SELinux userspace 2.8-rc1 release candidate

secilc-fedora.patch

@@ -1,149 +0,0 @@
-diff --git secilc-2.7/Makefile secilc-2.7/Makefile
-index 1cac53e..dfd79ce 100644
---- secilc-2.7/Makefile
-+++ secilc-2.7/Makefile
-@@ -1,8 +1,6 @@
--PREFIX ?= $(DESTDIR)/usr
-+PREFIX ?= /usr
- BINDIR ?= $(PREFIX)/bin
- MANDIR ?= $(PREFIX)/share/man
--LIBDIR ?= $(PREFIX)/lib
--INCLUDEDIR ?= $(PREFIX)/include
- 
- SECILC = secilc
- SECILC_SRCS := secilc.c
-@@ -41,12 +39,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
- 	$(XMLTO) man $(SECIL2CONF_MANPAGE).xml
- 
- install: all man
--	-mkdir -p $(BINDIR)
--	-mkdir -p $(MANDIR)/man8
--	install -m 755 $(SECILC) $(BINDIR)
--	install -m 755 $(SECIL2CONF) $(BINDIR)
--	install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
--	install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
-+	-mkdir -p $(DESTDIR)$(BINDIR)
-+	-mkdir -p $(DESTDIR)$(MANDIR)/man8
-+	install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
-+	install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
-+	install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
-+	install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8
- 
- doc:
- 	$(MAKE) -C docs
-diff --git secilc-2.7/docs/Makefile secilc-2.7/docs/Makefile
-index c0fa6b7..6b07ce7 100644
---- secilc-2.7/docs/Makefile
-+++ secilc-2.7/docs/Makefile
-@@ -31,6 +31,12 @@ PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST))
- PDF_OUT=CIL_Reference_Guide.pdf
- HTML_OUT=CIL_Reference_Guide.html
- PANDOC = pandoc
-+SED ?= sed
-+
-+OS := $(shell uname)
-+ifeq ($(OS), Darwin)
-+	SED := gsed
-+endif
- 
- all: html pdf
- 
-@@ -40,12 +46,12 @@ $(TMPDIR):
- $(TMPDIR)/%.md: %.md | $(TMPDIR)
- 	cp -f $< $(TMPDIR)/
- 	@# Substitute markdown links for conversion into PDF links
--	sed -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
-+	$(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
- 
- $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil
- 	cp -f $< $@
- 	@# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion.
--	sed -i '1i Example Policy\n=========\n```' $@
-+	$(SED) -i '1i Example Policy\n=========\n```' $@
- 	echo '```' >> $@
- 
- html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
-diff --git secilc-2.7/docs/cil_role_statements.md secilc-2.7/docs/cil_role_statements.md
-index 0c4cadb..d92f628 100644
---- secilc-2.7/docs/cil_role_statements.md
-+++ secilc-2.7/docs/cil_role_statements.md
-@@ -84,7 +84,7 @@ This example will declare [`role`](cil_role_statements.md#role) and [`type`](cil
- roleattribute
- -------------
- 
--Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`typeattributeset`](cil_type_statements.md#typeattributeset) statement.
-+Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`roleattributeset`](cil_role_statements.md#roleattributeset) statement.
- 
- **Statement definition:**
- 
-diff --git secilc-2.7/secilc.8.xml secilc-2.7/secilc.8.xml
-index 4c779b6..e08a962 100644
---- secilc-2.7/secilc.8.xml
-+++ secilc-2.7/secilc.8.xml
-@@ -75,6 +75,11 @@
-             <listitem><para>Treat tunables as booleans.</para></listitem>
-          </varlistentry>
- 
-+         <varlistentry>
-+            <term><option>-m, --multiple-decls</option></term>
-+            <listitem><para>Allow some statements to be re-declared.</para></listitem>
-+         </varlistentry>
-+
-          <varlistentry>
-             <term><option>-N, --disable-neverallow</option></term>
-             <listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem>
-diff --git secilc-2.7/secilc.c secilc-2.7/secilc.c
-index f2232e7..0be6975 100644
---- secilc-2.7/secilc.c
-+++ secilc-2.7/secilc.c
-@@ -63,6 +63,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog)
- 	printf("                                 statement if present in the policy\n");
- 	printf("  -D, --disable-dontaudit        do not add dontaudit rules to the binary policy\n");
- 	printf("  -P, --preserve-tunables        treat tunables as booleans\n");
-+	printf("  -m, --multiple-decls           allow some statements to be re-declared\n");
- 	printf("  -N, --disable-neverallow       do not check neverallow rules\n");
- 	printf("  -G, --expand-generated         Expand and remove auto-generated attributes\n");
- 	printf("  -X, --expand-size <SIZE>       Expand type attributes with fewer than <SIZE>\n");
-@@ -89,6 +90,7 @@ int main(int argc, char *argv[])
- 	int target = SEPOL_TARGET_SELINUX;
- 	int mls = -1;
- 	int disable_dontaudit = 0;
-+	int multiple_decls = 0;
- 	int disable_neverallow = 0;
- 	int preserve_tunables = 0;
- 	int handle_unknown = -1;
-@@ -108,6 +110,7 @@ int main(int argc, char *argv[])
- 		{"policyversion", required_argument, 0, 'c'},
- 		{"handle-unknown", required_argument, 0, 'U'},
- 		{"disable-dontaudit", no_argument, 0, 'D'},
-+		{"multiple-decls", no_argument, 0, 'm'},
- 		{"disable-neverallow", no_argument, 0, 'N'},
- 		{"preserve-tunables", no_argument, 0, 'P'},
- 		{"output", required_argument, 0, 'o'},
-@@ -119,7 +122,7 @@ int main(int argc, char *argv[])
- 	int i;
- 
- 	while (1) {
--		opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDNc:GX:", long_opts, &opt_index);
-+		opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index);
- 		if (opt_char == -1) {
- 			break;
- 		}
-@@ -175,6 +178,9 @@ int main(int argc, char *argv[])
- 			case 'D':
- 				disable_dontaudit = 1;
- 				break;
-+			case 'm':
-+				multiple_decls = 1;
-+				break;
- 			case 'N':
- 				disable_neverallow = 1;
- 				break;
-@@ -223,6 +229,7 @@ int main(int argc, char *argv[])
- 
- 	cil_db_init(&db);
- 	cil_set_disable_dontaudit(db, disable_dontaudit);
-+	cil_set_multiple_decls(db, multiple_decls);
- 	cil_set_disable_neverallow(db, disable_neverallow);
- 	cil_set_preserve_tunables(db, preserve_tunables);
- 	if (handle_unknown != -1) {

secilc.spec

@@ -1,17 +1,19 @@
-%global libsepolver 2.7-5
+%global libsepolver 2.8-0
+
+%global rcversion rc1
 
 Name:           secilc
-Version:        2.7
-Release:        5%{?dist}
+Version:        2.8
+Release:        0%{?rcversion:.%rcversion}.1%{?dist}
 Summary:        The SELinux CIL Compiler
 
 License:        BSD
 URL:            https://github.com/SELinuxProject/selinux/wiki
-Source0:        https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/secilc-2.7.tar.gz
+Source0:        https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180419/secilc-2.8-rc1.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
-# $ VERSION=2.7 ./make-fedora-selinux-patch.sh secilc
-# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261ebo
+# $ VERSION=2.8-rc1 ./make-fedora-selinux-patch.sh secilc
+# HEAD https://github.com/fedora-selinux/selinux/commit/5127dfaae645986169b50a7295d4961a4959006a
 Patch1: secilc-fedora.patch
 
 BuildRequires:  gcc
@@ -36,7 +38,7 @@ http://github.com/SELinuxProject/cil/wiki/
 for more information about the goals and features on the CIL language.
 
 %prep
-%autosetup -p 1 -n secilc-%{version}
+%autosetup -p 1 -n secilc-%{version}%{?rcversion:-%rcversion}
 
 
 %build
@@ -63,6 +65,9 @@ make %{?_smp_mflags} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LI
 %license COPYING
 
 %changelog
+* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
+- SELinux userspace 2.8-rc1 release candidate
+
 * Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
 - build: follow standard semantics for DESTDIR and PREFIX
 - Describe multiple-decls in secilc.8.xml