Accepting request 609005 from home:mcepl:SELinux
Rebase to 2.7 OBS-URL: https://build.opensuse.org/request/show/609005 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=39
This commit is contained in:
parent
58446a0a21
commit
04327bf5b0
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157
|
||||
size 69748
|
3
checkpolicy-2.7.tar.gz
Normal file
3
checkpolicy-2.7.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201
|
||||
size 65967
|
228
checkpolicy-build.patch
Normal file
228
checkpolicy-build.patch
Normal file
@ -0,0 +1,228 @@
|
||||
diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile
|
||||
index 68e11f2..4c817cd 100644
|
||||
--- checkpolicy-2.7/Makefile
|
||||
+++ checkpolicy-2.7/Makefile
|
||||
@@ -1,12 +1,9 @@
|
||||
#
|
||||
# Makefile for building the checkpolicy program
|
||||
#
|
||||
-PREFIX ?= $(DESTDIR)/usr
|
||||
+PREFIX ?= /usr
|
||||
BINDIR ?= $(PREFIX)/bin
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
-LIBDIR ?= $(PREFIX)/lib
|
||||
-INCLUDEDIR ?= $(PREFIX)/include
|
||||
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
|
||||
TARGETS = checkpolicy checkmodule
|
||||
|
||||
LEX = flex
|
||||
@@ -14,7 +11,12 @@ YACC = bison -y
|
||||
|
||||
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
|
||||
|
||||
-override CFLAGS += -I.
|
||||
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
|
||||
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
|
||||
+# is no need to define a value for LDLIBS_LIBSEPOLA
|
||||
+ifeq ($(LIBSEPOLA),)
|
||||
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
|
||||
+endif
|
||||
|
||||
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
|
||||
policy_define.o
|
||||
@@ -27,8 +29,10 @@ all: $(TARGETS)
|
||||
$(MAKE) -C test
|
||||
|
||||
checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
|
||||
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
|
||||
|
||||
checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
|
||||
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
|
||||
|
||||
%.o: %.c
|
||||
$(CC) $(CFLAGS) -o $@ -c $<
|
||||
@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c
|
||||
$(LEX) policy_scan.l
|
||||
|
||||
install: all
|
||||
- -mkdir -p $(BINDIR)
|
||||
- -mkdir -p $(MANDIR)/man8
|
||||
- install -m 755 $(TARGETS) $(BINDIR)
|
||||
- install -m 644 checkpolicy.8 $(MANDIR)/man8
|
||||
- install -m 644 checkmodule.8 $(MANDIR)/man8
|
||||
+ -mkdir -p $(DESTDIR)$(BINDIR)
|
||||
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
|
||||
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
|
||||
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
|
||||
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
|
||||
|
||||
relabel: install
|
||||
- /sbin/restorecon $(BINDIR)/checkpolicy
|
||||
- /sbin/restorecon $(BINDIR)/checkmodule
|
||||
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
|
||||
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
|
||||
|
||||
clean:
|
||||
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
|
||||
diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8
|
||||
index ee95882..cf76591 100644
|
||||
--- checkpolicy-2.7/checkmodule.8
|
||||
+++ checkpolicy-2.7/checkmodule.8
|
||||
@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
|
||||
This manual page was copied from the checkpolicy man page
|
||||
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
|
||||
and edited by Dan Walsh <dwalsh@redhat.com>.
|
||||
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
|
||||
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
|
||||
diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8
|
||||
index 7b28696..1c8805d 100644
|
||||
--- checkpolicy-2.7/checkpolicy.8
|
||||
+++ checkpolicy-2.7/checkpolicy.8
|
||||
@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
|
||||
|
||||
.SH AUTHOR
|
||||
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
|
||||
-and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
|
||||
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
|
||||
+and edited by Stephen Smalley <sds@tycho.nsa.gov>.
|
||||
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
|
||||
diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
|
||||
index b75f2af..fbda455 100644
|
||||
--- checkpolicy-2.7/checkpolicy.c
|
||||
+++ checkpolicy-2.7/checkpolicy.c
|
||||
@@ -1,6 +1,6 @@
|
||||
|
||||
/*
|
||||
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
||||
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
||||
*/
|
||||
|
||||
/*
|
||||
@@ -69,6 +69,9 @@
|
||||
#ifndef IPPROTO_DCCP
|
||||
#define IPPROTO_DCCP 33
|
||||
#endif
|
||||
+#ifndef IPPROTO_SCTP
|
||||
+#define IPPROTO_SCTP 132
|
||||
+#endif
|
||||
#include <arpa/inet.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
@@ -944,6 +947,8 @@ int main(int argc, char **argv)
|
||||
protocol = IPPROTO_UDP;
|
||||
else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
|
||||
protocol = IPPROTO_DCCP;
|
||||
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
|
||||
+ protocol = IPPROTO_SCTP;
|
||||
else {
|
||||
printf("unknown protocol\n");
|
||||
break;
|
||||
diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
|
||||
index f12ebdb..11fd37d 100644
|
||||
--- checkpolicy-2.7/policy_define.c
|
||||
+++ checkpolicy-2.7/policy_define.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
||||
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
||||
*/
|
||||
|
||||
/*
|
||||
@@ -40,6 +40,9 @@
|
||||
#ifndef IPPROTO_DCCP
|
||||
#define IPPROTO_DCCP 33
|
||||
#endif
|
||||
+#ifndef IPPROTO_SCTP
|
||||
+#define IPPROTO_SCTP 132
|
||||
+#endif
|
||||
#include <arpa/inet.h>
|
||||
#include <stdlib.h>
|
||||
#include <limits.h>
|
||||
@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high)
|
||||
protocol = IPPROTO_UDP;
|
||||
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
|
||||
protocol = IPPROTO_DCCP;
|
||||
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
|
||||
+ protocol = IPPROTO_SCTP;
|
||||
} else {
|
||||
yyerror2("unrecognized protocol %s", id);
|
||||
goto bad;
|
||||
diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
|
||||
index 6b406c8..247bd4e 100644
|
||||
--- checkpolicy-2.7/policy_parse.y
|
||||
+++ checkpolicy-2.7/policy_parse.y
|
||||
@@ -1,6 +1,6 @@
|
||||
|
||||
/*
|
||||
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
||||
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
||||
*/
|
||||
|
||||
/*
|
||||
diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l
|
||||
index e6c4898..e93ccb6 100644
|
||||
--- checkpolicy-2.7/policy_scan.l
|
||||
+++ checkpolicy-2.7/policy_scan.l
|
||||
@@ -1,6 +1,6 @@
|
||||
|
||||
/*
|
||||
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
||||
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
||||
*/
|
||||
|
||||
/* Updated: David Caplan, <dac@tresys.com>
|
||||
diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c
|
||||
index acc991c..82e6673 100644
|
||||
--- checkpolicy-2.7/queue.c
|
||||
+++ checkpolicy-2.7/queue.c
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
||||
|
||||
/* FLASK */
|
||||
|
||||
diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h
|
||||
index 655c94b..60c07fe 100644
|
||||
--- checkpolicy-2.7/queue.h
|
||||
+++ checkpolicy-2.7/queue.h
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
||||
|
||||
/* FLASK */
|
||||
|
||||
diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile
|
||||
index 59fa446..89e7557 100644
|
||||
--- checkpolicy-2.7/test/Makefile
|
||||
+++ checkpolicy-2.7/test/Makefile
|
||||
@@ -1,19 +1,22 @@
|
||||
#
|
||||
# Makefile for building the dispol program
|
||||
#
|
||||
-PREFIX ?= $(DESTDIR)/usr
|
||||
-BINDIR ?= $(PREFIX)/bin
|
||||
-LIBDIR ?= $(PREFIX)/lib
|
||||
-INCLUDEDIR ?= $(PREFIX)/include
|
||||
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
|
||||
-
|
||||
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
|
||||
|
||||
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
|
||||
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
|
||||
+# is no need to define a value for LDLIBS_LIBSEPOLA
|
||||
+ifeq ($(LIBSEPOLA),)
|
||||
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
|
||||
+endif
|
||||
+
|
||||
all: dispol dismod
|
||||
|
||||
dispol: dispol.o $(LIBSEPOLA)
|
||||
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
|
||||
|
||||
dismod: dismod.o $(LIBSEPOLA)
|
||||
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
|
||||
|
||||
clean:
|
||||
-rm -f dispol dismod *.o
|
BIN
checkpolicy-tests.tar.gz
(Stored with Git LFS)
Normal file
BIN
checkpolicy-tests.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
|
||||
|
||||
- Rebase to 2.7
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package checkpolicy
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -18,17 +18,20 @@
|
||||
|
||||
%define libsepol_ver 2.6
|
||||
Name: checkpolicy
|
||||
Version: 2.6
|
||||
Version: 2.7
|
||||
Release: 0
|
||||
Summary: SELinux policy compiler
|
||||
License: GPL-2.0+
|
||||
License: GPL-2.0-or-later
|
||||
Group: Productivity/Security
|
||||
Url: https://github.com/SELinuxProject/selinux
|
||||
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
|
||||
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
|
||||
Source1: checkpolicy-tests.tar.gz
|
||||
Patch0: checkpolicy-build.patch
|
||||
BuildRequires: bison
|
||||
BuildRequires: byacc
|
||||
BuildRequires: flex
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
|
||||
BuildRequires: libsepol-devel-static => %{libsepol_ver}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -40,29 +43,52 @@ utilities that implement mandatory access control policies, such as
|
||||
Type Enforcement, Role-based Access Control and Multi-Level
|
||||
Security.)
|
||||
|
||||
%package devel
|
||||
Summary: Development files for SELinux policy compiler
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
checkpolicy is the SELinux policy compiler. It uses libsepol to
|
||||
generate the binary policy.
|
||||
|
||||
This package contains the development files, which are
|
||||
necessary to develop your own software using checkpolicy.
|
||||
|
||||
%package -n python3-%{name}
|
||||
Summary: Python bindings for SELinux policy compiler
|
||||
Group: Development/Libraries/Python
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description -n python3-%{name}
|
||||
checkpolicy is the SELinux policy compiler. It uses libsepol to
|
||||
generate the binary policy.
|
||||
|
||||
This package contains the Python bindindgs, which are necessary
|
||||
to use checkpolicy from Python.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
make %{?_smp_mflags} clean
|
||||
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
|
||||
cd test
|
||||
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
|
||||
make clean
|
||||
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS"
|
||||
(cd test
|
||||
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" )
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}%{_bindir}
|
||||
make LIBDIR="%{_libdir}" DESTDIR=%{buildroot} install
|
||||
install test/dismod %{buildroot}%{_bindir}/sedismod
|
||||
install test/dispol %{buildroot}%{_bindir}/sedispol
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
|
||||
make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
|
||||
install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
|
||||
install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc COPYING ChangeLog
|
||||
%{_bindir}/checkpolicy
|
||||
%{_bindir}/checkmodule
|
||||
%{_bindir}/sedismod
|
||||
%{_bindir}/sedispol
|
||||
%{_mandir}/man8/checkmodule.8%{ext_man}
|
||||
%{_mandir}/man8/checkpolicy.8%{ext_man}
|
||||
%{_mandir}/man8/check*.*%{ext_man}
|
||||
|
||||
%changelog
|
||||
|
Loading…
Reference in New Issue
Block a user