From c400328f5bb55594668c21af12ca314128aca727e2e907ef0992e9fcb69e9fde Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Tue, 2 Jun 2020 15:31:13 +0000 Subject: [PATCH] Accepting request 810878 from home:jsegitz:branches:security:SELinux - Added skip_cycles.patch to skip directory cycles and not error out OBS-URL: https://build.opensuse.org/request/show/810878 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=124 --- libselinux-bindings.spec | 15 ++++----------- libselinux.changes | 6 ++++++ libselinux.spec | 27 +++++++++++---------------- skip_cycles.patch | 16 ++++++++++++++++ 4 files changed, 37 insertions(+), 27 deletions(-) create mode 100644 skip_cycles.patch diff --git a/libselinux-bindings.spec b/libselinux-bindings.spec index 8fb29fd..151599e 100644 --- a/libselinux-bindings.spec +++ b/libselinux-bindings.spec @@ -89,17 +89,10 @@ make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src pywrap V=1 make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src rubywrap V=1 %install -make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" \ - SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \ - -C src install V=1 -make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" \ - SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \ - -C src install-pywrap V=1 -make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" \ - SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \ - -C src install-rubywrap V=1 -rm -rf %{buildroot}/%{_lib} %{buildroot}%{_libdir}/libselinux.* \ - %{buildroot}%{_libdir}/pkgconfig +make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a -C src install V=1 +make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a -C src install-pywrap V=1 +make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a -C src install-rubywrap V=1 +rm -rf %{buildroot}/%{_lib} %{buildroot}%{_libdir}/libselinux.* %{buildroot}%{_libdir}/pkgconfig %files -n python3-selinux %{python3_sitearch}/*selinux* diff --git a/libselinux.changes b/libselinux.changes index d65c09c..078e547 100644 --- a/libselinux.changes +++ b/libselinux.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Mar 26 15:43:41 UTC 2020 - Johannes Segitz + +- Added skip_cycles.patch to skip directory cycles and not error + out + ------------------------------------------------------------------- Tue Mar 3 11:13:12 UTC 2020 - Johannes Segitz diff --git a/libselinux.spec b/libselinux.spec index bf876e9..fac5506 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -29,6 +29,7 @@ Source1: selinux-ready Source2: baselibs.conf # PATCH-FIX-UPSTREAM Include for readv prototype Patch4: readv-proto.patch +Patch5: skip_cycles.patch BuildRequires: fdupes BuildRequires: libsepol-devel >= %{libsepol_ver} BuildRequires: pcre-devel @@ -95,6 +96,7 @@ necessary to develop your own software using libselinux. %prep %setup -q %patch4 -p1 +%patch5 -p1 %build %define _lto_cflags %{nil} @@ -106,21 +108,6 @@ mkdir -p %{buildroot}%{_libdir} mkdir -p %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_sbindir} make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" BINDIR="%{_sbindir}" install -rm -f %{buildroot}%{_sbindir}/compute_* -rm -f %{buildroot}%{_sbindir}/deftype -rm -f %{buildroot}%{_sbindir}/execcon -rm -f %{buildroot}%{_sbindir}/getenforcemode -rm -f %{buildroot}%{_sbindir}/getfilecon -rm -f %{buildroot}%{_sbindir}/getpidcon -rm -f %{buildroot}%{_sbindir}/mkdircon -rm -f %{buildroot}%{_sbindir}/policyvers -rm -f %{buildroot}%{_sbindir}/setfilecon -rm -f %{buildroot}%{_sbindir}/selinuxconfig -rm -f %{buildroot}%{_sbindir}/selinuxdisable -rm -f %{buildroot}%{_sbindir}/getseuser -rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context -rm -f %{buildroot}%{_sbindir}/selabel_get_digests_all_partial_matches -rm -f %{buildroot}%{_sbindir}/validatetrans mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist install -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}/selinux-ready @@ -145,10 +132,18 @@ install -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}/selinux-ready %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/togglesebool -#%#{_sbindir}/selinux_restorecon %{_sbindir}/selinux-ready %{_sbindir}/selinuxexeccon %{_sbindir}/sefcontext_compile +%{_sbindir}/compute_* +%{_sbindir}/getfilecon +%{_sbindir}/getpidcon +%{_sbindir}/policyvers +%{_sbindir}/setfilecon +%{_sbindir}/getseuser +%{_sbindir}/selinux_check_securetty_context +%{_sbindir}/selabel_get_digests_all_partial_matches +%{_sbindir}/validatetrans %{_mandir}/man5/* %{_mandir}/ru/man5/* %{_mandir}/man8/* diff --git a/skip_cycles.patch b/skip_cycles.patch new file mode 100644 index 0000000..81c58b7 --- /dev/null +++ b/skip_cycles.patch @@ -0,0 +1,16 @@ +Index: libselinux-3.0/src/selinux_restorecon.c +=================================================================== +--- libselinux-3.0.orig/src/selinux_restorecon.c ++++ libselinux-3.0/src/selinux_restorecon.c +@@ -991,9 +991,8 @@ int selinux_restorecon(const char *pathn + selinux_log(SELINUX_ERROR, + "Directory cycle on %s.\n", + ftsent->fts_path); +- errno = ELOOP; +- error = -1; +- goto out; ++ fts_set(fts, ftsent, FTS_SKIP); ++ continue; + case FTS_DP: + continue; + case FTS_DNR: