From 40002ca5f7d6999d5398e71824bb6e7d43cf7499 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Jul 20 2015 16:09:00 +0000 Subject: Merge branch 'private-master-2.4' libsemanage-2.4-1 --- diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index 5991109..74da8e0 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -1,89 +1,95 @@ -diff --git a/src/direct_api.c b/src/direct_api.c -index 64dc7d9..5b94725 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - /* Declare some variables */ - int modified = 0, fcontexts_modified, ports_modified, - seusers_modified, users_extra_modified, dontaudit_modified, -- preserve_tunables_modified; -+ preserve_tunables_modified, bools_modified; - dbase_config_t *users = semanage_user_dbase_local(sh); - dbase_config_t *users_base = semanage_user_base_dbase_local(sh); - dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh); -@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh) - users_extra_modified = - users_extra->dtable->is_modified(users_extra->dbase); - ports_modified = ports->dtable->is_modified(ports->dbase); -+ bools_modified = bools->dtable->is_modified(bools->dbase); +diff --git libsemanage-2.4/src/direct_api.c libsemanage-2.4/src/direct_api.c +index b0ed338..ba5f475 100644 +--- libsemanage-2.4/src/direct_api.c ++++ libsemanage-2.4/src/direct_api.c +@@ -1355,7 +1355,7 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + int in_fd = -1; + char *path = NULL; + char *filename; +- char *lang_ext; ++ char *lang_ext = NULL; + char *separator; - modified = sh->modules_modified; - modified |= ports_modified; - modified |= users->dtable->is_modified(users_base->dbase); -- modified |= bools->dtable->is_modified(bools->dbase); - modified |= ifaces->dtable->is_modified(ifaces->dbase); - modified |= nodes->dtable->is_modified(nodes->dbase); - modified |= dontaudit_modified; -@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh) - - /* ==================== Policydb-backed ================ */ - -- /* Create new policy object, then attach to policy databases -- * that work with a policydb */ -+ /* Create new policy object */ - retval = semanage_expand_sandbox(sh, base, &out); - if (retval < 0) + if ((in_fd = open(install_filename, O_RDONLY)) == -1) { +@@ -1387,17 +1387,20 @@ static int semanage_direct_install_file(semanage_handle_t * sh, goto cleanup; - - sepol_module_package_free(base); - base = NULL; -+ } else { -+ /* Load already linked policy */ -+ retval = sepol_policydb_create(&out); -+ if (retval < 0) -+ goto cleanup; -+ -+ retval = semanage_read_policydb(sh, out); -+ if (retval < 0) -+ goto cleanup; -+ } + } + *separator = '\0'; ++ lang_ext = separator + 1; + } -+ if (sh->do_rebuild || modified || bools_modified) { -+ /* Attach to policy databases that work with a policydb. */ - dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, - out); - dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out); -@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - if (retval < 0) - goto cleanup; - } else { -- retval = sepol_policydb_create(&out); -- if (retval < 0) -- goto cleanup; + separator = strrchr(filename, '.'); + if (separator == NULL) { +- ERR(sh, "Module does not have a valid extension."); +- retval = -1; +- goto cleanup; ++ if (lang_ext == NULL) { ++ ERR(sh, "Module does not have a valid extension."); ++ retval = -1; ++ goto cleanup; ++ } ++ } else { ++ *separator = '\0'; ++ lang_ext = separator + 1; + } +- *separator = '\0'; - -- retval = semanage_read_policydb(sh, out); -- if (retval < 0) -- goto cleanup; -- -+ /* Changes to non-kernel policy configurations only. */ - if (seusers_modified || users_extra_modified) { - retval = semanage_link_base(sh, &base); - if (retval < 0) -@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - sepol_policydb_free(out); - out = NULL; +- lang_ext = separator + 1; -- if (sh->do_rebuild || modified || -+ if (sh->do_rebuild || modified || bools_modified || - seusers_modified || fcontexts_modified || users_extra_modified) { - retval = semanage_install_sandbox(sh); - } -@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - free(mod_filenames[i]); - } + retval = semanage_direct_install(sh, data, data_len, filename, lang_ext); + +diff --git libsemanage-2.4/tests/test_utilities.c libsemanage-2.4/tests/test_utilities.c +index 4d25b07..32cc33c 100644 +--- libsemanage-2.4/tests/test_utilities.c ++++ libsemanage-2.4/tests/test_utilities.c +@@ -45,7 +45,7 @@ void test_slurp_file_filter(void); + + char fname[] = { + 'T', 'E', 'S', 'T', '_', 'T', 'E', 'M', 'P', '_', 'X', 'X', 'X', 'X', +- 'X', 'X' ++ 'X', 'X', '\0' + }; + int fd; + FILE *fptr; +diff --git libsemanage-2.4/utils/semanage_migrate_store libsemanage-2.4/utils/semanage_migrate_store +index 03b492e..6584002 100755 +--- libsemanage-2.4/utils/semanage_migrate_store ++++ libsemanage-2.4/utils/semanage_migrate_store +@@ -221,7 +221,7 @@ def rebuild_policy(): + + + def oldroot_path(): +- return "/etc/selinux" ++ return "%s/etc/selinux" % ROOT + + def oldstore_path(store): + return "%s/%s/modules/active" % (oldroot_path(), store) +@@ -233,7 +233,7 @@ def disabledmodules_path(store): + return "%s/disabled" % newmodules_path(store) -- if (modified) { -+ if (modified || bools_modified) { - /* Detach from policydb, so it can be freed */ - dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase); - dbase_policydb_detach((dbase_policydb_t *) pports->dbase); + def newroot_path(): +- return PATH ++ return "%s%s" % (ROOT, PATH) + + def newstore_path(store): + return "%s/%s/active" % (newroot_path(), store) +@@ -260,6 +260,8 @@ if __name__ == "__main__": + help="Disable rebuilding policy after migration (default: no)") + parser.add_option("-P", "--path", dest="path", + help="Set path for the policy store (default: /var/lib/selinux)") ++ parser.add_option("-r", "--root", dest="root", ++ help="Set an alternative root for the migration (default: /)") + + (options, args) = parser.parse_args() + +@@ -272,6 +274,10 @@ if __name__ == "__main__": + if PATH is None: + PATH = "/var/lib/selinux" + ++ ROOT = options.root ++ if ROOT is None: ++ ROOT = "" ++ + # List of paths that go in the active 'root' + TOPPATHS = [ + "commit_num", diff --git a/libsemanage.spec b/libsemanage.spec index 23309bb..8299414 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,21 +1,22 @@ %global with_python3 1 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")} -%define libsepolver 2.1.9-1 -%define libselinuxver 2.1.13-1 +%define libsepolver 2.4-1 +%define libselinuxver 2.4-1 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 2.3 -Release: 7%{?dist} +Version: 2.4 +Release: 1%{?dist} License: LGPLv2+ Group: System Environment/Libraries -Source: libsemanage-%{version}.tgz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/libsemanage-%{version}.tar.gz +# use make-rhat-patches.sh to create following patch from https://github.com/bachradsusi/selinux.git +# HEAD https://github.com/fedora-selinux/selinux/commit/36fd8bb4b36bb1ca3aa10e3226136459e6ed2498 Patch: libsemanage-rhat.patch -URL: http://oss.tresys.com/git/selinux.git +URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel BuildRequires: libsepol-devel >= %{libsepolver} BuildRequires: audit-libs-devel @@ -122,8 +123,10 @@ InstallPythonWrapper() { } rm -rf ${RPM_BUILD_ROOT} -mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} +mkdir -p ${RPM_BUILD_ROOT}%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir} +mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux +mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux/tmp make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install InstallPythonWrapper \ @@ -148,8 +151,12 @@ rm -rf ${RPM_BUILD_ROOT} %license COPYING %dir %{_sysconfdir}/selinux %config(noreplace) %{_sysconfdir}/selinux/semanage.conf -/%{_libdir}/libsemanage.so.1 +%{_libdir}/libsemanage.so.1 %{_mandir}/man5/* +%dir %{_libexecdir}/selinux +%dir %{_sharedstatedir}/selinux +%dir %{_sharedstatedir}/selinux/tmp +%{_libexecdir}/selinux/semanage_migrate_store %post -p /sbin/ldconfig @@ -181,6 +188,18 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog +* Wed Jun 24 2015 Petr Lautrbach 2.4-0.6 +- Allow to use compressed modules without a compression extension + +* Tue Jun 16 2015 Petr Lautrbach 2.4-0.5 +- add /var/lib/selinux/tmp directory + +* Tue May 12 2015 Petr Lautrbach 2.4-0.4 +- semanage_migrate_store: add -r option for migrating inside chroots + +* Mon Apr 13 2015 Petr Lautrbach 2.4-0.3 +- Update to upstream release 2.4 + * Wed Jun 17 2015 Fedora Release Engineering - 2.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild diff --git a/make-rhat-patches.sh b/make-rhat-patches.sh new file mode 100755 index 0000000..ff689db --- /dev/null +++ b/make-rhat-patches.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +LIBSEMANAGE_VERSION=2.4 +BRANCH=master + +REBASEDIR=`mktemp -d rebase.XXXXXX` +pushd $REBASEDIR + +git clone git@github.com:fedora-selinux/selinux.git +pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd + +# prepare libsemanage-rhat.patch +tar xfz ../libsemanage-$LIBSEMANAGE_VERSION.tar.gz +pushd libsemanage-$LIBSEMANAGE_VERSION + +git init; git add .; git commit -m "init" +cp -r ../selinux/libsemanage/* . +git add -A . + +git diff --cached --src-prefix=libsemanage-$LIBSEMANAGE_VERSION/ --dst-prefix=libsemanage-$LIBSEMANAGE_VERSION/ > ../../libsemanage-rhat.patch + +popd + +popd +# echo rm -rf $REBASEDIR + +echo libsemanage-rhat.patch created from https://github.com/fedora-selinux/selinux/commit/$COMMIT