commit 732ba6f16b8439311680003e5e8bff2c4828492d6bc928dafa932ac4a3ce1d26 Author: Hu Date: Tue Jul 2 09:43:44 2024 +0000 Accepting request 1184291 from home:cahu:security:SELinux:userspace37 - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * checkpolicy: support CIDR notation for nodecon statements * checkpolicy: provide more descriptive error messages and improve error handling * Bugfixes: * checkpolicy: handle unprintable token * checkpolicy: avoid assigning garbage values * checkpolicy: free temporary bounds type * checkpolicy: perform contiguous check in host byte order * checkpolicy: include for isprint(3) * oss-fuzz fixes: * checkpolicy: add libfuzz based fuzzer * checkpolicy: free complete role_allow_rule on error * checkpolicy: free identifiers on invalid typebounds * checkpolicy: return YYerror on invalid character * checkpolicy: clone level only once OBS-URL: https://build.opensuse.org/request/show/1184291 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=65 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/checkpolicy-3.6.tar.gz b/checkpolicy-3.6.tar.gz new file mode 100644 index 0000000..42e174c --- /dev/null +++ b/checkpolicy-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1b346b3cdd4f8a78a157627bad64a3b3479c67b6a19d15e6d5c8694620eadbc1 +size 70684 diff --git a/checkpolicy-3.6.tar.gz.asc b/checkpolicy-3.6.tar.gz.asc new file mode 100644 index 0000000..26bc67f --- /dev/null +++ b/checkpolicy-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF +CNE7jw/8Dg9K9Ie2j/zXEAW7khQLjQe5skNoX4pOWO31AzRK675b0z8/Lx3UMU3I +q/CSKLSrcblgsJxbDkp4KB/YzUo2IaBuJp8IqXye5DEPqUNnkOmg6/7KytU1nmn6 +lA7nUm2XgaBuTtC6zi2rdb2qR0Pobja2rLx4gIP4yp7HPiq1leUy5dYhHCF7NT6W +AzhafOipDMClBd/yMOKS1PSnDrm//xXyg36RxJNX7xtlhfeRlR+lYegRMutVEnJW +KKx1pXVcdZWU53enLc5UJBohkkzA738AnwhpqPSuL3SiHI55v7GYz6KrrRZs0tke +mrQTa7GW7R5IGddz3nzc/GGzSTz1VGiloFTsZvMDKJaZIe/x46ZtPTbu44/caGQI +3Oc0tDQbGHgweCbVe0jeWmZZi6sJvgDwQa66RmjIbOPUDv+5cXbQbwLEzCAMqpxe +RFbjA35LSahAWHGdzQoewwmec4REX7z1Amyz0XJhLbG2xFWsjIl3xom/YV+ZxYat +KWJ8IH1ygW7mPFQx9JUJN8HpiKThHwsVvMiCvEcuz5pS3kXhj6qrL4Rhxebq7W7R +UCVACKka9g4ukpaGH1MUty4h3Q9TfEehwn20oFa5b93FdYZF9LhKdN23H/0kUpi7 +MeBbAXK6z8p8nFgSbrA7cQ6Nf0uBGJ8qeBRj6N9FdylbdN3VxW4= +=vakU +-----END PGP SIGNATURE----- diff --git a/checkpolicy-3.7.tar.gz b/checkpolicy-3.7.tar.gz new file mode 100644 index 0000000..0fa8736 --- /dev/null +++ b/checkpolicy-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd3e1925477d49946d1116938661af44c1f86f0d681466fd9f02eaa06002a07f +size 74992 diff --git a/checkpolicy-3.7.tar.gz.asc b/checkpolicy-3.7.tar.gz.asc new file mode 100644 index 0000000..6bfe507 --- /dev/null +++ b/checkpolicy-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NdQACgkQRpWIHCVF +CNFu8A//aEuByelb5YAXlrIOe1OFlZ1xzATJjan6wQyoX22GQvcb50C00/FoSicH +UDxvJ1k+oam9VdBISBxssvnftzhohwJyNn/r5br7KlBUA16GQxokftdddfU4aC9e +mIdy6ZUja7VO3zWXDFDoZyL0IpbjgrftOG3EHxF+rMfeoznW9g1enCEb7oWqZXCL +5gLhyI05FmI7ySOxqBhvU9oAVgSrU32UFDbgXZkKu2lkOSUPtxhTIzS/8vtIsiNy +ihS5LGS1VpyPdG3EWSr44d4sR4z3UM4QitRizG4lQVHluJDxS4lpivZlVSXHm87M +T8FvMIo7pJ5NQhmRMBZw1895ganyaGSuzSa8b05xtVfzg2lVkYPrCw1rzrDoxetF +2tWTijYfxDyhkvniACjNpfscayUe00IuCCceaoqLqi/BpeSaqdGh04prfCpmwYhA +umVtYLJrjddi9KyrBlNIVad22TiuxjqFg9J0Up8J+4GleCFG/GNjSKFlaYazJJF0 +Hz4MJwDUbdWfY9WReyFEfMEvr7nCKcFCuU5Dv3GGFgE2oPAh2KasRg04OU56DIZl +ih4Fr1+qwDAztT0dmui/5FO4RvkCd1CecnUyzLpmzSAPduBxur41+0ym8QQ+qAup +utO3hg07MI8MN8pBuekL3g+3EkeA5RI7EZu569Z99vBSdi3XPGs= +=QR49 +-----END PGP SIGNATURE----- diff --git a/checkpolicy-tests.tar.gz b/checkpolicy-tests.tar.gz new file mode 100644 index 0000000..070181a --- /dev/null +++ b/checkpolicy-tests.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:31963e5a13050e221f8f1c68ca2d4def3a783a803499cd498a2f62d6787d52b2 +size 13993 diff --git a/checkpolicy.changes b/checkpolicy.changes new file mode 100644 index 0000000..c6b615f --- /dev/null +++ b/checkpolicy.changes @@ -0,0 +1,289 @@ +------------------------------------------------------------------- +Mon Jul 1 07:45:50 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * User-visible changes: + * checkpolicy: support CIDR notation for nodecon statements + * checkpolicy: provide more descriptive error messages and improve error handling + * Bugfixes: + * checkpolicy: handle unprintable token + * checkpolicy: avoid assigning garbage values + * checkpolicy: free temporary bounds type + * checkpolicy: perform contiguous check in host byte order + * checkpolicy: include for isprint(3) + * oss-fuzz fixes: + * checkpolicy: add libfuzz based fuzzer + * checkpolicy: free complete role_allow_rule on error + * checkpolicy: free identifiers on invalid typebounds + * checkpolicy: return YYerror on invalid character + * checkpolicy: clone level only once + +------------------------------------------------------------------- +Tue Dec 19 10:43:51 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * checkpolicy: Add the command line argument -N, --disable-neverallow + * dispol: add option to display users, drop duplicate option to display booleans, +show number of entries before listing them + * dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies + * dispol: add options: --actions ACTIONS, --help + * dismod: add options: --actions ACTIONS, --help + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Fri Feb 24 07:32:08 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * error out if required permission would exceed limit + * Improve error message for type bounds +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:09:06 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * warn on bogus IP address or netmask in nodecon statement + * allow wildcard permissions in constraints + * mention class name on invalid permission + +------------------------------------------------------------------- +Thu Nov 11 13:23:59 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * When reading a binary policy by checkpolicy, do not automatically change the version + to the max policy version supported by libsepol or, if specified, the value given + using the "-c" flag. + * Updated documentation + * Prints the reason why opening a source policy file failed + +------------------------------------------------------------------- +Tue Mar 9 08:59:58 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * Fix a memleak and an integer overflow + +------------------------------------------------------------------- +Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * checkpolicy treats invalid characters as an error - might break rare use + cases (intentionally) + * Drop extern_te_assert_t.patch, is upstream + +------------------------------------------------------------------- +Tue Mar 3 12:19:40 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * add flag to enable policy optimization + * allow to write policy to stdout + * remove a redundant if-condition + +------------------------------------------------------------------- +Wed Jan 15 14:25:45 UTC 2020 - Johannes Segitz + +- Add extern_te_assert_t.patch to mark te_assert_t as extern. + Prevents build failures on gcc10 (bsc#1160259) + +------------------------------------------------------------------- +Wed Mar 20 14:58:08 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Add option to sort contexts when creating a binary policy + * Update manpage + * check the result value of hashtable_search + * destroy the class datum if it fails to initialize + * remove extraneous policy build noise + +------------------------------------------------------------------- +Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt + +- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS" + (RPM_LD_FLAGS is always empty). + +------------------------------------------------------------------- +Wed Nov 7 16:26:24 UTC 2018 - jsegitz@suse.com + +- Source URL was invalid (bsc#1115052) + +------------------------------------------------------------------- +Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com + +- Update to version 2.8 (bsc#1111732). + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt +- Dropped checkpolicy-build.patch, not necessary anymore +- Removed BuildRequires for byacc. It builds without and this blocks + building on SLE 15 + +------------------------------------------------------------------- +Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com + +- checkpolicy-build.patch was added in the former change to fix build + failures + +------------------------------------------------------------------- +Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com + +- Rebase to 2.7. + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt + +------------------------------------------------------------------- +Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * Add types associated to a role in the current scope when parsing + * Extend checkpolicy pathname matching + * Set flex as default lexer + * Fix checkmodule output message + * Fail if module name different than output base filename + * Add support for portcon dccp protocol + +------------------------------------------------------------------- +Thu Jun 29 21:05:43 UTC 2017 - mpluskal@suse.com + +- Use plain flex + +------------------------------------------------------------------- +Thu Jul 21 13:02:06 UTC 2016 - jengelh@inai.de + +- Trim/update description + +------------------------------------------------------------------- +Thu Jul 14 14:18:26 UTC 2016 - jsegitz@novell.com + +- Without bug number no submit to SLE 12 SP2 is possible, so to make + sle-changelog-checker happy: bsc#988977 + +------------------------------------------------------------------- +Fri Jul 8 16:22:15 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Add neverallow support for ioctl extended permissions + * fix double free on name-based type transitions + * switch operations to extended perms + * policy_define.c: fix compiler warnings + * Remove uses of -Wno-return-type + * Fix -Wreturn-type issues + * dispol: display operations as ranges + * dispol: Extend to display operations + * Add support for ioctl command whitelisting + * Add option to write CIL policy + * Add device tree ocontext nodes to Xen policy + * Widen Xen IOMEM context entries + * Expand allowed character set in paths + * Fix precedence between number and filesystem tokens + * dispol/dismod fgets function warnings fix +- changes in 2.4 + * Fix bugs found by hardened gcc flags + * Add missing semicolon in cond_else parser rule + * Clear errno before call to strtol(3) + * Global C++11 compatibility + * Allow libsepol C++ static library on device + +------------------------------------------------------------------- +Sun May 18 00:18:53 UTC 2014 - crrodriguez@opensuse.org + +- version 2.3 +* Report source file and line information for neverallow failures. +* Prevent incompatible option combinations for checkmodule. +* Drop -lselinux from LDLIBS for test programs; not used. +* Add debug feature to display constraints/validatetrans from Richard Haines. + +------------------------------------------------------------------- +Thu Oct 31 13:41:13 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Fix hyphen usage in man pages + * handle-unknown / -U required argument fix + * Support overriding Makefile PATH and LIBDIR + * Support space and : in filenames +- Remove checkpolicy-rhat.patch; fixed on upstream + +------------------------------------------------------------------- +Thu Jun 27 14:29:19 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.12 release tarball + +------------------------------------------------------------------- +Fri Mar 29 13:10:16 UTC 2013 - vcizek@suse.com + +- update to 2.1.12 + * Fix errors found by coverity + * implement default type policy syntax + * Free allocated memory when clean up / exit. +- changes in checkpolicy-rhat.patch: + * original hunk was merged upstream + * space should be allowed for file trans names + +------------------------------------------------------------------- +Wed Jan 30 11:40:10 UTC 2013 - vcizek@suse.com + +- update to 2.1.11 + * fd leak reading policy + * check return code on ebitmap_set_bit + * sepolgen: We need to support files that have a + in them + * implement new default labeling behaviors for usr, role, range + +------------------------------------------------------------------- +Wed Jul 25 11:24:54 UTC 2012 - meissner@suse.com + +- updated to 2.1.8 + - various fixes + +------------------------------------------------------------------- +Sat Sep 17 22:52:07 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Thu Feb 25 14:51:44 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.21 + * Add support for building Xen policies from Paul Nuzzi. + * Add long options to checkpolicy and checkmodule by Guido + Trentalancia + +------------------------------------------------------------------- +Tue Jun 23 12:29:42 CEST 2009 - prusnak@suse.cz + +- require libsepol-devel-static + +------------------------------------------------------------------- +Wed May 27 13:52:37 CEST 2009 - prusnak@suse.cz + +- updated to 2.0.19 + * fix alias field in module format, caused by boundary format change + from Caleb Case + * properly escape regex symbols in the lexer from Stephen Smalley + * add bounds support from KaiGai Kohei + +------------------------------------------------------------------- +Mon Oct 20 18:03:54 CEST 2008 - prusnak@suse.cz + +- use flex-old for building (using flex does not build refpolicy) + +------------------------------------------------------------------- +Tue Jul 15 17:56:14 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.16 + * based on Fedora package by Dan Walsh + diff --git a/checkpolicy.keyring b/checkpolicy.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/checkpolicy.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/checkpolicy.spec b/checkpolicy.spec new file mode 100644 index 0000000..a320ebc --- /dev/null +++ b/checkpolicy.spec @@ -0,0 +1,92 @@ +# +# spec file for package checkpolicy +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libsepol_ver 3.7 +Name: checkpolicy +Version: 3.7 +Release: 0 +Summary: SELinux policy compiler +License: GPL-2.0-or-later +Group: Productivity/Security +URL: https://github.com/SELinuxProject/selinux +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: checkpolicy.keyring +Source3: checkpolicy-tests.tar.gz +BuildRequires: bison +BuildRequires: flex +BuildRequires: libselinux-devel +BuildRequires: libsepol-devel-static => %{libsepol_ver} +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +checkpolicy is the SELinux policy compiler. It uses libsepol to +generate the binary policy. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package devel +Summary: Development files for SELinux policy compiler +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} + +%description devel +checkpolicy is the SELinux policy compiler. It uses libsepol to +generate the binary policy. + +This package contains the development files, which are +necessary to develop your own software using checkpolicy. + +%package -n python3-%{name} +Summary: Python bindings for SELinux policy compiler +Group: Development/Libraries/Python +Requires: %{name} = %{version} + +%description -n python3-%{name} +checkpolicy is the SELinux policy compiler. It uses libsepol to +generate the binary policy. + +This package contains the Python bindindgs, which are necessary +to use checkpolicy from Python. + +%prep +%setup -q + +%build +make clean +make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} +make -C test LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} + +%install +mkdir -p %{buildroot}/%{_bindir} +%make_install LIBDIR="%{_libdir}" +install test/dismod %{buildroot}/%{_bindir}/sedismod +install test/dispol %{buildroot}/%{_bindir}/sedispol + +%files +%defattr(-,root,root) +%{_bindir}/checkpolicy +%{_bindir}/checkmodule +%{_bindir}/sedismod +%{_bindir}/sedispol +%{_mandir}/man8/check*.*%{ext_man} + +%changelog