From 45e0ea657bd9d7ceaedbaf908e1d1b3dfee8afc380e7dde3f51156d694682480 Mon Sep 17 00:00:00 2001 From: Hu Date: Tue, 2 Jul 2024 09:42:15 +0000 Subject: [PATCH] Accepting request 1184298 from home:cahu:security:SELinux:userspace37 - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * no changes from 3.6, only version changed to 3.7 OBS-URL: https://build.opensuse.org/request/show/1184298 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/restorecond?expand=0&rev=33 --- .gitattributes | 23 ++++++ .gitignore | 1 + harden_restorecond.service.patch | 20 +++++ restorecond-3.6.tar.gz | 3 + restorecond-3.6.tar.gz.asc | 16 ++++ restorecond-3.7.tar.gz | 3 + restorecond-3.7.tar.gz.asc | 16 ++++ restorecond.changes | 126 +++++++++++++++++++++++++++++++ restorecond.keyring | 110 +++++++++++++++++++++++++++ restorecond.spec | 77 +++++++++++++++++++ 10 files changed, 395 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 harden_restorecond.service.patch create mode 100644 restorecond-3.6.tar.gz create mode 100644 restorecond-3.6.tar.gz.asc create mode 100644 restorecond-3.7.tar.gz create mode 100644 restorecond-3.7.tar.gz.asc create mode 100644 restorecond.changes create mode 100644 restorecond.keyring create mode 100644 restorecond.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/harden_restorecond.service.patch b/harden_restorecond.service.patch new file mode 100644 index 0000000..3cb2a40 --- /dev/null +++ b/harden_restorecond.service.patch @@ -0,0 +1,20 @@ +Index: restorecond-3.2/restorecond.service +=================================================================== +--- restorecond-3.2.orig/restorecond.service ++++ restorecond-3.2/restorecond.service +@@ -5,6 +5,15 @@ ConditionPathExists=/etc/selinux/restore + ConditionSecurity=selinux + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=forking + ExecStart=/usr/sbin/restorecond + PIDFile=/run/restorecond.pid diff --git a/restorecond-3.6.tar.gz b/restorecond-3.6.tar.gz new file mode 100644 index 0000000..21673b7 --- /dev/null +++ b/restorecond-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8f8aa2c6c66bcc6d91c6edd63913e5d738de6428928f27d1019d89c31cf347b1 +size 18020 diff --git a/restorecond-3.6.tar.gz.asc b/restorecond-3.6.tar.gz.asc new file mode 100644 index 0000000..59817d9 --- /dev/null +++ b/restorecond-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAMACgkQRpWIHCVF +CNFXsw//RSQSkQcUwzxy+sVlv5IQnKNfc45b8xgsVmIkxfA5prVEPaQf+SAcuaQj +PQ9ukDHBr07vtfyPRYm/eRmPZW/6s6FLrGEwhu4mnIJMuL84nB229IraSQeHRK5n +53G+xuCMz3+fm8fZqyyr8XN1QS+ReVTeE1rFEGYTceAW2R+bYTfAoJXA+ExsQO/R +d7U23+JyrLY5xADbaszvE1v2fDyTxhaGrdT+QmqySqcnrt8BF1sGbX46sEoyIUyh +jgVy5dOfI11TxxZ3+uJovZmD6K1pQKcHuC7X/9LlGsoIOjdVz42DJlAcr2nGdPjc +8GyC6dgCnWhisl1ePZMY7cW2LYXQvKnf7YH0KXRVtywuGX4mKD+PXmekJgfP20vz +EeXkPMuRsHpnWhUcvPzxpVtlqsdVLKKVIhsKBQ/m5q8aplxM21xr5Ed/SZ+t2BA1 +H5G2L7wwGU88AOmRfYqkC/ebjozSS7e0htAm92gdC3g8hUbm04XsHJSRXfDHkqNu +wkQJ6Y6A0M33Pc3YZFg+YnLL2Bb3F9+SxOh28YilEDtqgMBVyzlUhN2T4/oegABn +G77GRVV3HG9e7kMpA/Oek77r055RN/E684NfpqN8pfoA/6LvtVh+LO2twT6YjO6t +BpZWuPGPvlnjZiKUanDs9zNVshngq8gOuGhFqSt6uvMf+lO+BAE= +=hHoX +-----END PGP SIGNATURE----- diff --git a/restorecond-3.7.tar.gz b/restorecond-3.7.tar.gz new file mode 100644 index 0000000..d5c3e9a --- /dev/null +++ b/restorecond-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4192595c08c775ff540f5ab850885ce11b132a4a4e29b65f20e751dd0a69d31f +size 18072 diff --git a/restorecond-3.7.tar.gz.asc b/restorecond-3.7.tar.gz.asc new file mode 100644 index 0000000..500013c --- /dev/null +++ b/restorecond-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNEVjw//X+iCeLhgmmaxNsqucF8VahGo4wOeJTQUTr56hDDcrCderlCj1UYaeVgd +wINyW3dRPTfFqKGwHcf93uFvjJKfn4xbScIjpmyTxCSvvksh8aOeyqKPH7NC2CMU +sYivK+l6QDH0yzH+075Z2qMJW5dAIghFBAcJKrLPv7pdE4qmLuIERqD8UBWo+sBX +XWEcATVBAqxAP0Dw35sBrECHUUzLTHnfbHv9UogPO8w7nRRgtbPDvi+xJvVOaUxs +xbamgZ/yQwKbUnXWMslQSIim5egsn4HXPF3pkOZwbOE530ZC425pHFbtm5DGbdNa +hQs8v94qHO9lQGIkSx+J65O1/GZ5VLocnac+yySn9AjTXb3oJpJcNzzByEDgB9Er +0PYL1fbsJr9DCHX2B6DVENrPZ+FoZEBCpMdX4orcGz+5x9nzCHMzT6Yp+l0Mz25X +ZfO/ZKeIAjEGMYgyfmEiigOMGtT4vDL33D/dM5HLJKHRWkbDZQrX+JiHJ4Hcplsc +MFvvbvYH4ulIPrinSvoSZ2/7a+BgH1rObSqOD4s5PLGqF9U2GlVvwECXywsYzGIp +Ixx0peAHLvuPCXPoPYkAARToEV8VrV1jJPUCMaNE5G43vWKgovSDpqLRHR2q8bdR +CBA+V1c1mREoXe7gbp7aUI9gMcVMGXyL0MHk9HWL6ycOANaKPgU= +=FkJC +-----END PGP SIGNATURE----- diff --git a/restorecond.changes b/restorecond.changes new file mode 100644 index 0000000..934c3d8 --- /dev/null +++ b/restorecond.changes @@ -0,0 +1,126 @@ +------------------------------------------------------------------- +Mon Jul 1 08:12:59 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * no changes from 3.6, only version changed to 3.7 + +------------------------------------------------------------------- +Tue Dec 19 12:37:32 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Mon Nov 27 10:34:58 UTC 2023 - Hu + +- Change deprecated `%patch1 -p1` syntax to supported `%patch -P1 -p1` + (bsc#1216669) + +------------------------------------------------------------------- +Fri Feb 24 07:56:23 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Code improvements, no user visible changes +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:50:59 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Support parallel relabeling + +------------------------------------------------------------------- +Thu Dec 2 12:10:11 UTC 2021 - Johannes Segitz + +- Claim ownership for %{_sysconfdir}/selinux + +------------------------------------------------------------------- +Mon Nov 15 15:48:12 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_restorecond.service.patch + +------------------------------------------------------------------- +Thu Nov 11 14:17:58 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * No user visible changes + +------------------------------------------------------------------- +Tue Mar 9 09:20:47 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * Fix a double-close of a file descriptor + +------------------------------------------------------------------- +Wed Jul 15 14:27:05 UTC 2020 - Johannes Segitz + +- Use proper macros for SYSTEMDSYSTEMUNITDIR and SYSTEMDUSERUNITDIR + +------------------------------------------------------------------- +Tue Jul 14 08:32:09 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * `restorecond_user.service` - new systemd user service which runs + `restorecond -u` + +------------------------------------------------------------------- +Tue May 12 06:50:33 UTC 2020 - Johannes Segitz + +- Use %{_unitdir} for the location of the .service file + +------------------------------------------------------------------- +Thu May 7 08:44:43 UTC 2020 - pgajdos@suse.com + +- %{_libexecdir} now expands to /usr/libexec, so do not use it + where /usr/lib was intended + +------------------------------------------------------------------- +Tue Mar 3 12:28:15 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Do not link against libpcre + * Fix redundant console log output error + * Use /run instead of /var/run + Dropped r_opts_global.patch + +------------------------------------------------------------------- +Wed Jan 15 10:11:33 UTC 2020 - Johannes Segitz + +- Added r_opts_global.patch to fix build problems with gcc due to + multiple definitions for global symbols (bsc#1160290) + +------------------------------------------------------------------- +Thu Dec 5 10:06:43 UTC 2019 - Martin Liška + +- Use %make_build and respect %optflags. + +------------------------------------------------------------------- +Wed Mar 20 15:22:48 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Do not ignore the -f option + * close the PID file if writing to it failed + +------------------------------------------------------------------- +Tue Jan 15 15:16:00 UTC 2019 - jsegitz@suse.com + +- Package creation (already 2018-11-23, didn't include a .changes + file then) diff --git a/restorecond.keyring b/restorecond.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/restorecond.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/restorecond.spec b/restorecond.spec new file mode 100644 index 0000000..b171319 --- /dev/null +++ b/restorecond.spec @@ -0,0 +1,77 @@ +# +# spec file for package restorecond +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libselinux_ver 3.7 +Name: restorecond +Version: 3.7 +Release: 0 +Summary: Daemon to restore SELinux contexts +License: GPL-2.0-or-later +Group: Productivity/Security +URL: https://github.com/SELinuxProject/selinux.git +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: restorecond.keyring +Patch0: harden_restorecond.service.patch +BuildRequires: dbus-1-glib-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +Requires: libselinux1 >= %{libselinux_ver} +Requires: selinux-tools >= %{libselinux_ver} + +%description +Daemon that watches for file creation and then sets the default SELinux file context + +%prep +%setup -q +%patch -P0 -p1 + +%build +export CFLAGS="%optflags" +%make_build LSPP_PRIV=y all + +%install +make DESTDIR=%{buildroot} SHLIBDIR=/%{_lib} SYSTEMDSYSTEMUNITDIR=%{_unitdir} SYSTEMDUSERUNITDIR=%{_userunitdir} install +rm %{buildroot}%{_sysconfdir}/rc.d/init.d/restorecond +ln -s /sbin/service %{buildroot}%{_sbindir}/rcrestorecond + +%pre +%service_add_pre restorecond.service + +%post +%service_add_post restorecond.service + +%preun +%service_del_preun restorecond.service + +%postun +%service_del_postun restorecond.service + +%files +%dir %{_sysconfdir}/selinux +%config %{_sysconfdir}/selinux/restorecond.conf +%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf +%{_sysconfdir}/xdg/autostart/restorecond.desktop +%{_unitdir}/restorecond.service +%{_userunitdir}/restorecond_user.service + +%{_sbindir}/restorecond +%{_sbindir}/rcrestorecond +%{_datadir}/dbus-1/services/org.selinux.Restorecond.service +%{_mandir}/man8/restorecond.8%{?ext_man} + +%changelog