From 80758d1c80892e44443bc7da34ed9103e71b0c0a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 23 Apr 2018 16:49:53 +0200 Subject: [PATCH] SELinux userspace 2.8-rc1 release candidate --- secilc-fedora.patch | 149 -------------------------------------------- secilc.spec | 19 +++--- 2 files changed, 12 insertions(+), 156 deletions(-) diff --git a/secilc-fedora.patch b/secilc-fedora.patch index cd1a4b0..e69de29 100644 --- a/secilc-fedora.patch +++ b/secilc-fedora.patch @@ -1,149 +0,0 @@ -diff --git secilc-2.7/Makefile secilc-2.7/Makefile -index 1cac53e..dfd79ce 100644 ---- secilc-2.7/Makefile -+++ secilc-2.7/Makefile -@@ -1,8 +1,6 @@ --PREFIX ?= $(DESTDIR)/usr -+PREFIX ?= /usr - BINDIR ?= $(PREFIX)/bin - MANDIR ?= $(PREFIX)/share/man --LIBDIR ?= $(PREFIX)/lib --INCLUDEDIR ?= $(PREFIX)/include - - SECILC = secilc - SECILC_SRCS := secilc.c -@@ -41,12 +39,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml - $(XMLTO) man $(SECIL2CONF_MANPAGE).xml - - install: all man -- -mkdir -p $(BINDIR) -- -mkdir -p $(MANDIR)/man8 -- install -m 755 $(SECILC) $(BINDIR) -- install -m 755 $(SECIL2CONF) $(BINDIR) -- install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8 -- install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8 -+ -mkdir -p $(DESTDIR)$(BINDIR) -+ -mkdir -p $(DESTDIR)$(MANDIR)/man8 -+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR) -+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR) -+ install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8 -+ install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8 - - doc: - $(MAKE) -C docs -diff --git secilc-2.7/docs/Makefile secilc-2.7/docs/Makefile -index c0fa6b7..6b07ce7 100644 ---- secilc-2.7/docs/Makefile -+++ secilc-2.7/docs/Makefile -@@ -31,6 +31,12 @@ PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) - PDF_OUT=CIL_Reference_Guide.pdf - HTML_OUT=CIL_Reference_Guide.html - PANDOC = pandoc -+SED ?= sed -+ -+OS := $(shell uname) -+ifeq ($(OS), Darwin) -+ SED := gsed -+endif - - all: html pdf - -@@ -40,12 +46,12 @@ $(TMPDIR): - $(TMPDIR)/%.md: %.md | $(TMPDIR) - cp -f $< $(TMPDIR)/ - @# Substitute markdown links for conversion into PDF links -- sed -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@ -+ $(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@ - - $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil - cp -f $< $@ - @# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion. -- sed -i '1i Example Policy\n=========\n```' $@ -+ $(SED) -i '1i Example Policy\n=========\n```' $@ - echo '```' >> $@ - - html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -diff --git secilc-2.7/docs/cil_role_statements.md secilc-2.7/docs/cil_role_statements.md -index 0c4cadb..d92f628 100644 ---- secilc-2.7/docs/cil_role_statements.md -+++ secilc-2.7/docs/cil_role_statements.md -@@ -84,7 +84,7 @@ This example will declare [`role`](cil_role_statements.md#role) and [`type`](cil - roleattribute - ------------- - --Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`typeattributeset`](cil_type_statements.md#typeattributeset) statement. -+Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`roleattributeset`](cil_role_statements.md#roleattributeset) statement. - - **Statement definition:** - -diff --git secilc-2.7/secilc.8.xml secilc-2.7/secilc.8.xml -index 4c779b6..e08a962 100644 ---- secilc-2.7/secilc.8.xml -+++ secilc-2.7/secilc.8.xml -@@ -75,6 +75,11 @@ - Treat tunables as booleans. - - -+ -+ -+ Allow some statements to be re-declared. -+ -+ - - - Do not check neverallow rules. -diff --git secilc-2.7/secilc.c secilc-2.7/secilc.c -index f2232e7..0be6975 100644 ---- secilc-2.7/secilc.c -+++ secilc-2.7/secilc.c -@@ -63,6 +63,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog) - printf(" statement if present in the policy\n"); - printf(" -D, --disable-dontaudit do not add dontaudit rules to the binary policy\n"); - printf(" -P, --preserve-tunables treat tunables as booleans\n"); -+ printf(" -m, --multiple-decls allow some statements to be re-declared\n"); - printf(" -N, --disable-neverallow do not check neverallow rules\n"); - printf(" -G, --expand-generated Expand and remove auto-generated attributes\n"); - printf(" -X, --expand-size Expand type attributes with fewer than \n"); -@@ -89,6 +90,7 @@ int main(int argc, char *argv[]) - int target = SEPOL_TARGET_SELINUX; - int mls = -1; - int disable_dontaudit = 0; -+ int multiple_decls = 0; - int disable_neverallow = 0; - int preserve_tunables = 0; - int handle_unknown = -1; -@@ -108,6 +110,7 @@ int main(int argc, char *argv[]) - {"policyversion", required_argument, 0, 'c'}, - {"handle-unknown", required_argument, 0, 'U'}, - {"disable-dontaudit", no_argument, 0, 'D'}, -+ {"multiple-decls", no_argument, 0, 'm'}, - {"disable-neverallow", no_argument, 0, 'N'}, - {"preserve-tunables", no_argument, 0, 'P'}, - {"output", required_argument, 0, 'o'}, -@@ -119,7 +122,7 @@ int main(int argc, char *argv[]) - int i; - - while (1) { -- opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDNc:GX:", long_opts, &opt_index); -+ opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index); - if (opt_char == -1) { - break; - } -@@ -175,6 +178,9 @@ int main(int argc, char *argv[]) - case 'D': - disable_dontaudit = 1; - break; -+ case 'm': -+ multiple_decls = 1; -+ break; - case 'N': - disable_neverallow = 1; - break; -@@ -223,6 +229,7 @@ int main(int argc, char *argv[]) - - cil_db_init(&db); - cil_set_disable_dontaudit(db, disable_dontaudit); -+ cil_set_multiple_decls(db, multiple_decls); - cil_set_disable_neverallow(db, disable_neverallow); - cil_set_preserve_tunables(db, preserve_tunables); - if (handle_unknown != -1) { diff --git a/secilc.spec b/secilc.spec index b6441ce..97c278b 100644 --- a/secilc.spec +++ b/secilc.spec @@ -1,17 +1,19 @@ -%global libsepolver 2.7-5 +%global libsepolver 2.8-0 + +%global rcversion rc1 Name: secilc -Version: 2.7 -Release: 5%{?dist} +Version: 2.8 +Release: 0%{?rcversion:.%rcversion}.1%{?dist} Summary: The SELinux CIL Compiler License: BSD URL: https://github.com/SELinuxProject/selinux/wiki -Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/secilc-2.7.tar.gz +Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180419/secilc-2.8-rc1.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: -# $ VERSION=2.7 ./make-fedora-selinux-patch.sh secilc -# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261ebo +# $ VERSION=2.8-rc1 ./make-fedora-selinux-patch.sh secilc +# HEAD https://github.com/fedora-selinux/selinux/commit/5127dfaae645986169b50a7295d4961a4959006a Patch1: secilc-fedora.patch BuildRequires: gcc @@ -36,7 +38,7 @@ http://github.com/SELinuxProject/cil/wiki/ for more information about the goals and features on the CIL language. %prep -%autosetup -p 1 -n secilc-%{version} +%autosetup -p 1 -n secilc-%{version}%{?rcversion:-%rcversion} %build @@ -63,6 +65,9 @@ make %{?_smp_mflags} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LI %license COPYING %changelog +* Mon Apr 23 2018 Petr Lautrbach - 2.8-0.rc1.1 +- SELinux userspace 2.8-rc1 release candidate + * Tue Mar 13 2018 Petr Lautrbach - 2.7-5 - build: follow standard semantics for DESTDIR and PREFIX - Describe multiple-decls in secilc.8.xml