diff --git a/secilc-fedora.patch b/secilc-fedora.patch index e69de29..4a6cf30 100644 --- a/secilc-fedora.patch +++ b/secilc-fedora.patch @@ -0,0 +1,68 @@ +diff --git secilc-2.7/docs/cil_role_statements.md secilc-2.7/docs/cil_role_statements.md +index 0c4cadb..d92f628 100644 +--- secilc-2.7/docs/cil_role_statements.md ++++ secilc-2.7/docs/cil_role_statements.md +@@ -84,7 +84,7 @@ This example will declare [`role`](cil_role_statements.md#role) and [`type`](cil + roleattribute + ------------- + +-Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`typeattributeset`](cil_type_statements.md#typeattributeset) statement. ++Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`roleattributeset`](cil_role_statements.md#roleattributeset) statement. + + **Statement definition:** + +diff --git secilc-2.7/secilc.c secilc-2.7/secilc.c +index f2232e7..0be6975 100644 +--- secilc-2.7/secilc.c ++++ secilc-2.7/secilc.c +@@ -63,6 +63,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog) + printf(" statement if present in the policy\n"); + printf(" -D, --disable-dontaudit do not add dontaudit rules to the binary policy\n"); + printf(" -P, --preserve-tunables treat tunables as booleans\n"); ++ printf(" -m, --multiple-decls allow some statements to be re-declared\n"); + printf(" -N, --disable-neverallow do not check neverallow rules\n"); + printf(" -G, --expand-generated Expand and remove auto-generated attributes\n"); + printf(" -X, --expand-size Expand type attributes with fewer than \n"); +@@ -89,6 +90,7 @@ int main(int argc, char *argv[]) + int target = SEPOL_TARGET_SELINUX; + int mls = -1; + int disable_dontaudit = 0; ++ int multiple_decls = 0; + int disable_neverallow = 0; + int preserve_tunables = 0; + int handle_unknown = -1; +@@ -108,6 +110,7 @@ int main(int argc, char *argv[]) + {"policyversion", required_argument, 0, 'c'}, + {"handle-unknown", required_argument, 0, 'U'}, + {"disable-dontaudit", no_argument, 0, 'D'}, ++ {"multiple-decls", no_argument, 0, 'm'}, + {"disable-neverallow", no_argument, 0, 'N'}, + {"preserve-tunables", no_argument, 0, 'P'}, + {"output", required_argument, 0, 'o'}, +@@ -119,7 +122,7 @@ int main(int argc, char *argv[]) + int i; + + while (1) { +- opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDNc:GX:", long_opts, &opt_index); ++ opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index); + if (opt_char == -1) { + break; + } +@@ -175,6 +178,9 @@ int main(int argc, char *argv[]) + case 'D': + disable_dontaudit = 1; + break; ++ case 'm': ++ multiple_decls = 1; ++ break; + case 'N': + disable_neverallow = 1; + break; +@@ -223,6 +229,7 @@ int main(int argc, char *argv[]) + + cil_db_init(&db); + cil_set_disable_dontaudit(db, disable_dontaudit); ++ cil_set_multiple_decls(db, multiple_decls); + cil_set_disable_neverallow(db, disable_neverallow); + cil_set_preserve_tunables(db, preserve_tunables); + if (handle_unknown != -1) { diff --git a/secilc.spec b/secilc.spec index 2f4e03c..ed92a22 100644 --- a/secilc.spec +++ b/secilc.spec @@ -1,8 +1,8 @@ -%global libsepolver 2.7-1 +%global libsepolver 2.7-2 Name: secilc Version: 2.7 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The SELinux CIL Compiler License: BSD @@ -10,9 +10,9 @@ URL: https://github.com/SELinuxProject/selinux/wiki Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/secilc-2.7.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: +# HEAD https://github.com/fedora-selinux/selinux/commit/7d95e8cfa8df699ba53651de06dd0b2b9e428903 # $ VERSION=2.7 ./make-fedora-selinux-patch.sh secilc -# FIXME: HEAD https://github.com/fedora-selinux/selinux/commit/4bfb84c7ff7b33cf06b9a6b2317d24054b9db562 -# Patch1: secilc-fedora.patch +Patch1: secilc-fedora.patch BuildRequires: libsepol-static >= %{libsepolver}, dblatex, flex, xmlto, pandoc @@ -63,6 +63,10 @@ make %{?_smp_mflags} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LI %license COPYING %changelog +* Fri Nov 24 2017 Petr Lautrbach - 2.7-2 +- libsepol: cil: Add ability to redeclare types[attributes] +- doc: Fixed bad reference in roleattribute + * Mon Aug 07 2017 Petr Lautrbach - 2.7-1 - Update to upstream release 2017-08-04