ALP-pool/libselinux
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 libselinux revision 778812dc095ffc2ad359efc7023e2550

Browse Source
This commit is contained in:
Adrian Schröter 2024-06-13 11:52:59 +02:00
commit 6b0f7688be
15 changed files with 2102 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

4
_multibuild Normal file
View File

@ -0,0 +1,4 @@
<multibuild>
<package>libselinux-bindings</package>
</multibuild>

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libselinux1

BIN
libselinux-3.5.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

19
libselinux-3.5.tar.gz.asc Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQKTBAABCgB9FiEE4WLerRzN0RPwSz1JK77Zyxpo71UFAmP3a11fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
NjJERUFEMUNDREQxMTNGMDRCM0Q0OTJCQkVEOUNCMUE2OEVGNTUACgkQK77Zyxpo
71Uajg//WGv3IopVYrtph3FgRUU5V+QGwvd0rdsL/+ZhNGYKi/Br1Pqdi8nHzg4j
jXX9B6uek1A9S1WC76uEtoG0pqc3KNXxAgZAVGpJBp29QCXftWbmMEu5obN+cST8
H1HaCm0MUdMB01Yyc8pNSujV7AezsKv60cxLNITdYXGjEFDIM73oYxc61qNrYbpm
dQabXqnGxp0FkzbRbO0JsOiwIMJuLBZEe7UyHPlF6Z9OemDe3ro5YbtyUJrzHIjO
nIyWZ8ApWXZ6Q8vJyk9RGBO1fNiAHlH5UCELK1Mj4vDMNkSmrOUkoz0DWJ8+vnkf
Bb7wC7STzWMXTb8R/Zx0GuQ/3VsM5Y9ebYFz2XV3Brttxrp4WAKZjwXduDOHOSLX
EOMM3/c20z3LYAl6aAvo36DQSYJ7zAm6qF1ZF5JmH0DYBSZevXMRF14x0EZLchgS
TSIzfFlIT7SYlxIGZX54hwN9FQidhlK//onHE16Ri/GyOSJa8/uUhntrJb0lgoh+
5FllC+dgXuLMNpCE7ltqWFHgMLsEaKBi4Z6mOONL54iYJUUzfHHjXoi+cLRO6eUU
9zQhQfQ7+HANcQt691EUBo0efiNT1upI4H4C6CFojobMX4pVUsKouMfjAg8Jl/is
Z63fXRJWBGS6NGR7ZxodV6wF5OzVMH4IDO6Rdf5X6Apcinshs8U=
=NKC3
-----END PGP SIGNATURE-----

469
libselinux-bindings.changes Normal file
View File

@ -0,0 +1,469 @@
-------------------------------------------------------------------
Fri May 5 12:35:31 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Add python-wheel build dependency to build correctly with latest
python-pip version.
-------------------------------------------------------------------
Thu May 4 14:04:04 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Thu Mar 23 15:39:15 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO as it works fine now.
-------------------------------------------------------------------
Fri Feb 24 07:42:25 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5:
* check for truncations
* avoid newline in avc message
* bail out on path truncations
* add getpidprevcon to gather the previous context before the last
exec of a given process
* Workaround for heap overhead of pcre
* fix memory leaks on the audit2why module init
* ignore invalid class name lookup
- Drop restorecon_pin_file.patch, is upstream
- Refreshed python3.8-compat.patch
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:23:32 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4:
* Use PCRE2 by default
* Make selinux_log() and is_context_customizable() thread-safe
* Prevent leakeing file descriptors
* Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
-------------------------------------------------------------------
Thu Nov 11 13:25:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3:
* Lots of smaller issues fixed found by fuzzing
-------------------------------------------------------------------
Wed Mar 17 15:17:27 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Switch to pcre2:
+ Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
+ Pass USE_PCRE2=y to make.
-------------------------------------------------------------------
Tue Mar 9 09:01:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2:
* Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit
format.
-------------------------------------------------------------------
Tue Jul 14 08:24:20 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1:
* selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were
removed. All userspace object managers should have been updated to use the
dynamic class/perm mapping support.
Use string_to_security_class(3) and string_to_av_perm(3) to map the class
and permission names to their policy values, or selinux_set_mapping(3) to
create a mapping from class and permission index values used by the
application to the policy values.
* Removed restrictions in libsepol and checkpolicy that required all declared
initial SIDs to be assigned a context.
* Support for new policy capability genfs_seclabel_symlinks
* selinuxfs is mounted with noexec and nosuid
* `security_compute_user()` was deprecated
* Refreshed python3.8-compat.patch
-------------------------------------------------------------------
Tue Mar 3 11:13:12 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Ignore the stem when looking up all matches in file context
* Save digest of all partial matches for directory
* Use Python distutils to install SELinux python bindings
* ensure that digest_len is not zero
* fix string conversion of unknown perms
* mark all exported function "extern"
-------------------------------------------------------------------
Mon Dec 16 16:04:41 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
- Added swig4_moduleimport.patch to prevent import errors due to
SWIG 4
-------------------------------------------------------------------
Wed Oct 30 17:21:00 CET 2019 - Matej Cepl <mcepl@suse.com>
- Add python3.8-compat.patch which makes build possible even with
Python 3.8, which doesnt automatically adds -lpython<ver>
-------------------------------------------------------------------
Tue May 28 08:28:03 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO (boo#1133244).
-------------------------------------------------------------------
Fri May 24 11:22:19 UTC 2019 - <jsegitz@suse.com>
- Set License: to correct value (bsc#1135710)
-------------------------------------------------------------------
Wed Mar 20 15:05:35 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Add security_reject_unknown(3) man page
* Change matchpathcon usage to match with matchpathcon manpage
* Do not define gettid() if glibc >= 2.30 is used
* Fix RESOURCE_LEAK defects reported by coverity scan
* Fix line wrapping in selabel_file.5
* Do not dereference symlink with statfs in selinux_restorecon
* Fix overly strict validation of file_contexts.bin
* Fix selinux_restorecon() on non-SELinux hosts
* Fix the whatis line for the selinux_boolean_sub.3 manpage
* Fix printf format string specifier for uint64_t
* Fix handling of unknown classes/perms
* Set an appropriate errno in booleans.c
- Dropped python3.patch, is now upstream
-------------------------------------------------------------------
Wed Oct 17 11:48:30 UTC 2018 - jsegitz@suse.com
- Update to version 2.8 (bsc#1111732).
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- ran spec-cleaner on spec files
-------------------------------------------------------------------
Mon May 14 22:50:42 UTC 2018 - mcepl@cepl.eu
- Update to version 2.7.
* %files needed to be heavily modified
* Based expressly on python3, not just python
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
-------------------------------------------------------------------
Fri Mar 16 15:25:10 UTC 2018 - jsegitz@suse.com
- Updated spec file to use python3. Added python3.patch to fix
build
-------------------------------------------------------------------
Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* selinux_restorecon: fix realpath logic
* sefcontext_compile: invert semantics of "-r" flag
* sefcontext_compile: Add "-i" flag
* Introduce configurable backends
* Add function to find security.restorecon_last entries
* Add openrc_contexts functions
* Add support for pcre2
* Handle NULL pcre study data
* Add setfiles support to selinux_restorecon(3)
* Evaluate inodes in selinux_restorecon(3)
* Change the location of _selinux.so
* Explain how to free policy type from selinux_getpolicytype()
* Compare absolute pathname in matchpathcon -V
* Add selinux_snapperd_contexts_path()
* Modify audit2why analyze function to use loaded policy
* Avoid mounting /proc outside of selinux_init_load_policy()
* Fix location of selinuxfs mount point
* Only mount /proc if necessary
* procattr: return einval for <= 0 pid args
* procattr: return error on invalid pid_t input
- Dropped
* libselinux-2.2-ruby.patch
* libselinux-proc-mount-only-if-needed.patch
* python-selinux-swig-3.10.patch
-------------------------------------------------------------------
Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de
- readv-proto.patch: include <sys/uio.h> for readv prototype
-------------------------------------------------------------------
Sun Jul 17 15:30:05 UTC 2016 - jengelh@inai.de
- Update RPM groups, trim description and combine filelist entries.
-------------------------------------------------------------------
Thu Jul 14 07:59:04 UTC 2016 - jsegitz@novell.com
- Adjusted source link
-------------------------------------------------------------------
Tue Jul 5 16:44:44 UTC 2016 - i@marguerite.su
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
* swig-3.10 in Factory use importlib instead of imp to find
_selinux.so. imp searched the same directory as __init__.py
is while importlib searchs only standard paths. so we have
to move _selinux.so. fixed by upstream
- update version 2.5
* Add selinux_restorecon function
* read_spec_entry: fail on non-ascii
* Add man information about thread specific functions
* Don't wrap rpm_execcon with DISABLE_RPM with SWIG
* Correct line count for property and service context files
* label_file: fix memory leaks and uninitialized jump
* Replace selabel_digest hash function
* Fix selabel_open(3) services if no digest requested
* Add selabel_digest function
* Flush the class/perm string mapping cache on policy reload
* Fix restorecon when path has no context
* Free memory when processing media and x specfiles
* Fix mmap memory release for file labeling
* Add policy context validation to sefcontext_compile
* Do not treat an empty file_contexts(.local) as an error
* Fail hard on invalid property_contexts entries
* Fail hard on invalid file_contexts entries
* Support context validation on file_contexts.bin
* Add selabel_cmp interface and label_file backend
* Support specifying file_contexts.bin file path
* Support file_contexts.bin without file_contexts
* Simplify procattr cache
* Use /proc/thread-self when available
* Add const to selinux_opt for label backends
* Fix binary file labels for regexes with metachars
* Fix file labels for regexes with metachars
* Fix if file_contexts not '\n' terminated
* Enhance file context support
* Fix property processing and cleanup formatting
* Add read_spec_entries function to replace sscanf
* Support consistent mode size for bin files
* Fix more bin file processing core dumps
* add selinux_openssh_contexts_path()
* setrans_client: minimize overhead when mcstransd is not present
* Ensure selabel_lookup_best_match links NULL terminated
* Fix core dumps with corrupt *.bin files
* Add selabel partial and best match APIs
* Use os.walk() instead of the deprecated os.path.walk()
* Remove deprecated mudflap option
* Mount procfs before checking /proc/filesystems
* Fix -Wformat errors with gcc-5.0.0
* label_file: handle newlines in file names
* Fix audit2why error handling if SELinux is disabled
* pcre_study can return NULL without error
* Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
* Fix bugs found by hardened gcc flags
* Set the system to permissive if failing to disable SELinux because
policy has already been loaded
* Add db_exception and db_datatype support to label_db backend
* Log an error on unknown classes and permissions
* Add pcre version string to the compiled file_contexts format
* Deprecate use of flask.h and av_permissions.h
* Compiled file_context files and the original should have the same DAC
permissions
-------------------------------------------------------------------
Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
- Update libselinux-2.2-ruby.patch: use RbConfig instead of
deprecated Config.
-------------------------------------------------------------------
Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
- Update to version 2.3
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
-------------------------------------------------------------------
Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* Support overriding Makefile RANLIB
* Update pkgconfig definition
* Mount sysfs before trying to mount selinuxfs.
* Fix man pages
* Support overriding PATH and LIBBASE in Makefile
* Fix LDFLAGS usage
* Avoid shadowing stat in load_mmap
* Support building on older PCRE libraries
* Fix handling of temporary file in sefcontext_compile
* Fix procattr cache
* Define python constants for getenforce result
* Fix label substitution handling of /
* Add selinux_current_policy_path from
* Change get_context_list to only return good matches
* Support udev-197 and higher
* Add support for local substitutions
* Change setfilecon to not return ENOSUP if context is already correct
* Python wrapper leak fixes
* Export SELINUX_TRANS_DIR definition in selinux.h
* Add selinux_systemd_contexts_path
* Add selinux_set_policy_root
* Add man page for sefcontext_compile
- Remove libselinux-rhat.patch; merged on upstream
- Adapt libselinux-ruby.patch to upstream changes
- Use fdupes to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:57:53 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.13 release tarball
-------------------------------------------------------------------
Wed Jan 30 12:33:45 UTC 2013 - vcizek@suse.com
- update to 2.1.12
- added BuildRequires: pcre-devel
-------------------------------------------------------------------
Mon Jan 7 22:34:03 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com
- updated to 2.1.9 again (see below)
-------------------------------------------------------------------
Fri Jun 1 18:34:04 CEST 2012 - mls@suse.de
- update to libselinux-2.1.9
* better man pages
* selinux_status interfaces
* simple interface for access checks
* multiple bug fixes
- fix build for ruby-1.9
-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
- use %_smp_mflags
-------------------------------------------------------------------
Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz
- updated to 2.0.91
* changes too numerous to list
-------------------------------------------------------------------
Sat Dec 12 16:43:54 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Fri Jul 24 17:09:50 CEST 2009 - thomas@novell.com
- updated selinux-ready script
-------------------------------------------------------------------
Wed Jul 22 15:17:25 CEST 2009 - prusnak@suse.cz
- change libsepol-devel to libsepol-devel-static in dependencies
of python bindings
-------------------------------------------------------------------
Wed Jul 1 12:26:48 CEST 2009 - prusnak@suse.cz
- put libsepol-devel back to Requires of libselinux-devel
-------------------------------------------------------------------
Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz
- added selinux-ready tool to selinux-tools package
-------------------------------------------------------------------
Tue Jun 9 20:17:54 CEST 2009 - crrodriguez@suse.de
- remove static libraries
- libselinux-devel does not require libsepol-devel
-------------------------------------------------------------------
Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz
- updated to 2.0.80
* deny_unknown wrapper function from KaiGai Kohei
* security_compute_av_flags API from KaiGai Kohei
* Netlink socket management and callbacks from KaiGai Kohei
* Netlink socket handoff patch from Adam Jackson
* AVC caching of compute_create results by Eric Paris
* fix incorrect conversion in discover_class code
-------------------------------------------------------------------
Fri Apr 17 17:12:06 CEST 2009 - prusnak@suse.cz
- fixed memory leak (memleak.patch)
-------------------------------------------------------------------
Wed Jan 14 14:04:30 CET 2009 - prusnak@suse.cz
- updated to 2.0.77
* add new function getseuser which will take username and service
and return seuser and level; ipa will populate file in future
* change selinuxdefcon to return just the context by default
* fix segfault if seusers file does not work
* strip trailing / for matchpathcon
* fix restorecon python code
-------------------------------------------------------------------
Mon Dec 1 11:32:50 CET 2008 - prusnak@suse.cz
- updated to 2.0.76
* allow shell-style wildcarding in X names
* add Restorecon/Install python functions
* correct message types in AVC log messages
* make matchpathcon -V pass mode
* add man page for selinux_file_context_cmp
* update flask headers from refpolicy trunk
-------------------------------------------------------------------
Wed Oct 22 16:28:59 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:51:10 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:09:22 CEST 2008 - prusnak@suse.cz
- updated to 2.0.71
* Add group support to seusers using %groupname syntax from Dan Walsh.
* Mark setrans socket close-on-exec from Stephen Smalley.
* Only apply nodups checking to base file contexts from Stephen Smalley.
* Merge ruby bindings from Dan Walsh.
-------------------------------------------------------------------
Mon Sep 1 07:35:00 CEST 2008 - aj@suse.de
- Fix build of debuginfo.
-------------------------------------------------------------------
Fri Aug 22 14:45:29 CEST 2008 - prusnak@suse.cz
- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
- split tools into separate subpackage (selinux-tools)
-------------------------------------------------------------------
Fri Aug 1 17:32:20 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:26:31 CEST 2008 - prusnak@suse.cz
- initial version 2.0.67
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

104
libselinux-bindings.spec Normal file
View File

@ -0,0 +1,104 @@
#
# spec file for package libselinux-bindings
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define libsepol_ver 3.5
Name: libselinux-bindings
Version: 3.5
Release: 0
Summary: SELinux runtime library and simple utilities
License: SUSE-Public-Domain
Group: Development/Libraries/C and C++
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz.asc
Source2: libselinux.keyring
Source3: selinux-ready
Source4: baselibs.conf
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch
# PATCH-FIX-UPSTREAM python3.8-compat.patch mcepl@suse.com
# Make linking working even when default pkg-config doesnt provide -lpython<ver>
Patch5: python3.8-compat.patch
Patch6: swig4_moduleimport.patch
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: python-rpm-macros
BuildRequires: python3-devel
BuildRequires: ruby-devel
BuildRequires: swig
BuildRequires: pkgconfig(libpcre2-8)
%description
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
%package -n python3-selinux
%define oldpython python
Summary: Python bindings for the SELinux runtime library
Group: Development/Libraries/Python
Requires: libselinux1 = %{version}
Requires: python3
%ifpython2
Obsoletes: %{oldpython}-selinux < %{version}
Provides: %{oldpython}-selinux = %{version}
%endif
%description -n python3-selinux
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This subpackage contains Python extensions to use SELinux from that
language.
%package -n ruby-selinux
Summary: Ruby bindings for the SELinux runtime library
Group: Development/Languages/Ruby
Requires: libselinux1 = %{version}
Requires: ruby
%description -n ruby-selinux
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This subpackage contains Ruby extensions to use SELinux from that
language.
%prep
%setup -q -n libselinux-%{version}
%autopatch -p1
%build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" swigify V=1 USE_PCRE2=y
make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" pywrap V=1 USE_PCRE2=y
make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" rubywrap V=1 USE_PCRE2=y
%install
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a install-pywrap V=1
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a install-rubywrap V=1
rm -rf %{buildroot}/%{_lib} %{buildroot}%{_libdir}/libselinux.* %{buildroot}%{_libdir}/pkgconfig
%files -n python3-selinux
%{python3_sitearch}/*selinux*
%files -n ruby-selinux
%{_libdir}/ruby/vendor_ruby/%{rb_ver}/%{rb_arch}/selinux.so
%changelog

706
libselinux.changes Normal file
View File

@ -0,0 +1,706 @@
-------------------------------------------------------------------
Thu May 4 14:04:04 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Fri Mar 24 13:51:52 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
of LTO
-------------------------------------------------------------------
Thu Mar 23 15:39:15 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO as it works fine now.
-------------------------------------------------------------------
Fri Feb 24 07:42:25 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5:
* check for truncations
* avoid newline in avc message
* bail out on path truncations
* add getpidprevcon to gather the previous context before the last
exec of a given process
* Workaround for heap overhead of pcre
* fix memory leaks on the audit2why module init
* ignore invalid class name lookup
- Drop restorecon_pin_file.patch, is upstream
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Thu Jul 7 12:16:45 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Fixed initrd check in selinux-ready (bnc#1186127)
-------------------------------------------------------------------
Tue May 31 15:10:26 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Added restorecon_pin_file.patch. Fixes issus when running
fixfiles/restorecon
-------------------------------------------------------------------
Mon May 9 10:23:32 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4:
* Use PCRE2 by default
* Make selinux_log() and is_context_customizable() thread-safe
* Prevent leakeing file descriptors
* Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
-------------------------------------------------------------------
Tue Feb 15 07:49:43 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Add Requires for exact libselinux1 version for selinux-tools
- Simplyfied check for correct boot paramaters in selinux-ready
(bsc#1195361)
-------------------------------------------------------------------
Thu Nov 11 13:25:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3:
* Lots of smaller issues fixed found by fuzzing
-------------------------------------------------------------------
Sun Jul 18 08:41:37 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Add missing libselinux-utils Provides to selinux-tools so that
%selinux_requires works
-------------------------------------------------------------------
Mon Apr 26 07:14:53 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Remove Recommends for selinux-autorelabel. It's better to have this
in the policy package itself (bsc#1181837)
-------------------------------------------------------------------
Wed Mar 17 15:13:16 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Switch to pcre2:
+ Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
+ Pass USE_PCRE2=y to make.
+ Replace pkgconfig(libpcre) Requires in -devel static with
pkgconfig(libpcre2-8).
-------------------------------------------------------------------
Tue Mar 9 09:01:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2:
* Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit
format.
-------------------------------------------------------------------
Sat Feb 6 13:54:41 UTC 2021 - Matej Cepl <mcepl@suse.com>
- Add Recommends: selinux-autorelabel, which is very important
for healthy use of the SELinux on the system (/.autorelabel
mechanism) (bsc#1181837).
-------------------------------------------------------------------
Thu Oct 29 10:22:23 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- install to /usr (boo#1029961)
-------------------------------------------------------------------
Tue Jul 14 08:24:20 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1:
* selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were
removed. All userspace object managers should have been updated to use the
dynamic class/perm mapping support.
Use string_to_security_class(3) and string_to_av_perm(3) to map the class
and permission names to their policy values, or selinux_set_mapping(3) to
create a mapping from class and permission index values used by the
application to the policy values.
* Removed restrictions in libsepol and checkpolicy that required all declared
initial SIDs to be assigned a context.
* Support for new policy capability genfs_seclabel_symlinks
* selinuxfs is mounted with noexec and nosuid
* `security_compute_user()` was deprecated
-------------------------------------------------------------------
Thu Mar 26 15:43:41 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Added skip_cycles.patch to skip directory cycles and not error
out
-------------------------------------------------------------------
Tue Mar 3 11:13:12 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Ignore the stem when looking up all matches in file context
* Save digest of all partial matches for directory
* Use Python distutils to install SELinux python bindings
* ensure that digest_len is not zero
* fix string conversion of unknown perms
* mark all exported function "extern"
Dropped Use-Python-distutils-to-install-SELinux.patch, included
upstream
-------------------------------------------------------------------
Wed Nov 13 08:03:39 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
- Added Use-Python-distutils-to-install-SELinux.patch to use
Python's distutils instead of building and installing python
bindings manually
-------------------------------------------------------------------
Mon Jun 3 09:34:17 UTC 2019 - <jsegitz@suse.com>
- In selinux-ready
* Removed check for selinux-policy package as we don't ship one
(bsc#1136845)
* Add check that restorecond is installed and enabled
-------------------------------------------------------------------
Fri May 24 11:22:19 UTC 2019 - <jsegitz@suse.com>
- Set License: to correct value (bsc#1135710)
-------------------------------------------------------------------
Thu Apr 25 07:14:10 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO (boo#1133244).
-------------------------------------------------------------------
Wed Mar 20 15:05:35 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Add security_reject_unknown(3) man page
* Change matchpathcon usage to match with matchpathcon manpage
* Do not define gettid() if glibc >= 2.30 is used
* Fix RESOURCE_LEAK defects reported by coverity scan
* Fix line wrapping in selabel_file.5
* Do not dereference symlink with statfs in selinux_restorecon
* Fix overly strict validation of file_contexts.bin
* Fix selinux_restorecon() on non-SELinux hosts
* Fix the whatis line for the selinux_boolean_sub.3 manpage
* Fix printf format string specifier for uint64_t
* Fix handling of unknown classes/perms
* Set an appropriate errno in booleans.c
- Dropped python3.patch, is now upstream
-------------------------------------------------------------------
Fri Jan 4 14:18:42 UTC 2019 - jsegitz@suse.com
- Remove unneeded build requires for python3 (bsc#1120255)
-------------------------------------------------------------------
Wed Oct 17 11:48:30 UTC 2018 - jsegitz@suse.com
- Update to version 2.8 (bsc#1111732)
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- ran spec-cleaner on spec files
-------------------------------------------------------------------
Mon May 14 22:45:54 UTC 2018 - mcepl@cepl.eu
- Update to version 2.7.
* %files needed to be heavily modified
* Based expressly on python3, not just python
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
-------------------------------------------------------------------
Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* selinux_restorecon: fix realpath logic
* sefcontext_compile: invert semantics of "-r" flag
* sefcontext_compile: Add "-i" flag
* Introduce configurable backends
* Add function to find security.restorecon_last entries
* Add openrc_contexts functions
* Add support for pcre2
* Handle NULL pcre study data
* Add setfiles support to selinux_restorecon(3)
* Evaluate inodes in selinux_restorecon(3)
* Change the location of _selinux.so
* Explain how to free policy type from selinux_getpolicytype()
* Compare absolute pathname in matchpathcon -V
* Add selinux_snapperd_contexts_path()
* Modify audit2why analyze function to use loaded policy
* Avoid mounting /proc outside of selinux_init_load_policy()
* Fix location of selinuxfs mount point
* Only mount /proc if necessary
* procattr: return einval for <= 0 pid args
* procattr: return error on invalid pid_t input
- Dropped
* libselinux-2.2-ruby.patch
* libselinux-proc-mount-only-if-needed.patch
* python-selinux-swig-3.10.patch
-------------------------------------------------------------------
Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de
- readv-proto.patch: include <sys/uio.h> for readv prototype
-------------------------------------------------------------------
Sun Jul 24 19:33:42 UTC 2016 - crrodriguez@opensuse.org
- -devel static subpackage requires libpcre-devel and libsepol-devel
-------------------------------------------------------------------
Sun Jul 24 19:05:35 UTC 2016 - crrodriguez@opensuse.org
- Avoid mounting /proc outside of selinux_init_load_policy().
(Stephen Smalley) reverts upstream 5a8d8c4, 9df4988, fixes
among other things systemd seccomp sandboxing otherwise all
filters must allow mount(2)
(libselinux-proc-mount-only-if-needed.patch)
-------------------------------------------------------------------
Sun Jul 17 15:30:05 UTC 2016 - jengelh@inai.de
- Update RPM groups, trim description and combine filelist entries.
-------------------------------------------------------------------
Thu Jul 14 07:58:49 UTC 2016 - jsegitz@novell.com
- Adjusted source link
-------------------------------------------------------------------
Tue Jul 5 16:42:03 UTC 2016 - i@marguerite.su
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
* swig-3.10 in Factory use importlib instead of imp to find
_selinux.so. imp searched the same directory as __init__.py
is while importlib searchs only standard paths. so we have
to move _selinux.so. fixed by upstream
- update version 2.5
* Add selinux_restorecon function
* read_spec_entry: fail on non-ascii
* Add man information about thread specific functions
* Don't wrap rpm_execcon with DISABLE_RPM with SWIG
* Correct line count for property and service context files
* label_file: fix memory leaks and uninitialized jump
* Replace selabel_digest hash function
* Fix selabel_open(3) services if no digest requested
* Add selabel_digest function
* Flush the class/perm string mapping cache on policy reload
* Fix restorecon when path has no context
* Free memory when processing media and x specfiles
* Fix mmap memory release for file labeling
* Add policy context validation to sefcontext_compile
* Do not treat an empty file_contexts(.local) as an error
* Fail hard on invalid property_contexts entries
* Fail hard on invalid file_contexts entries
* Support context validation on file_contexts.bin
* Add selabel_cmp interface and label_file backend
* Support specifying file_contexts.bin file path
* Support file_contexts.bin without file_contexts
* Simplify procattr cache
* Use /proc/thread-self when available
* Add const to selinux_opt for label backends
* Fix binary file labels for regexes with metachars
* Fix file labels for regexes with metachars
* Fix if file_contexts not '\n' terminated
* Enhance file context support
* Fix property processing and cleanup formatting
* Add read_spec_entries function to replace sscanf
* Support consistent mode size for bin files
* Fix more bin file processing core dumps
* add selinux_openssh_contexts_path()
* setrans_client: minimize overhead when mcstransd is not present
* Ensure selabel_lookup_best_match links NULL terminated
* Fix core dumps with corrupt *.bin files
* Add selabel partial and best match APIs
* Use os.walk() instead of the deprecated os.path.walk()
* Remove deprecated mudflap option
* Mount procfs before checking /proc/filesystems
* Fix -Wformat errors with gcc-5.0.0
* label_file: handle newlines in file names
* Fix audit2why error handling if SELinux is disabled
* pcre_study can return NULL without error
* Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
* Fix bugs found by hardened gcc flags
* Set the system to permissive if failing to disable SELinux because
policy has already been loaded
* Add db_exception and db_datatype support to label_db backend
* Log an error on unknown classes and permissions
* Add pcre version string to the compiled file_contexts format
* Deprecate use of flask.h and av_permissions.h
* Compiled file_context files and the original should have the same DAC
permissions
-------------------------------------------------------------------
Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com
- fixed selinux-ready to work with initrd files created by dracut (bsc#940006)
-------------------------------------------------------------------
Mon Sep 8 08:25:11 UTC 2014 - jsegitz@suse.com
- updated selinux-ready script to handle initrd files compressed with xz
-------------------------------------------------------------------
Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
- Update to version 2.3
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
-------------------------------------------------------------------
Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* Support overriding Makefile RANLIB
* Update pkgconfig definition
* Mount sysfs before trying to mount selinuxfs.
* Fix man pages
* Support overriding PATH and LIBBASE in Makefile
* Fix LDFLAGS usage
* Avoid shadowing stat in load_mmap
* Support building on older PCRE libraries
* Fix handling of temporary file in sefcontext_compile
* Fix procattr cache
* Define python constants for getenforce result
* Fix label substitution handling of /
* Add selinux_current_policy_path from
* Change get_context_list to only return good matches
* Support udev-197 and higher
* Add support for local substitutions
* Change setfilecon to not return ENOSUP if context is already correct
* Python wrapper leak fixes
* Export SELINUX_TRANS_DIR definition in selinux.h
* Add selinux_systemd_contexts_path
* Add selinux_set_policy_root
* Add man page for sefcontext_compile
- Remove libselinux-rhat.patch; merged on upstream
- Adapt libselinux-ruby.patch to upstream changes
- Use fdupes to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:42:01 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.13 release tarball
-------------------------------------------------------------------
Wed May 22 23:50:58 UTC 2013 - jengelh@inai.de
- Reuse implicit dependencies injected by pkgconfig
-------------------------------------------------------------------
Thu Apr 4 19:16:35 UTC 2013 - vcizek@suse.com
- fixed source url in libselinux-bindings.spec
- removed old tarball
-------------------------------------------------------------------
Wed Apr 3 10:17:21 UTC 2013 - vcizek@suse.com
- fix source url
- document changes in libselinux-rhat.patch from previous submission:
(most code of the removed code was integrated upstream)
* Add matchpathcon -P /etc/selinux/mls support by allowing users
to set alternate root
* Add new constant SETRANS_DIR which points to the directory
where mstransd can find the socket and libvirt can write its
translations files
-------------------------------------------------------------------
Fri Mar 29 15:12:50 UTC 2013 - vcizek@suse.com
-update to 2.1.13
* audit2why: make sure path is nul terminated
* utils: new file context regex compiler
* label_file: use precompiled filecontext when possible
* do not leak mmapfd
* sefcontontext_compile: Add error handling to help debug problems in libsemanage.
* man: make selinux.8 mention service man pages
* audit2why: Fix segfault if finish() called twice
* audit2why: do not leak on multiple init() calls
* mode_to_security_class: interface to translate a mode_t in to a security class
* audit2why: Cleanup audit2why analysys function
* man: Fix program synopsis and function prototypes in man pages
* man: Fix man pages formatting
* man: Fix typo in man page
* man: Add references and man page links to _raw function variants
* Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
* man: context_new(3): fix the return value description
* selinux_status_open: handle error from sysconf
* selinux_status_open: do not leak statusfd on exec
* Fix errors found by coverity
* Change boooleans.subs to booleans.subs_dist.
* optimize set*con functions
* pkg-config do not specifc ruby version
* unmap file contexts on selabel_close()
* do not leak file contexts with mmap'd backend
* sefcontext_compile: do not leak fd on error
* matchmediacon: do not leak fd
* src/label_android_property: do not leak fd on error
-------------------------------------------------------------------
Wed Jan 30 11:44:45 UTC 2013 - vcizek@suse.com
- update to 2.1.12
- added the recent libselinux-rhat.patch
* Add support for lxc_contexts_path
* utils: add service to getdefaultcon
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* boolean name equivalency
* getsebool: support boolean name substitution
* Add man page for new selinux_boolean_sub function.
* expose selinux_boolean_sub
* matchpathcon: add -m option to force file type check
* utils: avcstat: clear sa_mask set
* seusers: Check for strchr failure
* booleans: initialize pointer to silence coveriety
* stop messages when SELinux disabled
* Ensure that we only close the selinux netlink socket once.
* improve the file_contexts.5 manual page
* Fortify source now requires all code to be compiled with -O flag
* asprintf return code must be checked
* avc_netlink_recieve handle EINTR
* audit2why: silence -Wmissing-prototypes warning
* libsemanage: remove build warning when build swig c files
* matchpathcon: bad handling of symlinks in /
* seusers: remove unused lineno
* seusers: getseuser: gracefully handle NULL service
* New Android property labeling backend
* label_android_property whitespace cleanups
* additional makefile support for rubywrap
* Remove jump over variable declaration
* Fix old style function definitions
* Fix const-correctness
* Remove unused flush_class_cache method
* Add prototype decl for destructor
* Add more printf format annotations
* Add printf format attribute annotation to die() method
* Fix const-ness of parameters & make usage() methods static
* Enable many more gcc warnings for libselinux/src/ builds
* utils: Enable many more gcc warnings for libselinux/utils builds
* Change annotation on include/selinux/avc.h to avoid upsetting SWIG
* Ensure there is a prototype for 'matchpathcon_lib_destructor'
* Update Makefiles to handle /usrmove
* utils: Stop separating out matchpathcon as something special
* pkg-config to figure out where ruby include files are located
* build with either ruby 1.9 or ruby 1.8
* assert if avc_init() not called
* take security_deny_unknown into account
* security_compute_create_name(3)
* Do not link against python library, this is considered
* bad practice in debian
* Hide unnecessarily-exported library destructors
-------------------------------------------------------------------
Mon Jan 7 22:34:03 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Tue Dec 11 16:15:52 UTC 2012 - vcizek@suse.com
- update selinux-ready script
* use -L when stat()ing /etc/selinux/config
* make sure that SELINUX isn't disabled in /etc/selinux/config
* look for either of /sys/fs/selinux and /selinux directory
* use systemctl to check for restorecond
* don't look for booleans file (deprecated)
-------------------------------------------------------------------
Tue Nov 27 12:38:29 UTC 2012 - vcizek@suse.com
- update selinux-ready script
-------------------------------------------------------------------
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com
- updated to 2.1.9 again (see below)
-------------------------------------------------------------------
Wed Jun 13 08:56:36 UTC 2012 - coolo@suse.com
- go back even more - everything else requires the full SELinux stack
(too late for 12.2)
-------------------------------------------------------------------
Mon Jun 11 09:06:55 UTC 2012 - factory-maintainer@kulow.org
- revert back to 2.0.98 for 12.2
-------------------------------------------------------------------
Fri Jun 1 18:34:04 CEST 2012 - mls@suse.de
- update to libselinux-2.1.9
* better man pages
* selinux_status interfaces
* simple interface for access checks
* multiple bug fixes
-------------------------------------------------------------------
Wed Oct 5 15:09:25 UTC 2011 - uli@suse.com
- cross-build fix: use %__cc macro
-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
- use %_smp_mflags
-------------------------------------------------------------------
Mon May 3 10:30:40 UTC 2010 - prusnak@suse.cz
- don't package /var/run/setrans in libselinux1 package
- Feature#303793
- the directory will be created in initscript of mcstrans package
-------------------------------------------------------------------
Sat Apr 24 09:53:28 UTC 2010 - coolo@novell.com
- buildrequire pkg-config to fix provides
-------------------------------------------------------------------
Fri Apr 9 07:27:27 UTC 2010 - thomas@novell.com
- selinux-ready: added function to check for restorecond in
runlevel 3/5
-------------------------------------------------------------------
Thu Apr 8 06:37:34 UTC 2010 - thomas@novell.com
- selinux-ready: added functions for checking PAM config and
policy boolean init_upstart
-------------------------------------------------------------------
Wed Apr 7 13:26:59 UTC 2010 - thomas@novell.com
- selinux-ready: fixed init ramfs checking
-------------------------------------------------------------------
Wed Apr 7 12:59:41 UTC 2010 - thomas@novell.com
- added new selinux-ready script
-------------------------------------------------------------------
Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz
- updated to 2.0.91
* changes too numerous to list
-------------------------------------------------------------------
Sat Dec 12 16:43:54 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Fri Jul 24 17:09:50 CEST 2009 - thomas@novell.com
- updated selinux-ready script
-------------------------------------------------------------------
Wed Jul 22 15:17:25 CEST 2009 - prusnak@suse.cz
- change libsepol-devel to libsepol-devel-static in dependencies
of python bindings
-------------------------------------------------------------------
Wed Jul 1 12:26:48 CEST 2009 - prusnak@suse.cz
- put libsepol-devel back to Requires of libselinux-devel
-------------------------------------------------------------------
Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz
- added selinux-ready tool to selinux-tools package
-------------------------------------------------------------------
Tue Jun 9 20:17:54 CEST 2009 - crrodriguez@suse.de
- remove static libraries
- libselinux-devel does not require libsepol-devel
-------------------------------------------------------------------
Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz
- updated to 2.0.80
* deny_unknown wrapper function from KaiGai Kohei
* security_compute_av_flags API from KaiGai Kohei
* Netlink socket management and callbacks from KaiGai Kohei
* Netlink socket handoff patch from Adam Jackson
* AVC caching of compute_create results by Eric Paris
* fix incorrect conversion in discover_class code
-------------------------------------------------------------------
Fri Apr 17 17:12:06 CEST 2009 - prusnak@suse.cz
- fixed memory leak (memleak.patch)
-------------------------------------------------------------------
Wed Jan 14 14:04:30 CET 2009 - prusnak@suse.cz
- updated to 2.0.77
* add new function getseuser which will take username and service
and return seuser and level; ipa will populate file in future
* change selinuxdefcon to return just the context by default
* fix segfault if seusers file does not work
* strip trailing / for matchpathcon
* fix restorecon python code
-------------------------------------------------------------------
Mon Dec 1 11:32:50 CET 2008 - prusnak@suse.cz
- updated to 2.0.76
* allow shell-style wildcarding in X names
* add Restorecon/Install python functions
* correct message types in AVC log messages
* make matchpathcon -V pass mode
* add man page for selinux_file_context_cmp
* update flask headers from refpolicy trunk
-------------------------------------------------------------------
Wed Oct 22 16:28:59 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:51:10 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:09:22 CEST 2008 - prusnak@suse.cz
- updated to 2.0.71
* Add group support to seusers using %groupname syntax from Dan Walsh.
* Mark setrans socket close-on-exec from Stephen Smalley.
* Only apply nodups checking to base file contexts from Stephen Smalley.
* Merge ruby bindings from Dan Walsh.
-------------------------------------------------------------------
Mon Sep 1 07:35:00 CEST 2008 - aj@suse.de
- Fix build of debuginfo.
-------------------------------------------------------------------
Fri Aug 22 14:45:29 CEST 2008 - prusnak@suse.cz
- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
- split tools into separate subpackage (selinux-tools)
-------------------------------------------------------------------
Fri Aug 1 17:32:20 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:26:31 CEST 2008 - prusnak@suse.cz
- initial version 2.0.67
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

305
libselinux.keyring Normal file
View File

@ -0,0 +1,305 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno
qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A
vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3
K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU
lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw
CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K
AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et
3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi
kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX
TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW
Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB
tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6IRgQTEQIABgUC
UGrhaAAKCRDgn+8l2WSErGaNAJ96+VrAVoZPHnycMU37iP/ZTq5oZwCfaDWxlxNS
sQRgd0tvIDLDUY0uSw6IXgQQEQgABgUCT32YIwAKCRD/aJIEAzcfEOK8AP4u7xTn
iIaAvn6H0ql5X5mUeAimPhwP4FUvzkvoBDcY/QD/VPBnW1LoCDe63YboAvbB7BHe
/0yC7rwTQzl6zPmh/iiJARwEEwECAAYFAk+H1m4ACgkQGWJaEyWIEIcxJQf/fRX8
T3fQ5NOhZ6r5AqRMm4wXSWsDk1oDL7Fa2vKcwqiIC4zQoU0Y9+s96GSjFHgP4wpc
f7GHSPZseXp9c4ckIpkuEK2wL+jyPuSSMgmOLEGXBgy6XbWvF5yR7tm3henEcBEn
HjbTwuTO2nM53tmcM/ophq/eK2nErwTKPiDw3aiahNDYNx36wJrSOBGTKySk/F23
R8rQPThdbtvUtmTHDPCsAZKmMBlXOkoFcA1xKZRAMBoiEa9hIqiLBV7Z5oTmVSa8
BolBpOtR38sIjAWh9MtJoFFfx8Q575TC9bfpW3Kc/IRPJE55Myn/8Kbl7YJBU+gO
/v2yjKIT+hRb0MUOEIkBHAQTAQIABgUCT457oQAKCRCUZdkzlNzEiUhHB/9WN9s3
d5V/rjy9e8Ny2xd+5yXfuLpi57YI4mIZi5k6s3vBjFW8fa2jw/dXndhX06oOkmXY
1dSujVWJSMUe4gqnbdVu3IEBiyst5MyYcuOdeVpQ9KvolQMdRCEIXfgFOTXt73Lu
1eUSyEVhXI+Ua6bsmHJqscHatF2NCTyTJOqZDjIePD+c/8eW9XF2Bv6ZOa51M9UF
p85PVH0wn9I3bHhtyVPhxDSGM0TL9OwXNV25CPzI04wUb2vqnVVv67XCfcFMA0iH
nlH1oOHckUUhX+MFOTG6TFHmLIZCJHneeXR7SqdAXGl+EUZyWHRGS2OsdncMEDNy
5hennjRW71qr1C48iQIcBBABAgAGBQJPht1GAAoJEMI9kbsdgkTfgW0QAJ+o/BZI
i2TWU1cTQc4zVi4dcV8wZREXUCi2yQlq3C2MbL2gNRCSN+w9E6daOAf2zTEPZSaV
OuMl9aIF0fSRMuITFVQ6a+cz1UUxGFjFBkzCId5ybgVnkhZTPh7TmgYKQcVsyzBc
SgQb6qpu058s2lfrvLL8kzpZ77w+JdX9za9oSukflLxgKFvnAP2URY0zZo8E5SZv
M40zX98QV3wAXp9RVg3uG27IbWfnNO/6ijCY7ZzS16slEaYyBW4u6AgScoqFpD4f
Urpt1knuZfjHHHmLMTJh5iGL0OEEdLAIuFZH5iKWqRzlTSesX7dn4Jv1McemmLTv
U4hDulesaxBKkPMZFcLDScoQGbQuLXet7xw6gcyU8PREdZkQhFkZJhfVgoG1W6/i
SlKrwY3zmVlIMoZE21skFLtCPi/I6U6sE7V7LJ3iV6lAJ7ZGLeBT3ut6Tna04z58
AiJvPtVvhrSptumGvPo9UxsMaIHEz3b5il0PJkbIvvAniDoOFFFwRRBqGVnWfvL5
hDrQROzO3v6QPTxmLYGgmmIwewV+hqzami3tV48XEa63C+rSn44dJWXCQuA5o5E8
e6YsDy4ncEaUlMewStQHYQSB1z9O/W+xnMQjdmL6GrDWBxuR7bUiLxoN+yFt4pb2
FgkCGdabxV0XefzRRfkSDnqLJussKMTKIARhiQIcBBABAgAGBQJPvJhEAAoJEE4F
9mOnpBuefJMP/iBVurwfmRrt9V1ICdfrn+QWfnGSobNukKSNyp7/m4jYK91i2N5D
grqybsjlEujK78QT8k9sJEeK5ywRqTjZYBlJG179afbJNCkhvSZDTBcm+4z4fHsN
LHZHXY/2shniYaj+sS10btj1WiD0z9cbHvDkipLDYMXbKJhAlew7MeOmF9gHwl+i
qNb/veSfgTYhEm0K5aF+Ilkn4YQZx5IEit50fejTVOG1sB6H+DM9EXcVTXfrXPID
Wxe2YZ6rCeE0vWykdGWm5vdy8BdDxFJis12IVkHnOiE236Iv6rNVZpQmj69hlqXU
Kjn+uggc3mcl5/ySnWeBpgq9/WEhW+x1CyKVVAhcoVYx3jtpTpbyA+vVbb5TjLD6
r45dquJ6juCkfv868xJ7/fA6EZUPwomszABWevczjCjYIzrOXDE8Z2W1Aj4jEMPw
1MZOY1OtEBFhFBoVDKp3VKtW3ixKR6h6Cuk4bihZfJr+/hJ5ccPi+3y++9fcDizM
Hvdrfnkh9vJFcMRHcR8V9blz4GdHdvGF8BNMTpPQArPUarfRebbJxMZgIBnbIEp7
Bp6BOnHc78ToA9NdSdVZMg9BrLxPiJVSIsWztbVQUxj9G+Yi8ooUhBZybk7Qv7bs
8kr5hLFSijUi+3WlyVO561tFs3xWdHcr0+nm5ngovPpmR9+YmDaw5K7viQIcBBMB
CAAGBQJRBnyHAAoJENmwV3vZPpj8yhQP/3HGZds8vZm2jqoQJexDUYW7J2JiVRHE
OxVSK5zW1KASgNvxdxeXfuX8gpfVCZym8cw/N5PSDyw3AhdKcvoE0KcVx+t3S0TP
y4E/FWfMyIbBoc/WQHpWzqw1XfX4IlxPPwEcds51dmeEepdJvTZKieoBh5ZVKUTT
wSO+rQchZGfo0gZ0aq/qJwETGvImNLdkKFEWm+AAnCxU7l/oEoehmcSfv25BHhc8
fC7FFubiF/qJgRs6ETseh3qRPNL29giHK5MVPPkrP9jGUyhlf+NMhixfSdnev5Oy
G6vyJRcmEq+9dWUbKsY7Ydd8S4ikmoTHj+oz2NQ0/QQTto/Nnp8E/terj0PH2Wdm
5JDWN5fEQSk74A0PbGaeMIevcR+BhmuuEJLExCG8mHvDKmTO7fQPjUEc849Ki2Yz
tYtx4daZi6LRa6r1faGibmOrXVfAAIS2Y2I/+h1eMXSi98rR3yWP+SK+CtcBl038
40lqlVIuRExLvVLp6Wf66tH0d+zAR8zsg+3RxHA3Wg0iFeYrXj5cFa+/C9qV+7Eb
ZR/EPwrQlczABGWkaVXyVem7MNXwRyu8uKkqmqJBZol6vriRpBvyocS1Pr4k2gaT
KaiGt95VqDEqY/MNZHi/Vr2WBnBjUVNEc1U8zQ/wtaU32rQKthymgHCSFMxXVgnU
4FKuQz0gza+yiQI4BBMBAgAiBQJPeyUHAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRBjqK1LmCxDc8tTD/9nOHx/Hl1m6qKLf7yxPoSdeJNJXmDkIVUqOJTZ
cUZWyjXeTEEl/0I5EICTRAmwdyzNCsRP88FTmfrpr5sS8TbJDsY7mxOjc6Be0pvc
naKo8M3pyKUfQVbYO9Zn4wTqCzza7Le7R0ROW7Up55zkvXXbf8vSTiL0KZI7QUyN
k31XKdm+A6JoO4uKlP4Se4buOeaAIuqzz5K9KXBogyk6ouOpe/vaK7I/TMbNV05q
0zDAf3lejwlOxaOFiTV0vEl3d7BFcV76cmI1E05w7nsI09avDS+2p67HJEtelmEl
Ris0YarT9VbnbdRfw+XFilakKb0Jf11v7kEtiLIBFrG0ZiABGSFDsuE57hePeAvw
PtQWyQXVK+DZfczx9m46yXqmJE7LxkK9YnIDuKVIOaAuOeobZKgsQrj0aqqxgwGQ
ceeE5XYD8LwqN9fmj0CZTpVryLlg/3XqadA3t6EyvRQ5x4d7MBNL8p+B7fevrzPi
jZw2ICdRRGsNXn2HjxQAqG7xAaNmaS25w8qgE+DM3x6R0m8M1DpOdmTp5Jfyq1CD
sYV7X+HcUUuie9Ec2/h1kt62Py4GjDuUNASX275J4LiphPHTvI8dKU5VREfbo6qf
m1T15hTIWtY/L8hoSd3iyWWkS5N44H0Y4lFG+JTafoV6bwcCGHhVpeZBVSoNmj8s
IJ5xVokCHAQSAQgABgUCWWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0n
r47rA12X6dJ6+KIBE+XBQxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVd
zvUa1m2yeNCFHOTjln6QGjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaq
Zt38I2u0Pi+/qHDt0kLyRSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk
2HUerg8VCAyQrxYtZtHccoyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROF
m257MiH6gvG/V8CTrJfzlpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erx
e+biBauFErYQPw3bg6xL1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZR
HwRUPGRN07SbbEO1lDk5uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4
V9d4uVDX3SsktOLMvtWgnL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zj
q5eqotVq90HMBO9kqcjCYsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBp
rk5DSjD7F0/wnQPoq8PYHIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ
8fvo6B91COe9jTF/H/i3A7NjR7kCDQRPeyUHARAAqWwarw5fCeuYxIT4zlnM3A1Q
flnxuxgRwe0+kcUjRSGocpg6s8e982Q+p+DZ2aIDwz6KWHUSeeruQHxdGw2ZYHm5
fPlRIDxxqGsu+Bn+pNAfnKRJKeT2lkBxxKlyDaLVYNvYU7H9btLG/so4HHPvVh8N
zLaQobIJPEXOTfF769RSXC/scp0r1AnCyMH4Lyx2DzwWBiEab8+HpP84B72hn7Q3
58jMKzG4IvJGna0m+z0IHHlnky+wkDdQfPEzyRairf0MTHV2j8vgq9z+F1cuVd/0
BFRVIs67QgqiYMRzAHgj+UMcGBFpgNs8VMxgP7f0FAxW3HCrdgXaXSgRbRy5YhPs
p/RR8PfCWso4QCccXgpK6TBA/TdmhhyNauOLG5niykPBLiGwmpn6u36i14JBMvI4
Ir79ifWH13o44xKGxi5LLCZcWqvSXkIBRFZen9IydD4JGD3ddUcU3FS8uEQeNe3M
XPSx3KCnQLXIAU3GVzz2Di/njPUu607xU52vSHReG25yRTYxwzIW//V6JscQbHpK
U1FxJtgxqE6Ttlv48FnGWC1a3YYpJJBfG/PBHVpPeH1E3BQPdCPgodGG0vFxjP1i
JJazBmtCaQODkFuaDISg54KgHFe4MUWLespQT1YfePwCDM/vsJn6gcRExT/BzIE1
RAKSwS48K7vQf+JUUrcAEQEAAYkCHwQYAQIACQUCT3slBwIbDAAKCRBjqK1LmCxD
c3oLEAC+jboRrs0H9hhC3DuSfPwVtshfbMR1gy68ND57avA9+ZIBn2SwedrTdwyO
DcC9LxPd9W1wu6L4uJBz0rGs7/lj1HJGHye6rJFlQ9cg7R7AA3bsLnSaQH5X2eFS
LzCaiexVMORcvXp58PyHaR+ywvrm5+l0+iofaCr1ZqfgUBDrHYrI1cPOPE4YpPoE
tPFrwIyvZvoO/vhRcCstPOYl7rqmab4veHlNUD788c80Wc+jOIEGs/qQqv+cn+iP
h7vBvuZ6tn6BTfhuxUZMeyiZid0gBLBtzNt1fTCljjePWW4U3ucVvtWrf0yiqDRs
zSGLNO4wKUdvxOCee8jFo87AKoO+4Uw0YldI4R5dAycN0RxYt8/kqyvuonupq6vF
hD4+tqvanTPHRbPsuV91E8dJ8ZcuxozscYYvjbfNzwBtsFRaapoVS7sj567r8c8q
1RXPA78eOg4igs7eDzyv2Po51SEOya9iZtmQqc2WU+UDSbg6eOpih5TQZL0st6t/
qTOnDPLykrghXffncN3V/xqbS3mzKzzry1Q5eAZvYUphu6y6ScvFPDbPKWEktc2s
RzPCqjGj7kv2ZcdUkSI/xGn3n5x3eXyJZrB/QtjuX29fEhY5g9eBQi3FUxu28Id2
X2xqPbDiUkoT8aaT1tjqE48HwDZo9XEoP1Ra9XeBwBHPN4xYLrkCDQRaJtJKARAA
yFAHZDfb0VKjM+TtXp1gE76MMEyvWMda80wJH/YOTBd8MAoreFpJZKqvnX/C5r2y
QVF7NC9z0+GC84gmLWOzFF/E2gzzZrY6lgl2PXoUblFVD8CmiOLLA2+nVg8luarg
N9dK5QDqr456mGwUuvHZw9ifINBojqaupMF5wRPhx1BNkrScopQ+PdTZsj3rNMEh
grwqvsYwpebxHV5XxuS3AdMfIOMjuE3kSNlWJiplgNDeO3a8LUCPpekXDkrtK/p/
SX3XPKN9y7ouWx+jzG1GECWW5vwQG47qWMnm5aoOCOpM6QNdwgBSSFQKDzO3B5HX
nOAlBD86fRcNwcu3KLvO5B3E1opgqQPehE5Opx75hs03eqc/htXSprQkuVM6sT/T
/OaJ/tDXNg6J1yYyAZ4XoamkZCSTFjiBIp63yQPyHgBlcaWkW7h72y57UQ0NGaBZ
qpLMha50xFnfPT+z0QY02JbrSfAnU0GjJJ5ASafAzMAded5Ez2lEZDVLf8Iq22r/
R5YQfdj9N33GLgM29Ndy+Am5RTChyVY/Y8I+DfMT4RDWr8q3ahitPw1x6Yz0Q7xu
03Mn9jXBIMsUAU2KQfBiNMzzqNah4aFIzd8P0cmN+qgHjWAMq80hWWFBq+F7p1/j
4CgKj+YaiwtgA8Vocd2Saqd5PRjQGdNEhL3Itw7wIFUAEQEAAYkEbAQYAQgAIBYh
BOhTwYSLAYXPQoZN82OorUuYLENzBQJaJtJKAhsCAkAJEGOorUuYLENzwXQgBBkB
CAAdFiEE1qW2HJpVNBaCkttnviIJHj72InUFAlom0koACgkQviIJHj72InUPYA//
VUwLwo6bM9jKIVj7XEe7au+yIHR/zQYfWNfANIz8gq+wfVrEIPSExXmxKLnZ6kKi
/ftzNKVHcylCOjTErfbAkH3boCBvMlhk7jyq6UNRdSE9Yn1vGLIhzEj/coSyljVE
yha/wB9gD+pKZrVxJ1PggyhIYnM+HdHKtSl4U/lBPTagZrlO5JA+InDL9v275FU6
LVJKrMcwl0rNl6EZrKzrk92MLxe1/iKl1hEGvqYjJQhI4H4UGRjYy20XM0NQF0Os
56nKNK1AtnW9RedgoiJJEdejddNb9bx+HvajbrN4NtBwAvLBAxmqfC2tmW7ModnE
XTvCEqZe/D2lQddfqFskO+YZUzGcH8XqCs82L9X4G/vmwo50iaCckFSnUnPvbzxI
9s1DCuoUpXZkPd/Q8WaiUWMLP85z5RST6zB+exPelXosKVNOGw4fxaUoljFkud5f
vke5XHgKZP6q/oaUVC6LGNwfQu2xttKMDHsnYtE1W18j7YN8xwiLwonF7r0wAoaq
rEPIM9JZ4WuzQwebIPr/qb4ZOi+BRPmM5ltHoZUp6VbTnhuZvLTNB69adGJ4A1V4
WgWyfByUmeoohHNCIah3WnVvweFILDic545BKJ9o5/fNycWFjIHIMw62Xf8Coagu
n/rW7cGT2H4E/hU9HdFRbNyCCObEkzQysvONpJdJ52PO5BAAir2DfkUamdoHx38S
O58QPVNVI6S80r+on50PhfN/lG+dumuh8yfN8TLLyMnVWpzdBlBTcgNC39SfZnLB
fQ5ugoYAif+DJ/B2SmfEnSMmjFEG4ymU2l80HD6h7ScW6jM72J0WjMoz5JagTTnX
+O8YenUWoQ8ucAAZ5JtYHQtGUCycyNzm7r5Iod4UZEpiDtTSw7tkptUhPhmZGexA
sNqQfBsCB9whqSH1aGPQ67mvvwKz4NwzdcB21nTh3zWNXlOy95Hz8Kfjvdzp288h
+cDY/i4KVMJoIO/6NcbZ/1oUi4mFgI75N1izuqMCxdaeAlR5tEWIdt9K5gPD3b96
ot0oPUeh9/gydblg60OmnoSx0IO4g15G1S2eJ3Da8g97Nf7F2bJxcir0Vv4a8qsg
Owq7RU7wc5tW+Itr9ETXV2wQdiWtquPiarNLYyG+ZTv0FrOD2sMMHhZWznTafe4l
p/pKh3/6R7Vzd9/sBQ+jHaemMf9tWaRkmw6rkSpy+UfebYVlQdIVZL/JNHWs+4mg
cEwdVzg4+VO5KpPeqYova9u8PWXcPjMdmzWlpEt11heJp7Hio9T/Rik/rVdTTvQy
YUZgTxnjdNsw8e7/otgGnD2nlWPdVnCfZ502XgsbH7TmEgAHMzbcjsmhDji4+hNu
iGZhcX8NQYnqHYth2nzUBUKVIVa5Ag0EWibZHQEQAL2TUrLoAh72w8/GuCytdF7R
3Jhyge5/N5TeMWyyXf5LhxG69gLN1l9F92N8drif4LFNo53vGR5/AmAalpH0olu7
x2oebrUYiJLllswJFTwUBbqiFV4OoTAWs8DNmO07jU5Ol5cKs+7kfkBOD+QOdpvO
UPYfwlYCqvQNhFGEW0lSKFdR7L3MrTfBKNSLkTX5gdQL986ltL6aw033jkJ5A0E3
guNqn1DXzcWSHRabhDwLQ5LVY3xrRe2pIAtEIYBn4RXpSuZBU/08ILj8nSGgpA+/
Zt+kECytQYA7cWezDvzTiLZNjs7ckDyAYNhfp/A5UkxRd0PsVfsszY+kRKoB0+uO
qY+odPxw9+rbsZiCoe/c3iE/1GO33DGYdgVslPRgIfDZkyIA79Vy+82aIavn3RkW
JARvUwk3Wv6HlQMTUK0XqdOJ6KtJeL2gyKUeWjY1jmcAi2/9P08qThf6RofdSiJw
zGuRPfi0AIbDGLhUhFhYv5mq7ET5vBeoC9sYnSnddvJERREJo73on/bD3nUS9kSu
kVFC7jPMKWagyI1vCRDxB16xJqqMyKuUfIUjxP0Fmtds9rN1U1TB/JEsWKXWr+SB
eNd4kOiN7vdSLIaGqGVU6URu6cbMLAQHOu1B09MN4VCvjvr/il7S/i6B01iQv+Bj
wjOh2fjt3VcfrwC5FKvPABEBAAGJAjYEGAEKACAWIQToU8GEiwGFz0KGTfNjqK1L
mCxDcwUCWibZHQIbIAAKCRBjqK1LmCxDc9BID/wJkZPFANsPaguQZvq3IQIizkDV
Gx/An1qPRH8e4Q7f2SLzIzzx/CLwXkB/M1yZjCnSvHJgMNgzSK05tK8D1YEHxgVn
Y8pPVgevBPNZud76ymZBgNF0W37QrHQku+C/tJi9DWM10JrOLEfVIAz075OfmgXJ
tUeNFq9axBgenUK9djmQ4c4QMeHPfukbAW/JXIV1JhLk9ZPT7RdT+DpSrYd4UK6u
FQa4NcnpYDoim+a7S9uLwanJ6JYJGgbvqypsF9Dt13SgMxQeK17BYaos/UqKiR72
G7mn0JuSNjAZmMlZkRXpYfE6YgJ8VwFE94gnI7wp9r+9UF9BmP1+GqzewdJ8AYh0
ogHe1fSoqExF279CgzXhhDXIrzQlNRQ5ysosO3pAmKcXVRD85xhCoYEJdpGTU4oY
W66KPXpC52dfnr5phs0+W1/twuzU7tqh1BxHGYxKDFIT/ZyS2E9gGxc9a4MxhkJv
d7okxax2cIjuI+mg8UAmYh3tJYl5tdnGe2hfpjBntPHnz9AwsSrEx8QTFBMAWDz+
jC/EIbXYpqFqsuvgakvHRpTf1AQl6cbUuoYvCJCH1XGx6PD4yR5tkkTrOGztcGl6
et3lz04U61v8ajHBqX/pRfPtrraNnvAM2knD3E58Lf95f/nr7p0tV59EWP8s4i72
t4zhuhOJjZ2YaPVALQ==
=UVQc
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFMyh7gBEADHbVdNWxivgqISiinIAE7gOl9vFemvnqfzn7hdfw2y02hUzojd
0HzEJsyqxGBYHpdNYoiLbCYNubMDA/Xd0Att2D7fIAuNFo3gnKEm27xLSzjC02bk
h2Pxp9d92dxPXsk+zDvY74Vwem74Yon824ESurH4gTK/HsiX2Y+7+5z3Ep07xC7p
IA0RzD3zlKhfT9dpS0QR2LP1utFcT40eEjSZY8QK3iKapNtyvIrpKpkWx0tZTWwX
+F8IoL9MzJBi5L/pS8fyUOkyBVIwdRXLNuX+sle+llH7i+6DWsWHEphiZ3ObiXDm
iXKBu/I0useEE4K7TmOLqqeEZl+CTU6YWJLPpD38pq+p64TlAcT7rZSmRUr7zY0a
X1gsXqm7e95Txm6UYy3Xth1jmZ0PuHjCBIvy8foxZVKGsR34ntAYcZzZhDca+J2S
WyL/YcQbSFhad1N1ZpCXj4eYGQIg57b1OLrabopdSQ73s8uGdS12aNQKcehkAvKs
Pab45Qxk7PWGNXuvHGYFCvedl8Gh/MUy3UqlXE58GBob9ldB+7eaO5VgR0GydSFO
cbRDDpXBdWbsq4u0BDT3uB4FZTqYC3i83NFdCSppxG6aXDl4Hux+Fq7FcjFV7scw
e/ndpnLMzj0oSyOmq6GZfvbZKRbyPztYxrEIoDw1mgvJQhm2AnfnhoOWVwARAQAB
tCJKYXNvbiBaYW1hbiA8amFzb256YW1hbkBnbWFpbC5jb20+iQJXBBMBCABBAhsD
Ah4BAheABQsJCAcDBRUKCQgLBRYCAwEAAhkBFiEEYxkc6UGDCYaJyrjbfvE37JNb
Dq8FAl1mIt8FCQw1xCcACgkQfvE37JNbDq8mKA/7BnUyy3K0nEboJfXKP7mbI7vH
hnDYP9ojwi6Lv7BJLOGNVmHDrZa9HA8uzH7AZIIf1XLOWd+bABqHETETElckXK+x
gtE9GUQO0DQRVH2gCyJUaLtYgK/VD2GRXLlFRUA81XLmU0pNZVIRL6u5P1RbHjdd
G01NgzH2sDKtmAtIashj25YD5m2RukTDfGYDMujjxR2bBRp8QnNiDHp93pYmF6oR
iElJKrUOhBS7Mw2Cuy7GhcvPmFsUY7o/Kq+4bu9DzZOMrPTmVQMF//PV5JChWCou
Aqv1Qybrt5I4/OzOVX+9bID7xowueMbTlak/1yqmgGNmFA5jN5XDuwZxoOX7F/m2
ITJPRADEvZZLNF0kdj4zcLvk+/C8ofwcPcltO9SmDYwi3aKuMifVHqQnaG+Tu4qI
okSA+Vngamvy0BFBLjjZ1DZhRBS4GELzprzQ4brBqmdFnwtGnc3GOHK5Q8teZeRW
SbCh1u7CNBNXIdnTX5VlGonxjAO27ISDP7oaQyiJetnMy2W2qEG1DIDnLJtlPwDR
+UFO5kBHdJSnuTnCl20XUADeH0tx4jHAAYcIyx0tvJCuOWylMG8yVadxS73IA6a9
GA+fOku9XBh4eP5vIoMRfuVwDDu2y2n5J68OCfshs3JllGImrWUzR8hpZmjXmpAZ
VjN4Ft83ZEvUEntlI620NUphc29uIFphbWFuIChHZW50b28gRGV2ZWxvcGVyKSA8
cGVyZmluaW9uQGdlbnRvby5vcmc+iQJUBBMBCAA+AhsDBQsJCAcDBRUKCQgLBRYD
AgEAAh4BAheAFiEEYxkc6UGDCYaJyrjbfvE37JNbDq8FAl1mIucFCQw1xCcACgkQ
fvE37JNbDq8dtA//cUEBx8rIvXyO14TcUu5o3Cc2DRhFxLwVIPOnw6cfZYhRrIKr
2wegsllvV4vJ+KJoIBvlw83VAunHt07N2+hF72LM6qPWkX055gY5PkFSGPBpybZk
oevE9rI+8p7aOqu0Qns4O3juDMava+nSnHjmZCJO7wnjrkGC57eBwI7Z3H32EFIU
b+IvOivBFA6iSeXkmEg1ub3iaA2vXdKOGDfoxrEjSJWt04q8VDUmtscKRkRrc1AX
XToVzcSd4w8C6j4tlOk8DbCLfyf8M3cDeETzyD6ICYWkSN1OxYFopNvsty2L9xQ2
oTCp/1CjJTO2mxOY7K75vLr8MNYnVrYPzCruazt0YetOY74raTMFhnA6mQapcM+c
L0DKylIOHra/jSj7WQCy/xujMWZKDg8LfcfTuknSFPXVL6s95TYwBayRkVhFs73c
Z5Tpk4dAxSLZI040uExlFmzqwaMRoAhLJShhe/QRGu5rBnjtaKRYl08Hnb2gLc+0
LH1gsGIvrsB89coa4y5Grues0mw9Bbk5tjGJHWlSgGG6NPds/L2RWCsXgkb4qn6p
Prsq6dyA8qp7O4LiZkzvKpFxmpO3ggIeIh17N21piUs9awnFySLR68gv0E6OnLdL
s2fpRYclaw2DxS4WHloWfW2MoV/b4K+GzovlVGAi19gwzBVk1uHneB504eW0IUph
c29uIFphbWFuIDxqYXNvbkBwZXJmaW5pb24uY29tPokCVAQTAQgAPgIbAwIeAQIX
gAULCQgHAwUVCgkICwUWAgMBABYhBGMZHOlBgwmGicq4237xN+yTWw6vBQJdZiLm
BQkMNcQnAAoJEH7xN+yTWw6vzScQAMABgqR/v0b/Cj/qhUGhW5ReUoqDGkPTWqT/
ZJHoEtG21v8zmFaGJSw0hGzR8LBKPUcBIgcoe4ahPoNkD8ThvY/FgNV/VbjPmbwM
QqCEy8J3ZR3Tgrv03SGhW4BbWPkLwKEsXQc6hhvJxUMo35ORwUX549DrKb4/jSZs
6El3ONkeyeShnrc8dtKZeL+w4p01WbZ13Z4cwhM9bEsyMDVSv64y8QQZXeK8V0lK
jMbLNywf39AjjHKAo4o09hL75/BC8XW9Eqi5IKGRD8uWdvBB7o+xaAVY5WBMLQqL
GEaXvcc4r7tod17At0E59OfBQyJpp5vfEZXPzmkjC97iIXfUzhdqfuuEBfkfoZc9
aqBo0chedltXatlwHbr1BZ2zP/LtIPH0+G8/t/iP/KoKWMUXzqPOQmK9XP9ryDvN
HCMogbDMAOYzbGAvY9+eDwW1Oc++eMRrRmbPxY5jRShYMYxzAG3iYEUST62Pxxu4
tNzYdKc1t0JZHx1S+9jVTpplGuUnRbcLbrwaoqVxmikCdSHbZ3Q75NizFr4zC2n8
VXj7WNHiCVh4E2hD/aXINbyFHfaukojVVSe2NjSHaCQx64CJbFKeaks25f4+m9GR
ZPTceAlYub9A6lcVlyugdAI0flQCnjz3gOye9CoIWjloOzfH7RXpKol7BrnBISme
L9kh6fIduQINBFzabgEBEADm+3+ZRXtW1Y7KB0QO3iG6tXG0acc95bh2rO6djhP8
xV4vV6a6hI691SQorLxKCjpZSzshczJlmMZ3SRuMh7VSefc7w59ElBLoWDhuEKs5
c3gtxAmzxICWNo/IJnnb5h1s3hG8kmPzKdaskdbAttQq4YGk2GAYS9LvmKLPwAu/
iSaGfAr7RJPSQxvW2i2y1OdhF4ibuVJT1TGa8z1IsU8rf5Ybx1AdkjPnazoE16+j
rs763tnSzT3kpJeymMppkHMJIkO7u7D4bDR+qi10EsfF0inzmhimH5k/ng87+qi6
UwryvUorJPSbjRLq/n07y2LDwkdOrW3XsLyU7RAfgZ4FUfvpUqkLZqB+GmgVccsy
2bC/T7JMSPZsIlk/KysIl3kK2wg7oNRKJqtMTPhpzEiIGaEjJNa1S7c8jswSL97y
/S/ok8iYaluHTSTHMJrdzriSP0irWzC8MJJNcUZgsP2NGWfjc9l0VlMqOdyW1mtf
PXY+uONeAlM8x5KwMJ/r4nsixodozkI7BOx16F59fjMfc9ywZH3o/rNOoG/+P9rS
ABO6p/zg0e8uNyAE2KobjAfvWxYLoaT6ngYbXGgC4E6DKjnxI3n0EEMjdfALzcmK
+SNiYtxtUQ4g3rFcOxt8U43ObZO85yuTI8TCQT+03/vLzzMOTTAfwn3Slu8ORsVq
tQARAQABiQI8BBgBCAAmAhsgFiEEYxkc6UGDCYaJyrjbfvE37JNbDq8FAl1mIxUF
CQKN3hQACgkQfvE37JNbDq/P6BAAlt4eEQcxin9m5eayHEvnSgjYk99FT1asgfqD
z8d6qVBTKsFxNXvm19Ps294bD2oO02hzScyVlY28dKH38MkGOmslxkMB7yO/6vAh
/d1IixZNz+dQeWtb7XmNySj4/AVH8ODRK2gs0rVrcAH5gsjWlgBFzywmdODFE5iQ
VH8OJ6msT00gvkkvKaKU2K0q7A3DOGTy9Lzk8A3co39JzzR8E44kgJzLC1JASuoL
1LaIe5Fg8VMkDpr5Uchzi2NnaXtuaNNerappRf9Jrga54vQDdAmW02NCcea4Oj4O
zKpC0bOU6N50HsmeQjKEk0sgJrIKdg65k8rlrF2uQl0wBsy9EyWgJgL0rPYOceD6
d6yEfy9i3G8fPvzCIoBUntZHGGpHDx8ZpYjP2qhg6Vj/ultHfQBk+A7D4V+NU2qy
4+RSTMyIJjUAAgX4WWlxipuy1mRnfJGf/ZuLBAOVST2Igtk4E6cKNagCv3vJEfJi
aak8TQhi/Z9hFsHpN+RhEldqaPOd4yym2iKnoYX98wJsryrsZc2tHIwGQXi+lkNe
cLJYokWXbKnLdlfwkWrziTFAAekIBdQ2HrhXFq9EdfIWgv4PHA+goPXDjIzyhFD2
5D5NX3YxUGfMWzWyxfg36hJAjbyv/wcdPDJVaYGxSK2Dap4KZOGA+L0lE0mLZN+T
28FSbHO5Ag0EVCGdywEQAMzu5hN79Cwleh7TvQueT6WjsajCVZ8wm4JfZ+D/uCmu
V3z9TKIzJ9TyZ1qAhCGetXUvocq6ZCq18Zii/qBDmfN3e7RvcNrcRNuR51frgPIt
HGHFnjsW2vaVnIARJyHOtKYW5u7m2tUa9JMHFpzRqwNiu2nFw/LZhfO+DeAjAMd5
1mdJSCuWww7l+xZWQPha1pyxS6BQCB8qC4BOTdW2EkBSIUAaucHX3iaiGQINXuFG
OUVcsPhtcsmmDzqD8JuxuGfzit8LZ4qauh+CeKsACt0fRWjGsSO+veihOaSUxv6N
6jwvOO1oCZzA5lI2zN4QQQs9JPmSt+W+ePBUeCFOCT5lELu4+P4WWc9el6LhHj/O
fsMongI6jvpGWnirzmw9joLKWMaam8MT2S1c9nmYtNramI1lzeJWYU3VFgJpc5DZ
klb6IROb0oEgmbUSIZwap/MB/G9N216mr3V15AKEnt4vqu6ol0CKB3jrMafGCDrH
UIoOd8FCwK1VBRWsnjKLXa+mgGCaWSPau6hcvOuV2/Zq6s77iaQQ82+0qkdno6l9
nhdmZsLxnZuGOUfwtn1PFdjQ4/3/mgL0KxloqSwdMHpgancOMT+tJnebOCGg/iFC
yXSSNm8zek/lREGevH+3AUIKTY3JhfdvG7qo3zW7u+C0QlFnrj/pUSFs6JMW3hMB
ABEBAAGJBFsEGAEIACYCGwIWIQRjGRzpQYMJhonKuNt+8Tfsk1sOrwUCXWYjCQUJ
C0auPgIpwV0gBBkBAgAGBQJUIZ3LAAoJECu+2csaaO9VpE8P/2FSNpVsqHNxejzF
JYRjpbsOOhIUj/wovCTz9q7nvbGxd2Tq4Cs91aXPmjhZhO/9q+RySCDFKsmmxx54
nyC6nZaxN4XAvxi5CVNKYdSq+WfuVuex2czF4l9irFYZsrAxxBdQeE47zJNKDEKL
kMnonGBxeJ3NBJWB7HOSsiz4LARfYLohOAqAd500ek8tAHpDLopsD6YQxZv+zgD2
SzqaQYLtL996OE47+WnZpFVdmnj7JFCfJbDi7w+dhlf/+HPf+r78TQPpl1btlfeE
kSyQr50XRLw6ctJGA62Co7eHVIMDvsidTUo2yMdUQjd9huepSoIq0spPF5yX79xK
6KdnjpkPvmgN3XqJUQVd+JlIEGisMmn01Bz5OeJl0OkWO5aIIJ93pisU7sJJhMw7
YsZCovzguqFXNnI/nus9SNRtrvMTItiDkOocrPfEff8IpJ/956iZPH3bIaez53gi
XSEvaZXbVhyVYlbVW2Wgwkm/64K4G5+9cUguTomIGcDovXuEHSg0n3QnZ2FFjfsv
VwQ38G3abEErF7APDx36WUJ3GbA2FFr0xqmHN1YQpObIcepWwkXQUCC7CHLQWRcl
CnYvSgtX/pFJ3qt+rrL0vMhosBGGIUJORadPjABPugG5Nf/WV64pBZHOq9A5dZKM
OJg2vpgqVi3YlNHG66oE1oSupFVzCRB+8Tfsk1sOr/zyD/9rLFX27Blv1D8DjqV6
P9IzWR/YDC4AhYG+fdllq4+N/XO2gG8bYHlbh+rd5KHrCn/t3OYg1xOAqdO8lCqP
1jhkjbOdw2aIsL8pdh7/zZEwPXFCJREWWa30a4IqfvQG2f+kiPBYOtMFy5dmZj6j
N4mD75jbU6Nfhlb2UX7L0T0wLUtOOQhrlqBfXNKASbDAOn5zrvtz0tjRMcE7xPsF
o9/3x+/xElkLkJnUzF1LH/n6T24ZseBqB6WNCPi9nqWbx1AGTK9jeWDjQJ1/Nvj+
YX6PPOfwpZquKvLi6ZiS5nR1wssz9iv93iL78o90Hd/z0wM9Dimi5njwEyl3Eocf
ZbpATMt8zWVDNxmrkYT33PRYy9V7G/O8aJnTkuSTOglo7akHMlJEhYfDLrmZtQnM
X2H5A/vO1JkJntC6kG7mIKn2q2U8CSYwfMqdscYDEHXaKTSPj225S6Xskw9nSuj8
HcboihKRosViuoX5NLF2Wu/hXryd0grv0WgHjpuqClQbMlmsd1mcVThzh84KLSlu
QgkabK3rbvDviEOOQ7fxfTj1MR3FzfYovY4TVrO8fjTAk5Rj4f/nlcgiiaCpQlFl
wTwcxDBL1s6MXv7aoAzyqpTBQ6vSFXWK5Ur+7roEkTAUEj8akgmxC9JzJqComHrw
vebSMV7XavdmfCvUXszFeQ/jNbkCDQRTMoe4ARAAz6Zr1rgM2fwNSuaOM9jmYRkU
GM6km1DIDLl/PiFJ/54jGn46pX5nQE+oiZ7Dr4hFIfxn8eEwlQVFGo0lzcNn5JP1
RGJFdAfLamTmaKrXl1cWayOtTvouuKfFEXH+BC/pPyy87tNiCki0NkzN59j8Plcc
ZZ0LRZWsyhLSQcBQh5xkei9Zvaen+nPTLSg6eIF1hFLoSa8lPZqBX8D2OMJxutKV
umhlO1DPzRX/mIpo0LwiYYu8/CX3ptaBMrrlnk7rZHIVk0vDjB0eVg2DEt+vEU3k
5FQkV/1RYgSlBA0kP8tgKBrve1I4KUorJLAZmX5i0BRrzAqpL1DWdhR+9IpYRKae
a6PYjBMghkWRw7st0XVB7x/boZE6eKswaxywGoc0kw3luR1RpF3Gg95N+2hfHixQ
1OhoPeqzQ+3AHlkr/vbhjtakkiPqLfuk+Ux9B6MISIeuWF/EKtyurWyDMTryKOgg
tj7YuTMtaDV7r8gLbOlMPpGGjBiBh566GR1SKDAUNGlGzp1dKOhWXVqaMwFt9Mja
y8ESH6hEJreQx2Q6R6XgXzWysQqM0RBMXh8p8yEV6mr3Ma8lNJM45tmOTfrazlrm
9PM1kzV646J72mxXr6qr4Q1cvr+xJQdvbXOocdYMmW/R+f1tPcvnlRkMyB7wzEtS
OGi9G6ErhhvNUSoZtlUAEQEAAYkCPAQYAQgAJgIbDBYhBGMZHOlBgwmGicq4237x
N+yTWw6vBQJdZiL4BQkMNcRAAAoJEH7xN+yTWw6vfCkQAIxkDpI+rVDrstPN+uoe
pfnaOlYCBVrzITIG+HYAeGj1nuZHMeg2AztVoeJ9FWq9z2xVuo4GIFyfFggZMEVS
Dyjgjojq0d8jEmOaUKFNnPMAAErGJEVHmQSAbp67lkwtcHZkkWgXKQ9FLx6z17U0
66H4svf/RTNiAxqgFu5UdLgfxULbnvoqI6+rWYggVWdlbm2dmoUwLRJsQrI6GMBS
jL6nWwu8tAQBk9Vzo1nj0l5M5i0R/PhbcsnUynlWxBVCGNxnMYydNbjpzNC2qnSy
ibyx0exiJM5HjYlDy82yr4LI9iN28wKmSxTOvCHN+QaQZ5adlDquhGwFm8TRRsm1
FDsVcmrjPTcGUsKfIAOyeiSHZO2tMU/CTvEYRNw09geVeOvIwNSXS8oblC1b3P1j
UP67CKVAYBnBFx7bMujlGyNJY8jGNEEBrDqxfYEAIEhyKNd0tWc86B1tqz/ArRvc
XfPof/cQcFVHpfpJ/NS+b4KrRvJHzV884N709JmrFZVVAR/2I/GmZ0wdCmBoZtH8
+IpwyMey0HIfa5dOtZw6jAAB5mkCBEs/P7VPrwzTpXcPBKFfj1R/iqpT7YvNk8Gh
l4xDVhZI8IpQ7j1RtJoULvAwmH0z/M5kS2N0ADxEo3mPgm1CaFudP4JijV3HX7Rx
IuOUseqwzF197kqA16in1P25
=f80i
-----END PGP PUBLIC KEY BLOCK-----

168
libselinux.spec Normal file
View File

@ -0,0 +1,168 @@
#
# spec file for package libselinux
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define libsepol_ver 3.5
Name: libselinux
Version: 3.5
Release: 0
Summary: SELinux runtime library and utilities
License: SUSE-Public-Domain
Group: Development/Libraries/C and C++
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
Source2: libselinux.keyring
Source3: selinux-ready
Source4: baselibs.conf
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch
Patch5: skip_cycles.patch
BuildRequires: fdupes
BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libpcre2-8)
%description
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
%package -n libselinux1
Summary: SELinux runtime library
Group: System/Libraries
%description -n libselinux1
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package -n selinux-tools
Summary: SELinux command-line utilities
Group: System/Base
Provides: libselinux-utils = %{version}-%{release}
Requires: libselinux1 = %{version}
%description -n selinux-tools
Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.
This subpackage contains utilities to inspect and administer the
system's SELinux state.
%package devel
Summary: Development files for the SELinux runtime library
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libselinux1 = %{version}
#Automatic dependency on libsepol-devel via pkgconfig
%description devel
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This package contains the development files, which are
necessary to develop your own software using libselinux.
%package devel-static
Summary: Static archives for the SELinux runtime
Group: Development/Libraries/C and C++
Requires: libselinux-devel = %{version}
Requires: pkgconfig(libpcre2-8)
Requires: pkgconfig(libsepol)
%description devel-static
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This package contains the static development files, which are
necessary to develop your own software using libselinux.
%prep
%setup -q -n libselinux-%{version}
%patch4 -p1
%patch5 -p1
%build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="gcc" CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" USE_PCRE2=y
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_sbindir}
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_sbindir}" install
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir}/selinux-ready
# Remove duplicate files
%fdupes -s %{buildroot}%{_mandir}
%post -n libselinux1 -p /sbin/ldconfig
%postun -n libselinux1 -p /sbin/ldconfig
%files -n selinux-tools
%{_sbindir}/avcstat
%{_sbindir}/getenforce
%{_sbindir}/getsebool
%{_sbindir}/matchpathcon
%{_sbindir}/selabel_digest
%{_sbindir}/selabel_lookup
%{_sbindir}/selinux_check_access
%{_sbindir}/selabel_lookup_best_match
%{_sbindir}/selabel_partial_match
%{_sbindir}/selinuxconlist
%{_sbindir}/selinuxdefcon
%{_sbindir}/selinuxenabled
%{_sbindir}/setenforce
%{_sbindir}/togglesebool
%{_sbindir}/selinux-ready
%{_sbindir}/selinuxexeccon
%{_sbindir}/sefcontext_compile
%{_sbindir}/compute_*
%{_sbindir}/getfilecon
%{_sbindir}/getpidcon
%{_sbindir}/policyvers
%{_sbindir}/setfilecon
%{_sbindir}/getseuser
%{_sbindir}/selinux_check_securetty_context
%{_sbindir}/selabel_get_digests_all_partial_matches
%{_sbindir}/validatetrans
%{_sbindir}/getpidprevcon
%{_mandir}/man5/*
%{_mandir}/ru/man5/*
%{_mandir}/man8/*
%{_mandir}/ru/man8/*
%files -n libselinux1
%{_libdir}/libselinux.so.*
%files devel
%{_libdir}/libselinux.so
%{_includedir}/selinux/
%{_mandir}/man3/*
%{_libdir}/pkgconfig/libselinux.pc
%files devel-static
%{_libdir}/libselinux.a
%changelog

16
python3.8-compat.patch Normal file
View File

@ -0,0 +1,16 @@
Index: libselinux-3.5/src/Makefile
===================================================================
--- libselinux-3.5.orig/src/Makefile
+++ libselinux-3.5/src/Makefile
@@ -13,7 +13,11 @@ LIBDIR ?= $(PREFIX)/lib
SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
+ifeq ($(shell $(PKG_CONFIG) --exists $(PYPREFIX)-embed && echo true), true)
+PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)-embed)
+else
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
+endif
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))")
PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')

12
readv-proto.patch Normal file
View File

@ -0,0 +1,12 @@
Index: libselinux-2.5/src/setrans_client.c
===================================================================
--- libselinux-2.5.orig/src/setrans_client.c
+++ libselinux-2.5/src/setrans_client.c
@@ -9,6 +9,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/uio.h>
#include <errno.h>
#include <stdlib.h>

245
selinux-ready Normal file
View File

@ -0,0 +1,245 @@
#!/bin/bash
KERNEL="unknown"
INITRD="unknown"
TD=""
# init needs /selinux to be there
check_dir()
{
SLDIRS="/selinux /sys/fs/selinux"
FOUND="no"
for DIR in $SLDIRS; do
if [ -d $DIR ]; then
printf "\tcheck_dir: OK. $DIR exists.\n"
FOUND="yes"
fi
done
if [ $FOUND == "yes" ]; then
return 0
else
printf "\tcheck_dir: ERR. Neither of $SLDIRS does exist. Please execute 'mkdir /sys/fs/selinux' as root\n"
return 1
fi
}
check_filesystem()
{
FSPATH="/proc/filesystems"
FSNAMES="securityfs selinuxfs"
OK="O"
for FSNAME in $FSNAMES; do
grep -w $FSNAME $FSPATH 1>&2 >/dev/null
if [ $? == 0 ]; then
printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n"
else
printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n"
OK="1"
fi
done
if [ "$OK" == "0" ]; then
return 0;
else
return 1;
fi
}
check_boot()
{
printf "\tcheck_boot: Assuming GRUB2 as bootloader.\n"
BPARAM1="security=selinux"
BPARAM2="selinux=1"
if grep $BPARAM1 /proc/cmdline | grep $BPARAM2 >/dev/null; then
printf "\tcheck_boot: OK. Current kernel has boot-parameters '$BPARAM1 $BPARAM2'\n"
return 0
else
printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n"
printf "\t Please add 'security=selinux selinux=1' to the kernel boot-parameter list.\n"
return 1
fi
}
check_mkinitrd()
{
MCMD="mount.*/root/proc.*"
if ! [ -f "/boot/initrd" ];then
printf "\tcheck_mkinitrd: ERR. Unable to locate '/boot/initrd'\n"
return 2
fi
cp /boot/initrd $TD/ 2>/dev/null
pushd . 2>&1>/dev/null
cd $TD
mkdir initrd-extracted
cd initrd-extracted
INITRD_FORMAT=$(file $TD/initrd | awk -F' ' '{print $2}')
case $INITRD_FORMAT in
'XZ' )
xz -d -c $TD/initrd | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;;
'ASCII' )
/usr/lib/dracut/skipcpio $TD/initrd | zstd -d | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;;
'gzip' )
gzip -d -c $TD/initrd | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;;
'Zstandard' )
zstd -d -c $TD/initrd | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;;
* )
printf "\tcheck_mkinitrd: ERR. Error while extracting initrd file.'\n"
return 2
esac
if [ -d boot ]; then
grep -E -- $MCMD boot/* 2>&1 >/dev/null
FLG1=$?
grep -E -- load_policy boot/* 2>&1 >/dev/null
FLG2=$?
else
# looks like we're using dracut/systemd. We can only check if libselinux1
# exists
if [ -f lib64/libselinux.so.1 ]; then
# if this exists
FLG1=0
FLG2=0
fi
fi
popd 2>&1>/dev/null
if [ $FLG1 == 0 -a $FLG2 == 0 ];then
printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n"
return 0
else
printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n"
printf "\t the root filesystem during boot and/or load_policy\n"
printf "\t is missing,\n"
printf "\t this may be a reason for SELinux not working.\n"
return 1
fi
}
check_pam()
{
AA_PAM=0
SE_PAM=0
# test for AA pam module
grep apparmor /etc/pam.d/* 2>&1 >/dev/null
FLG=$?
if [ $FLG == 0 ]; then
AA_PAM=1
fi
# test for SELinux pam module
grep selinux /etc/pam.d/* 2>&1 >/dev/null
FLG=$?
if [ $FLG == 0 ]; then
SE_PAM=1
fi
# suggest config
if [ $SE_PAM == 1 ] && [ $AA_PAM == 0 ]; then
printf "\tcheck_pam: OK. Your PAM configuration seems to be correct.\n"
return 0
fi
printf "\tcheck_pam: ERR. Your PAM configuration seems to be incorrect.\n"
if [ $AA_PAM == 1 ]; then
printf " execute 'pam-config -d --apparmor' as root\n"
fi
if [ $SE_PAM == 0 ]; then
printf " execute 'pam-config -a --selinux' as root\n"
fi
return 1
}
check_initupstart()
{
CFGFILE="/etc/selinux/config"
if ! [ -f $CFGFILE ]; then
printf "\tcheck_initupstart: ERR. $CFGFILE does not exist.\n"
return 1;
fi
}
check_runlevel()
{
if [ "$(systemctl is-enabled restorecond.service 2>/dev/null)" == "enabled" ]; then
printf "\tcheck_runlevel: OK. restorecond is enabled on your system\n"
return 0;
fi
printf "\tcheck_runlevel: ERR. please enable restorecond with systemctl enable restorecond.service.\n"
return 1
}
check_packages()
{
PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol2 libsemanage2 restorecond"
FAIL=0
for i in $PKGLST
do
rpm -q $i 1>&2 >/dev/null
if [ $? == 1 ];then
printf "\tcheck_packages: ERR. Package '$i' not installed, please run 'zypper in $i' as root\n"
FAIL=1
fi
done
if [ $FAIL == 0 ]; then
printf "\tcheck_packages: OK. All essential packages are installed\n"
return 0
else
return 1
fi
}
check_config()
{
CF="/etc/selinux/config"
if [ -f $CF ];then
printf "\tcheck_config: OK. Config file seems to be there.\n"
# with -L because /etc/selinux/config is now a link to /etc/sysconfig/selinux-policy
if ! [ $(stat -L --printf=%a $CF) -eq "644" ]; then
printf "\tcheck_config: ERR. Config file '$CF' has wrong permissions.\n"
return 1
fi
# check that SELINUX is not disabled there
SELINUX_MODE=$(grep "^\s*SELINUX\s*=" $CF | sed "s/SELINUX\s*=\(\S*\)\s*"/\\1/)
case "$SELINUX_MODE" in
permissive | enforcing )
printf "\tcheck_config: OK. SELINUX is set to '$SELINUX_MODE'.\n"
return 0
;;
* )
printf "\tcheck_config: ERR. SELINUX is set to '$SELINUX_MODE' in '$CF'. Should be either 'permissive' or 'enforcing'\n"
return 1
;;
esac
else
printf "\tcheck_config: ERR. Config file '$CF' is missing.\n"
return 1
fi
}
TD=$(mktemp -q -d /tmp/selinux-ready.XXXXXX)
echo "Start checking your system if it is selinux-ready or not:"
check_dir
check_filesystem
check_boot
check_mkinitrd
check_packages
check_config
check_initupstart
check_pam
check_runlevel
rm -rf $TD

14
skip_cycles.patch Normal file
View File

@ -0,0 +1,14 @@
Index: libselinux-3.4-rc3/src/selinux_restorecon.c
===================================================================
--- libselinux-3.4-rc3.orig/src/selinux_restorecon.c
+++ libselinux-3.4-rc3/src/selinux_restorecon.c
@@ -871,7 +871,8 @@ loop_body:
errno = ELOOP;
state->error = -1;
state->abort = true;
- goto finish;
+ fts_set(fts, ftsent, FTS_SKIP);
+ continue;
case FTS_DP:
continue;
case FTS_DNR:

13
swig4_moduleimport.patch Normal file
View File

@ -0,0 +1,13 @@
Index: libselinux-2.9/src/selinuxswig_python.i
===================================================================
--- libselinux-2.9.orig/src/selinuxswig_python.i 2019-03-15 10:32:30.000000000 +0000
+++ libselinux-2.9/src/selinuxswig_python.i 2019-12-16 15:03:46.133451617 +0000
@@ -6,7 +6,7 @@
#define DISABLE_RPM
#endif
-%module selinux
+%module(moduleimport="import $module") selinux
%{
#include "selinux/selinux.h"
%}