Compare commits
1 Commits
| Author | SHA1 | Date |
|---|---|---|
Petr Lautrbach
|
1d2d893dee |
|
|
@ -0,0 +1,68 @@
|
|||
diff --git secilc-2.7/docs/cil_role_statements.md secilc-2.7/docs/cil_role_statements.md
|
||||
index 0c4cadb..d92f628 100644
|
||||
--- secilc-2.7/docs/cil_role_statements.md
|
||||
+++ secilc-2.7/docs/cil_role_statements.md
|
||||
@@ -84,7 +84,7 @@ This example will declare [`role`](cil_role_statements.md#role) and [`type`](cil
|
||||
roleattribute
|
||||
-------------
|
||||
|
||||
-Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`typeattributeset`](cil_type_statements.md#typeattributeset) statement.
|
||||
+Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`roleattributeset`](cil_role_statements.md#roleattributeset) statement.
|
||||
|
||||
**Statement definition:**
|
||||
|
||||
diff --git secilc-2.7/secilc.c secilc-2.7/secilc.c
|
||||
index f2232e7..0be6975 100644
|
||||
--- secilc-2.7/secilc.c
|
||||
+++ secilc-2.7/secilc.c
|
||||
@@ -63,6 +63,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog)
|
||||
printf(" statement if present in the policy\n");
|
||||
printf(" -D, --disable-dontaudit do not add dontaudit rules to the binary policy\n");
|
||||
printf(" -P, --preserve-tunables treat tunables as booleans\n");
|
||||
+ printf(" -m, --multiple-decls allow some statements to be re-declared\n");
|
||||
printf(" -N, --disable-neverallow do not check neverallow rules\n");
|
||||
printf(" -G, --expand-generated Expand and remove auto-generated attributes\n");
|
||||
printf(" -X, --expand-size <SIZE> Expand type attributes with fewer than <SIZE>\n");
|
||||
@@ -89,6 +90,7 @@ int main(int argc, char *argv[])
|
||||
int target = SEPOL_TARGET_SELINUX;
|
||||
int mls = -1;
|
||||
int disable_dontaudit = 0;
|
||||
+ int multiple_decls = 0;
|
||||
int disable_neverallow = 0;
|
||||
int preserve_tunables = 0;
|
||||
int handle_unknown = -1;
|
||||
@@ -108,6 +110,7 @@ int main(int argc, char *argv[])
|
||||
{"policyversion", required_argument, 0, 'c'},
|
||||
{"handle-unknown", required_argument, 0, 'U'},
|
||||
{"disable-dontaudit", no_argument, 0, 'D'},
|
||||
+ {"multiple-decls", no_argument, 0, 'm'},
|
||||
{"disable-neverallow", no_argument, 0, 'N'},
|
||||
{"preserve-tunables", no_argument, 0, 'P'},
|
||||
{"output", required_argument, 0, 'o'},
|
||||
@@ -119,7 +122,7 @@ int main(int argc, char *argv[])
|
||||
int i;
|
||||
|
||||
while (1) {
|
||||
- opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDNc:GX:", long_opts, &opt_index);
|
||||
+ opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index);
|
||||
if (opt_char == -1) {
|
||||
break;
|
||||
}
|
||||
@@ -175,6 +178,9 @@ int main(int argc, char *argv[])
|
||||
case 'D':
|
||||
disable_dontaudit = 1;
|
||||
break;
|
||||
+ case 'm':
|
||||
+ multiple_decls = 1;
|
||||
+ break;
|
||||
case 'N':
|
||||
disable_neverallow = 1;
|
||||
break;
|
||||
@@ -223,6 +229,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
cil_db_init(&db);
|
||||
cil_set_disable_dontaudit(db, disable_dontaudit);
|
||||
+ cil_set_multiple_decls(db, multiple_decls);
|
||||
cil_set_disable_neverallow(db, disable_neverallow);
|
||||
cil_set_preserve_tunables(db, preserve_tunables);
|
||||
if (handle_unknown != -1) {
|
||||
12
secilc.spec
12
secilc.spec
|
|
@ -1,8 +1,8 @@
|
|||
%global libsepolver 2.7-1
|
||||
%global libsepolver 2.7-2
|
||||
|
||||
Name: secilc
|
||||
Version: 2.7
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: The SELinux CIL Compiler
|
||||
|
||||
License: BSD
|
||||
|
|
@ -10,9 +10,9 @@ URL: https://github.com/SELinuxProject/selinux/wiki
|
|||
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/secilc-2.7.tar.gz
|
||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||
# run:
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/7d95e8cfa8df699ba53651de06dd0b2b9e428903
|
||||
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh secilc
|
||||
# FIXME: HEAD https://github.com/fedora-selinux/selinux/commit/4bfb84c7ff7b33cf06b9a6b2317d24054b9db562
|
||||
# Patch1: secilc-fedora.patch
|
||||
Patch1: secilc-fedora.patch
|
||||
|
||||
BuildRequires: libsepol-static >= %{libsepolver}, dblatex, flex, xmlto, pandoc
|
||||
|
||||
|
|
@ -63,6 +63,10 @@ make %{?_smp_mflags} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LI
|
|||
%license COPYING
|
||||
|
||||
%changelog
|
||||
* Fri Nov 24 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-2
|
||||
- libsepol: cil: Add ability to redeclare types[attributes]
|
||||
- doc: Fixed bad reference in roleattribute
|
||||
|
||||
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
|
||||
- Update to upstream release 2017-08-04
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue