Accepting request 203215 from security:SELinux

- don't fail if there are no never-allow rules in the policy - remove dangling symlink /usr/bin/seaudit (bnc#812285) * added 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch (forwarded request 203214 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/203215 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/setools?expand=0&rev=23
2013-10-14 20:05:48 +00:00 · 2013-10-14 20:05:48 +00:00 · ff13719bc1
commit ff13719bc1
parent d4d303bba7 0b2c1c28dc
3 changed files with 37 additions and 2 deletions
--- a/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
+++ b/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
@ -0,0 +1,28 @@
+From 252b7c8bf311d615164a20f4f402767e5859d972 Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Tue, 20 Sep 2011 15:40:28 -0400
+Subject: [PATCH 3/6] Since-we-do-not-ship-neverallow-rules-all-always-fail
+
+---
+ libqpol/src/avrule_query.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
+index 749565b..76dcaa3 100644
+--- a/libqpol/src/avrule_query.c
+++ b/libqpol/src/avrule_query.c
+@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
+ 
+ 	if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
+ 		ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
+-		errno = ENOTSUP;
+-		return STATUS_ERR;
+/*		errno = ENOTSUP;
+		return STATUS_ERR; */
+		return STATUS_SUCCESS;
+ 	}
+ 
+ 	db = &policy->p->p;
+-- 
+1.7.6.2
+
--- a/setools.changes
+++ b/setools.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Oct 11 15:36:20 UTC 2013 - vcizek@suse.com
+
+- don't fail if there are no never-allow rules in the policy
+- remove dangling symlink /usr/bin/seaudit (bnc#812285)
+  * added 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
+
 -------------------------------------------------------------------
 Fri Sep 13 09:16:43 UTC 2013 - pgajdos@suse.com

--- a/setools.spec
+++ b/setools.spec
@ -39,6 +39,7 @@ Patch7:         %{name}-swig-2x.patch
 Patch8:         %{name}-swig-2.0.7.patch
 Patch9:         %{name}-am121.patch
 Patch10:        %{name}-3.3.6-libsepol.patch
+Patch11:        0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
 Patch15:        0006-Changes-to-support-named-file_trans-rules.patch
 Patch16:        0007-Remove-unused-variables.patch
 Patch23:        add-to-header-define_cond_filename_trans.patch
@ -232,6 +233,7 @@ This package includes the following graphical tools:
 %patch8
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %patch15 -p1
 %patch16 -p1
 %patch23 -p1
@ -276,7 +278,6 @@ chmod 0755 $RPM_BUILD_ROOT%{_libdir}/*.so.*
 chmod 0755 $RPM_BUILD_ROOT%{_libdir}/%{name}/*/*.so.*
 # chmod 0755 $RPM_BUILD_ROOT%{py_sitedir}/*.so.*
 chmod 0755 $RPM_BUILD_ROOT%{_bindir}/*
-ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/seaudit
 chmod 0755 $RPM_BUILD_ROOT%{_sbindir}/*
 chmod 0755 $RPM_BUILD_ROOT%{setoolsdir}/seaudit-report-service
 chmod 0644 $RPM_BUILD_ROOT%{tcllibdir}/*/pkgIndex.tcl
@ -359,7 +360,6 @@ rm -rf $RPM_BUILD_ROOT

 %files gui
 %defattr(-,root,root,-)
-%{_bindir}/seaudit
 %{_bindir}/sediffx
 %{_bindir}/apol
 %dir %{tcllibdir}