rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity

Accepting request 842814 from security:SELinux

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/842814
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=3
This commit is contained in:
Dominique Leuenberger 2020-10-23 10:20:12 +00:00 committed by Git OBS Bridge
commit 2453061091
4 changed files with 33 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fedora-policy.20200910.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e8acb185a5abf179037ca0531d312d327df52c0b201128e84d22afe730c8b96
size 738509

3
fedora-policy.20201016.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3ff25d1c2affe7d2361d8f00f32ff95d5114439051fa596373ddc4a43a8119eb
size 716245

9
selinux-policy.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Fri Oct 16 08:50:06 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Update to version 20201016
- Use python3 to build (fc_sort.c was replaced by fc_sort.py which
uses python3)
- Drop SELINUX=disabled, "selinux=0" kernel commandline option has
to be used instead. New default is "permissive" [bsc#1176923].
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 10 07:16:50 UTC 2020 - Johannes Segitz <jsegitz@suse.com> Tue Sep 10 07:16:50 UTC 2020 - Johannes Segitz <jsegitz@suse.com>

44
selinux-policy.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package selinux-policy # spec file for package selinux-policy
# #
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,9 +12,10 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
# There are almost no SUSE specific modifications available in the policy, so we utilize the # There are almost no SUSE specific modifications available in the policy, so we utilize the
# ones used by redhat and include also the SUSE specific ones (see sed statement below) # ones used by redhat and include also the SUSE specific ones (see sed statement below)
%define distro redhat %define distro redhat
@ -32,7 +33,7 @@ Summary: SELinux policy configuration
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: System/Management Group: System/Management
Name: selinux-policy Name: selinux-policy
Version: 20200910 Version: 20201016
Release: 0 Release: 0
Source: fedora-policy.%{version}.tar.bz2 Source: fedora-policy.%{version}.tar.bz2
Source1: selinux-policy-rpmlintrc Source1: selinux-policy-rpmlintrc
@ -87,10 +88,10 @@ Patch003: fix_gift.patch
Patch004: fix_java.patch Patch004: fix_java.patch
Patch005: fix_hadoop.patch Patch005: fix_hadoop.patch
Patch006: fix_thunderbird.patch Patch006: fix_thunderbird.patch
Patch007: fix_postfix.patch Patch007: fix_postfix.patch
Patch008: fix_nscd.patch Patch008: fix_nscd.patch
Patch009: fix_sysnetwork.patch Patch009: fix_sysnetwork.patch
Patch010: fix_logging.patch Patch010: fix_logging.patch
Patch011: fix_xserver.patch Patch011: fix_xserver.patch
Patch012: fix_miscfiles.patch Patch012: fix_miscfiles.patch
Patch013: fix_init.patch Patch013: fix_init.patch
@ -129,9 +130,9 @@ Patch047: fix_rpm.patch
Patch048: fix_apache.patch Patch048: fix_apache.patch
Patch049: fix_nis.patch Patch049: fix_nis.patch
Patch100: sedoctool.patch Patch100: sedoctool.patch
Url: https://github.com/fedora-selinux/selinux-policy.git URL: https://github.com/fedora-selinux/selinux-policy.git
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch BuildArch: noarch
BuildRequires: checkpolicy BuildRequires: checkpolicy
@ -139,8 +140,9 @@ BuildRequires: gawk
BuildRequires: libxml2-tools BuildRequires: libxml2-tools
BuildRequires: m4 BuildRequires: m4
BuildRequires: policycoreutils BuildRequires: policycoreutils
BuildRequires: python3-policycoreutils
BuildRequires: policycoreutils-devel BuildRequires: policycoreutils-devel
BuildRequires: python3
BuildRequires: python3-policycoreutils
# we need selinuxenabled # we need selinuxenabled
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): pam-config Requires(pre): pam-config
@ -354,7 +356,8 @@ creating other policies.
%{_rpmconfigdir}/macros.d/macros.selinux-policy %{_rpmconfigdir}/macros.d/macros.selinux-policy
%package sandbox %package sandbox
Summary: SELinux policy sandbox Summary: SELinux policy sandbox
Group: System/Management
Requires(pre): selinux-policy-targeted = %{version}-%{release} Requires(pre): selinux-policy-targeted = %{version}-%{release}
%description sandbox %description sandbox
@ -455,7 +458,6 @@ mkdir -p %{buildroot}%{_sharedstatedir}/selinux/{targeted,mls,minimum,modules}/
mkdir -p %{buildroot}%{_datadir}/selinux/packages mkdir -p %{buildroot}%{_datadir}/selinux/packages
mkdir selinux_config mkdir selinux_config
for i in %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE30} %{SOURCE31} %{SOURCE32} %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE50} %{SOURCE51} %{SOURCE52} %{SOURCE91} %{SOURCE92} %{SOURCE94};do for i in %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE30} %{SOURCE31} %{SOURCE32} %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE50} %{SOURCE51} %{SOURCE52} %{SOURCE91} %{SOURCE92} %{SOURCE94};do
cp $i selinux_config cp $i selinux_config
@ -522,11 +524,13 @@ if [ ! -s %{_sysconfdir}/selinux/config ]; then
else else
echo " echo "
# This file controls the state of SELinux on the system. # This file controls the state of SELinux on the system.
# SELinux can be completly disabled with the \"selinux=0\" kernel
# commandline option.
#
# SELINUX= can take one of these three values: # SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced. # enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing. # permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded. SELINUX=permissive
SELINUX=disabled
# SELINUXTYPE= can take one of these three values: # SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected, # targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected. # minimum - Modification of targeted policy. Only selected processes are protected.
@ -553,9 +557,7 @@ if [ $1 -eq 0 ]; then \
if [ "$SELINUXTYPE" = "$2" ]; then \ if [ "$SELINUXTYPE" = "$2" ]; then \
%{_sbindir}/setenforce 0 2> /dev/null \ %{_sbindir}/setenforce 0 2> /dev/null \
if [ -s %{_sysconfdir}/selinux/config ]; then \ if [ -s %{_sysconfdir}/selinux/config ]; then \
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config \ sed -i 's/^SELINUX=.*/SELINUX=permissive/g' %{_sysconfdir}/selinux/config \
else \
echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config \
fi \ fi \
fi \ fi \
pam-config -d --selinux \ pam-config -d --selinux \
@ -565,15 +567,12 @@ exit 0
%postun %postun
if [ $1 = 0 ]; then if [ $1 = 0 ]; then
%{_sbindir}/setenforce 0 2> /dev/null %{_sbindir}/setenforce 0 2> /dev/null
if [ ! -s %{_sysconfdir}/selinux/config ]; then if [ -s %{_sysconfdir}/selinux/config ]; then
echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config sed -i 's/^SELINUX=.*/SELINUX=permissive/g' %{_sysconfdir}/selinux/config
else
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config
fi fi
fi fi
exit 0 exit 0
%package devel %package devel
Summary: SELinux policy devel Summary: SELinux policy devel
Group: System/Management Group: System/Management
@ -651,7 +650,6 @@ Requires(pre): /usr/bin/awk
Requires(pre): selinux-policy = %{version}-%{release} Requires(pre): selinux-policy = %{version}-%{release}
Requires: selinux-policy = %{version}-%{release} Requires: selinux-policy = %{version}-%{release}
%description minimum %description minimum
SELinux Reference policy minimum base module. SELinux Reference policy minimum base module.