From 23f21e2372e9bc3514bdd2a17025cbc254469d489cd4bd8f493a5d97f4daffdd Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Mon, 15 Jun 2020 07:22:03 +0000 Subject: [PATCH 1/5] Accepting request 814134 from home:pmonrealgonzalez:branches:security:SELinux - Fix build with LTO: [bsc#1133102] * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects * Update map file to include new symbols and remove wildcards - Add libsemanage-update-map-file.patch - Fix build with LTO: [bsc#1133102] * Enable LTO (Link Time Optimization) * Update map file to include new symbols and remove wildcards - Add libsemanage-update-map-file.patch OBS-URL: https://build.opensuse.org/request/show/814134 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=82 --- libsemanage-update-map-file.patch | 409 ++++++++++++++++++++++++++++++ libsemanage.changes | 8 + libsemanage.spec | 8 +- python-semanage.changes | 8 + python-semanage.spec | 4 +- 5 files changed, 433 insertions(+), 4 deletions(-) create mode 100644 libsemanage-update-map-file.patch diff --git a/libsemanage-update-map-file.patch b/libsemanage-update-map-file.patch new file mode 100644 index 0000000..a0460ea --- /dev/null +++ b/libsemanage-update-map-file.patch @@ -0,0 +1,409 @@ +From 3fc08f8908571195dfaac7d3179504873f37b4c0 Mon Sep 17 00:00:00 2001 +From: William Roberts +Date: Mon, 23 Mar 2020 11:52:33 -0500 +Subject: [PATCH] libsemanage: update linker script + +With the old hidden_def and hidden_proto DSO infrastructure removed, +correctness of the map file becomes paramount, as it is what filters out +public API. Because of this, the wild cards should not be used, as it +lets some functions through that should not be made public API. Thus +remove the wild cards, and sort the list. + +Additionally, verify that nothing changed in external symbols as well: + +This was checked by generating an old export map (from master): +nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map + +Then creating a new one for this library after this patch is applied: +nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map + +And diffing them: +diff old.map new.map + +Acked-by: Stephen Smalley +Signed-off-by: William Roberts +--- + libsemanage/src/libsemanage.map | 372 +++++++++++++++++++++++++++++--- + 1 file changed, 345 insertions(+), 27 deletions(-) + +diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map +index 020366967..e1861ccbe 100644 +--- a/libsemanage/src/libsemanage.map ++++ b/libsemanage/src/libsemanage.map +@@ -1,31 +1,349 @@ + LIBSEMANAGE_1.0 { +- global: semanage_handle_create; semanage_handle_destroy; +- semanage_is_managed; semanage_connect; semanage_disconnect; +- semanage_msg_*; +- semanage_begin_transaction; semanage_commit; +- semanage_module_install; semanage_module_install_file; +- semanage_module_upgrade; semanage_module_upgrade_file; +- semanage_module_install_base; semanage_module_install_base_file; +- semanage_module_enable; +- semanage_module_disable; +- semanage_module_remove; +- semanage_module_list; semanage_module_info_datum_destroy; +- semanage_module_list_nth; semanage_module_get_name; +- semanage_module_get_version; semanage_select_store; +- semanage_module_get_enabled; +- semanage_reload_policy; semanage_set_reload; semanage_set_rebuild; +- semanage_set_root; +- semanage_root; +- semanage_user_*; semanage_bool_*; semanage_seuser_*; +- semanage_iface_*; semanage_port_*; semanage_context_*; +- semanage_ibpkey_*; +- semanage_ibendport_*; +- semanage_node_*; +- semanage_fcontext_*; semanage_access_check; semanage_set_create_store; +- semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit; +- semanage_mls_enabled; +- semanage_set_check_contexts; +- semanage_get_preserve_tunables; semanage_set_preserve_tunables; ++ global: ++ semanage_access_check; ++ semanage_begin_transaction; ++ semanage_bool_clone; ++ semanage_bool_compare; ++ semanage_bool_compare2; ++ semanage_bool_count; ++ semanage_bool_count_active; ++ semanage_bool_count_local; ++ semanage_bool_create; ++ semanage_bool_del_local; ++ semanage_bool_exists; ++ semanage_bool_exists_active; ++ semanage_bool_exists_local; ++ semanage_bool_free; ++ semanage_bool_get_name; ++ semanage_bool_get_value; ++ semanage_bool_iterate; ++ semanage_bool_iterate_active; ++ semanage_bool_iterate_local; ++ semanage_bool_key_create; ++ semanage_bool_key_extract; ++ semanage_bool_key_free; ++ semanage_bool_list; ++ semanage_bool_list_active; ++ semanage_bool_list_local; ++ semanage_bool_modify_local; ++ semanage_bool_query; ++ semanage_bool_query_active; ++ semanage_bool_query_local; ++ semanage_bool_set_active; ++ semanage_bool_set_name; ++ semanage_bool_set_value; ++ semanage_commit; ++ semanage_connect; ++ semanage_context_clone; ++ semanage_context_create; ++ semanage_context_free; ++ semanage_context_from_string; ++ semanage_context_get_mls; ++ semanage_context_get_role; ++ semanage_context_get_type; ++ semanage_context_get_user; ++ semanage_context_set_mls; ++ semanage_context_set_role; ++ semanage_context_set_type; ++ semanage_context_set_user; ++ semanage_context_to_string; ++ semanage_disconnect; ++ semanage_fcontext_clone; ++ semanage_fcontext_compare; ++ semanage_fcontext_compare2; ++ semanage_fcontext_count; ++ semanage_fcontext_count_local; ++ semanage_fcontext_create; ++ semanage_fcontext_del_local; ++ semanage_fcontext_exists; ++ semanage_fcontext_exists_local; ++ semanage_fcontext_free; ++ semanage_fcontext_get_con; ++ semanage_fcontext_get_expr; ++ semanage_fcontext_get_type; ++ semanage_fcontext_get_type_str; ++ semanage_fcontext_iterate; ++ semanage_fcontext_iterate_local; ++ semanage_fcontext_key_create; ++ semanage_fcontext_key_extract; ++ semanage_fcontext_key_free; ++ semanage_fcontext_list; ++ semanage_fcontext_list_homedirs; ++ semanage_fcontext_list_local; ++ semanage_fcontext_modify_local; ++ semanage_fcontext_query; ++ semanage_fcontext_query_local; ++ semanage_fcontext_set_con; ++ semanage_fcontext_set_expr; ++ semanage_fcontext_set_type; ++ semanage_get_default_priority; ++ semanage_get_disable_dontaudit; ++ semanage_get_hll_compiler_path; ++ semanage_get_ignore_module_cache; ++ semanage_get_preserve_tunables; ++ semanage_handle_create; ++ semanage_handle_destroy; ++ semanage_ibendport_clone; ++ semanage_ibendport_compare; ++ semanage_ibendport_compare2; ++ semanage_ibendport_count; ++ semanage_ibendport_count_local; ++ semanage_ibendport_create; ++ semanage_ibendport_del_local; ++ semanage_ibendport_exists; ++ semanage_ibendport_exists_local; ++ semanage_ibendport_free; ++ semanage_ibendport_get_con; ++ semanage_ibendport_get_ibdev_name; ++ semanage_ibendport_get_port; ++ semanage_ibendport_iterate; ++ semanage_ibendport_iterate_local; ++ semanage_ibendport_key_create; ++ semanage_ibendport_key_extract; ++ semanage_ibendport_key_free; ++ semanage_ibendport_list; ++ semanage_ibendport_list_local; ++ semanage_ibendport_modify_local; ++ semanage_ibendport_query; ++ semanage_ibendport_query_local; ++ semanage_ibendport_set_con; ++ semanage_ibendport_set_ibdev_name; ++ semanage_ibendport_set_port; ++ semanage_ibpkey_clone; ++ semanage_ibpkey_compare; ++ semanage_ibpkey_compare2; ++ semanage_ibpkey_count; ++ semanage_ibpkey_count_local; ++ semanage_ibpkey_create; ++ semanage_ibpkey_del_local; ++ semanage_ibpkey_exists; ++ semanage_ibpkey_exists_local; ++ semanage_ibpkey_free; ++ semanage_ibpkey_get_con; ++ semanage_ibpkey_get_high; ++ semanage_ibpkey_get_low; ++ semanage_ibpkey_get_subnet_prefix; ++ semanage_ibpkey_get_subnet_prefix_bytes; ++ semanage_ibpkey_iterate; ++ semanage_ibpkey_iterate_local; ++ semanage_ibpkey_key_create; ++ semanage_ibpkey_key_extract; ++ semanage_ibpkey_key_free; ++ semanage_ibpkey_list; ++ semanage_ibpkey_list_local; ++ semanage_ibpkey_modify_local; ++ semanage_ibpkey_query; ++ semanage_ibpkey_query_local; ++ semanage_ibpkey_set_con; ++ semanage_ibpkey_set_pkey; ++ semanage_ibpkey_set_range; ++ semanage_ibpkey_set_subnet_prefix; ++ semanage_ibpkey_set_subnet_prefix_bytes; ++ semanage_iface_clone; ++ semanage_iface_compare; ++ semanage_iface_compare2; ++ semanage_iface_count; ++ semanage_iface_count_local; ++ semanage_iface_create; ++ semanage_iface_del_local; ++ semanage_iface_exists; ++ semanage_iface_exists_local; ++ semanage_iface_free; ++ semanage_iface_get_ifcon; ++ semanage_iface_get_msgcon; ++ semanage_iface_get_name; ++ semanage_iface_iterate; ++ semanage_iface_iterate_local; ++ semanage_iface_key_create; ++ semanage_iface_key_extract; ++ semanage_iface_key_free; ++ semanage_iface_list; ++ semanage_iface_list_local; ++ semanage_iface_modify_local; ++ semanage_iface_query; ++ semanage_iface_query_local; ++ semanage_iface_set_ifcon; ++ semanage_iface_set_msgcon; ++ semanage_iface_set_name; ++ semanage_is_connected; ++ semanage_is_managed; ++ semanage_mls_enabled; ++ semanage_module_disable; ++ semanage_module_enable; ++ semanage_module_extract; ++ semanage_module_get_enabled; ++ semanage_module_get_module_info; ++ semanage_module_get_name; ++ semanage_module_get_version; ++ semanage_module_info_create; ++ semanage_module_info_datum_destroy; ++ semanage_module_info_destroy; ++ semanage_module_info_get_enabled; ++ semanage_module_info_get_lang_ext; ++ semanage_module_info_get_name; ++ semanage_module_info_get_priority; ++ semanage_module_info_set_enabled; ++ semanage_module_info_set_lang_ext; ++ semanage_module_info_set_name; ++ semanage_module_info_set_priority; ++ semanage_module_install; ++ semanage_module_install_base; ++ semanage_module_install_base_file; ++ semanage_module_install_file; ++ semanage_module_install_info; ++ semanage_module_key_create; ++ semanage_module_key_destroy; ++ semanage_module_key_get_name; ++ semanage_module_key_get_priority; ++ semanage_module_key_set_name; ++ semanage_module_key_set_priority; ++ semanage_module_list; ++ semanage_module_list_all; ++ semanage_module_list_nth; ++ semanage_module_remove; ++ semanage_module_remove_key; ++ semanage_module_set_enabled; ++ semanage_module_upgrade; ++ semanage_module_upgrade_file; ++ semanage_msg_get_channel; ++ semanage_msg_get_fname; ++ semanage_msg_get_level; ++ semanage_msg_set_callback; ++ semanage_node_clone; ++ semanage_node_compare; ++ semanage_node_compare2; ++ semanage_node_count; ++ semanage_node_count_local; ++ semanage_node_create; ++ semanage_node_del_local; ++ semanage_node_exists; ++ semanage_node_exists_local; ++ semanage_node_free; ++ semanage_node_get_addr; ++ semanage_node_get_addr_bytes; ++ semanage_node_get_con; ++ semanage_node_get_mask; ++ semanage_node_get_mask_bytes; ++ semanage_node_get_proto; ++ semanage_node_get_proto_str; ++ semanage_node_iterate; ++ semanage_node_iterate_local; ++ semanage_node_key_create; ++ semanage_node_key_extract; ++ semanage_node_key_free; ++ semanage_node_list; ++ semanage_node_list_local; ++ semanage_node_modify_local; ++ semanage_node_query; ++ semanage_node_query_local; ++ semanage_node_set_addr; ++ semanage_node_set_addr_bytes; ++ semanage_node_set_con; ++ semanage_node_set_mask; ++ semanage_node_set_mask_bytes; ++ semanage_node_set_proto; ++ semanage_port_clone; ++ semanage_port_compare; ++ semanage_port_compare2; ++ semanage_port_count; ++ semanage_port_count_local; ++ semanage_port_create; ++ semanage_port_del_local; ++ semanage_port_exists; ++ semanage_port_exists_local; ++ semanage_port_free; ++ semanage_port_get_con; ++ semanage_port_get_high; ++ semanage_port_get_low; ++ semanage_port_get_proto; ++ semanage_port_get_proto_str; ++ semanage_port_iterate; ++ semanage_port_iterate_local; ++ semanage_port_key_create; ++ semanage_port_key_extract; ++ semanage_port_key_free; ++ semanage_port_list; ++ semanage_port_list_local; ++ semanage_port_modify_local; ++ semanage_port_query; ++ semanage_port_query_local; ++ semanage_port_set_con; ++ semanage_port_set_port; ++ semanage_port_set_proto; ++ semanage_port_set_range; ++ semanage_reload_policy; ++ semanage_root; ++ semanage_select_store; ++ semanage_set_check_contexts; ++ semanage_set_create_store; ++ semanage_set_default_priority; ++ semanage_set_disable_dontaudit; ++ semanage_set_ignore_module_cache; ++ semanage_set_preserve_tunables; ++ semanage_set_rebuild; ++ semanage_set_reload; ++ semanage_set_root; ++ semanage_set_store_root; ++ semanage_seuser_clone; ++ semanage_seuser_compare; ++ semanage_seuser_compare2; ++ semanage_seuser_count; ++ semanage_seuser_count_local; ++ semanage_seuser_create; ++ semanage_seuser_del_local; ++ semanage_seuser_exists; ++ semanage_seuser_exists_local; ++ semanage_seuser_free; ++ semanage_seuser_get_mlsrange; ++ semanage_seuser_get_name; ++ semanage_seuser_get_sename; ++ semanage_seuser_iterate; ++ semanage_seuser_iterate_local; ++ semanage_seuser_key_create; ++ semanage_seuser_key_extract; ++ semanage_seuser_key_free; ++ semanage_seuser_list; ++ semanage_seuser_list_local; ++ semanage_seuser_modify_local; ++ semanage_seuser_query; ++ semanage_seuser_query_local; ++ semanage_seuser_set_mlsrange; ++ semanage_seuser_set_name; ++ semanage_seuser_set_sename; ++ semanage_user_add_role; ++ semanage_user_clone; ++ semanage_user_compare; ++ semanage_user_compare2; ++ semanage_user_count; ++ semanage_user_count_local; ++ semanage_user_create; ++ semanage_user_del_local; ++ semanage_user_del_role; ++ semanage_user_exists; ++ semanage_user_exists_local; ++ semanage_user_free; ++ semanage_user_get_mlslevel; ++ semanage_user_get_mlsrange; ++ semanage_user_get_name; ++ semanage_user_get_num_roles; ++ semanage_user_get_prefix; ++ semanage_user_get_roles; ++ semanage_user_has_role; ++ semanage_user_iterate; ++ semanage_user_iterate_local; ++ semanage_user_key_create; ++ semanage_user_key_extract; ++ semanage_user_key_free; ++ semanage_user_list; ++ semanage_user_list_local; ++ semanage_user_modify_local; ++ semanage_user_query; ++ semanage_user_query_local; ++ semanage_user_set_mlslevel; ++ semanage_user_set_mlsrange; ++ semanage_user_set_name; ++ semanage_user_set_prefix; ++ semanage_user_set_roles; + local: *; + }; + diff --git a/libsemanage.changes b/libsemanage.changes index fdc8608..36fce4c 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + ------------------------------------------------------------------- Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger diff --git a/libsemanage.spec b/libsemanage.spec index eabc72b..cb56a99 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -26,6 +26,8 @@ URL: https://github.com/SELinuxProject/selinux/wiki/Releases Source: https://github.com/SELinuxProject/selinux/releases/download/20191204/%{name}-%{version}.tar.gz Source1: baselibs.conf Source2: semanage.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +Patch0: libsemanage-update-map-file.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: fdupes @@ -90,14 +92,14 @@ stores must be migrated before any commands that modify or use the store %prep %setup -q +%patch0 -p2 # Replace /usr/libexec with whatever the distro defines as libexecdir - across all files grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" %build -%define _lto_cflags %{nil} make %{?_smp_mflags} clean -make -j1 CFLAGS="%{optflags}" CC="gcc" -make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all +make -j1 CFLAGS="%{optflags} -ffat-lto-objects" CC="gcc" +make -j1 CFLAGS="%{optflags} -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all %install mkdir -p %{buildroot}/%{_lib} diff --git a/python-semanage.changes b/python-semanage.changes index ab70035..892ba80 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + ------------------------------------------------------------------- Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger diff --git a/python-semanage.spec b/python-semanage.spec index 3f540f8..fac8297 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -26,6 +26,8 @@ Group: Development/Languages/Python URL: https://github.com/SELinuxProject/selinux Source: https://github.com/SELinuxProject/selinux/releases/download/20191204/libsemanage-%{version}.tar.gz Source1: baselibs.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +Patch0: libsemanage-update-map-file.patch BuildRequires: %{python_module devel} BuildRequires: audit-devel BuildRequires: bison @@ -46,11 +48,11 @@ SELinux policy management applications. %prep %setup -q -n libsemanage-%{version} +%patch0 -p2 # Replace /usr/libexec with whatever the distro defines as libexecdir - across all files grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" %build -%define _lto_cflags %{nil} make %{?_smp_mflags} clean %{python_expand # loop over possible pythons make -j1 PYTHON=$python CFLAGS="%{optflags}" swigify From 822e5bb994405dfa3e79f57693b231615e4b4deb49194f11cbccd718d75ca2f6 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Tue, 16 Jun 2020 09:26:34 +0000 Subject: [PATCH 2/5] Accepting request 814848 from home:jsegitz:branches:security:SELinux - Disabled LTO again. This breaks e.g. shadow and also other packages in security:SELinux - Disabled LTO again. This breaks e.g. shadow and also other packages in security:SELinux OBS-URL: https://build.opensuse.org/request/show/814848 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=83 --- libsemanage.changes | 6 ++++++ libsemanage.spec | 9 +++++---- python-semanage.changes | 6 ++++++ python-semanage.spec | 5 +++-- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/libsemanage.changes b/libsemanage.changes index 36fce4c..07afb42 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + ------------------------------------------------------------------- Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez diff --git a/libsemanage.spec b/libsemanage.spec index cb56a99..f736440 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -27,7 +27,8 @@ Source: https://github.com/SELinuxProject/selinux/releases/download/2019 Source1: baselibs.conf Source2: semanage.conf # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards -Patch0: libsemanage-update-map-file.patch +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +#Patch0: libsemanage-update-map-file.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: fdupes @@ -92,14 +93,14 @@ stores must be migrated before any commands that modify or use the store %prep %setup -q -%patch0 -p2 # Replace /usr/libexec with whatever the distro defines as libexecdir - across all files grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" %build +%define _lto_cflags %{nil} make %{?_smp_mflags} clean -make -j1 CFLAGS="%{optflags} -ffat-lto-objects" CC="gcc" -make -j1 CFLAGS="%{optflags} -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all +make -j1 CFLAGS="%{optflags}" CC="gcc" +make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all %install mkdir -p %{buildroot}/%{_lib} diff --git a/python-semanage.changes b/python-semanage.changes index 892ba80..f3fca2a 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + ------------------------------------------------------------------- Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez diff --git a/python-semanage.spec b/python-semanage.spec index fac8297..de3d649 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -27,7 +27,8 @@ URL: https://github.com/SELinuxProject/selinux Source: https://github.com/SELinuxProject/selinux/releases/download/20191204/libsemanage-%{version}.tar.gz Source1: baselibs.conf # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards -Patch0: libsemanage-update-map-file.patch +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +# Patch0: libsemanage-update-map-file.patch BuildRequires: %{python_module devel} BuildRequires: audit-devel BuildRequires: bison @@ -48,11 +49,11 @@ SELinux policy management applications. %prep %setup -q -n libsemanage-%{version} -%patch0 -p2 # Replace /usr/libexec with whatever the distro defines as libexecdir - across all files grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" %build +%define _lto_cflags %{nil} make %{?_smp_mflags} clean %{python_expand # loop over possible pythons make -j1 PYTHON=$python CFLAGS="%{optflags}" swigify From d11edeadfa6b30de15bfc83cbe7202ab961204da28a204b1c91c594e3cf36e71 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Tue, 14 Jul 2020 14:13:55 +0000 Subject: [PATCH 3/5] Accepting request 820920 from home:jsegitz:branches:security:SELinux - Update to version 3.1 * Improved manpage * fsync final files before rename - Update to version 3.1 * Improved manpage * fsync final files before rename OBS-URL: https://build.opensuse.org/request/show/820920 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=84 --- libsemanage-3.0.tar.gz | 3 --- libsemanage-3.1.tar.gz | 3 +++ libsemanage.changes | 7 +++++++ libsemanage.spec | 8 ++++---- python-semanage.changes | 7 +++++++ python-semanage.spec | 8 ++++---- 6 files changed, 25 insertions(+), 11 deletions(-) delete mode 100644 libsemanage-3.0.tar.gz create mode 100644 libsemanage-3.1.tar.gz diff --git a/libsemanage-3.0.tar.gz b/libsemanage-3.0.tar.gz deleted file mode 100644 index 74ba01e..0000000 --- a/libsemanage-3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a497b0720d54eac427f1f3f618eed417e50ed8f4e47ed0f7a1d391bd416e84cf -size 180745 diff --git a/libsemanage-3.1.tar.gz b/libsemanage-3.1.tar.gz new file mode 100644 index 0000000..005add5 --- /dev/null +++ b/libsemanage-3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8 +size 179601 diff --git a/libsemanage.changes b/libsemanage.changes index 07afb42..6c4a96d 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + ------------------------------------------------------------------- Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz diff --git a/libsemanage.spec b/libsemanage.spec index f736440..d1eb3c7 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -17,13 +17,13 @@ Name: libsemanage -Version: 3.0 +Version: 3.1 Release: 0 Summary: SELinux policy management library License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ URL: https://github.com/SELinuxProject/selinux/wiki/Releases -Source: https://github.com/SELinuxProject/selinux/releases/download/20191204/%{name}-%{version}.tar.gz +Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz Source1: baselibs.conf Source2: semanage.conf # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards @@ -99,8 +99,8 @@ grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" %build %define _lto_cflags %{nil} make %{?_smp_mflags} clean -make -j1 CFLAGS="%{optflags}" CC="gcc" -make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all +make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" CC="gcc" +make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all %install mkdir -p %{buildroot}/%{_lib} diff --git a/python-semanage.changes b/python-semanage.changes index f3fca2a..f3ee6dc 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + ------------------------------------------------------------------- Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz diff --git a/python-semanage.spec b/python-semanage.spec index de3d649..1914e5d 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -18,13 +18,13 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-semanage -Version: 3.0 +Version: 3.1 Release: 0 Summary: Python bindings for SELinux's policy management library License: LGPL-2.1-only Group: Development/Languages/Python URL: https://github.com/SELinuxProject/selinux -Source: https://github.com/SELinuxProject/selinux/releases/download/20191204/libsemanage-%{version}.tar.gz +Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-%{version}.tar.gz Source1: baselibs.conf # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards # For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux @@ -56,8 +56,8 @@ grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" %define _lto_cflags %{nil} make %{?_smp_mflags} clean %{python_expand # loop over possible pythons -make -j1 PYTHON=$python CFLAGS="%{optflags}" swigify -make -j1 PYTHON=$python CFLAGS="%{optflags}" \ +make -j1 PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" swigify +make -j1 PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" \ LIBDIR="%{_libdir}" \ LIBEXECDIR="%{_libexecdir}" \ SHLIBDIR="%{_lib}" \ From 65cc8a6923bada4b192c09164b4aa2383d45ec8d75fe9b81bc3b96012cad1b25 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Wed, 15 Jul 2020 08:23:27 +0000 Subject: [PATCH 4/5] Accepting request 821049 from home:jsegitz:branches:security:SELinux - Remove libsemanage-update-map-file.patch to prevent checkers from declining the submission. Keeping the snippet in the spec file in case we try to enable LTO again OBS-URL: https://build.opensuse.org/request/show/821049 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=85 --- libsemanage-update-map-file.patch | 409 ------------------------------ libsemanage.changes | 7 + 2 files changed, 7 insertions(+), 409 deletions(-) delete mode 100644 libsemanage-update-map-file.patch diff --git a/libsemanage-update-map-file.patch b/libsemanage-update-map-file.patch deleted file mode 100644 index a0460ea..0000000 --- a/libsemanage-update-map-file.patch +++ /dev/null @@ -1,409 +0,0 @@ -From 3fc08f8908571195dfaac7d3179504873f37b4c0 Mon Sep 17 00:00:00 2001 -From: William Roberts -Date: Mon, 23 Mar 2020 11:52:33 -0500 -Subject: [PATCH] libsemanage: update linker script - -With the old hidden_def and hidden_proto DSO infrastructure removed, -correctness of the map file becomes paramount, as it is what filters out -public API. Because of this, the wild cards should not be used, as it -lets some functions through that should not be made public API. Thus -remove the wild cards, and sort the list. - -Additionally, verify that nothing changed in external symbols as well: - -This was checked by generating an old export map (from master): -nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map - -Then creating a new one for this library after this patch is applied: -nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map - -And diffing them: -diff old.map new.map - -Acked-by: Stephen Smalley -Signed-off-by: William Roberts ---- - libsemanage/src/libsemanage.map | 372 +++++++++++++++++++++++++++++--- - 1 file changed, 345 insertions(+), 27 deletions(-) - -diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map -index 020366967..e1861ccbe 100644 ---- a/libsemanage/src/libsemanage.map -+++ b/libsemanage/src/libsemanage.map -@@ -1,31 +1,349 @@ - LIBSEMANAGE_1.0 { -- global: semanage_handle_create; semanage_handle_destroy; -- semanage_is_managed; semanage_connect; semanage_disconnect; -- semanage_msg_*; -- semanage_begin_transaction; semanage_commit; -- semanage_module_install; semanage_module_install_file; -- semanage_module_upgrade; semanage_module_upgrade_file; -- semanage_module_install_base; semanage_module_install_base_file; -- semanage_module_enable; -- semanage_module_disable; -- semanage_module_remove; -- semanage_module_list; semanage_module_info_datum_destroy; -- semanage_module_list_nth; semanage_module_get_name; -- semanage_module_get_version; semanage_select_store; -- semanage_module_get_enabled; -- semanage_reload_policy; semanage_set_reload; semanage_set_rebuild; -- semanage_set_root; -- semanage_root; -- semanage_user_*; semanage_bool_*; semanage_seuser_*; -- semanage_iface_*; semanage_port_*; semanage_context_*; -- semanage_ibpkey_*; -- semanage_ibendport_*; -- semanage_node_*; -- semanage_fcontext_*; semanage_access_check; semanage_set_create_store; -- semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit; -- semanage_mls_enabled; -- semanage_set_check_contexts; -- semanage_get_preserve_tunables; semanage_set_preserve_tunables; -+ global: -+ semanage_access_check; -+ semanage_begin_transaction; -+ semanage_bool_clone; -+ semanage_bool_compare; -+ semanage_bool_compare2; -+ semanage_bool_count; -+ semanage_bool_count_active; -+ semanage_bool_count_local; -+ semanage_bool_create; -+ semanage_bool_del_local; -+ semanage_bool_exists; -+ semanage_bool_exists_active; -+ semanage_bool_exists_local; -+ semanage_bool_free; -+ semanage_bool_get_name; -+ semanage_bool_get_value; -+ semanage_bool_iterate; -+ semanage_bool_iterate_active; -+ semanage_bool_iterate_local; -+ semanage_bool_key_create; -+ semanage_bool_key_extract; -+ semanage_bool_key_free; -+ semanage_bool_list; -+ semanage_bool_list_active; -+ semanage_bool_list_local; -+ semanage_bool_modify_local; -+ semanage_bool_query; -+ semanage_bool_query_active; -+ semanage_bool_query_local; -+ semanage_bool_set_active; -+ semanage_bool_set_name; -+ semanage_bool_set_value; -+ semanage_commit; -+ semanage_connect; -+ semanage_context_clone; -+ semanage_context_create; -+ semanage_context_free; -+ semanage_context_from_string; -+ semanage_context_get_mls; -+ semanage_context_get_role; -+ semanage_context_get_type; -+ semanage_context_get_user; -+ semanage_context_set_mls; -+ semanage_context_set_role; -+ semanage_context_set_type; -+ semanage_context_set_user; -+ semanage_context_to_string; -+ semanage_disconnect; -+ semanage_fcontext_clone; -+ semanage_fcontext_compare; -+ semanage_fcontext_compare2; -+ semanage_fcontext_count; -+ semanage_fcontext_count_local; -+ semanage_fcontext_create; -+ semanage_fcontext_del_local; -+ semanage_fcontext_exists; -+ semanage_fcontext_exists_local; -+ semanage_fcontext_free; -+ semanage_fcontext_get_con; -+ semanage_fcontext_get_expr; -+ semanage_fcontext_get_type; -+ semanage_fcontext_get_type_str; -+ semanage_fcontext_iterate; -+ semanage_fcontext_iterate_local; -+ semanage_fcontext_key_create; -+ semanage_fcontext_key_extract; -+ semanage_fcontext_key_free; -+ semanage_fcontext_list; -+ semanage_fcontext_list_homedirs; -+ semanage_fcontext_list_local; -+ semanage_fcontext_modify_local; -+ semanage_fcontext_query; -+ semanage_fcontext_query_local; -+ semanage_fcontext_set_con; -+ semanage_fcontext_set_expr; -+ semanage_fcontext_set_type; -+ semanage_get_default_priority; -+ semanage_get_disable_dontaudit; -+ semanage_get_hll_compiler_path; -+ semanage_get_ignore_module_cache; -+ semanage_get_preserve_tunables; -+ semanage_handle_create; -+ semanage_handle_destroy; -+ semanage_ibendport_clone; -+ semanage_ibendport_compare; -+ semanage_ibendport_compare2; -+ semanage_ibendport_count; -+ semanage_ibendport_count_local; -+ semanage_ibendport_create; -+ semanage_ibendport_del_local; -+ semanage_ibendport_exists; -+ semanage_ibendport_exists_local; -+ semanage_ibendport_free; -+ semanage_ibendport_get_con; -+ semanage_ibendport_get_ibdev_name; -+ semanage_ibendport_get_port; -+ semanage_ibendport_iterate; -+ semanage_ibendport_iterate_local; -+ semanage_ibendport_key_create; -+ semanage_ibendport_key_extract; -+ semanage_ibendport_key_free; -+ semanage_ibendport_list; -+ semanage_ibendport_list_local; -+ semanage_ibendport_modify_local; -+ semanage_ibendport_query; -+ semanage_ibendport_query_local; -+ semanage_ibendport_set_con; -+ semanage_ibendport_set_ibdev_name; -+ semanage_ibendport_set_port; -+ semanage_ibpkey_clone; -+ semanage_ibpkey_compare; -+ semanage_ibpkey_compare2; -+ semanage_ibpkey_count; -+ semanage_ibpkey_count_local; -+ semanage_ibpkey_create; -+ semanage_ibpkey_del_local; -+ semanage_ibpkey_exists; -+ semanage_ibpkey_exists_local; -+ semanage_ibpkey_free; -+ semanage_ibpkey_get_con; -+ semanage_ibpkey_get_high; -+ semanage_ibpkey_get_low; -+ semanage_ibpkey_get_subnet_prefix; -+ semanage_ibpkey_get_subnet_prefix_bytes; -+ semanage_ibpkey_iterate; -+ semanage_ibpkey_iterate_local; -+ semanage_ibpkey_key_create; -+ semanage_ibpkey_key_extract; -+ semanage_ibpkey_key_free; -+ semanage_ibpkey_list; -+ semanage_ibpkey_list_local; -+ semanage_ibpkey_modify_local; -+ semanage_ibpkey_query; -+ semanage_ibpkey_query_local; -+ semanage_ibpkey_set_con; -+ semanage_ibpkey_set_pkey; -+ semanage_ibpkey_set_range; -+ semanage_ibpkey_set_subnet_prefix; -+ semanage_ibpkey_set_subnet_prefix_bytes; -+ semanage_iface_clone; -+ semanage_iface_compare; -+ semanage_iface_compare2; -+ semanage_iface_count; -+ semanage_iface_count_local; -+ semanage_iface_create; -+ semanage_iface_del_local; -+ semanage_iface_exists; -+ semanage_iface_exists_local; -+ semanage_iface_free; -+ semanage_iface_get_ifcon; -+ semanage_iface_get_msgcon; -+ semanage_iface_get_name; -+ semanage_iface_iterate; -+ semanage_iface_iterate_local; -+ semanage_iface_key_create; -+ semanage_iface_key_extract; -+ semanage_iface_key_free; -+ semanage_iface_list; -+ semanage_iface_list_local; -+ semanage_iface_modify_local; -+ semanage_iface_query; -+ semanage_iface_query_local; -+ semanage_iface_set_ifcon; -+ semanage_iface_set_msgcon; -+ semanage_iface_set_name; -+ semanage_is_connected; -+ semanage_is_managed; -+ semanage_mls_enabled; -+ semanage_module_disable; -+ semanage_module_enable; -+ semanage_module_extract; -+ semanage_module_get_enabled; -+ semanage_module_get_module_info; -+ semanage_module_get_name; -+ semanage_module_get_version; -+ semanage_module_info_create; -+ semanage_module_info_datum_destroy; -+ semanage_module_info_destroy; -+ semanage_module_info_get_enabled; -+ semanage_module_info_get_lang_ext; -+ semanage_module_info_get_name; -+ semanage_module_info_get_priority; -+ semanage_module_info_set_enabled; -+ semanage_module_info_set_lang_ext; -+ semanage_module_info_set_name; -+ semanage_module_info_set_priority; -+ semanage_module_install; -+ semanage_module_install_base; -+ semanage_module_install_base_file; -+ semanage_module_install_file; -+ semanage_module_install_info; -+ semanage_module_key_create; -+ semanage_module_key_destroy; -+ semanage_module_key_get_name; -+ semanage_module_key_get_priority; -+ semanage_module_key_set_name; -+ semanage_module_key_set_priority; -+ semanage_module_list; -+ semanage_module_list_all; -+ semanage_module_list_nth; -+ semanage_module_remove; -+ semanage_module_remove_key; -+ semanage_module_set_enabled; -+ semanage_module_upgrade; -+ semanage_module_upgrade_file; -+ semanage_msg_get_channel; -+ semanage_msg_get_fname; -+ semanage_msg_get_level; -+ semanage_msg_set_callback; -+ semanage_node_clone; -+ semanage_node_compare; -+ semanage_node_compare2; -+ semanage_node_count; -+ semanage_node_count_local; -+ semanage_node_create; -+ semanage_node_del_local; -+ semanage_node_exists; -+ semanage_node_exists_local; -+ semanage_node_free; -+ semanage_node_get_addr; -+ semanage_node_get_addr_bytes; -+ semanage_node_get_con; -+ semanage_node_get_mask; -+ semanage_node_get_mask_bytes; -+ semanage_node_get_proto; -+ semanage_node_get_proto_str; -+ semanage_node_iterate; -+ semanage_node_iterate_local; -+ semanage_node_key_create; -+ semanage_node_key_extract; -+ semanage_node_key_free; -+ semanage_node_list; -+ semanage_node_list_local; -+ semanage_node_modify_local; -+ semanage_node_query; -+ semanage_node_query_local; -+ semanage_node_set_addr; -+ semanage_node_set_addr_bytes; -+ semanage_node_set_con; -+ semanage_node_set_mask; -+ semanage_node_set_mask_bytes; -+ semanage_node_set_proto; -+ semanage_port_clone; -+ semanage_port_compare; -+ semanage_port_compare2; -+ semanage_port_count; -+ semanage_port_count_local; -+ semanage_port_create; -+ semanage_port_del_local; -+ semanage_port_exists; -+ semanage_port_exists_local; -+ semanage_port_free; -+ semanage_port_get_con; -+ semanage_port_get_high; -+ semanage_port_get_low; -+ semanage_port_get_proto; -+ semanage_port_get_proto_str; -+ semanage_port_iterate; -+ semanage_port_iterate_local; -+ semanage_port_key_create; -+ semanage_port_key_extract; -+ semanage_port_key_free; -+ semanage_port_list; -+ semanage_port_list_local; -+ semanage_port_modify_local; -+ semanage_port_query; -+ semanage_port_query_local; -+ semanage_port_set_con; -+ semanage_port_set_port; -+ semanage_port_set_proto; -+ semanage_port_set_range; -+ semanage_reload_policy; -+ semanage_root; -+ semanage_select_store; -+ semanage_set_check_contexts; -+ semanage_set_create_store; -+ semanage_set_default_priority; -+ semanage_set_disable_dontaudit; -+ semanage_set_ignore_module_cache; -+ semanage_set_preserve_tunables; -+ semanage_set_rebuild; -+ semanage_set_reload; -+ semanage_set_root; -+ semanage_set_store_root; -+ semanage_seuser_clone; -+ semanage_seuser_compare; -+ semanage_seuser_compare2; -+ semanage_seuser_count; -+ semanage_seuser_count_local; -+ semanage_seuser_create; -+ semanage_seuser_del_local; -+ semanage_seuser_exists; -+ semanage_seuser_exists_local; -+ semanage_seuser_free; -+ semanage_seuser_get_mlsrange; -+ semanage_seuser_get_name; -+ semanage_seuser_get_sename; -+ semanage_seuser_iterate; -+ semanage_seuser_iterate_local; -+ semanage_seuser_key_create; -+ semanage_seuser_key_extract; -+ semanage_seuser_key_free; -+ semanage_seuser_list; -+ semanage_seuser_list_local; -+ semanage_seuser_modify_local; -+ semanage_seuser_query; -+ semanage_seuser_query_local; -+ semanage_seuser_set_mlsrange; -+ semanage_seuser_set_name; -+ semanage_seuser_set_sename; -+ semanage_user_add_role; -+ semanage_user_clone; -+ semanage_user_compare; -+ semanage_user_compare2; -+ semanage_user_count; -+ semanage_user_count_local; -+ semanage_user_create; -+ semanage_user_del_local; -+ semanage_user_del_role; -+ semanage_user_exists; -+ semanage_user_exists_local; -+ semanage_user_free; -+ semanage_user_get_mlslevel; -+ semanage_user_get_mlsrange; -+ semanage_user_get_name; -+ semanage_user_get_num_roles; -+ semanage_user_get_prefix; -+ semanage_user_get_roles; -+ semanage_user_has_role; -+ semanage_user_iterate; -+ semanage_user_iterate_local; -+ semanage_user_key_create; -+ semanage_user_key_extract; -+ semanage_user_key_free; -+ semanage_user_list; -+ semanage_user_list_local; -+ semanage_user_modify_local; -+ semanage_user_query; -+ semanage_user_query_local; -+ semanage_user_set_mlslevel; -+ semanage_user_set_mlsrange; -+ semanage_user_set_name; -+ semanage_user_set_prefix; -+ semanage_user_set_roles; - local: *; - }; - diff --git a/libsemanage.changes b/libsemanage.changes index 6c4a96d..5c5d9d0 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz + +- Remove libsemanage-update-map-file.patch to prevent checkers from declining + the submission. Keeping the snippet in the spec file in case we try to + enable LTO again + ------------------------------------------------------------------- Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz From b2a97b41e157ccc1c89a842eb0e8a458a228f4b20183eff787e96bda2a34b9da Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 30 Jul 2020 12:20:11 +0000 Subject: [PATCH 5/5] Accepting request 823542 from home:kukuk:selinux - Add /var/lib/selinux OBS-URL: https://build.opensuse.org/request/show/823542 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=86 --- libsemanage.changes | 5 +++++ libsemanage.spec | 2 ++ 2 files changed, 7 insertions(+) diff --git a/libsemanage.changes b/libsemanage.changes index 5c5d9d0..7000190 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk + +- Add /var/lib/selinux + ------------------------------------------------------------------- Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz diff --git a/libsemanage.spec b/libsemanage.spec index d1eb3c7..356289a 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -106,6 +106,7 @@ make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LI mkdir -p %{buildroot}/%{_lib} mkdir -p %{buildroot}%{_libdir} mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_localstatedir}/lib/selinux %make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}" ln -sf %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so cp %{SOURCE2} %{buildroot}%{_sysconfdir}/selinux/semanage.conf @@ -119,6 +120,7 @@ cp %{SOURCE2} %{buildroot}%{_sysconfdir}/selinux/semanage.conf %dir %{_sysconfdir}/selinux %config(noreplace) %{_sysconfdir}/selinux/semanage.conf %{_libdir}/libsemanage.so.* +%dir %{_localstatedir}/lib/selinux %files devel %{_libdir}/libsemanage.so