rpms
/
secilc
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secilc-3.5-0.rc1.1 

- SELinux userspace 3.5-rc1 release
This commit is contained in:
Petr Lautrbach 2022-12-27 12:18:03 +01:00
parent 5e16e38b14
commit 3278a85e60
7 changed files with 11 additions and 502 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -21,3 +21,4 @@
/secilc-3.4-rc2.tar.gz
/secilc-3.4-rc3.tar.gz
/secilc-3.4.tar.gz
/secilc-3.5-rc1.tar.gz

378
0001-secilc-docs-fix-syntax-highlighting.patch
View File

@ -1,378 +0,0 @@
From 198ca56a3a19f7a44f6c18597e52e5a18cf462c1 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@googlemail.com>
Date: Sun, 28 Aug 2022 14:14:21 +0200
Subject: [PATCH] secilc/docs: fix syntax highlighting
Content-type: text/plain
It appears that a recent version of pandoc (or the library it uses)
changed where the lists are found in the XML or became more strict.
Move the lists to the right location in the document.
Signed-off-by: Jonathan Hettwer (bauen1) <j2468h@gmail.com>
---
secilc/docs/secil.xml | 344 +++++++++++++++++++++---------------------
1 file changed, 172 insertions(+), 172 deletions(-)
diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml
index b015490d3201..38d7b0308c50 100644
--- a/secilc/docs/secil.xml
+++ b/secilc/docs/secil.xml
@@ -2,182 +2,182 @@
<!-- https://docs.kde.org/trunk5/en/applications/katepart/highlight.html#katehighlight-xml-format -->
<!DOCTYPE language SYSTEM "language.dtd">
<language name="secil" section="Sources" extensions="*.cil" version="1" kateversion="2.4">
- <!--
- The keywords where extracted from libsepol/cil/src/cil.c sorted into the
- right lists and sorted alphabetically
- -->
- <list name="keywords_blockstart">
- <item>allow</item>
- <item>allowx</item>
- <item>auditallow</item>
- <item>auditallowx</item>
- <item>block</item>
- <item>blockabstract</item>
- <item>boolean</item>
- <item>booleanif</item>
- <item>category</item>
- <item>categoryalias</item>
- <item>categoryaliasactual</item>
- <item>categoryorder</item>
- <item>categoryset</item>
- <item>class</item>
- <item>classcommon</item>
- <item>classmap</item>
- <item>classmapping</item>
- <item>classorder</item>
- <item>classpermission</item>
- <item>classpermissionset</item>
- <item>common</item>
- <item>constrain</item>
- <item>context</item>
- <item>defaultrange</item>
- <item>defaultrole</item>
- <item>defaulttype</item>
- <item>defaultuser</item>
- <item>devicetreecon</item>
- <item>dontaudit</item>
- <item>dontauditx</item>
- <item>expandtypeattribute</item>
- <item>false</item>
- <item>filecon</item>
- <item>fsuse</item>
- <item>genfscon</item>
- <item>handleunknown</item>
- <item>ibendportcon</item>
- <item>ibpkeycon</item>
- <item>ioctl</item>
- <item>iomemcon</item>
- <item>ioportcon</item>
- <item>ipaddr</item>
- <item>level</item>
- <item>levelrange</item>
- <item>mls</item>
- <item>mlsconstrain</item>
- <item>mlsvalidatetrans</item>
- <item>netifcon</item>
- <item>neverallow</item>
- <item>neverallowx</item>
- <item>nodecon</item>
- <item>optional</item>
- <item>pcidevicecon</item>
- <item>perm</item>
- <item>permissionx</item>
- <item>pirqcon</item>
- <item>policycap</item>
- <item>portcon</item>
- <item>rangetransition</item>
- <item>role</item>
- <item>roleallow</item>
- <item>roleattribute</item>
- <item>roleattributeset</item>
- <item>rolebounds</item>
- <item>roletransition</item>
- <item>roletype</item>
- <item>selinuxuser</item>
- <item>selinuxuserdefault</item>
- <item>sensitivity</item>
- <item>sensitivityalias</item>
- <item>sensitivityaliasactual</item>
- <item>sensitivitycategory</item>
- <item>sensitivityorder</item>
- <item>sid</item>
- <item>sidcontext</item>
- <item>sidorder</item>
- <item>true</item>
- <item>tunable</item>
- <item>tunableif</item>
- <item>type</item>
- <item>typealias</item>
- <item>typealiasactual</item>
- <item>typeattribute</item>
- <item>typeattributeset</item>
- <item>typebounds</item>
- <item>typechange</item>
- <item>typemember</item>
- <item>typepermissive</item>
- <item>typetransition</item>
- <item>unordered</item>
- <item>user</item>
- <item>userattribute</item>
- <item>userattributeset</item>
- <item>userbounds</item>
- <item>userlevel</item>
- <item>userprefix</item>
- <item>userrange</item>
- <item>userrole</item>
- <item>validatetrans</item>
- </list>
+ <highlighting>
+ <!--
+ The keywords where extracted from libsepol/cil/src/cil.c sorted into the
+ right lists and sorted alphabetically
+ -->
+ <list name="keywords_blockstart">
+ <item>allow</item>
+ <item>allowx</item>
+ <item>auditallow</item>
+ <item>auditallowx</item>
+ <item>block</item>
+ <item>blockabstract</item>
+ <item>boolean</item>
+ <item>booleanif</item>
+ <item>category</item>
+ <item>categoryalias</item>
+ <item>categoryaliasactual</item>
+ <item>categoryorder</item>
+ <item>categoryset</item>
+ <item>class</item>
+ <item>classcommon</item>
+ <item>classmap</item>
+ <item>classmapping</item>
+ <item>classorder</item>
+ <item>classpermission</item>
+ <item>classpermissionset</item>
+ <item>common</item>
+ <item>constrain</item>
+ <item>context</item>
+ <item>defaultrange</item>
+ <item>defaultrole</item>
+ <item>defaulttype</item>
+ <item>defaultuser</item>
+ <item>devicetreecon</item>
+ <item>dontaudit</item>
+ <item>dontauditx</item>
+ <item>expandtypeattribute</item>
+ <item>false</item>
+ <item>filecon</item>
+ <item>fsuse</item>
+ <item>genfscon</item>
+ <item>handleunknown</item>
+ <item>ibendportcon</item>
+ <item>ibpkeycon</item>
+ <item>ioctl</item>
+ <item>iomemcon</item>
+ <item>ioportcon</item>
+ <item>ipaddr</item>
+ <item>level</item>
+ <item>levelrange</item>
+ <item>mls</item>
+ <item>mlsconstrain</item>
+ <item>mlsvalidatetrans</item>
+ <item>netifcon</item>
+ <item>neverallow</item>
+ <item>neverallowx</item>
+ <item>nodecon</item>
+ <item>optional</item>
+ <item>pcidevicecon</item>
+ <item>perm</item>
+ <item>permissionx</item>
+ <item>pirqcon</item>
+ <item>policycap</item>
+ <item>portcon</item>
+ <item>rangetransition</item>
+ <item>role</item>
+ <item>roleallow</item>
+ <item>roleattribute</item>
+ <item>roleattributeset</item>
+ <item>rolebounds</item>
+ <item>roletransition</item>
+ <item>roletype</item>
+ <item>selinuxuser</item>
+ <item>selinuxuserdefault</item>
+ <item>sensitivity</item>
+ <item>sensitivityalias</item>
+ <item>sensitivityaliasactual</item>
+ <item>sensitivitycategory</item>
+ <item>sensitivityorder</item>
+ <item>sid</item>
+ <item>sidcontext</item>
+ <item>sidorder</item>
+ <item>true</item>
+ <item>tunable</item>
+ <item>tunableif</item>
+ <item>type</item>
+ <item>typealias</item>
+ <item>typealiasactual</item>
+ <item>typeattribute</item>
+ <item>typeattributeset</item>
+ <item>typebounds</item>
+ <item>typechange</item>
+ <item>typemember</item>
+ <item>typepermissive</item>
+ <item>typetransition</item>
+ <item>unordered</item>
+ <item>user</item>
+ <item>userattribute</item>
+ <item>userattributeset</item>
+ <item>userbounds</item>
+ <item>userlevel</item>
+ <item>userprefix</item>
+ <item>userrange</item>
+ <item>userrole</item>
+ <item>validatetrans</item>
+ </list>
- <list name="function">
- <item>blockinherit</item>
- <item>call</item>
- <item>in</item>
- <item>macro</item>
- </list>
+ <list name="function">
+ <item>blockinherit</item>
+ <item>call</item>
+ <item>in</item>
+ <item>macro</item>
+ </list>
- <list name="operators">
- <item>and</item>
- <item>dom</item>
- <item>domby</item>
- <item>eq</item>
- <item>incomp</item>
- <item>neq</item>
- <item>not</item>
- <item>or</item>
- <item>range</item>
- <item>xor</item>
- </list>
+ <list name="operators">
+ <item>and</item>
+ <item>dom</item>
+ <item>domby</item>
+ <item>eq</item>
+ <item>incomp</item>
+ <item>neq</item>
+ <item>not</item>
+ <item>or</item>
+ <item>range</item>
+ <item>xor</item>
+ </list>
- <!-- list of "magic" functions or values -->
- <list name="builtins">
- <item>*</item>
- <item>all</item>
- <item>dccp</item>
- <item>false</item>
- <item>h1</item>
- <item>h2</item>
- <item>l1</item>
- <item>l2</item>
- <item>object_r</item>
- <item>r1</item>
- <item>r2</item>
- <item>r3</item>
- <item>sctp</item>
- <item>self</item>
- <item>t1</item>
- <item>t2</item>
- <item>t3</item>
- <item>tcp</item>
- <item>true</item>
- <item>u1</item>
- <item>u2</item>
- <item>u3</item>
- <item>udp</item>
+ <!-- list of "magic" functions or values -->
+ <list name="builtins">
+ <item>*</item>
+ <item>all</item>
+ <item>dccp</item>
+ <item>false</item>
+ <item>h1</item>
+ <item>h2</item>
+ <item>l1</item>
+ <item>l2</item>
+ <item>object_r</item>
+ <item>r1</item>
+ <item>r2</item>
+ <item>r3</item>
+ <item>sctp</item>
+ <item>self</item>
+ <item>t1</item>
+ <item>t2</item>
+ <item>t3</item>
+ <item>tcp</item>
+ <item>true</item>
+ <item>u1</item>
+ <item>u2</item>
+ <item>u3</item>
+ <item>udp</item>
- <!--
- Excluded because they lead to a lot of false-positives
- <item>allow</item>
- <item>any</item>
- <item>char</item>
- <item>deny</item>
- <item>dir</item>
- <item>file</item>
- <item>glblub</item>
- <item>high</item>
- <item>low-high</item>
- <item>low</item>
- <item>pipe</item>
- <item>reject</item>
- <item>socket</item>
- <item>source</item>
- <item>symlink</item>
- <item>target</item>
- <item>task</item>
- <item>trans</item>
- <item>xattr</item>
- -->
- </list>
- <highlighting>
+ <!--
+ Excluded because they lead to a lot of false-positives
+ <item>allow</item>
+ <item>any</item>
+ <item>char</item>
+ <item>deny</item>
+ <item>dir</item>
+ <item>file</item>
+ <item>glblub</item>
+ <item>high</item>
+ <item>low-high</item>
+ <item>low</item>
+ <item>pipe</item>
+ <item>reject</item>
+ <item>socket</item>
+ <item>source</item>
+ <item>symlink</item>
+ <item>target</item>
+ <item>task</item>
+ <item>trans</item>
+ <item>xattr</item>
+ -->
+ </list>
<contexts>
<context name="Normal" attribute="Normal" lineEndContext="#stay">
<DetectChar attribute="Brackets" context="BlockStart" char="("/>
--
2.38.1

60
0002-secilc-docs-disable-pandoc-default-css-for-html-docs.patch
View File

@ -1,60 +0,0 @@
From 02bdee369c0b596927dec9ee64bb00f09856bed9 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@googlemail.com>
Date: Sun, 28 Aug 2022 14:14:40 +0200
Subject: [PATCH] secilc/docs: disable pandoc default css for html docs
Content-type: text/plain
Some time ago pandoc started shipping a default css file for html, while
that is nice, it limits the max-width of the body element to 36em. We
have a lot of tables, code examples, etc... in the manual that are too
big for that, requiring constant scrolling.
See https://github.com/jgm/pandoc/blob/master/data/templates/styles.html
for the default used.
While some styling, perhaps even dark/light mode support in the CSS
would be nice, I didn't manage to find a simple way to achieve this, so
for now just disable the CSS.
Expand the arguments for pandoc in the Makefile for better readability.
Signed-off-by: Jonathan Hettwer (bauen1) <j2468h@gmail.com>
---
secilc/docs/Makefile | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile
index a03ebeed5a40..7e2ba40eb662 100644
--- a/secilc/docs/Makefile
+++ b/secilc/docs/Makefile
@@ -58,11 +58,25 @@ $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil
html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml
mkdir -p $(HTMLDIR)
- $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --metadata title="CIL Reference Guide" -t html $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(HTMLDIR)/$(HTML_OUT)
+ $(PANDOC) \
+ --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) \
+ --syntax-definition=secil.xml \
+ --standalone \
+ --metadata title="CIL Reference Guide" \
+ --metadata document-css=false \
+ -t html \
+ $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil \
+ -o $(HTMLDIR)/$(HTML_OUT)
pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml
mkdir -p $(PDFDIR)
- $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --toc $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(PDFDIR)/$(PDF_OUT)
+ $(PANDOC) \
+ --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) \
+ --syntax-definition=secil.xml \
+ --standalone \
+ --toc \
+ $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil \
+ -o $(PDFDIR)/$(PDF_OUT)
clean:
rm -rf $(HTMLDIR)
--
2.38.1

27
0003-secilc-doc-classmap-is-also-allowed-in-permissionx.patch
View File

@ -1,27 +0,0 @@
From a21e8bee06a0f962dae692790ea40771d221bb0d Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@defensec.nl>
Date: Mon, 19 Sep 2022 15:49:14 +0200
Subject: [PATCH] secilc/doc: classmap is also allowed in permissionx
Content-type: text/plain
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
secilc/docs/cil_class_and_permission_statements.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/secilc/docs/cil_class_and_permission_statements.md b/secilc/docs/cil_class_and_permission_statements.md
index 368e3a4d11a9..c494f144ee99 100644
--- a/secilc/docs/cil_class_and_permission_statements.md
+++ b/secilc/docs/cil_class_and_permission_statements.md
@@ -536,7 +536,7 @@ Defines a named extended permission, which can be used in the [`allowx`](cil_acc
</tr>
<tr class="odd">
<td align="left"><p><code>class_id</code></p></td>
-<td align="left"><p>A single previously declared <code>class</code> identifier.</p></td>
+<td align="left"><p>A single previously declared <code>class</code> or <code>classmap</code> identifier.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>permission</code></p></td>
--
2.38.1

26
0004-docs-provide-a-top-level-LICENSE-file.patch
View File

@ -1,26 +0,0 @@
From a0a216ff7d86004ddc36d516377f0a6ffe88076c Mon Sep 17 00:00:00 2001
From: Paul Moore <paul@paul-moore.com>
Date: Fri, 30 Sep 2022 17:44:12 -0400
Subject: [PATCH] docs: provide a top level LICENSE file
Content-type: text/plain
Provide a top level LICENSE file explaining how multiple the SELinux
userspace is released under multiple different licenses. Also ensure
that all the different license files share a consistent file name,
LICENSE, to make it easier for people to identify the license files.
This is to help meet the OpenSSF Best Practices requirements.
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
secilc/{COPYING => LICENSE} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename secilc/{COPYING => LICENSE} (100%)
diff --git a/secilc/COPYING b/secilc/LICENSE
similarity index 100%
rename from secilc/COPYING
rename to secilc/LICENSE
--
2.38.1

19
secilc.spec
View File

@ -1,20 +1,16 @@
%global libsepolver 3.4-4
%global libsepolver 3.5-0
Name: secilc
Version: 3.4
Release: 4%{?dist}
Version: 3.5
Release: 0.rc1.1%{?dist}
Summary: The SELinux CIL Compiler
License: BSD-2-Clause
URL: https://github.com/SELinuxProject/selinux/wiki
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/secilc-3.4.tar.gz
# fedora-selinux/selinux: git format-patch -N 3.4 -- secilc
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5-rc1/secilc-3.5-rc1.tar.gz
# fedora-selinux/selinux: git format-patch -N 3.5-rc1 -- secilc
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start
Patch0001: 0001-secilc-docs-fix-syntax-highlighting.patch
Patch0002: 0002-secilc-docs-disable-pandoc-default-css-for-html-docs.patch
Patch0003: 0003-secilc-doc-classmap-is-also-allowed-in-permissionx.patch
Patch0004: 0004-docs-provide-a-top-level-LICENSE-file.patch
# Patch list end
Requires: libsepol >= %{libsepolver}
BuildRequires: gcc
@ -40,7 +36,7 @@ http://github.com/SELinuxProject/cil/wiki/
for more information about the goals and features on the CIL language.
%prep
%autosetup -p 2 -n secilc-%{version}
%autosetup -p 2 -n secilc-%{version}-rc1
%build
@ -70,6 +66,9 @@ make %{?_smp_mflags} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LI
%license LICENSE
%changelog
* Tue Dec 27 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
- SELinux userspace 3.5-rc1 release
* Tue Nov 22 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-4
- Rebase on upstream f56a72ac9e86

2
sources
View File

@ -1 +1 @@
SHA512 (secilc-3.4.tar.gz) = f29ff42dd60050cdd4367af38b334876817f8e33ed40a9be89304beea840a210bd9a58d658d0b09f98bad54b12b185a0262ca05094b63e7f96c0142729699c3b
SHA512 (secilc-3.5-rc1.tar.gz) = 25b443128a7660d2e0fc8b2f0d302455bb21ba0021cfe9fe34bcde2333e8a1db7d9afd090a41e17d82b5f1e04cfae5e974b47619cbb58e29d3588c6311736ce1