Accepting request 821049 from home:jsegitz:branches:security:SELinux
- Remove libsemanage-update-map-file.patch to prevent checkers from declining the submission. Keeping the snippet in the spec file in case we try to enable LTO again OBS-URL: https://build.opensuse.org/request/show/821049 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=85
This commit is contained in:
Johannes Segitz
Git OBS Bridge
parent
d11edeadfa
commit
65cc8a6923
@ -1,409 +0,0 @@
|
||||
From 3fc08f8908571195dfaac7d3179504873f37b4c0 Mon Sep 17 00:00:00 2001
|
||||
From: William Roberts <william.c.roberts@intel.com>
|
||||
Date: Mon, 23 Mar 2020 11:52:33 -0500
|
||||
Subject: [PATCH] libsemanage: update linker script
|
||||
|
||||
With the old hidden_def and hidden_proto DSO infrastructure removed,
|
||||
correctness of the map file becomes paramount, as it is what filters out
|
||||
public API. Because of this, the wild cards should not be used, as it
|
||||
lets some functions through that should not be made public API. Thus
|
||||
remove the wild cards, and sort the list.
|
||||
|
||||
Additionally, verify that nothing changed in external symbols as well:
|
||||
|
||||
This was checked by generating an old export map (from master):
|
||||
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map
|
||||
|
||||
Then creating a new one for this library after this patch is applied:
|
||||
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map
|
||||
|
||||
And diffing them:
|
||||
diff old.map new.map
|
||||
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
||||
---
|
||||
libsemanage/src/libsemanage.map | 372 +++++++++++++++++++++++++++++---
|
||||
1 file changed, 345 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
|
||||
index 020366967..e1861ccbe 100644
|
||||
--- a/libsemanage/src/libsemanage.map
|
||||
+++ b/libsemanage/src/libsemanage.map
|
||||
@@ -1,31 +1,349 @@
|
||||
LIBSEMANAGE_1.0 {
|
||||
- global: semanage_handle_create; semanage_handle_destroy;
|
||||
- semanage_is_managed; semanage_connect; semanage_disconnect;
|
||||
- semanage_msg_*;
|
||||
- semanage_begin_transaction; semanage_commit;
|
||||
- semanage_module_install; semanage_module_install_file;
|
||||
- semanage_module_upgrade; semanage_module_upgrade_file;
|
||||
- semanage_module_install_base; semanage_module_install_base_file;
|
||||
- semanage_module_enable;
|
||||
- semanage_module_disable;
|
||||
- semanage_module_remove;
|
||||
- semanage_module_list; semanage_module_info_datum_destroy;
|
||||
- semanage_module_list_nth; semanage_module_get_name;
|
||||
- semanage_module_get_version; semanage_select_store;
|
||||
- semanage_module_get_enabled;
|
||||
- semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
|
||||
- semanage_set_root;
|
||||
- semanage_root;
|
||||
- semanage_user_*; semanage_bool_*; semanage_seuser_*;
|
||||
- semanage_iface_*; semanage_port_*; semanage_context_*;
|
||||
- semanage_ibpkey_*;
|
||||
- semanage_ibendport_*;
|
||||
- semanage_node_*;
|
||||
- semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
|
||||
- semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit;
|
||||
- semanage_mls_enabled;
|
||||
- semanage_set_check_contexts;
|
||||
- semanage_get_preserve_tunables; semanage_set_preserve_tunables;
|
||||
+ global:
|
||||
+ semanage_access_check;
|
||||
+ semanage_begin_transaction;
|
||||
+ semanage_bool_clone;
|
||||
+ semanage_bool_compare;
|
||||
+ semanage_bool_compare2;
|
||||
+ semanage_bool_count;
|
||||
+ semanage_bool_count_active;
|
||||
+ semanage_bool_count_local;
|
||||
+ semanage_bool_create;
|
||||
+ semanage_bool_del_local;
|
||||
+ semanage_bool_exists;
|
||||
+ semanage_bool_exists_active;
|
||||
+ semanage_bool_exists_local;
|
||||
+ semanage_bool_free;
|
||||
+ semanage_bool_get_name;
|
||||
+ semanage_bool_get_value;
|
||||
+ semanage_bool_iterate;
|
||||
+ semanage_bool_iterate_active;
|
||||
+ semanage_bool_iterate_local;
|
||||
+ semanage_bool_key_create;
|
||||
+ semanage_bool_key_extract;
|
||||
+ semanage_bool_key_free;
|
||||
+ semanage_bool_list;
|
||||
+ semanage_bool_list_active;
|
||||
+ semanage_bool_list_local;
|
||||
+ semanage_bool_modify_local;
|
||||
+ semanage_bool_query;
|
||||
+ semanage_bool_query_active;
|
||||
+ semanage_bool_query_local;
|
||||
+ semanage_bool_set_active;
|
||||
+ semanage_bool_set_name;
|
||||
+ semanage_bool_set_value;
|
||||
+ semanage_commit;
|
||||
+ semanage_connect;
|
||||
+ semanage_context_clone;
|
||||
+ semanage_context_create;
|
||||
+ semanage_context_free;
|
||||
+ semanage_context_from_string;
|
||||
+ semanage_context_get_mls;
|
||||
+ semanage_context_get_role;
|
||||
+ semanage_context_get_type;
|
||||
+ semanage_context_get_user;
|
||||
+ semanage_context_set_mls;
|
||||
+ semanage_context_set_role;
|
||||
+ semanage_context_set_type;
|
||||
+ semanage_context_set_user;
|
||||
+ semanage_context_to_string;
|
||||
+ semanage_disconnect;
|
||||
+ semanage_fcontext_clone;
|
||||
+ semanage_fcontext_compare;
|
||||
+ semanage_fcontext_compare2;
|
||||
+ semanage_fcontext_count;
|
||||
+ semanage_fcontext_count_local;
|
||||
+ semanage_fcontext_create;
|
||||
+ semanage_fcontext_del_local;
|
||||
+ semanage_fcontext_exists;
|
||||
+ semanage_fcontext_exists_local;
|
||||
+ semanage_fcontext_free;
|
||||
+ semanage_fcontext_get_con;
|
||||
+ semanage_fcontext_get_expr;
|
||||
+ semanage_fcontext_get_type;
|
||||
+ semanage_fcontext_get_type_str;
|
||||
+ semanage_fcontext_iterate;
|
||||
+ semanage_fcontext_iterate_local;
|
||||
+ semanage_fcontext_key_create;
|
||||
+ semanage_fcontext_key_extract;
|
||||
+ semanage_fcontext_key_free;
|
||||
+ semanage_fcontext_list;
|
||||
+ semanage_fcontext_list_homedirs;
|
||||
+ semanage_fcontext_list_local;
|
||||
+ semanage_fcontext_modify_local;
|
||||
+ semanage_fcontext_query;
|
||||
+ semanage_fcontext_query_local;
|
||||
+ semanage_fcontext_set_con;
|
||||
+ semanage_fcontext_set_expr;
|
||||
+ semanage_fcontext_set_type;
|
||||
+ semanage_get_default_priority;
|
||||
+ semanage_get_disable_dontaudit;
|
||||
+ semanage_get_hll_compiler_path;
|
||||
+ semanage_get_ignore_module_cache;
|
||||
+ semanage_get_preserve_tunables;
|
||||
+ semanage_handle_create;
|
||||
+ semanage_handle_destroy;
|
||||
+ semanage_ibendport_clone;
|
||||
+ semanage_ibendport_compare;
|
||||
+ semanage_ibendport_compare2;
|
||||
+ semanage_ibendport_count;
|
||||
+ semanage_ibendport_count_local;
|
||||
+ semanage_ibendport_create;
|
||||
+ semanage_ibendport_del_local;
|
||||
+ semanage_ibendport_exists;
|
||||
+ semanage_ibendport_exists_local;
|
||||
+ semanage_ibendport_free;
|
||||
+ semanage_ibendport_get_con;
|
||||
+ semanage_ibendport_get_ibdev_name;
|
||||
+ semanage_ibendport_get_port;
|
||||
+ semanage_ibendport_iterate;
|
||||
+ semanage_ibendport_iterate_local;
|
||||
+ semanage_ibendport_key_create;
|
||||
+ semanage_ibendport_key_extract;
|
||||
+ semanage_ibendport_key_free;
|
||||
+ semanage_ibendport_list;
|
||||
+ semanage_ibendport_list_local;
|
||||
+ semanage_ibendport_modify_local;
|
||||
+ semanage_ibendport_query;
|
||||
+ semanage_ibendport_query_local;
|
||||
+ semanage_ibendport_set_con;
|
||||
+ semanage_ibendport_set_ibdev_name;
|
||||
+ semanage_ibendport_set_port;
|
||||
+ semanage_ibpkey_clone;
|
||||
+ semanage_ibpkey_compare;
|
||||
+ semanage_ibpkey_compare2;
|
||||
+ semanage_ibpkey_count;
|
||||
+ semanage_ibpkey_count_local;
|
||||
+ semanage_ibpkey_create;
|
||||
+ semanage_ibpkey_del_local;
|
||||
+ semanage_ibpkey_exists;
|
||||
+ semanage_ibpkey_exists_local;
|
||||
+ semanage_ibpkey_free;
|
||||
+ semanage_ibpkey_get_con;
|
||||
+ semanage_ibpkey_get_high;
|
||||
+ semanage_ibpkey_get_low;
|
||||
+ semanage_ibpkey_get_subnet_prefix;
|
||||
+ semanage_ibpkey_get_subnet_prefix_bytes;
|
||||
+ semanage_ibpkey_iterate;
|
||||
+ semanage_ibpkey_iterate_local;
|
||||
+ semanage_ibpkey_key_create;
|
||||
+ semanage_ibpkey_key_extract;
|
||||
+ semanage_ibpkey_key_free;
|
||||
+ semanage_ibpkey_list;
|
||||
+ semanage_ibpkey_list_local;
|
||||
+ semanage_ibpkey_modify_local;
|
||||
+ semanage_ibpkey_query;
|
||||
+ semanage_ibpkey_query_local;
|
||||
+ semanage_ibpkey_set_con;
|
||||
+ semanage_ibpkey_set_pkey;
|
||||
+ semanage_ibpkey_set_range;
|
||||
+ semanage_ibpkey_set_subnet_prefix;
|
||||
+ semanage_ibpkey_set_subnet_prefix_bytes;
|
||||
+ semanage_iface_clone;
|
||||
+ semanage_iface_compare;
|
||||
+ semanage_iface_compare2;
|
||||
+ semanage_iface_count;
|
||||
+ semanage_iface_count_local;
|
||||
+ semanage_iface_create;
|
||||
+ semanage_iface_del_local;
|
||||
+ semanage_iface_exists;
|
||||
+ semanage_iface_exists_local;
|
||||
+ semanage_iface_free;
|
||||
+ semanage_iface_get_ifcon;
|
||||
+ semanage_iface_get_msgcon;
|
||||
+ semanage_iface_get_name;
|
||||
+ semanage_iface_iterate;
|
||||
+ semanage_iface_iterate_local;
|
||||
+ semanage_iface_key_create;
|
||||
+ semanage_iface_key_extract;
|
||||
+ semanage_iface_key_free;
|
||||
+ semanage_iface_list;
|
||||
+ semanage_iface_list_local;
|
||||
+ semanage_iface_modify_local;
|
||||
+ semanage_iface_query;
|
||||
+ semanage_iface_query_local;
|
||||
+ semanage_iface_set_ifcon;
|
||||
+ semanage_iface_set_msgcon;
|
||||
+ semanage_iface_set_name;
|
||||
+ semanage_is_connected;
|
||||
+ semanage_is_managed;
|
||||
+ semanage_mls_enabled;
|
||||
+ semanage_module_disable;
|
||||
+ semanage_module_enable;
|
||||
+ semanage_module_extract;
|
||||
+ semanage_module_get_enabled;
|
||||
+ semanage_module_get_module_info;
|
||||
+ semanage_module_get_name;
|
||||
+ semanage_module_get_version;
|
||||
+ semanage_module_info_create;
|
||||
+ semanage_module_info_datum_destroy;
|
||||
+ semanage_module_info_destroy;
|
||||
+ semanage_module_info_get_enabled;
|
||||
+ semanage_module_info_get_lang_ext;
|
||||
+ semanage_module_info_get_name;
|
||||
+ semanage_module_info_get_priority;
|
||||
+ semanage_module_info_set_enabled;
|
||||
+ semanage_module_info_set_lang_ext;
|
||||
+ semanage_module_info_set_name;
|
||||
+ semanage_module_info_set_priority;
|
||||
+ semanage_module_install;
|
||||
+ semanage_module_install_base;
|
||||
+ semanage_module_install_base_file;
|
||||
+ semanage_module_install_file;
|
||||
+ semanage_module_install_info;
|
||||
+ semanage_module_key_create;
|
||||
+ semanage_module_key_destroy;
|
||||
+ semanage_module_key_get_name;
|
||||
+ semanage_module_key_get_priority;
|
||||
+ semanage_module_key_set_name;
|
||||
+ semanage_module_key_set_priority;
|
||||
+ semanage_module_list;
|
||||
+ semanage_module_list_all;
|
||||
+ semanage_module_list_nth;
|
||||
+ semanage_module_remove;
|
||||
+ semanage_module_remove_key;
|
||||
+ semanage_module_set_enabled;
|
||||
+ semanage_module_upgrade;
|
||||
+ semanage_module_upgrade_file;
|
||||
+ semanage_msg_get_channel;
|
||||
+ semanage_msg_get_fname;
|
||||
+ semanage_msg_get_level;
|
||||
+ semanage_msg_set_callback;
|
||||
+ semanage_node_clone;
|
||||
+ semanage_node_compare;
|
||||
+ semanage_node_compare2;
|
||||
+ semanage_node_count;
|
||||
+ semanage_node_count_local;
|
||||
+ semanage_node_create;
|
||||
+ semanage_node_del_local;
|
||||
+ semanage_node_exists;
|
||||
+ semanage_node_exists_local;
|
||||
+ semanage_node_free;
|
||||
+ semanage_node_get_addr;
|
||||
+ semanage_node_get_addr_bytes;
|
||||
+ semanage_node_get_con;
|
||||
+ semanage_node_get_mask;
|
||||
+ semanage_node_get_mask_bytes;
|
||||
+ semanage_node_get_proto;
|
||||
+ semanage_node_get_proto_str;
|
||||
+ semanage_node_iterate;
|
||||
+ semanage_node_iterate_local;
|
||||
+ semanage_node_key_create;
|
||||
+ semanage_node_key_extract;
|
||||
+ semanage_node_key_free;
|
||||
+ semanage_node_list;
|
||||
+ semanage_node_list_local;
|
||||
+ semanage_node_modify_local;
|
||||
+ semanage_node_query;
|
||||
+ semanage_node_query_local;
|
||||
+ semanage_node_set_addr;
|
||||
+ semanage_node_set_addr_bytes;
|
||||
+ semanage_node_set_con;
|
||||
+ semanage_node_set_mask;
|
||||
+ semanage_node_set_mask_bytes;
|
||||
+ semanage_node_set_proto;
|
||||
+ semanage_port_clone;
|
||||
+ semanage_port_compare;
|
||||
+ semanage_port_compare2;
|
||||
+ semanage_port_count;
|
||||
+ semanage_port_count_local;
|
||||
+ semanage_port_create;
|
||||
+ semanage_port_del_local;
|
||||
+ semanage_port_exists;
|
||||
+ semanage_port_exists_local;
|
||||
+ semanage_port_free;
|
||||
+ semanage_port_get_con;
|
||||
+ semanage_port_get_high;
|
||||
+ semanage_port_get_low;
|
||||
+ semanage_port_get_proto;
|
||||
+ semanage_port_get_proto_str;
|
||||
+ semanage_port_iterate;
|
||||
+ semanage_port_iterate_local;
|
||||
+ semanage_port_key_create;
|
||||
+ semanage_port_key_extract;
|
||||
+ semanage_port_key_free;
|
||||
+ semanage_port_list;
|
||||
+ semanage_port_list_local;
|
||||
+ semanage_port_modify_local;
|
||||
+ semanage_port_query;
|
||||
+ semanage_port_query_local;
|
||||
+ semanage_port_set_con;
|
||||
+ semanage_port_set_port;
|
||||
+ semanage_port_set_proto;
|
||||
+ semanage_port_set_range;
|
||||
+ semanage_reload_policy;
|
||||
+ semanage_root;
|
||||
+ semanage_select_store;
|
||||
+ semanage_set_check_contexts;
|
||||
+ semanage_set_create_store;
|
||||
+ semanage_set_default_priority;
|
||||
+ semanage_set_disable_dontaudit;
|
||||
+ semanage_set_ignore_module_cache;
|
||||
+ semanage_set_preserve_tunables;
|
||||
+ semanage_set_rebuild;
|
||||
+ semanage_set_reload;
|
||||
+ semanage_set_root;
|
||||
+ semanage_set_store_root;
|
||||
+ semanage_seuser_clone;
|
||||
+ semanage_seuser_compare;
|
||||
+ semanage_seuser_compare2;
|
||||
+ semanage_seuser_count;
|
||||
+ semanage_seuser_count_local;
|
||||
+ semanage_seuser_create;
|
||||
+ semanage_seuser_del_local;
|
||||
+ semanage_seuser_exists;
|
||||
+ semanage_seuser_exists_local;
|
||||
+ semanage_seuser_free;
|
||||
+ semanage_seuser_get_mlsrange;
|
||||
+ semanage_seuser_get_name;
|
||||
+ semanage_seuser_get_sename;
|
||||
+ semanage_seuser_iterate;
|
||||
+ semanage_seuser_iterate_local;
|
||||
+ semanage_seuser_key_create;
|
||||
+ semanage_seuser_key_extract;
|
||||
+ semanage_seuser_key_free;
|
||||
+ semanage_seuser_list;
|
||||
+ semanage_seuser_list_local;
|
||||
+ semanage_seuser_modify_local;
|
||||
+ semanage_seuser_query;
|
||||
+ semanage_seuser_query_local;
|
||||
+ semanage_seuser_set_mlsrange;
|
||||
+ semanage_seuser_set_name;
|
||||
+ semanage_seuser_set_sename;
|
||||
+ semanage_user_add_role;
|
||||
+ semanage_user_clone;
|
||||
+ semanage_user_compare;
|
||||
+ semanage_user_compare2;
|
||||
+ semanage_user_count;
|
||||
+ semanage_user_count_local;
|
||||
+ semanage_user_create;
|
||||
+ semanage_user_del_local;
|
||||
+ semanage_user_del_role;
|
||||
+ semanage_user_exists;
|
||||
+ semanage_user_exists_local;
|
||||
+ semanage_user_free;
|
||||
+ semanage_user_get_mlslevel;
|
||||
+ semanage_user_get_mlsrange;
|
||||
+ semanage_user_get_name;
|
||||
+ semanage_user_get_num_roles;
|
||||
+ semanage_user_get_prefix;
|
||||
+ semanage_user_get_roles;
|
||||
+ semanage_user_has_role;
|
||||
+ semanage_user_iterate;
|
||||
+ semanage_user_iterate_local;
|
||||
+ semanage_user_key_create;
|
||||
+ semanage_user_key_extract;
|
||||
+ semanage_user_key_free;
|
||||
+ semanage_user_list;
|
||||
+ semanage_user_list_local;
|
||||
+ semanage_user_modify_local;
|
||||
+ semanage_user_query;
|
||||
+ semanage_user_query_local;
|
||||
+ semanage_user_set_mlslevel;
|
||||
+ semanage_user_set_mlsrange;
|
||||
+ semanage_user_set_name;
|
||||
+ semanage_user_set_prefix;
|
||||
+ semanage_user_set_roles;
|
||||
local: *;
|
||||
};
|
||||
|
||||
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Remove libsemanage-update-map-file.patch to prevent checkers from declining
|
||||
the submission. Keeping the snippet in the spec file in case we try to
|
||||
enable LTO again
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user