commit 2bb3d73c4ffd2cc81fecb03ca4fa40e84fc2371af78de507744a40d1ea6b5daa Author: Adrian Schröter Date: Fri Sep 6 15:28:09 2024 +0200 Sync from SUSE:SLFO:Main mcstrans revision 49cb685cf243725e6eb64bf162b3685f diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/harden_mcstrans.service.patch b/harden_mcstrans.service.patch new file mode 100644 index 0000000..bd61d9c --- /dev/null +++ b/harden_mcstrans.service.patch @@ -0,0 +1,23 @@ +Index: mcstrans-3.5/src/mcstrans.service +=================================================================== +--- mcstrans-3.5.orig/src/mcstrans.service ++++ mcstrans-3.5/src/mcstrans.service +@@ -7,7 +7,17 @@ Before=shutdown.target sysinit.target + Conflicts=shutdown.target + + [Service] +-ExecStart=/sbin/mcstransd -f ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions ++ExecStart=/usr/sbin/mcstransd -f + RuntimeDirectory=setrans + RuntimeDirectoryPreserve=true + diff --git a/mcstrans-3.7.tar.gz b/mcstrans-3.7.tar.gz new file mode 100644 index 0000000..2692083 --- /dev/null +++ b/mcstrans-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bf04690f254bf26f4ed42d33c04669fd42714c2c2608bf348ca26e3d65194979 +size 42501 diff --git a/mcstrans-3.7.tar.gz.asc b/mcstrans-3.7.tar.gz.asc new file mode 100644 index 0000000..da2a6a2 --- /dev/null +++ b/mcstrans-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNHemg//TbdBIP/nEUbVA9YRbxwFcje0AppPVGV37TJ7/vO3boPNzW4aXS1SBiFF +7zwW8Byo3D8OOAqYefYGazHxcKRfKw+p3NmGTRbD5eyz6K4RXvbp9EdKh6V0hs4p +pCGhDxuD1wU+1mJvx3bzZpgSgbbmxFntT/8nlfsf8b7en0+/kEi5iMVz34XMLpZT +EM9cOkioaEWYkzAqPI6n9YDcDXTpghH+CfrBCuf89XCUE7nSQeBDJzE/MSFLfVBc +P0gZnqm6PaOH07IoNCFNICEyAfhoN8KybhwRsYMG9oCPXORkBYHrPEmM8dpGgNps +rHyfSeN6+5kP1tDrhemndklkROb6i+ktQFMCWSUdiCjXyY+ap5LBnigdo5Tu4tFs +mCSvi7jJBXKYsR5EMvRv4/1fPXAEVMc2haD9MjIdPybwJmy3gj/vuesFisOeqwF6 +PxLr/23TMb+ONx/9CyXgqSHvjlDvxZ5ntU1AEerZZs0AGQ7CbIOSPEYuDoyNK/2A +2Mlqxy97iF/PmUIUqyQxvHIFrFxXz8gcqTJZ+yN14Wmn0Li7pVFoF5jdltv6nobr +stE1UrBwOX/Fcse7VnYD7Ri9vIk8B/7z10Q9VAsIVIZGzCHIX7Uy9yAgVqwVuI6o +ZAe9J5hQ6X1G9fO56eLClIT13y1wsiTX/cjb+yrDNKoYoo/4zIA= +=xUkV +-----END PGP SIGNATURE----- diff --git a/mcstrans.changes b/mcstrans.changes new file mode 100644 index 0000000..4c8e0a7 --- /dev/null +++ b/mcstrans.changes @@ -0,0 +1,202 @@ +------------------------------------------------------------------- +Mon Jul 1 08:04:02 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * mcstrans: free constraint in error branch + * mcstrans: ensure transitivity in compare functions + * mcstrans: check memory allocations + +------------------------------------------------------------------- +Tue Dec 19 12:02:01 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Mon Nov 27 10:33:24 UTC 2023 - Hu + +- Change deprecated `%patch1 -p1` syntax to supported `%patch -P1 -p1` + (bsc#1216669) + +------------------------------------------------------------------- +Fri Feb 24 07:51:59 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * preserve runtime directory +- Refreshed harden_mcstrans.service.patch +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:49:13 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Port to PCRE2 +- Dropped patches + * add_includes.patch: Upstream + * mcstrans-writepid.patch: Upstream + +------------------------------------------------------------------- +Thu Nov 25 13:54:30 UTC 2021 - Johannes Segitz + +- Finish UsrMerge (bsc#1191075) + +------------------------------------------------------------------- +Thu Nov 11 13:51:39 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * No user-visible changes + +------------------------------------------------------------------- +Wed Oct 6 11:59:35 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_mcstrans.service.patch + +------------------------------------------------------------------- +Tue Mar 9 09:15:26 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * No user-visible changes, only version bump. + +------------------------------------------------------------------- +Tue Jul 14 08:34:48 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * fix memory leak in new_context_str + +------------------------------------------------------------------- +Tue Mar 3 12:26:40 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add reference to setools.conf man page in the daemon one + +------------------------------------------------------------------- +Tue Aug 27 10:25:48 UTC 2019 - Jan Engelhardt + +- Avoid use of ®/™ signs in specfiles as per guidelines. + +------------------------------------------------------------------- +Wed Jun 12 15:01:20 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +------------------------------------------------------------------- +Wed Mar 20 15:14:52 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Fix check in raw_color() + * remove unused getpeercon_raw() call + +------------------------------------------------------------------- +Tue Dec 4 11:39:52 UTC 2018 - Jan Engelhardt + +- One grammar fix, and use %make_install. + +------------------------------------------------------------------- +Fri Nov 23 10:58:47 UTC 2018 - jsegitz@suse.com + +- Dropped mcstransd.service, use the provided service file +- Install example configs +- Fixed source URL + +------------------------------------------------------------------- +Wed Oct 17 11:55:59 UTC 2018 - jsegitz@suse.com + +- Update to version 2.8 (bsc#1111732) + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt +- Renamed mcstrans-2.7-writepid.patch to mcstrans-writepid.patch + +------------------------------------------------------------------- +Wed May 16 07:21:45 UTC 2018 - mcepl@suse.com + +- Rebase to 2.7 + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt +- Renamed mcstrans-0.3.3-writepid.patch to + mcstrans-2.7-writepid.patch + +------------------------------------------------------------------- +Tue Sep 5 08:48:52 UTC 2017 - jsegitz@suse.com + +- Added add_includes.patch to add additional includes and fix + Factory build + +------------------------------------------------------------------- +Wed Jun 17 14:15:33 UTC 2015 - jsegitz@novell.com + +- fixed wrong label in /run preventing startup + +------------------------------------------------------------------- +Mon Sep 8 08:07:00 UTC 2014 - jsegitz@suse.com + +- altered package to use systemd. Removed + mcstrans-0.3.3-initscript.patch since it's no longer necessary +- added mcstrans-0.3.3-writepid.patch to write pid files to the + correct location + +------------------------------------------------------------------- +Mon Dec 10 13:00:43 UTC 2012 - meissner@suse.com + +- provide setransd, like in redhat (covered by mcstrans these days) + +------------------------------------------------------------------- +Tue Aug 7 13:19:20 UTC 2012 - meissner@suse.com + +- updated to 0.3.3 , tarball taken from redhat source rpm. + +------------------------------------------------------------------- +Thu Apr 5 13:50:13 UTC 2012 - dvaleev@suse.com + +- add LIBDIR, so ppc and ppc64 can build + +------------------------------------------------------------------- +Mon Mar 26 13:11:29 UTC 2012 - vcizek@suse.com + +- removed use of /var/lock/subsys in init script [bnc#714633] + +------------------------------------------------------------------- +Mon May 3 12:32:09 CEST 2010 - prusnak@suse.cz + +- create /var/run/setrans directory in initscript [Feature#303793] + +------------------------------------------------------------------- +Thu Jul 16 13:37:35 CEST 2009 - prusnak@suse.cz + +- remove check and rename from %post section (not needed) + +------------------------------------------------------------------- +Tue Jun 23 13:17:38 CEST 2009 - prusnak@suse.cz + +- require libsepol-devel-static + +------------------------------------------------------------------- +Wed May 27 14:19:52 CEST 2009 - prusnak@suse.cz + +- updated to 0.3.1 + * Add inverse bit support + * Add color support from Eamon Walsh + +------------------------------------------------------------------- +Thu Oct 16 16:04:41 CEST 2008 - prusnak@suse.cz + +- created package (version 0.2.11) diff --git a/mcstrans.keyring b/mcstrans.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/mcstrans.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/mcstrans.spec b/mcstrans.spec new file mode 100644 index 0000000..cddbdf0 --- /dev/null +++ b/mcstrans.spec @@ -0,0 +1,98 @@ +# +# spec file for package mcstrans +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: mcstrans +Version: 3.7 +Release: 0 +Summary: SELinux Translation Daemon +License: GPL-2.0-or-later +Group: System/Management +URL: https://github.com/SELinuxProject/selinux/wiki +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: mcstrans.keyring +Patch2: harden_mcstrans.service.patch +BuildRequires: aaa_base +BuildRequires: libcap-devel +BuildRequires: libselinux-devel >= 1.30.3 +BuildRequires: libsepol-devel-static +BuildRequires: pcre-devel +BuildRequires: pkgconfig(systemd) +Requires: aaa_base +Provides: setransd +%{?systemd_requires} + +%description +Security-enhanced Linux is a feature of the Linux kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux +kernel contains new architectural components originally developed to +improve the security of the Flask operating system. These +architectural components provide general support for the enforcement +of many kinds of mandatory access control policies, including those +based on the concepts of Type Enforcement, Role-based Access +Control, and Multi-level Security. + +mcstrans provides a translation daemon to translate SELinux categories +from internal representations to user defined representation. + +%prep +%setup -q +%patch -P2 -p1 + +%build +export CFLAGS="%{optflags}" +make LIBDIR="%{_libdir}" %{?_smp_mflags} + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}/%{_libdir} +mkdir -p %{buildroot}/%{_unitdir} +%make_install LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" +rm -f %{buildroot}%{_sbindir}/* +rm -f %{buildroot}%{_libdir}/*.a +rm %{buildroot}%{_sysconfdir}/rc.d/init.d/mcstrans* +rm -rf %{buildroot}%{_sysconfdir}/rc.d +mkdir -p %{buildroot}%{_datadir}/doc/packages/%{name} +cp -r share/examples %{buildroot}%{_datadir}/doc/packages/%{name} +mkdir -p %{buildroot}%{_sbindir} +ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +mv %{buildroot}/sbin/mcstransd %{buildroot}/usr/sbin/mcstransd + +%post +%service_add_post mcstrans.service + +%preun +%service_del_preun mcstrans.service + +%postun +%service_del_postun mcstrans.service + +%pre +%service_add_pre mcstrans.service + +%files +%{_unitdir}/mcstrans*.service +/usr/sbin/mcstransd +%{_sbindir}/rcmcstrans +%{_mandir}/man5/*.5%{?ext_man} +%{_mandir}/man8/*.8%{?ext_man} +%dir %{_datadir}/doc/packages/%{name} +%{_datadir}/doc/packages/%{name}/* + +%changelog