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
|
||||
;;
|
||||
- DEFAULT)
|
||||
+ *)
|
||||
if [ -n "${FILESYSTEMSRW}" ]; then
|
||||
LogReadOnly
|
||||
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
|
||||
@@ -272,7 +273,7 @@ fullrelabel() {
|
||||
|
||||
|
||||
relabel() {
|
||||
- if [ "$RESTORE_MODE" != DEFAULT ]; then
|
||||
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
@@ -306,7 +307,7 @@ case "$1" in
|
||||
verify) restore Verify -n;;
|
||||
relabel) relabel;;
|
||||
onboot)
|
||||
- if [ "$RESTORE_MODE" != DEFAULT ]; then
|
||||
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
@@ -344,7 +345,7 @@ if [ $# -eq 0 ]; then
|
||||
fi
|
||||
|
||||
set_restore_mode() {
|
||||
- if [ "$RESTORE_MODE" != DEFAULT ]; then
|
||||
+ if [ -n "$RESTORE_MODE" ]; then
|
||||
# can't specify two different modes
|
||||
usage
|
||||
exit 1
|
||||
@@ -357,7 +358,7 @@ while getopts "N:BC:FfR:l:v" i; do
|
||||
case "$i" in
|
||||
B)
|
||||
BOOTTIME=`/bin/who -b | awk '{print $3}'`
|
||||
- set_restore_mode BOOTTIME
|
||||
+ set_restore_mode DEFAULT
|
||||
;;
|
||||
N)
|
||||
BOOTTIME=$OPTARG
|
||||
--
|
||||
2.22.0
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
From 105eeda97b0f35773bc32222d0802de4d0b5a8e9 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 2 Jul 2019 17:12:07 +0200
|
||||
Subject: [PATCH] policycoreutils/fixfiles: Force full relabel when SELinux is
|
||||
disabled
|
||||
|
||||
The previous check used getfilecon to check whether / slash contains a label,
|
||||
but getfilecon fails only when SELinux is disabled. Therefore it's better to
|
||||
check this using selinuxenabled.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
policycoreutils/scripts/fixfiles | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index 9dd44213..a9d27d13 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -314,8 +314,8 @@ case "$1" in
|
||||
> /.autorelabel || exit $?
|
||||
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
|
||||
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
|
||||
- # Force full relabel if / does not have a label on it
|
||||
- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
|
||||
+ # Force full relabel if SELinux is not enabled
|
||||
+ selinuxenabled || echo -F > /.autorelabel
|
||||
echo "System will relabel on next boot"
|
||||
;;
|
||||
*)
|
||||
--
|
||||
2.22.0
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
From b1f380c75f8a4ea7a4062d3735d190a1dcbc3aaa Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Tue, 28 Jul 2020 14:37:13 +0200
|
||||
Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code
|
||||
|
||||
Fixes:
|
||||
$ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
|
||||
Analyzing 187 Python scripts
|
||||
./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
|
||||
./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:774:17: E117 over-indented
|
||||
./python/sepolicy/build/lib/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
|
||||
./python/sepolicy/build/lib/sepolicy/manpage.py:774:17: E117 over-indented
|
||||
./python/sepolicy/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
|
||||
./python/sepolicy/sepolicy/manpage.py:774:17: E117 over-indented
|
||||
The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index f8584436960d..6a3e08fca58c 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -717,7 +717,7 @@ Default Defined Ports:""")
|
||||
for f in self.all_file_types:
|
||||
if f.startswith(self.domainname):
|
||||
flist.append(f)
|
||||
- if not f in self.exec_types or not f in self.entry_types:
|
||||
+ if f not in self.exec_types or f not in self.entry_types:
|
||||
flist_non_exec.append(f)
|
||||
if f in self.fcdict:
|
||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
@@ -771,7 +771,7 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
||||
|
||||
if flist_non_exec:
|
||||
- self.fd.write(r"""
|
||||
+ self.fd.write(r"""
|
||||
.PP
|
||||
.B STANDARD FILE CONTEXT
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
From e240bf9a547374dff8e7998b0bedce1d523b3dd4 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 21 Aug 2019 17:43:25 +0200
|
||||
Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem
|
||||
|
||||
Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix
|
||||
[-B] [-F] onboot"), which broke "fixfiles relabel":
|
||||
|
||||
#fixfiles relabel
|
||||
/sbin/fixfiles: line 151: $1: unbound variable
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
policycoreutils/scripts/fixfiles | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index a9d27d13..df0042aa 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -215,7 +215,7 @@ OPTION=$1
|
||||
shift
|
||||
|
||||
# [-B | -N time ]
|
||||
-if [ -z "$BOOTTIME" ]; then
|
||||
+if [ -n "$BOOTTIME" ]; then
|
||||
newer $BOOTTIME $*
|
||||
return
|
||||
fi
|
||||
--
|
||||
2.23.0
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Wed, 11 Nov 2020 17:23:40 +0100
|
||||
Subject: [PATCH] selinux_config(5): add a note that runtime disable is
|
||||
deprecated
|
||||
|
||||
...and refer to selinux(8), which explains it further.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
policycoreutils/man/man5/selinux_config.5 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
|
||||
index 1ffade150128..58b42a0e234d 100644
|
||||
--- a/policycoreutils/man/man5/selinux_config.5
|
||||
+++ b/policycoreutils/man/man5/selinux_config.5
|
||||
@@ -48,7 +48,7 @@ SELinux security policy is enforced.
|
||||
.IP \fIpermissive\fR 4
|
||||
SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
|
||||
.IP \fIdisabled\fR
|
||||
-SELinux is disabled and no policy is loaded.
|
||||
+No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprecated. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
|
||||
.RE
|
||||
.sp
|
||||
The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
|
||||
--
|
||||
2.29.2
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From eed9aca2fa1b5668b9ddca10cfe96695fa7d2b9f Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 29 Aug 2019 08:58:20 +0200
|
||||
Subject: [PATCH] gui: Fix remove module in system-config-selinux
|
||||
|
||||
When a user tried to remove a policy module with priority other than 400 via
|
||||
GUI, it failed with a message:
|
||||
|
||||
libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
|
||||
|
||||
This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
|
||||
"semodule -r NAME".
|
||||
|
||||
From Jono Hein <fredwacko40@hotmail.com>
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
gui/modulesPage.py | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
|
||||
index 26ac5404..35a0129b 100644
|
||||
--- a/gui/modulesPage.py
|
||||
+++ b/gui/modulesPage.py
|
||||
@@ -125,9 +125,10 @@ class modulesPage(semanagePage):
|
||||
def delete(self):
|
||||
store, iter = self.view.get_selection().get_selected()
|
||||
module = store.get_value(iter, 0)
|
||||
+ priority = store.get_value(iter, 1)
|
||||
try:
|
||||
self.wait()
|
||||
- status, output = getstatusoutput("semodule -r %s" % module)
|
||||
+ status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module))
|
||||
self.ready()
|
||||
if status != 0:
|
||||
self.error(output)
|
||||
--
|
||||
2.23.0
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
|
||||
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
||||
Date: Fri, 30 Oct 2020 22:53:09 +0100
|
||||
Subject: [PATCH] python/sepolicy: allow to override manpage date
|
||||
|
||||
in order to make builds reproducible.
|
||||
See https://reproducible-builds.org/ for why this is good
|
||||
and https://reproducible-builds.org/specs/source-date-epoch/
|
||||
for the definition of this variable.
|
||||
|
||||
This patch was done while working on reproducible builds for openSUSE.
|
||||
|
||||
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 6a3e08fca58c..c013c0d48502 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -39,6 +39,8 @@ typealias_types = {
|
||||
equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
|
||||
|
||||
equiv_dirs = ["/var"]
|
||||
+man_date = time.strftime("%y-%m-%d", time.gmtime(
|
||||
+ int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
|
||||
modules_dict = None
|
||||
|
||||
|
||||
@@ -546,7 +548,7 @@ class ManPage:
|
||||
|
||||
def _typealias(self,typealias):
|
||||
self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
|
||||
- % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
|
||||
+ % {'typealias':typealias, 'date': man_date})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
|
||||
@@ -565,7 +567,7 @@ man page for more details.
|
||||
|
||||
def _header(self):
|
||||
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||
- % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||
+ % {'domainname': self.domainname, 'date': man_date})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
|
||||
--
|
||||
2.29.2
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 4b1ede292c0de742b6fed12881c5916f3a6bc38b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 3 Sep 2019 15:17:27 +0200
|
||||
Subject: [PATCH] python/semanage: Do not use default s0 range in "semanage
|
||||
login -a"
|
||||
|
||||
Using the "s0" default means that new login mappings are always added with "s0"
|
||||
range instead of the range of SELinux user.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
python/semanage/semanage | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||
index 4c766ae3..fa78afce 100644
|
||||
--- a/python/semanage/semanage
|
||||
+++ b/python/semanage/semanage
|
||||
@@ -221,7 +221,7 @@ def parser_add_level(parser, name):
|
||||
|
||||
|
||||
def parser_add_range(parser, name):
|
||||
- parser.add_argument('-r', '--range', default="s0",
|
||||
+ parser.add_argument('-r', '--range', default='',
|
||||
help=_('''
|
||||
MLS/MCS Security Range (MLS/MCS Systems only)
|
||||
SELinux Range for SELinux login mapping
|
||||
--
|
||||
2.23.0
|
||||
|
16
gating.yaml
16
gating.yaml
|
@ -1,16 +0,0 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
|
@ -1,7 +1,8 @@
|
|||
%global libauditver 3.0
|
||||
%global libsepolver 3.1-5
|
||||
%global libsemanagever 3.1-5
|
||||
%global libselinuxver 3.1-5
|
||||
%global libsepolver 2.9-1
|
||||
%global libsemanagever 2.9-1
|
||||
%global libselinuxver 2.9-1
|
||||
%global sepolgenver 2.9
|
||||
|
||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||
|
||||
|
@ -10,17 +11,17 @@
|
|||
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 3.1
|
||||
Release: 8%{?dist}
|
||||
Version: 2.9
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
|
||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-python-3.1.tar.gz
|
||||
Source2: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-gui-3.1.tar.gz
|
||||
Source3: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-sandbox-3.1.tar.gz
|
||||
Source4: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-dbus-3.1.tar.gz
|
||||
Source5: https://github.com/SELinuxProject/selinux/releases/download/20200710/semodule-utils-3.1.tar.gz
|
||||
Source6: https://github.com/SELinuxProject/selinux/releases/download/20200710/restorecond-3.1.tar.gz
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
|
||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz
|
||||
Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz
|
||||
Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz
|
||||
Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz
|
||||
Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz
|
||||
Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz
|
||||
URL: https://github.com/SELinuxProject/selinux
|
||||
Source13: system-config-selinux.png
|
||||
Source14: sepolicy-icons.tgz
|
||||
|
@ -34,35 +35,35 @@ Source21: python-po.tgz
|
|||
Source22: gui-po.tgz
|
||||
Source23: sandbox-po.tgz
|
||||
# https://github.com/fedora-selinux/selinux
|
||||
# $ git format-patch -N 20200710 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
||||
# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
||||
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
||||
# Patch list start
|
||||
Patch0001: 0001-python-audit2allow-add-include-limits.h-to-sepolgen-.patch
|
||||
Patch0002: 0002-restorecond-Set-X-GNOME-HiddenUnderSystemd-true-in-r.patch
|
||||
Patch0003: 0003-fixfiles-correctly-restore-context-of-mountpoints.patch
|
||||
Patch0004: 0004-sepolgen-print-extended-permissions-in-hexadecimal.patch
|
||||
Patch0005: 0005-sepolgen-sort-extended-rules-like-normal-ones.patch
|
||||
Patch0006: 0006-newrole-support-cross-compilation-with-PAM-and-audit.patch
|
||||
Patch0007: 0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
||||
Patch0008: 0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
||||
Patch0009: 0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
||||
Patch0010: 0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
||||
Patch0011: 0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
||||
Patch0012: 0012-Fix-title-in-manpage.py-to-not-contain-online.patch
|
||||
Patch0013: 0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
||||
Patch0014: 0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
||||
Patch0015: 0015-sepolicy-Another-small-optimization-for-mcs-types.patch
|
||||
Patch0016: 0016-Move-po-translation-files-into-the-right-sub-directo.patch
|
||||
Patch0017: 0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch
|
||||
Patch0018: 0018-Initial-.pot-files-for-gui-python-sandbox.patch
|
||||
Patch0019: 0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch
|
||||
Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
|
||||
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
||||
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
||||
Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
|
||||
Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
|
||||
# Patch list end
|
||||
Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
|
||||
Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch
|
||||
Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
||||
Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
||||
Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
||||
Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
||||
Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
||||
Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch
|
||||
Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
||||
Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
||||
Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch
|
||||
Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch
|
||||
Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
|
||||
Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch
|
||||
# this is too big and it's covered by sources 20 - 23
|
||||
# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch
|
||||
Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
|
||||
Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch
|
||||
Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
||||
Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||
Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch
|
||||
Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
|
||||
Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
|
||||
Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
|
||||
Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
|
||||
Patch0025: 0025-gui-Fix-remove-module-in-system-config-selinux.patch
|
||||
Patch0026: 0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
|
||||
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||
|
@ -71,12 +72,12 @@ Conflicts: initscripts < 9.66
|
|||
Provides: /sbin/fixfiles
|
||||
Provides: /sbin/restorecon
|
||||
|
||||
BuildRequires: gcc make
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
BuildRequires: gcc
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: systemd
|
||||
BuildRequires: git-core
|
||||
BuildRequires: git
|
||||
Requires: util-linux grep gawk diffutils rpm sed
|
||||
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
|
||||
|
||||
|
@ -148,19 +149,19 @@ mkdir -p %{buildroot}%{_mandir}/man5
|
|||
mkdir -p %{buildroot}%{_mandir}/man8
|
||||
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
|
||||
|
||||
%make_install -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
make -C policycoreutils LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
|
||||
%make_install -C python PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
make -C python PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
|
||||
%make_install -C gui PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
make -C gui PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
|
||||
%make_install -C sandbox PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
make -C sandbox PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
|
||||
%make_install -C dbus PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
make -C dbus PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
|
||||
%make_install -C semodule-utils PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
make -C semodule-utils PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
|
||||
%make_install -C restorecond PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
make -C restorecond PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
|
||||
# Fix perms on newrole so that objcopy can process it
|
||||
chmod 0755 %{buildroot}%{_bindir}/newrole
|
||||
|
@ -228,6 +229,7 @@ an SELinux environment.
|
|||
%files python-utils
|
||||
%{_sbindir}/semanage
|
||||
%{_bindir}/chcat
|
||||
%{_bindir}/sandbox
|
||||
%{_bindir}/audit2allow
|
||||
%{_bindir}/audit2why
|
||||
%{_mandir}/man1/audit2allow.1*
|
||||
|
@ -237,6 +239,8 @@ an SELinux environment.
|
|||
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
|
||||
%{_mandir}/man8/chcat.8*
|
||||
%{_mandir}/ru/man8/chcat.8*
|
||||
%{_mandir}/man8/sandbox.8*
|
||||
%{_mandir}/ru/man8/sandbox.8*
|
||||
%{_mandir}/man8/semanage*.8*
|
||||
%{_mandir}/ru/man8/semanage*.8*
|
||||
%{_datadir}/bash-completion/completions/semanage
|
||||
|
@ -245,7 +249,6 @@ an SELinux environment.
|
|||
Summary: SELinux policy core DBUS api
|
||||
Requires: python3-policycoreutils = %{version}-%{release}
|
||||
Requires: python3-slip-dbus
|
||||
Requires: python3-gobject-base
|
||||
BuildArch: noarch
|
||||
|
||||
%description dbus
|
||||
|
@ -273,7 +276,7 @@ Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
|
|||
# no python3-audit-libs yet
|
||||
Requires:audit-libs-python3 >= %{libauditver}
|
||||
Requires: checkpolicy
|
||||
Requires: python3-setools >= 4.4.0
|
||||
Requires: python3-setools >= 4.1.1
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n python3-policycoreutils
|
||||
|
@ -348,11 +351,8 @@ sandboxes
|
|||
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||
%{_mandir}/man8/seunshare.8*
|
||||
%{_mandir}/ru/man8/seunshare.8*
|
||||
%{_bindir}/sandbox
|
||||
%{_mandir}/man5/sandbox.5*
|
||||
%{_mandir}/ru/man5/sandbox.5*
|
||||
%{_mandir}/man8/sandbox.8*
|
||||
%{_mandir}/ru/man8/sandbox.8*
|
||||
|
||||
%package newrole
|
||||
Summary: The newrole application for RBAC/MLS
|
||||
|
@ -476,7 +476,6 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%files restorecond
|
||||
%{_sbindir}/restorecond
|
||||
%{_unitdir}/restorecond.service
|
||||
%{_userunitdir}/restorecond_user.service
|
||||
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
|
||||
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
|
||||
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
||||
|
@ -539,60 +538,15 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Tue Nov 24 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-8
|
||||
- Fix BuildRequires to libsemanage-devel
|
||||
|
||||
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
|
||||
- python/sepolicy: allow to override manpage date
|
||||
- selinux_config(5): add a note that runtime disable is deprecated
|
||||
|
||||
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
||||
- Require latest setools
|
||||
|
||||
* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
|
||||
- Build with libsepol.so.1 and libsemanage.so.2
|
||||
- Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file
|
||||
- fixfiles: correctly restore context of mountpoints
|
||||
- sepolgen: print extended permissions in hexadecimal
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-4
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
|
||||
- SELinux userspace 3.1 release
|
||||
|
||||
* Mon Jun 1 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-4
|
||||
- policycoreutils-dbus requires python3-gobject-base
|
||||
|
||||
* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-3
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
|
||||
- SELinux userspace 3.0 release
|
||||
|
||||
* Wed Sep 4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-7
|
||||
* Wed Sep 4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
|
||||
- semanage: Do not use default s0 range in "semanage login -a" (#1312283)
|
||||
|
||||
* Thu Aug 29 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
|
||||
* Thu Aug 29 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-5
|
||||
- gui: Fix remove module in system-config-selinux (#1740936)
|
||||
|
||||
* Fri Aug 23 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-5
|
||||
* Fri Aug 23 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-4
|
||||
- fixfiles: Fix unbound variable problem
|
||||
|
||||
* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-4
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Mon Aug 5 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
|
||||
- Drop python2-policycoreutils
|
||||
- Update ru man page translations
|
||||
|
|
|
@ -11,4 +11,4 @@ ExecStart=/usr/libexec/selinux/selinux-autorelabel
|
|||
Type=oneshot
|
||||
TimeoutSec=0
|
||||
RemainAfterExit=yes
|
||||
StandardOutput=journal+console
|
||||
StandardInput=tty
|
||||
|
|
14
sources
14
sources
|
@ -1,10 +1,10 @@
|
|||
SHA512 (policycoreutils-3.1.tar.gz) = 0592f218563a99ba95d2cfd07fdc3761b61c1cc3c01a17ab89ad840169e1a7d4083521d5cacc72d1b76911d516bf592db7a3f90d9ef0cc11ceed007e4580e140
|
||||
SHA512 (restorecond-3.1.tar.gz) = cdcf299f48b89a7c641ded9507b9b966bf648497394f8e988a9cb1ceb3224c86369706027f3416a4f9750836f7a8f4580a4b3df76673e03f897b383d7ed0e2c8
|
||||
SHA512 (selinux-dbus-3.1.tar.gz) = d5e1715539ec9aeef2285fc141617b7c25f39ddacc3968d2d19722553b97b873632545a2c7002faef44b671604b2cfca52e9624c57cedbae64d616a080cc955f
|
||||
SHA512 (selinux-gui-3.1.tar.gz) = c8bd618da3bd1dcc8aeb470e8410765ea7d38e861b0be78aaddaa5384ec3de12d364de1b63e2d9e3262e1179463f0ee78cb60f11ab72c996899bd72af137ae7c
|
||||
SHA512 (selinux-python-3.1.tar.gz) = 5dd98f77ae8ea8bac6a89ec7def76e12496b9a9f8c9612c4cc1dac7a8e8c60380a00c857426bfefbcb4273706addd2594e9b467f69408ef284f082a09d45bd49
|
||||
SHA512 (selinux-sandbox-3.1.tar.gz) = e9a772c720704de3fc33a70316780d5995442a1e25ba7df6dc68dd7b7a4eb59dfd2b68e4576051053fe81fbea207fcb1648baad3ea2d56d5b3005e9ca4b8ceb7
|
||||
SHA512 (semodule-utils-3.1.tar.gz) = b92794bbfbce5834ee7f62fddb40b5506e9291e8fa7c5d669b2e281089b8f8dc40c4522ea287ac5deffdaee751442ba8e691e2ac45fdd378b60d5d6b2527d157
|
||||
SHA512 (policycoreutils-2.9.tar.gz) = d8356115671ba66de05f1c13193ab47fab69cc4d09603a92171ed40afafc084dd191591bf336b7d722de637378ad09622ebb6eca85c06063ca9ddd6db10e02a2
|
||||
SHA512 (restorecond-2.9.tar.gz) = 6de9dd4c6b8e5d8275221aba5df27437998f635cfe83a5da75de479e260ceea884a36253eb873a8d71e1a77ed67544d8657fb75fe409af1f630052ce73ec5d8a
|
||||
SHA512 (selinux-dbus-2.9.tar.gz) = f7a9ab2975eb97ff389a78ddaa2fcf3cd1c5fe590abdbe6aa0aa0c3f0c3a96cc0f34ce54b14e0348b46c1de9257ebe5288e16d585c96a9d8149d969788af359e
|
||||
SHA512 (selinux-gui-2.9.tar.gz) = b6e1847c9f2668670cbe9c2fc65e18001eb03e1d73af049ad6520af486950cf657885a9fb71ad9679c0060fb3ee7dd166d4354e863ad517a9f3aee93587ea57e
|
||||
SHA512 (selinux-python-2.9.tar.gz) = 1138661128635004fec04dc5e39f035680b5f21beb1b79f3328690a1b93a3984d522a02724af793340112a5e647d363dda8a7d3536de959b34ffd69aa396254d
|
||||
SHA512 (selinux-sandbox-2.9.tar.gz) = 429994f6140d7ba03b023681d04b365af837e23c5d64e998f849febe08872549bffc0bc490717d6f500332845ec849483ba0d3dfffa77e02b6a2cd2f631c9f1f
|
||||
SHA512 (semodule-utils-2.9.tar.gz) = 688f1fcb34042b837019302debda76847691657709130b99bf937a85774a0ae69d789ee82b0633a4d2dc661dc6d0a1706a878ac681317df2abe68418bec3f952
|
||||
SHA512 (gui-po.tgz) = 8e0855256b825eea422b8e2b82cc0decf66b902c9930840905c5ad5dda7bef3679943a22db62709907d48f8a331d67edc5efed3e2638b53e379959b14077b4ea
|
||||
SHA512 (policycoreutils-po.tgz) = 66b908f7a167225bebded46f9cf92f42eb194daa2a083d48de43c2a5d33fa42724c5add0a9d029ac9d62c500f6f1c8d3bc138dd598b1fd97e609d7cc7160be72
|
||||
SHA512 (python-po.tgz) = 7f2a082b77c7b4417d5d3dac35d86dd635635a9c05a80e5f9284d03604e2f2a06ec879fb29b056d1a46d3fc448cd76e6fd25196834c18a161fd6677f2e11b2be
|
||||
|
|
Loading…
Reference in New Issue