diff --git a/fedora-policy.20200910.tar.bz2 b/fedora-policy.20200910.tar.bz2 deleted file mode 100644 index 6a48fb8..0000000 --- a/fedora-policy.20200910.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7e8acb185a5abf179037ca0531d312d327df52c0b201128e84d22afe730c8b96 -size 738509 diff --git a/fedora-policy.20201016.tar.bz2 b/fedora-policy.20201016.tar.bz2 new file mode 100644 index 0000000..87f1b9d --- /dev/null +++ b/fedora-policy.20201016.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3ff25d1c2affe7d2361d8f00f32ff95d5114439051fa596373ddc4a43a8119eb +size 716245 diff --git a/selinux-policy.changes b/selinux-policy.changes index 4424e20..98c3788 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Oct 16 08:50:06 UTC 2020 - Thorsten Kukuk + +- Update to version 20201016 +- Use python3 to build (fc_sort.c was replaced by fc_sort.py which + uses python3) +- Drop SELINUX=disabled, "selinux=0" kernel commandline option has + to be used instead. New default is "permissive" [bsc#1176923]. + ------------------------------------------------------------------- Tue Sep 10 07:16:50 UTC 2020 - Johannes Segitz diff --git a/selinux-policy.spec b/selinux-policy.spec index 1940dce..9d70bba 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,7 +1,7 @@ # # spec file for package selinux-policy # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,9 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + # There are almost no SUSE specific modifications available in the policy, so we utilize the # ones used by redhat and include also the SUSE specific ones (see sed statement below) %define distro redhat @@ -32,7 +33,7 @@ Summary: SELinux policy configuration License: GPL-2.0-or-later Group: System/Management Name: selinux-policy -Version: 20200910 +Version: 20201016 Release: 0 Source: fedora-policy.%{version}.tar.bz2 Source1: selinux-policy-rpmlintrc @@ -87,10 +88,10 @@ Patch003: fix_gift.patch Patch004: fix_java.patch Patch005: fix_hadoop.patch Patch006: fix_thunderbird.patch -Patch007: fix_postfix.patch -Patch008: fix_nscd.patch -Patch009: fix_sysnetwork.patch -Patch010: fix_logging.patch +Patch007: fix_postfix.patch +Patch008: fix_nscd.patch +Patch009: fix_sysnetwork.patch +Patch010: fix_logging.patch Patch011: fix_xserver.patch Patch012: fix_miscfiles.patch Patch013: fix_init.patch @@ -129,9 +130,9 @@ Patch047: fix_rpm.patch Patch048: fix_apache.patch Patch049: fix_nis.patch -Patch100: sedoctool.patch +Patch100: sedoctool.patch -Url: https://github.com/fedora-selinux/selinux-policy.git +URL: https://github.com/fedora-selinux/selinux-policy.git BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch BuildRequires: checkpolicy @@ -139,8 +140,9 @@ BuildRequires: gawk BuildRequires: libxml2-tools BuildRequires: m4 BuildRequires: policycoreutils -BuildRequires: python3-policycoreutils BuildRequires: policycoreutils-devel +BuildRequires: python3 +BuildRequires: python3-policycoreutils # we need selinuxenabled Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): pam-config @@ -354,7 +356,8 @@ creating other policies. %{_rpmconfigdir}/macros.d/macros.selinux-policy %package sandbox -Summary: SELinux policy sandbox +Summary: SELinux policy sandbox +Group: System/Management Requires(pre): selinux-policy-targeted = %{version}-%{release} %description sandbox @@ -455,7 +458,6 @@ mkdir -p %{buildroot}%{_sharedstatedir}/selinux/{targeted,mls,minimum,modules}/ mkdir -p %{buildroot}%{_datadir}/selinux/packages - mkdir selinux_config for i in %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE30} %{SOURCE31} %{SOURCE32} %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE50} %{SOURCE51} %{SOURCE52} %{SOURCE91} %{SOURCE92} %{SOURCE94};do cp $i selinux_config @@ -522,11 +524,13 @@ if [ ! -s %{_sysconfdir}/selinux/config ]; then else echo " # This file controls the state of SELinux on the system. +# SELinux can be completly disabled with the \"selinux=0\" kernel +# commandline option. +# # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=disabled +SELINUX=permissive # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. @@ -553,9 +557,7 @@ if [ $1 -eq 0 ]; then \ if [ "$SELINUXTYPE" = "$2" ]; then \ %{_sbindir}/setenforce 0 2> /dev/null \ if [ -s %{_sysconfdir}/selinux/config ]; then \ - sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config \ - else \ - echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config \ + sed -i 's/^SELINUX=.*/SELINUX=permissive/g' %{_sysconfdir}/selinux/config \ fi \ fi \ pam-config -d --selinux \ @@ -565,15 +567,12 @@ exit 0 %postun if [ $1 = 0 ]; then %{_sbindir}/setenforce 0 2> /dev/null - if [ ! -s %{_sysconfdir}/selinux/config ]; then - echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config - else - sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config + if [ -s %{_sysconfdir}/selinux/config ]; then + sed -i 's/^SELINUX=.*/SELINUX=permissive/g' %{_sysconfdir}/selinux/config fi fi exit 0 - %package devel Summary: SELinux policy devel Group: System/Management @@ -651,7 +650,6 @@ Requires(pre): /usr/bin/awk Requires(pre): selinux-policy = %{version}-%{release} Requires: selinux-policy = %{version}-%{release} - %description minimum SELinux Reference policy minimum base module.