Accepting request 609005 from home:mcepl:SELinux

Rebase to 2.7

OBS-URL: https://build.opensuse.org/request/show/609005
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=39
This commit is contained in:
Johannes Segitz 2018-05-23 08:27:50 +00:00 committed by Git OBS Bridge
parent 58446a0a21
commit 04327bf5b0
6 changed files with 281 additions and 19 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157
size 69748

3
checkpolicy-2.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201
size 65967

228
checkpolicy-build.patch Normal file
View File

@ -0,0 +1,228 @@
diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile
index 68e11f2..4c817cd 100644
--- checkpolicy-2.7/Makefile
+++ checkpolicy-2.7/Makefile
@@ -1,12 +1,9 @@
#
# Makefile for building the checkpolicy program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
TARGETS = checkpolicy checkmodule
LEX = flex
@@ -14,7 +11,12 @@ YACC = bison -y
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
-override CFLAGS += -I.
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
policy_define.o
@@ -27,8 +29,10 @@ all: $(TARGETS)
$(MAKE) -C test
checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c
$(LEX) policy_scan.l
install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
clean:
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8
index ee95882..cf76591 100644
--- checkpolicy-2.7/checkmodule.8
+++ checkpolicy-2.7/checkmodule.8
@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
This manual page was copied from the checkpolicy man page
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
and edited by Dan Walsh <dwalsh@redhat.com>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8
index 7b28696..1c8805d 100644
--- checkpolicy-2.7/checkpolicy.8
+++ checkpolicy-2.7/checkpolicy.8
@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
.SH AUTHOR
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
-and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+and edited by Stephen Smalley <sds@tycho.nsa.gov>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
index b75f2af..fbda455 100644
--- checkpolicy-2.7/checkpolicy.c
+++ checkpolicy-2.7/checkpolicy.c
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -69,6 +69,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <fcntl.h>
#include <stdio.h>
@@ -944,6 +947,8 @@ int main(int argc, char **argv)
protocol = IPPROTO_UDP;
else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
protocol = IPPROTO_DCCP;
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
+ protocol = IPPROTO_SCTP;
else {
printf("unknown protocol\n");
break;
diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
index f12ebdb..11fd37d 100644
--- checkpolicy-2.7/policy_define.c
+++ checkpolicy-2.7/policy_define.c
@@ -1,5 +1,5 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -40,6 +40,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <stdlib.h>
#include <limits.h>
@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
index 6b406c8..247bd4e 100644
--- checkpolicy-2.7/policy_parse.y
+++ checkpolicy-2.7/policy_parse.y
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l
index e6c4898..e93ccb6 100644
--- checkpolicy-2.7/policy_scan.l
+++ checkpolicy-2.7/policy_scan.l
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/* Updated: David Caplan, <dac@tresys.com>
diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c
index acc991c..82e6673 100644
--- checkpolicy-2.7/queue.c
+++ checkpolicy-2.7/queue.c
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h
index 655c94b..60c07fe 100644
--- checkpolicy-2.7/queue.h
+++ checkpolicy-2.7/queue.h
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile
index 59fa446..89e7557 100644
--- checkpolicy-2.7/test/Makefile
+++ checkpolicy-2.7/test/Makefile
@@ -1,19 +1,22 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
-BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
-
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
all: dispol dismod
dispol: dispol.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
dismod: dismod.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
clean:
-rm -f dispol dismod *.o

BIN
checkpolicy-tests.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
- Rebase to 2.7
-------------------------------------------------------------------
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package checkpolicy
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -18,17 +18,20 @@
%define libsepol_ver 2.6
Name: checkpolicy
Version: 2.6
Version: 2.7
Release: 0
Summary: SELinux policy compiler
License: GPL-2.0+
License: GPL-2.0-or-later
Group: Productivity/Security
Url: https://github.com/SELinuxProject/selinux
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
Source1: checkpolicy-tests.tar.gz
Patch0: checkpolicy-build.patch
BuildRequires: bison
BuildRequires: byacc
BuildRequires: flex
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: libsepol-devel-static => %{libsepol_ver}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -40,29 +43,52 @@ utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package devel
Summary: Development files for SELinux policy compiler
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
This package contains the development files, which are
necessary to develop your own software using checkpolicy.
%package -n python3-%{name}
Summary: Python bindings for SELinux policy compiler
Group: Development/Libraries/Python
Requires: %{name} = %{version}
%description -n python3-%{name}
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
This package contains the Python bindindgs, which are necessary
to use checkpolicy from Python.
%prep
%setup -q
%patch0 -p1
%build
make %{?_smp_mflags} clean
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
cd test
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
make clean
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS"
(cd test
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" )
%install
mkdir -p %{buildroot}%{_bindir}
make LIBDIR="%{_libdir}" DESTDIR=%{buildroot} install
install test/dismod %{buildroot}%{_bindir}/sedismod
install test/dispol %{buildroot}%{_bindir}/sedispol
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
%files
%defattr(-,root,root)
%doc COPYING ChangeLog
%{_bindir}/checkpolicy
%{_bindir}/checkmodule
%{_bindir}/sedismod
%{_bindir}/sedispol
%{_mandir}/man8/checkmodule.8%{ext_man}
%{_mandir}/man8/checkpolicy.8%{ext_man}
%{_mandir}/man8/check*.*%{ext_man}
%changelog