setools-4.2.0-1
- Changes since 4.2.0-rc -- Restored missing statement() methods in some policyrep classes -- Fixed NULL pointer dereference when iterating over type attributes when the policy has none -- Added xdp_socket permission mapping
This commit is contained in:
parent
c6b3f2cce1
commit
522fb13c60
|
@ -5,3 +5,4 @@ setools-3.3.8-f1e5b20.tar.bz2
|
|||
/4.1.1.tar.gz
|
||||
/4.2.0-beta.tar.gz
|
||||
/4.2.0-rc.tar.gz
|
||||
/4.2.0.tar.gz
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 10 Aug 2017 08:23:47 +0200
|
||||
Subject: [PATCH] bswap_* macros are defined in byteswap.h
|
||||
|
||||
Fixes ImportError on s390x:
|
||||
/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
|
||||
---
|
||||
libqpol/policy.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libqpol/policy.c b/libqpol/policy.c
|
||||
index ae3acb5..e412be0 100644
|
||||
--- a/libqpol/policy.c
|
||||
+++ b/libqpol/policy.c
|
||||
@@ -28,6 +28,7 @@
|
||||
|
||||
#include "qpol_internal.h"
|
||||
#include <assert.h>
|
||||
+#include <byteswap.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
--
|
||||
2.13.3
|
||||
|
|
@ -1,131 +0,0 @@
|
|||
From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Mon, 16 Apr 2018 20:46:20 +0200
|
||||
Subject: [PATCH] Add support for SCTP protocol
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
libqpol/include/qpol/linux_types.h | 1 +
|
||||
libqpol/policy_define.c | 5 +++++
|
||||
setools/perm_map | 30 ++++++++++++++++++++++++++++++
|
||||
setools/policyrep/netcontext.py | 5 +++++
|
||||
4 files changed, 41 insertions(+)
|
||||
|
||||
diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h
|
||||
index c3c056b..0985162 100644
|
||||
--- a/libqpol/include/qpol/linux_types.h
|
||||
+++ b/libqpol/include/qpol/linux_types.h
|
||||
@@ -12,6 +12,7 @@ typedef uint16_t __u16;
|
||||
#define s6_addr32 __u6_addr32
|
||||
|
||||
#define IPPROTO_DCCP 33
|
||||
+#define IPPROTO_SCTP 132
|
||||
#endif
|
||||
|
||||
#endif
|
||||
diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
|
||||
index dcc69fc..1e623a3 100644
|
||||
--- a/libqpol/policy_define.c
|
||||
+++ b/libqpol/policy_define.c
|
||||
@@ -44,6 +44,9 @@
|
||||
#ifndef IPPROTO_DCCP
|
||||
#define IPPROTO_DCCP 33
|
||||
#endif
|
||||
+#ifndef IPPROTO_SCTP
|
||||
+#define IPPROTO_SCTP 132
|
||||
+#endif
|
||||
#include <arpa/inet.h>
|
||||
#include <stdlib.h>
|
||||
#include <limits.h>
|
||||
@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high)
|
||||
protocol = IPPROTO_UDP;
|
||||
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
|
||||
protocol = IPPROTO_DCCP;
|
||||
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
|
||||
+ protocol = IPPROTO_SCTP;
|
||||
} else {
|
||||
yyerror2("unrecognized protocol %s", id);
|
||||
goto bad;
|
||||
diff --git a/setools/perm_map b/setools/perm_map
|
||||
index 0a9f91c..25fae09 100644
|
||||
--- a/setools/perm_map
|
||||
+++ b/setools/perm_map
|
||||
@@ -385,6 +385,8 @@ class node 11
|
||||
udp_send w 10
|
||||
dccp_recv r 10
|
||||
dccp_send w 10
|
||||
+ sctp_recv r 10
|
||||
+ sctp_send w 10
|
||||
enforce_dest n 1
|
||||
sendto w 10
|
||||
recvfrom r 10
|
||||
@@ -699,6 +701,32 @@ class dccp_socket 24
|
||||
relabelto w 10
|
||||
listen r 1
|
||||
|
||||
+class sctp_socket 24
|
||||
+ node_bind n 1
|
||||
+ name_connect w 10
|
||||
+ append w 10
|
||||
+ bind w 1
|
||||
+ connect w 1
|
||||
+ create w 1
|
||||
+ write w 10
|
||||
+ relabelfrom r 10
|
||||
+ ioctl n 1
|
||||
+ name_bind n 1
|
||||
+ sendto w 10
|
||||
+ recv_msg r 10
|
||||
+ send_msg w 10
|
||||
+ getattr r 7
|
||||
+ setattr w 7
|
||||
+ accept r 1
|
||||
+ getopt r 1
|
||||
+ read r 10
|
||||
+ setopt w 1
|
||||
+ shutdown w 1
|
||||
+ recvfrom r 10
|
||||
+ lock n 1
|
||||
+ relabelto w 10
|
||||
+ listen r 1
|
||||
+
|
||||
class netlink_firewall_socket 24
|
||||
nlmsg_write w 10
|
||||
nlmsg_read r 10
|
||||
@@ -984,6 +1012,8 @@ class netif 10
|
||||
udp_send w 10
|
||||
dccp_recv r 10
|
||||
dccp_send w 10
|
||||
+ sctp_recv r 10
|
||||
+ sctp_send w 10
|
||||
|
||||
class packet_socket 22
|
||||
append w 10
|
||||
diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
|
||||
index c7076d2..2d890f3 100644
|
||||
--- a/setools/policyrep/netcontext.py
|
||||
+++ b/setools/policyrep/netcontext.py
|
||||
@@ -38,6 +38,10 @@ try:
|
||||
IPPROTO_DCCP = getprotobyname("dccp")
|
||||
except socket.error:
|
||||
IPPROTO_DCCP = 33
|
||||
+try:
|
||||
+ IPPROTO_SCTP = getprotobyname("sctp")
|
||||
+except socket.error:
|
||||
+ IPPROTO_SCTP = 132
|
||||
|
||||
|
||||
def netifcon_factory(policy, name):
|
||||
@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum):
|
||||
tcp = IPPROTO_TCP
|
||||
udp = IPPROTO_UDP
|
||||
dccp = IPPROTO_DCCP
|
||||
+ sctp = IPPROTO_SCTP
|
||||
|
||||
|
||||
class Portcon(NetContext):
|
||||
--
|
||||
2.14.3
|
||||
|
13
setools.spec
13
setools.spec
|
@ -1,4 +1,4 @@
|
|||
%global setools_pre_ver rc
|
||||
# % global setools_pre_ver rc
|
||||
# % global gitver f1e5b20
|
||||
|
||||
%global sepol_ver 2.8-1
|
||||
|
@ -6,7 +6,7 @@
|
|||
|
||||
Name: setools
|
||||
Version: 4.2.0
|
||||
Release: 0.3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
|
||||
Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
|
||||
Summary: Policy analysis tools for SELinux
|
||||
|
||||
License: GPLv2
|
||||
|
@ -14,8 +14,8 @@ URL: https://github.com/SELinuxProject/setools/wiki
|
|||
Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
|
||||
Source1: setools.pam
|
||||
Source2: apol.desktop
|
||||
Patch1: 0001-Do-not-use-Werror-during-build.patch
|
||||
Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
||||
Patch1001: 1001-Do-not-use-Werror-during-build.patch
|
||||
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
||||
|
||||
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
||||
BuildRequires: flex, bison
|
||||
|
@ -105,8 +105,6 @@ CFLAGS="%{optflags}" %{__python3} setup.py build
|
|||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
rm -rf %{buildroot}%{_bindir}
|
||||
%{__python3} setup.py install --root %{buildroot}
|
||||
|
||||
%check
|
||||
|
@ -142,6 +140,9 @@ rm -rf %{buildroot}%{_bindir}
|
|||
%{_mandir}/man1/apol*
|
||||
|
||||
%changelog
|
||||
* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
|
||||
- Update source to SETools 4.2.0 release
|
||||
|
||||
* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
|
||||
- Update upstream source to 4.2.0-rc
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (4.2.0-rc.tar.gz) = 0bd0921d945b96b6126a0e7bbb9497881a12784fea54573c0a87655979f25c14406406bede55ccbcfce54c256f55a764c11424167dced8aa76b0d3892aaec20f
|
||||
SHA512 (4.2.0.tar.gz) = b51f458f7f2d1b569f63478f53709268615f711104915cc2d5031b2049435e4f43a103ebe50c9797ebe4b2645bf1974c73c2f53e7f602ae03c47221edb89d680
|
||||
|
|
Loading…
Reference in New Issue