diff --git a/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch b/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch new file mode 100644 index 0000000..57b31bd --- /dev/null +++ b/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch @@ -0,0 +1,28 @@ +From 252b7c8bf311d615164a20f4f402767e5859d972 Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Tue, 20 Sep 2011 15:40:28 -0400 +Subject: [PATCH 3/6] Since-we-do-not-ship-neverallow-rules-all-always-fail + +--- + libqpol/src/avrule_query.c | 5 +++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c +index 749565b..76dcaa3 100644 +--- a/libqpol/src/avrule_query.c ++++ b/libqpol/src/avrule_query.c +@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type + + if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { + ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); +- errno = ENOTSUP; +- return STATUS_ERR; ++/* errno = ENOTSUP; ++ return STATUS_ERR; */ ++ return STATUS_SUCCESS; + } + + db = &policy->p->p; +-- +1.7.6.2 + diff --git a/setools.changes b/setools.changes index 23b5a23..917420a 100644 --- a/setools.changes +++ b/setools.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Oct 11 15:36:20 UTC 2013 - vcizek@suse.com + +- don't fail if there are no never-allow rules in the policy +- remove dangling symlink /usr/bin/seaudit (bnc#812285) + * added 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch + ------------------------------------------------------------------- Fri Sep 13 09:16:43 UTC 2013 - pgajdos@suse.com diff --git a/setools.spec b/setools.spec index dc3cded..7f874b8 100644 --- a/setools.spec +++ b/setools.spec @@ -39,6 +39,7 @@ Patch7: %{name}-swig-2x.patch Patch8: %{name}-swig-2.0.7.patch Patch9: %{name}-am121.patch Patch10: %{name}-3.3.6-libsepol.patch +Patch11: 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch Patch15: 0006-Changes-to-support-named-file_trans-rules.patch Patch16: 0007-Remove-unused-variables.patch Patch23: add-to-header-define_cond_filename_trans.patch @@ -232,6 +233,7 @@ This package includes the following graphical tools: %patch8 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %patch15 -p1 %patch16 -p1 %patch23 -p1 @@ -276,7 +278,6 @@ chmod 0755 $RPM_BUILD_ROOT%{_libdir}/*.so.* chmod 0755 $RPM_BUILD_ROOT%{_libdir}/%{name}/*/*.so.* # chmod 0755 $RPM_BUILD_ROOT%{py_sitedir}/*.so.* chmod 0755 $RPM_BUILD_ROOT%{_bindir}/* -ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/seaudit chmod 0755 $RPM_BUILD_ROOT%{_sbindir}/* chmod 0755 $RPM_BUILD_ROOT%{setoolsdir}/seaudit-report-service chmod 0644 $RPM_BUILD_ROOT%{tcllibdir}/*/pkgIndex.tcl @@ -359,7 +360,6 @@ rm -rf $RPM_BUILD_ROOT %files gui %defattr(-,root,root,-) -%{_bindir}/seaudit %{_bindir}/sediffx %{_bindir}/apol %dir %{tcllibdir}