forked from pool/checkpolicy
Accepting request 1184291 from home:cahu:security:SELinux:userspace37
- Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * checkpolicy: support CIDR notation for nodecon statements * checkpolicy: provide more descriptive error messages and improve error handling * Bugfixes: * checkpolicy: handle unprintable token * checkpolicy: avoid assigning garbage values * checkpolicy: free temporary bounds type * checkpolicy: perform contiguous check in host byte order * checkpolicy: include <ctype.h> for isprint(3) * oss-fuzz fixes: * checkpolicy: add libfuzz based fuzzer * checkpolicy: free complete role_allow_rule on error * checkpolicy: free identifiers on invalid typebounds * checkpolicy: return YYerror on invalid character * checkpolicy: clone level only once OBS-URL: https://build.opensuse.org/request/show/1184291 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=65
This commit is contained in:
commit
732ba6f16b
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
3
checkpolicy-3.6.tar.gz
Normal file
3
checkpolicy-3.6.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1b346b3cdd4f8a78a157627bad64a3b3479c67b6a19d15e6d5c8694620eadbc1
|
||||
size 70684
|
16
checkpolicy-3.6.tar.gz.asc
Normal file
16
checkpolicy-3.6.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF
|
||||
CNE7jw/8Dg9K9Ie2j/zXEAW7khQLjQe5skNoX4pOWO31AzRK675b0z8/Lx3UMU3I
|
||||
q/CSKLSrcblgsJxbDkp4KB/YzUo2IaBuJp8IqXye5DEPqUNnkOmg6/7KytU1nmn6
|
||||
lA7nUm2XgaBuTtC6zi2rdb2qR0Pobja2rLx4gIP4yp7HPiq1leUy5dYhHCF7NT6W
|
||||
AzhafOipDMClBd/yMOKS1PSnDrm//xXyg36RxJNX7xtlhfeRlR+lYegRMutVEnJW
|
||||
KKx1pXVcdZWU53enLc5UJBohkkzA738AnwhpqPSuL3SiHI55v7GYz6KrrRZs0tke
|
||||
mrQTa7GW7R5IGddz3nzc/GGzSTz1VGiloFTsZvMDKJaZIe/x46ZtPTbu44/caGQI
|
||||
3Oc0tDQbGHgweCbVe0jeWmZZi6sJvgDwQa66RmjIbOPUDv+5cXbQbwLEzCAMqpxe
|
||||
RFbjA35LSahAWHGdzQoewwmec4REX7z1Amyz0XJhLbG2xFWsjIl3xom/YV+ZxYat
|
||||
KWJ8IH1ygW7mPFQx9JUJN8HpiKThHwsVvMiCvEcuz5pS3kXhj6qrL4Rhxebq7W7R
|
||||
UCVACKka9g4ukpaGH1MUty4h3Q9TfEehwn20oFa5b93FdYZF9LhKdN23H/0kUpi7
|
||||
MeBbAXK6z8p8nFgSbrA7cQ6Nf0uBGJ8qeBRj6N9FdylbdN3VxW4=
|
||||
=vakU
|
||||
-----END PGP SIGNATURE-----
|
3
checkpolicy-3.7.tar.gz
Normal file
3
checkpolicy-3.7.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:fd3e1925477d49946d1116938661af44c1f86f0d681466fd9f02eaa06002a07f
|
||||
size 74992
|
16
checkpolicy-3.7.tar.gz.asc
Normal file
16
checkpolicy-3.7.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NdQACgkQRpWIHCVF
|
||||
CNFu8A//aEuByelb5YAXlrIOe1OFlZ1xzATJjan6wQyoX22GQvcb50C00/FoSicH
|
||||
UDxvJ1k+oam9VdBISBxssvnftzhohwJyNn/r5br7KlBUA16GQxokftdddfU4aC9e
|
||||
mIdy6ZUja7VO3zWXDFDoZyL0IpbjgrftOG3EHxF+rMfeoznW9g1enCEb7oWqZXCL
|
||||
5gLhyI05FmI7ySOxqBhvU9oAVgSrU32UFDbgXZkKu2lkOSUPtxhTIzS/8vtIsiNy
|
||||
ihS5LGS1VpyPdG3EWSr44d4sR4z3UM4QitRizG4lQVHluJDxS4lpivZlVSXHm87M
|
||||
T8FvMIo7pJ5NQhmRMBZw1895ganyaGSuzSa8b05xtVfzg2lVkYPrCw1rzrDoxetF
|
||||
2tWTijYfxDyhkvniACjNpfscayUe00IuCCceaoqLqi/BpeSaqdGh04prfCpmwYhA
|
||||
umVtYLJrjddi9KyrBlNIVad22TiuxjqFg9J0Up8J+4GleCFG/GNjSKFlaYazJJF0
|
||||
Hz4MJwDUbdWfY9WReyFEfMEvr7nCKcFCuU5Dv3GGFgE2oPAh2KasRg04OU56DIZl
|
||||
ih4Fr1+qwDAztT0dmui/5FO4RvkCd1CecnUyzLpmzSAPduBxur41+0ym8QQ+qAup
|
||||
utO3hg07MI8MN8pBuekL3g+3EkeA5RI7EZu569Z99vBSdi3XPGs=
|
||||
=QR49
|
||||
-----END PGP SIGNATURE-----
|
BIN
checkpolicy-tests.tar.gz
(Stored with Git LFS)
Normal file
BIN
checkpolicy-tests.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
289
checkpolicy.changes
Normal file
289
checkpolicy.changes
Normal file
@ -0,0 +1,289 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 1 07:45:50 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
|
||||
|
||||
- Update to version 3.7
|
||||
https://github.com/SELinuxProject/selinux/releases/tag/3.7
|
||||
* User-visible changes:
|
||||
* checkpolicy: support CIDR notation for nodecon statements
|
||||
* checkpolicy: provide more descriptive error messages and improve error handling
|
||||
* Bugfixes:
|
||||
* checkpolicy: handle unprintable token
|
||||
* checkpolicy: avoid assigning garbage values
|
||||
* checkpolicy: free temporary bounds type
|
||||
* checkpolicy: perform contiguous check in host byte order
|
||||
* checkpolicy: include <ctype.h> for isprint(3)
|
||||
* oss-fuzz fixes:
|
||||
* checkpolicy: add libfuzz based fuzzer
|
||||
* checkpolicy: free complete role_allow_rule on error
|
||||
* checkpolicy: free identifiers on invalid typebounds
|
||||
* checkpolicy: return YYerror on invalid character
|
||||
* checkpolicy: clone level only once
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 19 10:43:51 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
|
||||
|
||||
- Update to version 3.6
|
||||
https://github.com/SELinuxProject/selinux/releases/tag/3.6
|
||||
* checkpolicy: Add the command line argument -N, --disable-neverallow
|
||||
* dispol: add option to display users, drop duplicate option to display booleans,
|
||||
show number of entries before listing them
|
||||
* dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
|
||||
* dispol: add options: --actions ACTIONS, --help
|
||||
* dismod: add options: --actions ACTIONS, --help
|
||||
* Add notself support for neverallow rules
|
||||
* Improve man pages
|
||||
* man pages: Remove the Russian translations
|
||||
* Add notself and other support to CIL
|
||||
* Add support for deny rules
|
||||
* Translations updated from
|
||||
https://translate.fedoraproject.org/projects/selinux/
|
||||
* Bug fixes
|
||||
- Remove keys from keyring since they expired:
|
||||
- E853C1848B0185CF42864DF363A8AD4B982C4373
|
||||
Petr Lautrbach <plautrba@redhat.com>
|
||||
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
|
||||
Jason Zaman <jasonzaman@gmail.com>
|
||||
- Add key to keyring:
|
||||
- B8682847764DF60DF52D992CBC3905F235179CF1
|
||||
Petr Lautrbach <lautrbach@redhat.com>
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 24 07:32:08 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update to version 3.5
|
||||
* error out if required permission would exceed limit
|
||||
* Improve error message for type bounds
|
||||
- Added additional developer key (Jason Zaman)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 9 10:09:06 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update to version 3.4
|
||||
* warn on bogus IP address or netmask in nodecon statement
|
||||
* allow wildcard permissions in constraints
|
||||
* mention class name on invalid permission
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 11 13:23:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update to version 3.3
|
||||
* When reading a binary policy by checkpolicy, do not automatically change the version
|
||||
to the max policy version supported by libsepol or, if specified, the value given
|
||||
using the "-c" flag.
|
||||
* Updated documentation
|
||||
* Prints the reason why opening a source policy file failed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 9 08:59:58 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update to version 3.2
|
||||
* Fix a memleak and an integer overflow
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update to version 3.1
|
||||
* checkpolicy treats invalid characters as an error - might break rare use
|
||||
cases (intentionally)
|
||||
* Drop extern_te_assert_t.patch, is upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 3 12:19:40 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
||||
|
||||
- Update to version 3.0
|
||||
* add flag to enable policy optimization
|
||||
* allow to write policy to stdout
|
||||
* remove a redundant if-condition
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 15 14:25:45 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
||||
|
||||
- Add extern_te_assert_t.patch to mark te_assert_t as extern.
|
||||
Prevents build failures on gcc10 (bsc#1160259)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 20 14:58:08 UTC 2019 - jsegitz@suse.com
|
||||
|
||||
- Update to version 2.9
|
||||
* Add option to sort contexts when creating a binary policy
|
||||
* Update manpage
|
||||
* check the result value of hashtable_search
|
||||
* destroy the class datum if it fails to initialize
|
||||
* remove extraneous policy build noise
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS"
|
||||
(RPM_LD_FLAGS is always empty).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 7 16:26:24 UTC 2018 - jsegitz@suse.com
|
||||
|
||||
- Source URL was invalid (bsc#1115052)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com
|
||||
|
||||
- Update to version 2.8 (bsc#1111732).
|
||||
For changes please see
|
||||
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
|
||||
- Dropped checkpolicy-build.patch, not necessary anymore
|
||||
- Removed BuildRequires for byacc. It builds without and this blocks
|
||||
building on SLE 15
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com
|
||||
|
||||
- checkpolicy-build.patch was added in the former change to fix build
|
||||
failures
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
|
||||
|
||||
- Rebase to 2.7.
|
||||
For changes please see
|
||||
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
|
||||
|
||||
- Update to version 2.6. Notable changes:
|
||||
* Add types associated to a role in the current scope when parsing
|
||||
* Extend checkpolicy pathname matching
|
||||
* Set flex as default lexer
|
||||
* Fix checkmodule output message
|
||||
* Fail if module name different than output base filename
|
||||
* Add support for portcon dccp protocol
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 29 21:05:43 UTC 2017 - mpluskal@suse.com
|
||||
|
||||
- Use plain flex
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 21 13:02:06 UTC 2016 - jengelh@inai.de
|
||||
|
||||
- Trim/update description
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 14 14:18:26 UTC 2016 - jsegitz@novell.com
|
||||
|
||||
- Without bug number no submit to SLE 12 SP2 is possible, so to make
|
||||
sle-changelog-checker happy: bsc#988977
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 8 16:22:15 UTC 2016 - i@marguerite.su
|
||||
|
||||
- update version 2.5
|
||||
* Add neverallow support for ioctl extended permissions
|
||||
* fix double free on name-based type transitions
|
||||
* switch operations to extended perms
|
||||
* policy_define.c: fix compiler warnings
|
||||
* Remove uses of -Wno-return-type
|
||||
* Fix -Wreturn-type issues
|
||||
* dispol: display operations as ranges
|
||||
* dispol: Extend to display operations
|
||||
* Add support for ioctl command whitelisting
|
||||
* Add option to write CIL policy
|
||||
* Add device tree ocontext nodes to Xen policy
|
||||
* Widen Xen IOMEM context entries
|
||||
* Expand allowed character set in paths
|
||||
* Fix precedence between number and filesystem tokens
|
||||
* dispol/dismod fgets function warnings fix
|
||||
- changes in 2.4
|
||||
* Fix bugs found by hardened gcc flags
|
||||
* Add missing semicolon in cond_else parser rule
|
||||
* Clear errno before call to strtol(3)
|
||||
* Global C++11 compatibility
|
||||
* Allow libsepol C++ static library on device
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun May 18 00:18:53 UTC 2014 - crrodriguez@opensuse.org
|
||||
|
||||
- version 2.3
|
||||
* Report source file and line information for neverallow failures.
|
||||
* Prevent incompatible option combinations for checkmodule.
|
||||
* Drop -lselinux from LDLIBS for test programs; not used.
|
||||
* Add debug feature to display constraints/validatetrans from Richard Haines.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 31 13:41:13 UTC 2013 - p.drouand@gmail.com
|
||||
|
||||
- Update to version 2.2
|
||||
* Fix hyphen usage in man pages
|
||||
* handle-unknown / -U required argument fix
|
||||
* Support overriding Makefile PATH and LIBDIR
|
||||
* Support space and : in filenames
|
||||
- Remove checkpolicy-rhat.patch; fixed on upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 27 14:29:19 UTC 2013 - vcizek@suse.com
|
||||
|
||||
- change the source url to the official 2.1.12 release tarball
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 29 13:10:16 UTC 2013 - vcizek@suse.com
|
||||
|
||||
- update to 2.1.12
|
||||
* Fix errors found by coverity
|
||||
* implement default type policy syntax
|
||||
* Free allocated memory when clean up / exit.
|
||||
- changes in checkpolicy-rhat.patch:
|
||||
* original hunk was merged upstream
|
||||
* space should be allowed for file trans names
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 30 11:40:10 UTC 2013 - vcizek@suse.com
|
||||
|
||||
- update to 2.1.11
|
||||
* fd leak reading policy
|
||||
* check return code on ebitmap_set_bit
|
||||
* sepolgen: We need to support files that have a + in them
|
||||
* implement new default labeling behaviors for usr, role, range
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 25 11:24:54 UTC 2012 - meissner@suse.com
|
||||
|
||||
- updated to 2.1.8
|
||||
- various fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 17 22:52:07 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- Remove redundant tags/sections from specfile
|
||||
- Use %_smp_mflags for parallel build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 25 14:51:44 UTC 2010 - prusnak@suse.cz
|
||||
|
||||
- updated to 2.0.21
|
||||
* Add support for building Xen policies from Paul Nuzzi.
|
||||
* Add long options to checkpolicy and checkmodule by Guido
|
||||
Trentalancia <guido@trentalancia.com>
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 23 12:29:42 CEST 2009 - prusnak@suse.cz
|
||||
|
||||
- require libsepol-devel-static
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 27 13:52:37 CEST 2009 - prusnak@suse.cz
|
||||
|
||||
- updated to 2.0.19
|
||||
* fix alias field in module format, caused by boundary format change
|
||||
from Caleb Case
|
||||
* properly escape regex symbols in the lexer from Stephen Smalley
|
||||
* add bounds support from KaiGai Kohei
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 20 18:03:54 CEST 2008 - prusnak@suse.cz
|
||||
|
||||
- use flex-old for building (using flex does not build refpolicy)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 15 17:56:14 CEST 2008 - prusnak@suse.cz
|
||||
|
||||
- initial version 2.0.16
|
||||
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>
|
||||
|
110
checkpolicy.keyring
Normal file
110
checkpolicy.keyring
Normal file
@ -0,0 +1,110 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f
|
||||
QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq
|
||||
8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk
|
||||
e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m
|
||||
zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk
|
||||
uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V
|
||||
CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k
|
||||
Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK
|
||||
3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC
|
||||
4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ
|
||||
xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB
|
||||
tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
|
||||
FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG
|
||||
FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7
|
||||
CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G
|
||||
CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx
|
||||
tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ
|
||||
79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9
|
||||
eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf
|
||||
YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc
|
||||
g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ
|
||||
6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP
|
||||
3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6
|
||||
9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf
|
||||
6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7
|
||||
DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu
|
||||
Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI
|
||||
zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x
|
||||
2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML
|
||||
rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw
|
||||
xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e
|
||||
Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm
|
||||
YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ
|
||||
MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ
|
||||
YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC
|
||||
w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec
|
||||
8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj
|
||||
EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5
|
||||
4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90
|
||||
XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU
|
||||
5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3
|
||||
+4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4
|
||||
G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv
|
||||
LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z
|
||||
b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k
|
||||
dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb
|
||||
ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2
|
||||
6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo
|
||||
hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2
|
||||
QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV
|
||||
9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg
|
||||
ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC
|
||||
APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5
|
||||
APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO
|
||||
Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6
|
||||
is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1
|
||||
/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS
|
||||
f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m
|
||||
khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7
|
||||
8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5
|
||||
XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+
|
||||
ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV
|
||||
TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY
|
||||
BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE
|
||||
LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup
|
||||
PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT
|
||||
raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq
|
||||
DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I
|
||||
V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+
|
||||
ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD
|
||||
VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF
|
||||
CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb
|
||||
96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu
|
||||
O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec
|
||||
qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5
|
||||
/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw
|
||||
w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50
|
||||
THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY
|
||||
nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k
|
||||
uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57
|
||||
c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D
|
||||
vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378
|
||||
d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0
|
||||
P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X
|
||||
QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64
|
||||
G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3
|
||||
QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ
|
||||
MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO
|
||||
17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC
|
||||
JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ
|
||||
lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT
|
||||
xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd
|
||||
7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp
|
||||
ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ
|
||||
A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB
|
||||
56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh
|
||||
z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY
|
||||
eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3
|
||||
q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh
|
||||
C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy
|
||||
BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F
|
||||
G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY
|
||||
zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x
|
||||
pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr
|
||||
6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi
|
||||
TakEPw==
|
||||
=odM9
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
92
checkpolicy.spec
Normal file
92
checkpolicy.spec
Normal file
@ -0,0 +1,92 @@
|
||||
#
|
||||
# spec file for package checkpolicy
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define libsepol_ver 3.7
|
||||
Name: checkpolicy
|
||||
Version: 3.7
|
||||
Release: 0
|
||||
Summary: SELinux policy compiler
|
||||
License: GPL-2.0-or-later
|
||||
Group: Productivity/Security
|
||||
URL: https://github.com/SELinuxProject/selinux
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
|
||||
Source2: checkpolicy.keyring
|
||||
Source3: checkpolicy-tests.tar.gz
|
||||
BuildRequires: bison
|
||||
BuildRequires: flex
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: libsepol-devel-static => %{libsepol_ver}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
checkpolicy is the SELinux policy compiler. It uses libsepol to
|
||||
generate the binary policy.
|
||||
|
||||
(Security-enhanced Linux is a feature of the kernel and some
|
||||
utilities that implement mandatory access control policies, such as
|
||||
Type Enforcement, Role-based Access Control and Multi-Level
|
||||
Security.)
|
||||
|
||||
%package devel
|
||||
Summary: Development files for SELinux policy compiler
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
checkpolicy is the SELinux policy compiler. It uses libsepol to
|
||||
generate the binary policy.
|
||||
|
||||
This package contains the development files, which are
|
||||
necessary to develop your own software using checkpolicy.
|
||||
|
||||
%package -n python3-%{name}
|
||||
Summary: Python bindings for SELinux policy compiler
|
||||
Group: Development/Libraries/Python
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description -n python3-%{name}
|
||||
checkpolicy is the SELinux policy compiler. It uses libsepol to
|
||||
generate the binary policy.
|
||||
|
||||
This package contains the Python bindindgs, which are necessary
|
||||
to use checkpolicy from Python.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
make clean
|
||||
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
|
||||
make -C test LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/%{_bindir}
|
||||
%make_install LIBDIR="%{_libdir}"
|
||||
install test/dismod %{buildroot}/%{_bindir}/sedismod
|
||||
install test/dispol %{buildroot}/%{_bindir}/sedispol
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/checkpolicy
|
||||
%{_bindir}/checkmodule
|
||||
%{_bindir}/sedismod
|
||||
%{_bindir}/sedispol
|
||||
%{_mandir}/man8/check*.*%{ext_man}
|
||||
|
||||
%changelog
|
Loading…
Reference in New Issue
Block a user