From 844dc82ee51fe6df9368c7abb8726c2432df36ed38ecfb203014a020c4224d05 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sun, 3 Aug 2008 02:41:25 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=1 --- baselibs.conf | 1 - libselinux-2.0.67-rhat.patch | 369 +++++++++++++++++++++++++ libselinux-2.0.67.tar.bz2 | 3 + libselinux-2.8.tar.gz | 3 - libselinux.changes | 508 ----------------------------------- libselinux.spec | 322 ++++++++++------------ python3.patch | 13 - readv-proto.patch | 12 - ready | 0 selinux-ready | 272 ------------------- 10 files changed, 521 insertions(+), 982 deletions(-) delete mode 100644 baselibs.conf create mode 100644 libselinux-2.0.67-rhat.patch create mode 100644 libselinux-2.0.67.tar.bz2 delete mode 100644 libselinux-2.8.tar.gz delete mode 100644 python3.patch delete mode 100644 readv-proto.patch create mode 100644 ready delete mode 100644 selinux-ready diff --git a/baselibs.conf b/baselibs.conf deleted file mode 100644 index 115b88a..0000000 --- a/baselibs.conf +++ /dev/null @@ -1 +0,0 @@ -libselinux1 diff --git a/libselinux-2.0.67-rhat.patch b/libselinux-2.0.67-rhat.patch new file mode 100644 index 0000000..b0dbffc --- /dev/null +++ b/libselinux-2.0.67-rhat.patch @@ -0,0 +1,369 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.67/man/man3/freecon.3 +--- nsalibselinux/man/man3/freecon.3 2008-06-12 23:25:12.000000000 -0400 ++++ libselinux-2.0.67/man/man3/freecon.3 2008-07-09 16:52:33.000000000 -0400 +@@ -15,6 +15,11 @@ + .B freeconary + frees the memory allocated for a context array. + ++If ++.I con ++is NULL, no operation is performed. ++ ++ + .SH "SEE ALSO" + .BR selinux "(8)" + +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.67/man/man8/selinuxconlist.8 +--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-07-09 16:52:33.000000000 -0400 +@@ -0,0 +1,18 @@ ++.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.SH "NAME" ++selinuxconlist \- list all SELinux context reachable for user ++.SH "SYNOPSIS" ++.B selinuxconlist [-l level] user [context] ++ ++.SH "DESCRIPTION" ++.B selinuxconlist ++reports the list of context reachable for user from the current context or specified context ++ ++.B \-l level ++mcs/mls level ++ ++.SH AUTHOR ++This manual page was written by Dan Walsh . ++ ++.SH "SEE ALSO" ++secon(8), selinuxdefcon(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.67/man/man8/selinuxdefcon.8 +--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-2.0.67/man/man8/selinuxdefcon.8 2008-07-09 16:52:33.000000000 -0400 +@@ -0,0 +1,19 @@ ++.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.SH "NAME" ++selinuxdefcon \- list default SELinux context for user ++ ++.SH "SYNOPSIS" ++.B selinuxdefcon [-l level] user [fromcon] ++ ++.SH "DESCRIPTION" ++.B seconlist ++reports the default context for the specified user from current context or specified context ++ ++.B \-l level ++mcs/mls level ++ ++.SH AUTHOR ++This manual page was written by Dan Walsh . ++ ++.SH "SEE ALSO" ++secon(8), selinuxconlist(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.67/src/Makefile +--- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400 ++++ libselinux-2.0.67/src/Makefile 2008-07-09 16:56:37.000000000 -0400 +@@ -7,16 +7,24 @@ + PYINC ?= /usr/include/$(PYLIBVER) + PYLIB ?= /usr/lib/$(PYLIBVER) + PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) ++RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")') ++RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') ++RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) ++RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) + + LIBVERSION = 1 + + LIBA=libselinux.a + TARGET=libselinux.so + SWIGIF= selinuxswig_python.i ++SWIGRUBYIF= selinuxswig_ruby.i + SWIGCOUT= selinuxswig_wrap.c ++SWIGRUBYCOUT= selinuxswig_ruby_wrap.c + SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) ++SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) + SWIGSO=_selinux.so + SWIGFILES=$(SWIGSO) selinux.py ++SWIGRUBYSO=_rubyselinux.so + LIBSO=$(TARGET).$(LIBVERSION) + AUDIT2WHYSO=audit2why.so + +@@ -29,7 +37,9 @@ + ifeq ($(DISABLE_RPM),y) + UNUSED_SRCS+=rpm.c + endif +-SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c))) ++ ++GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) ++SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c))) + + OBJS= $(patsubst %.c,%.o,$(SRCS)) + LOBJS= $(patsubst %.c,%.lo,$(SRCS)) +@@ -44,11 +54,11 @@ + + SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ + +-GENERATED=$(SWIGCOUT) ++SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ + + all: $(LIBA) $(LIBSO) + +-pywrap: all $(SWIGSO) $(AUDIT2WHYSO) ++pywrap: all $(SWIGSO) $(AUDIT2WHYSO) $(SWIGRUBYSO) + + $(LIBA): $(OBJS) + $(AR) rcs $@ $^ +@@ -57,8 +67,14 @@ + $(SWIGLOBJ): $(SWIGCOUT) + $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< + ++$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) ++ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< ++ + $(SWIGSO): $(SWIGLOBJ) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ ++ ++$(SWIGRUBYSO): $(SWIGRUBYLOBJ) ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ + + $(LIBSO): $(LOBJS) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro +@@ -79,6 +95,9 @@ + $(SWIGCOUT): $(SWIGIF) + $(SWIG) $^ + ++$(SWIGRUBYCOUT): $(SWIGRUBYIF) ++ $(SWIGRUBY) $^ ++ + swigify: $(SWIGIF) + $(SWIG) $^ + +@@ -95,6 +114,9 @@ + install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux + install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py + ++ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) ++ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so ++ + relabel: + /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + +@@ -102,7 +124,7 @@ + -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ + + distclean: clean +- rm -f $(SWIGCOUT) $(SWIGFILES) ++ rm -f $(GENERATED) $(SWIGFILES) + + indent: + ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.67/src/audit2why.c +--- nsalibselinux/src/audit2why.c 2008-06-12 23:25:14.000000000 -0400 ++++ libselinux-2.0.67/src/audit2why.c 2008-07-09 16:52:33.000000000 -0400 +@@ -55,7 +55,7 @@ + return 0; + } + +-static int check_booleans(struct avc_t *avc, struct boolean_t **bools) ++static int check_booleans(struct boolean_t **bools) + { + char errormsg[PATH_MAX]; + struct sepol_av_decision avd; +@@ -376,7 +376,7 @@ + avc->tsid = tsid; + avc->tclass = tclass; + avc->av = av; +- if (check_booleans(avc, &bools) == 0) { ++ if (check_booleans(&bools) == 0) { + if (av & ~avd.auditdeny) { + RETURN(DONTAUDIT) + } else { +@@ -390,15 +390,15 @@ + len++; b++; + } + b = bools; +- PyObject *boollist = PyTuple_New(len); ++ PyObject *outboollist = PyTuple_New(len); + len=0; + while(b->name) { + PyObject *bool = Py_BuildValue("(si)", b->name, b->active); +- PyTuple_SetItem(boollist, len++, bool); ++ PyTuple_SetItem(outboollist, len++, bool); + b++; + } + free(bools); +- PyTuple_SetItem(result, 1, boollist); ++ PyTuple_SetItem(result, 1, outboollist); + return result; + } + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.67/src/matchpathcon.c +--- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400 ++++ libselinux-2.0.67/src/matchpathcon.c 2008-07-09 16:52:33.000000000 -0400 +@@ -2,6 +2,7 @@ + #include + #include + #include ++#include + #include "selinux_internal.h" + #include "label_internal.h" + #include "callbacks.h" +@@ -57,7 +58,7 @@ + { + va_list ap; + va_start(ap, fmt); +- vfprintf(stderr, fmt, ap); ++ vsyslog(LOG_ERR, fmt, ap); + va_end(ap); + } + +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libselinux-2.0.67/src/selinuxswig_ruby.i +--- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-2.0.67/src/selinuxswig_ruby.i 2008-07-09 16:52:33.000000000 -0400 +@@ -0,0 +1,147 @@ ++/* Author: James Athey ++ */ ++ ++%module selinux ++%{ ++ #include "selinux/selinux.h" ++%} ++ ++/* security_get_boolean_names() typemap */ ++/* ++%typemap(argout) (char ***names, int *len) { ++ PyObject* list = PyList_New(*$2); ++ int i; ++ for (i = 0; i < *$2; i++) { ++ PyList_SetItem(list, i, PyString_FromString((*$1)[i])); ++ } ++ $result = SWIG_Python_AppendOutput($result, list); ++} ++*/ ++/* return a sid along with the result */ ++%typemap(argout) (security_id_t * sid) { ++ if (*$1) { ++ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); ++ } ++/* else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++*/ ++} ++ ++%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { ++ $1 = &temp; ++} ++ ++/* Makes security_compute_user() return a Python list of contexts */ ++/* ++%typemap(argout) (security_context_t **con) { ++ PyObject* plist; ++ int i, len = 0; ++ ++ if (*$1) { ++ while((*$1)[len]) ++ len++; ++ plist = PyList_New(len); ++ for (i = 0; i < len; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ ++ $result = SWIG_Python_AppendOutput($result, plist); ++} ++*/ ++/* Makes functions in get_context_list.h return a Python list of contexts */ ++ ++#ifdef fixme ++%typemap(argout) (security_context_t **list) { ++ PyObject* plist; ++ int i; ++ ++ if (*$1) { ++ plist = PyList_New(result); ++ for (i = 0; i < result; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ /* Only return the Python list, don't need to return the length anymore */ ++ $result = plist; ++} ++#endif ++ ++%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") security_context_t * ""; ++%typemap(argout,noblock=1) security_context_t * { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ freecon(*$1); ++ } ++/* ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++*/ ++} ++ ++%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") char ** ""; ++%typemap(argout,noblock=1) char ** { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ free(*$1); ++ } ++/* ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++*/ ++} ++/* ++%typemap(in) char * const [] { ++ int i, size; ++ PyObject * s; ++ ++ if (!PySequence_Check($input)) { ++ PyErr_SetString(PyExc_ValueError, "Expected a sequence"); ++ return NULL; ++ } ++ ++ size = PySequence_Size($input); ++ ++ $1 = (char**) malloc(size + 1); ++ for(i = 0; i < size; i++) { ++ if (!PyString_Check(PySequence_GetItem($input, i))) { ++ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); ++ return NULL; ++ } ++ } ++ ++ for(i = 0; i < size; i++) { ++ s = PySequence_GetItem($input, i); ++ $1[i] = (char*) malloc(PyString_Size(s) + 1); ++ strcpy($1[i], PyString_AsString(s)); ++ } ++ $1[size] = NULL; ++} ++*/ ++ ++%typemap(freearg,match="in") char * const [] { ++ int i = 0; ++ while($1[i]) { ++ free($1[i]); ++ i++; ++ } ++ free($1); ++} ++ ++%include "selinuxswig.i" diff --git a/libselinux-2.0.67.tar.bz2 b/libselinux-2.0.67.tar.bz2 new file mode 100644 index 0000000..6146ab7 --- /dev/null +++ b/libselinux-2.0.67.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c6044bb0e9531dfa21aa297b28fcef26df16c46f6d33b567942833524e96a92d +size 135165 diff --git a/libselinux-2.8.tar.gz b/libselinux-2.8.tar.gz deleted file mode 100644 index 8bfdf6e..0000000 --- a/libselinux-2.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:31db96ec7643ce10912b3c3f98506a08a9116dcfe151855fd349c3fda96187e1 -size 187759 diff --git a/libselinux.changes b/libselinux.changes index a94eadd..652a2bc 100644 --- a/libselinux.changes +++ b/libselinux.changes @@ -1,511 +1,3 @@ -------------------------------------------------------------------- -Thu Nov 29 19:10:14 UTC 2018 - Jan Engelhardt - -- Replace old $RPM_* shell vars. - -------------------------------------------------------------------- -Wed Nov 21 10:38:23 UTC 2018 - jsegitz@suse.com - -- Merged libselinux-bindings back into main spec file - -------------------------------------------------------------------- -Wed Oct 17 11:48:30 UTC 2018 - jsegitz@suse.com - -- Update to version 2.8 (bsc#1111732). - For changes please see - https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt - -------------------------------------------------------------------- -Mon May 14 22:45:54 UTC 2018 - mcepl@cepl.eu - -- Update to version 2.7. - * %files needed to be heavily modified - * Based expressly on python3, not just python - For changes please see - https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt - -------------------------------------------------------------------- -Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com - -- Update to version 2.6. Notable changes: - * selinux_restorecon: fix realpath logic - * sefcontext_compile: invert semantics of "-r" flag - * sefcontext_compile: Add "-i" flag - * Introduce configurable backends - * Add function to find security.restorecon_last entries - * Add openrc_contexts functions - * Add support for pcre2 - * Handle NULL pcre study data - * Add setfiles support to selinux_restorecon(3) - * Evaluate inodes in selinux_restorecon(3) - * Change the location of _selinux.so - * Explain how to free policy type from selinux_getpolicytype() - * Compare absolute pathname in matchpathcon -V - * Add selinux_snapperd_contexts_path() - * Modify audit2why analyze function to use loaded policy - * Avoid mounting /proc outside of selinux_init_load_policy() - * Fix location of selinuxfs mount point - * Only mount /proc if necessary - * procattr: return einval for <= 0 pid args - * procattr: return error on invalid pid_t input -- Dropped - * libselinux-2.2-ruby.patch - * libselinux-proc-mount-only-if-needed.patch - * python-selinux-swig-3.10.patch - -------------------------------------------------------------------- -Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de - -- readv-proto.patch: include for readv prototype - -------------------------------------------------------------------- -Sun Jul 24 19:33:42 UTC 2016 - crrodriguez@opensuse.org - -- -devel static subpackage requires libpcre-devel and libsepol-devel - -------------------------------------------------------------------- -Sun Jul 24 19:05:35 UTC 2016 - crrodriguez@opensuse.org - -- Avoid mounting /proc outside of selinux_init_load_policy(). - (Stephen Smalley) reverts upstream 5a8d8c4, 9df4988, fixes - among other things systemd seccomp sandboxing otherwise all - filters must allow mount(2) - (libselinux-proc-mount-only-if-needed.patch) - -------------------------------------------------------------------- -Sun Jul 17 15:30:05 UTC 2016 - jengelh@inai.de - -- Update RPM groups, trim description and combine filelist entries. - -------------------------------------------------------------------- -Thu Jul 14 07:58:49 UTC 2016 - jsegitz@novell.com - -- Adjusted source link - -------------------------------------------------------------------- -Tue Jul 5 16:42:03 UTC 2016 - i@marguerite.su - -- add patch: python-selinux-swig-3.10.patch, fixed boo#985368 - * swig-3.10 in Factory use importlib instead of imp to find - _selinux.so. imp searched the same directory as __init__.py - is while importlib searchs only standard paths. so we have - to move _selinux.so. fixed by upstream -- update version 2.5 - * Add selinux_restorecon function - * read_spec_entry: fail on non-ascii - * Add man information about thread specific functions - * Don't wrap rpm_execcon with DISABLE_RPM with SWIG - * Correct line count for property and service context files - * label_file: fix memory leaks and uninitialized jump - * Replace selabel_digest hash function - * Fix selabel_open(3) services if no digest requested - * Add selabel_digest function - * Flush the class/perm string mapping cache on policy reload - * Fix restorecon when path has no context - * Free memory when processing media and x specfiles - * Fix mmap memory release for file labeling - * Add policy context validation to sefcontext_compile - * Do not treat an empty file_contexts(.local) as an error - * Fail hard on invalid property_contexts entries - * Fail hard on invalid file_contexts entries - * Support context validation on file_contexts.bin - * Add selabel_cmp interface and label_file backend - * Support specifying file_contexts.bin file path - * Support file_contexts.bin without file_contexts - * Simplify procattr cache - * Use /proc/thread-self when available - * Add const to selinux_opt for label backends - * Fix binary file labels for regexes with metachars - * Fix file labels for regexes with metachars - * Fix if file_contexts not '\n' terminated - * Enhance file context support - * Fix property processing and cleanup formatting - * Add read_spec_entries function to replace sscanf - * Support consistent mode size for bin files - * Fix more bin file processing core dumps - * add selinux_openssh_contexts_path() - * setrans_client: minimize overhead when mcstransd is not present - * Ensure selabel_lookup_best_match links NULL terminated - * Fix core dumps with corrupt *.bin files - * Add selabel partial and best match APIs - * Use os.walk() instead of the deprecated os.path.walk() - * Remove deprecated mudflap option - * Mount procfs before checking /proc/filesystems - * Fix -Wformat errors with gcc-5.0.0 - * label_file: handle newlines in file names - * Fix audit2why error handling if SELinux is disabled - * pcre_study can return NULL without error - * Only check SELinux enabled status once in selinux_check_access -- changes in 2.4 - * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR - * Fix bugs found by hardened gcc flags - * Set the system to permissive if failing to disable SELinux because - policy has already been loaded - * Add db_exception and db_datatype support to label_db backend - * Log an error on unknown classes and permissions - * Add pcre version string to the compiled file_contexts format - * Deprecate use of flask.h and av_permissions.h - * Compiled file_context files and the original should have the same DAC - permissions - -------------------------------------------------------------------- -Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com - -- fixed selinux-ready to work with initrd files created by dracut (bsc#940006) - -------------------------------------------------------------------- -Mon Sep 8 08:25:11 UTC 2014 - jsegitz@suse.com - -- updated selinux-ready script to handle initrd files compressed with xz - -------------------------------------------------------------------- -Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org - -- Update to version 2.3 -* Get rid of security_context_t and fix const declarations. -* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. - -------------------------------------------------------------------- -Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com - -- Update to version 2.2 - * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. - * Support overriding Makefile RANLIB - * Update pkgconfig definition - * Mount sysfs before trying to mount selinuxfs. - * Fix man pages - * Support overriding PATH and LIBBASE in Makefile - * Fix LDFLAGS usage - * Avoid shadowing stat in load_mmap - * Support building on older PCRE libraries - * Fix handling of temporary file in sefcontext_compile - * Fix procattr cache - * Define python constants for getenforce result - * Fix label substitution handling of / - * Add selinux_current_policy_path from - * Change get_context_list to only return good matches - * Support udev-197 and higher - * Add support for local substitutions - * Change setfilecon to not return ENOSUP if context is already correct - * Python wrapper leak fixes - * Export SELINUX_TRANS_DIR definition in selinux.h - * Add selinux_systemd_contexts_path - * Add selinux_set_policy_root - * Add man page for sefcontext_compile -- Remove libselinux-rhat.patch; merged on upstream -- Adapt libselinux-ruby.patch to upstream changes -- Use fdupes to symlink duplicate manpages - -------------------------------------------------------------------- -Thu Jun 27 14:42:01 UTC 2013 - vcizek@suse.com - -- change the source url to the official 2.1.13 release tarball - -------------------------------------------------------------------- -Wed May 22 23:50:58 UTC 2013 - jengelh@inai.de - -- Reuse implicit dependencies injected by pkgconfig - -------------------------------------------------------------------- -Thu Apr 4 19:16:35 UTC 2013 - vcizek@suse.com - -- fixed source url in libselinux-bindings.spec -- removed old tarball - -------------------------------------------------------------------- -Wed Apr 3 10:17:21 UTC 2013 - vcizek@suse.com - -- fix source url -- document changes in libselinux-rhat.patch from previous submission: - (most code of the removed code was integrated upstream) - * Add matchpathcon -P /etc/selinux/mls support by allowing users - to set alternate root - * Add new constant SETRANS_DIR which points to the directory - where mstransd can find the socket and libvirt can write its - translations files - -------------------------------------------------------------------- -Fri Mar 29 15:12:50 UTC 2013 - vcizek@suse.com - --update to 2.1.13 - * audit2why: make sure path is nul terminated - * utils: new file context regex compiler - * label_file: use precompiled filecontext when possible - * do not leak mmapfd - * sefcontontext_compile: Add error handling to help debug problems in libsemanage. - * man: make selinux.8 mention service man pages - * audit2why: Fix segfault if finish() called twice - * audit2why: do not leak on multiple init() calls - * mode_to_security_class: interface to translate a mode_t in to a security class - * audit2why: Cleanup audit2why analysys function - * man: Fix program synopsis and function prototypes in man pages - * man: Fix man pages formatting - * man: Fix typo in man page - * man: Add references and man page links to _raw function variants - * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions - * man: context_new(3): fix the return value description - * selinux_status_open: handle error from sysconf - * selinux_status_open: do not leak statusfd on exec - * Fix errors found by coverity - * Change boooleans.subs to booleans.subs_dist. - * optimize set*con functions - * pkg-config do not specifc ruby version - * unmap file contexts on selabel_close() - * do not leak file contexts with mmap'd backend - * sefcontext_compile: do not leak fd on error - * matchmediacon: do not leak fd - * src/label_android_property: do not leak fd on error - -------------------------------------------------------------------- -Wed Jan 30 11:44:45 UTC 2013 - vcizek@suse.com - -- update to 2.1.12 - - added the recent libselinux-rhat.patch - * Add support for lxc_contexts_path - * utils: add service to getdefaultcon - * libsemanage: do not set soname needlessly - * libsemanage: remove PYTHONLIBDIR and ruby equivalent - * boolean name equivalency - * getsebool: support boolean name substitution - * Add man page for new selinux_boolean_sub function. - * expose selinux_boolean_sub - * matchpathcon: add -m option to force file type check - * utils: avcstat: clear sa_mask set - * seusers: Check for strchr failure - * booleans: initialize pointer to silence coveriety - * stop messages when SELinux disabled - * Ensure that we only close the selinux netlink socket once. - * improve the file_contexts.5 manual page - * Fortify source now requires all code to be compiled with -O flag - * asprintf return code must be checked - * avc_netlink_recieve handle EINTR - * audit2why: silence -Wmissing-prototypes warning - * libsemanage: remove build warning when build swig c files - * matchpathcon: bad handling of symlinks in / - * seusers: remove unused lineno - * seusers: getseuser: gracefully handle NULL service - * New Android property labeling backend - * label_android_property whitespace cleanups - * additional makefile support for rubywrap - * Remove jump over variable declaration - * Fix old style function definitions - * Fix const-correctness - * Remove unused flush_class_cache method - * Add prototype decl for destructor - * Add more printf format annotations - * Add printf format attribute annotation to die() method - * Fix const-ness of parameters & make usage() methods static - * Enable many more gcc warnings for libselinux/src/ builds - * utils: Enable many more gcc warnings for libselinux/utils builds - * Change annotation on include/selinux/avc.h to avoid upsetting SWIG - * Ensure there is a prototype for 'matchpathcon_lib_destructor' - * Update Makefiles to handle /usrmove - * utils: Stop separating out matchpathcon as something special - * pkg-config to figure out where ruby include files are located - * build with either ruby 1.9 or ruby 1.8 - * assert if avc_init() not called - * take security_deny_unknown into account - * security_compute_create_name(3) - * Do not link against python library, this is considered - * bad practice in debian - * Hide unnecessarily-exported library destructors - -------------------------------------------------------------------- -Mon Jan 7 22:34:03 UTC 2013 - jengelh@inai.de - -- Remove obsolete defines/sections - -------------------------------------------------------------------- -Tue Dec 11 16:15:52 UTC 2012 - vcizek@suse.com - -- update selinux-ready script - * use -L when stat()ing /etc/selinux/config - * make sure that SELINUX isn't disabled in /etc/selinux/config - * look for either of /sys/fs/selinux and /selinux directory - * use systemctl to check for restorecond - * don't look for booleans file (deprecated) - -------------------------------------------------------------------- -Tue Nov 27 12:38:29 UTC 2012 - vcizek@suse.com - -- update selinux-ready script - -------------------------------------------------------------------- -Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com - -- updated to 2.1.9 again (see below) - -------------------------------------------------------------------- -Wed Jun 13 08:56:36 UTC 2012 - coolo@suse.com - -- go back even more - everything else requires the full SELinux stack - (too late for 12.2) - -------------------------------------------------------------------- -Mon Jun 11 09:06:55 UTC 2012 - factory-maintainer@kulow.org - -- revert back to 2.0.98 for 12.2 - -------------------------------------------------------------------- -Fri Jun 1 18:34:04 CEST 2012 - mls@suse.de - -- update to libselinux-2.1.9 - * better man pages - * selinux_status interfaces - * simple interface for access checks - * multiple bug fixes - -------------------------------------------------------------------- -Wed Oct 5 15:09:25 UTC 2011 - uli@suse.com - -- cross-build fix: use %__cc macro - -------------------------------------------------------------------- -Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de - -- use %_smp_mflags - -------------------------------------------------------------------- -Mon May 3 10:30:40 UTC 2010 - prusnak@suse.cz - -- don't package /var/run/setrans in libselinux1 package - - Feature#303793 - - the directory will be created in initscript of mcstrans package - -------------------------------------------------------------------- -Sat Apr 24 09:53:28 UTC 2010 - coolo@novell.com - -- buildrequire pkg-config to fix provides - -------------------------------------------------------------------- -Fri Apr 9 07:27:27 UTC 2010 - thomas@novell.com - -- selinux-ready: added function to check for restorecond in - runlevel 3/5 - -------------------------------------------------------------------- -Thu Apr 8 06:37:34 UTC 2010 - thomas@novell.com - -- selinux-ready: added functions for checking PAM config and - policy boolean init_upstart - -------------------------------------------------------------------- -Wed Apr 7 13:26:59 UTC 2010 - thomas@novell.com - -- selinux-ready: fixed init ramfs checking - -------------------------------------------------------------------- -Wed Apr 7 12:59:41 UTC 2010 - thomas@novell.com - -- added new selinux-ready script - -------------------------------------------------------------------- -Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz - -- updated to 2.0.91 - * changes too numerous to list - -------------------------------------------------------------------- -Sat Dec 12 16:43:54 CET 2009 - jengelh@medozas.de - -- add baselibs.conf as a source - -------------------------------------------------------------------- -Fri Jul 24 17:09:50 CEST 2009 - thomas@novell.com - -- updated selinux-ready script - -------------------------------------------------------------------- -Wed Jul 22 15:17:25 CEST 2009 - prusnak@suse.cz - -- change libsepol-devel to libsepol-devel-static in dependencies - of python bindings - -------------------------------------------------------------------- -Wed Jul 1 12:26:48 CEST 2009 - prusnak@suse.cz - -- put libsepol-devel back to Requires of libselinux-devel - -------------------------------------------------------------------- -Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz - -- added selinux-ready tool to selinux-tools package - -------------------------------------------------------------------- -Tue Jun 9 20:17:54 CEST 2009 - crrodriguez@suse.de - -- remove static libraries -- libselinux-devel does not require libsepol-devel - -------------------------------------------------------------------- -Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz - -- updated to 2.0.80 - * deny_unknown wrapper function from KaiGai Kohei - * security_compute_av_flags API from KaiGai Kohei - * Netlink socket management and callbacks from KaiGai Kohei - * Netlink socket handoff patch from Adam Jackson - * AVC caching of compute_create results by Eric Paris - * fix incorrect conversion in discover_class code - -------------------------------------------------------------------- -Fri Apr 17 17:12:06 CEST 2009 - prusnak@suse.cz - -- fixed memory leak (memleak.patch) - -------------------------------------------------------------------- -Wed Jan 14 14:04:30 CET 2009 - prusnak@suse.cz - -- updated to 2.0.77 - * add new function getseuser which will take username and service - and return seuser and level; ipa will populate file in future - * change selinuxdefcon to return just the context by default - * fix segfault if seusers file does not work - * strip trailing / for matchpathcon - * fix restorecon python code - -------------------------------------------------------------------- -Mon Dec 1 11:32:50 CET 2008 - prusnak@suse.cz - -- updated to 2.0.76 - * allow shell-style wildcarding in X names - * add Restorecon/Install python functions - * correct message types in AVC log messages - * make matchpathcon -V pass mode - * add man page for selinux_file_context_cmp - * update flask headers from refpolicy trunk - -------------------------------------------------------------------- -Wed Oct 22 16:28:59 CEST 2008 - mrueckert@suse.de - -- fix debug_packages_requires define - -------------------------------------------------------------------- -Tue Sep 23 12:51:10 CEST 2008 - prusnak@suse.cz - -- require only version, not release [bnc#429053] - -------------------------------------------------------------------- -Tue Sep 2 12:09:22 CEST 2008 - prusnak@suse.cz - -- updated to 2.0.71 - * Add group support to seusers using %groupname syntax from Dan Walsh. - * Mark setrans socket close-on-exec from Stephen Smalley. - * Only apply nodups checking to base file contexts from Stephen Smalley. - * Merge ruby bindings from Dan Walsh. - -------------------------------------------------------------------- -Mon Sep 1 07:35:00 CEST 2008 - aj@suse.de - -- Fix build of debuginfo. - -------------------------------------------------------------------- -Fri Aug 22 14:45:29 CEST 2008 - prusnak@suse.cz - -- added baselibs.conf file -- split bindings into separate subpackage (libselinux-bindings) -- split tools into separate subpackage (selinux-tools) - ------------------------------------------------------------------- Fri Aug 1 17:32:20 CEST 2008 - ro@suse.de diff --git a/libselinux.spec b/libselinux.spec index c517097..120aaff 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,239 +1,215 @@ # -# spec file for package libselinux +# spec file for package libselinux (Version 2.0.67) # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. # -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# norootforbuild -%define libsepol_ver 2.8 -%{?!python_module:%define python_module() python-%{**} python3-%{**}} +%define libsepol_ver 2.0.32 +BuildRequires: python-devel ruby-devel swig +BuildRequires: libsepol-devel >= %{libsepol_ver} Name: libselinux -Version: 2.8 -Release: 0 -Summary: SELinux runtime library and utilities -License: GPL-2.0-only AND SUSE-Public-Domain -Group: Development/Libraries/C and C++ -Url: https://github.com/SELinuxProject/selinux/wiki/Releases -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-%{version}.tar.gz -Source1: selinux-ready -Source2: baselibs.conf -Patch3: python3.patch -# PATCH-FIX-UPSTREAM Include for readv prototype -Patch4: readv-proto.patch +Version: 2.0.67 +Release: 2 +Url: http://www.nsa.gov/selinux/ +License: GPL v2 only; Public Domain, Freeware +Group: System/Libraries +Summary: SELinux library and simple utilities +Source: %{name}-%{version}.tar.bz2 +Patch0: %{name}-%{version}-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: fdupes -BuildRequires: libsepol-devel >= %{libsepol_ver} -BuildRequires: libsepol-devel-static >= %{libsepol_ver} -BuildRequires: pcre-devel -BuildRequires: pkg-config -BuildRequires: python-rpm-macros -BuildRequires: python3 -BuildRequires: python3-devel -BuildRequires: ruby-devel -BuildRequires: swig +%define debug_package_requires libselinux1 = %{version} %description -libselinux provides an interface to get and set process and file -security contexts and to obtain security policy decisions. +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux kernel +contains new architectural components originally developed to improve +the security of the Flask operating system. These architectural +components provide general support for the enforcement of many kinds of +mandatory access control policies, including those based on the +concepts of Type Enforcement®, Role-based Access Control, and +Multi-level Security. + +libselinux provides an API for SELinux applications to get and set +process and file security contexts and to obtain security policy +decisions. Required for any applications that use the SELinux API. + + %package -n libselinux1 -Summary: SELinux runtime library -License: GPL-2.0-only AND SUSE-Public-Domain +License: GPL v2 only; Public Domain, Freeware Group: System/Libraries +Summary: SELinux library and simple utilities %description -n libselinux1 -libselinux provides an interface to get and set process and file -security contexts and to obtain security policy decisions. +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux kernel +contains new architectural components originally developed to improve +the security of the Flask operating system. These architectural +components provide general support for the enforcement of many kinds of +mandatory access control policies, including those based on the +concepts of Type Enforcement®, Role-based Access Control, and +Multi-level Security. -(Security-enhanced Linux is a feature of the kernel and some -utilities that implement mandatory access control policies, such as -Type Enforcement, Role-based Access Control and Multi-Level -Security.) +libselinux provides an API for SELinux applications to get and set +process and file security contexts and to obtain security policy +decisions. Required for any applications that use the SELinux API. -%package -n selinux-tools -Summary: SELinux command-line utilities -License: GPL-2.0-only AND SUSE-Public-Domain -Group: System/Base -%description -n selinux-tools -Security-enhanced Linux is a feature of the kernel and some -utilities that implement mandatory access control policies, such as -Type Enforcement, Role-based Access Control and Multi-Level -Security. - -This subpackage contains utilities to inspect and administer the -system's SELinux state. %package devel -Summary: Development files for the SELinux runtime library -License: GPL-2.0-only AND SUSE-Public-Domain +License: GPL v2 only; Public Domain, Freeware +Summary: Development Include Files and Libraries for SELinux Group: Development/Libraries/C and C++ -Requires: glibc-devel -Requires: libselinux1 = %{version} -#Automatic dependency on libsepol-devel via pkgconfig +Requires: libselinux1 = %{version}-%{release} +Requires: libsepol-devel >= %{libsepol_ver} %description devel -libselinux provides an interface to get and set process and file -security contexts and to obtain security policy decisions. +Security-enhanced Linux is a patch of the Linux kernel and a number of +utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux kernel +contains new architectural components originally developed to improve +the security of the Flask operating system. These architectural +components provide general support for the enforcement of many kinds of +mandatory access control policies, including those based on the +concepts of Type Enforcement®, Role-based Access Control, and +Multi-level Security. -This package contains the development files, which are +This package contains the header files and static libraries, which are necessary to develop your own software using libselinux. -%package devel-static -Summary: Static archives for the SELinux runtime -License: GPL-2.0-only AND SUSE-Public-Domain -Group: Development/Libraries/C and C++ -Requires: libselinux-devel = %{version} -Requires: pkgconfig(libpcre) -Requires: pkgconfig(libsepol) -%description devel-static -libselinux provides an interface to get and set process and file -security contexts and to obtain security policy decisions. -This package contains the static development files, which are -necessary to develop your own software using libselinux. +%package -n python-selinux +License: Public Domain, Freeware +Summary: SELinux library and simple utilities +Group: System/Libraries +Requires: libselinux1 = %{version}-%{release} +Requires: python + +%description -n python-selinux +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux kernel +contains new architectural components originally developed to improve +the security of the Flask operating system. These architectural +components provide general support for the enforcement of many kinds of +mandatory access control policies, including those based on the +concepts of Type Enforcement®, Role-based Access Control, and +Multi-level Security. + +libselinux provides an API for SELinux applications to get and set +process and file security contexts and to obtain security policy +decisions. Required for any applications that use the SELinux API. + + + +%package -n ruby-selinux +License: Public Domain, Freeware +Summary: SELinux library and simple utilities +Group: System/Libraries +Requires: libselinux1 = %{version}-%{release} +Requires: ruby + +%description -n ruby-selinux +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux kernel +contains new architectural components originally developed to improve +the security of the Flask operating system. These architectural +components provide general support for the enforcement of many kinds of +mandatory access control policies, including those based on the +concepts of Type Enforcement®, Role-based Access Control, and +Multi-level Security. + +libselinux provides an API for SELinux applications to get and set +process and file security contexts and to obtain security policy +decisions. Required for any applications that use the SELinux API. + + %prep -%setup -q -n libselinux-%{version} -%patch3 -p1 -%patch4 -p1 +%setup -q +%patch0 -p1 %build -make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" CC="%{__cc}" -make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src V=1 -make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src swigify V=1 -make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src pywrap V=1 -make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src rubywrap V=1 +make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" swigify +make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" all pywrap %install -mkdir -p %{buildroot}/%{_lib} -mkdir -p %{buildroot}/%{_libdir} -mkdir -p %{buildroot}/%{_includedir} -mkdir -p %{buildroot}/%{_sbindir} -%make_install LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" BINDIR="%{_sbindir}" -rm -f %{buildroot}/%{_sbindir}/compute_* -rm -f %{buildroot}/%{_sbindir}/deftype -rm -f %{buildroot}/%{_sbindir}/execcon -rm -f %{buildroot}/%{_sbindir}/getenforcemode -rm -f %{buildroot}/%{_sbindir}/getfilecon -rm -f %{buildroot}/%{_sbindir}/getpidcon -rm -f %{buildroot}/%{_sbindir}/mkdircon -rm -f %{buildroot}/%{_sbindir}/policyvers -rm -f %{buildroot}/%{_sbindir}/setfilecon -rm -f %{buildroot}/%{_sbindir}/selinuxconfig -rm -f %{buildroot}/%{_sbindir}/selinuxdisable -rm -f %{buildroot}/%{_sbindir}/getseuser -rm -f %{buildroot}/%{_sbindir}/selinux_check_securetty_context -mv %{buildroot}/%{_sbindir}/getdefaultcon %{buildroot}/%{_sbindir}/selinuxdefcon -mv %{buildroot}/%{_sbindir}/getconlist %{buildroot}/%{_sbindir}/selinuxconlist -install -m 0755 %{SOURCE1} %{buildroot}/%{_sbindir}/selinux-ready +mkdir -p $RPM_BUILD_ROOT/%{_lib} +mkdir -p $RPM_BUILD_ROOT%{_libdir} +mkdir -p $RPM_BUILD_ROOT%{_includedir} +mkdir -p $RPM_BUILD_ROOT%{_sbindir} +mkdir -p $RPM_BUILD_ROOT/var/run/setrans +make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" BINDIR="$RPM_BUILD_ROOT%{_sbindir}" install install-pywrap +rm -f $RPM_BUILD_ROOT%{_sbindir}/compute_* +rm -f $RPM_BUILD_ROOT%{_sbindir}/deftype +rm -f $RPM_BUILD_ROOT%{_sbindir}/execcon +rm -f $RPM_BUILD_ROOT%{_sbindir}/getenforcemode +rm -f $RPM_BUILD_ROOT%{_sbindir}/getfilecon +rm -f $RPM_BUILD_ROOT%{_sbindir}/getpidcon +rm -f $RPM_BUILD_ROOT%{_sbindir}/mkdircon +rm -f $RPM_BUILD_ROOT%{_sbindir}/policyvers +rm -f $RPM_BUILD_ROOT%{_sbindir}/setfilecon +rm -f $RPM_BUILD_ROOT%{_sbindir}/selinuxconfig +rm -f $RPM_BUILD_ROOT%{_sbindir}/selinuxdisable +rm -f $RPM_BUILD_ROOT%{_sbindir}/getseuser +rm -f $RPM_BUILD_ROOT%{_sbindir}/selinux_check_securetty_context +mv $RPM_BUILD_ROOT%{_sbindir}/getdefaultcon $RPM_BUILD_ROOT%{_sbindir}/selinuxdefcon +mv $RPM_BUILD_ROOT%{_sbindir}/getconlist $RPM_BUILD_ROOT%{_sbindir}/selinuxconlist -%make_install LIBDIR="%{_libdir}" \ - SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \ - -C src V=1 -make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" \ - SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \ - -C src install-pywrap V=1 -make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" \ - SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \ - -C src install-rubywrap V=1 -# Remove duplicate files -%fdupes -s %{buildroot}%{_mandir} +%clean +rm -rf $RPM_BUILD_ROOT %post -n libselinux1 -p /sbin/ldconfig %postun -n libselinux1 -p /sbin/ldconfig -%files -n selinux-tools +%files -n libselinux1 %defattr(-,root,root,-) +/%{_lib}/libselinux.so.* %{_sbindir}/avcstat %{_sbindir}/getenforce %{_sbindir}/getsebool %{_sbindir}/matchpathcon -%{_sbindir}/selabel_digest -%{_sbindir}/selabel_lookup -%{_sbindir}/selinux_check_access -%{_sbindir}/selabel_lookup_best_match -%{_sbindir}/selabel_partial_match %{_sbindir}/selinuxconlist %{_sbindir}/selinuxdefcon %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/togglesebool -#%#{_sbindir}/selinux_restorecon -%{_sbindir}/selinux-ready -%{_sbindir}/selinuxexeccon -%{_sbindir}/sefcontext_compile %{_mandir}/man5/* %{_mandir}/man8/* - -%files -n libselinux1 -%defattr(-,root,root,-) -/%{_lib}/libselinux.so.* +/var/run/setrans %files devel %defattr(-,root,root,-) %{_libdir}/libselinux.so -%{_includedir}/selinux/ -%{_mandir}/man3/* -%{_libdir}/pkgconfig/libselinux.pc - -%files devel-static -%defattr(-,root,root,-) %{_libdir}/libselinux.a +%dir %{_includedir}/selinux +%{_includedir}/selinux/* +%{_mandir}/man3/* -%package -n python3-selinux -Summary: Python bindings for the SELinux runtime library -License: SUSE-Public-Domain -Group: Development/Libraries/Python -%define oldpython python -%ifpython2 -Obsoletes: %{oldpython}-selinux < %{version} -Provides: %{oldpython}-selinux = %{version} -%endif -Requires: libselinux1 = %{version} -Requires: python3 - -%description -n python3-selinux -libselinux provides an interface to get and set process and file -security contexts and to obtain security policy decisions. - -This subpackage contains Python extensions to use SELinux from that -language. - -%package -n ruby-selinux -Summary: Ruby bindings for the SELinux runtime library -License: SUSE-Public-Domain -Group: Development/Languages/Ruby -Requires: libselinux1 = %{version} -Requires: ruby - -%description -n ruby-selinux -libselinux provides an interface to get and set process and file -security contexts and to obtain security policy decisions. - -This subpackage contains Ruby extensions to use SELinux from that -language. - -%files -n python3-selinux +%files -n python-selinux %defattr(-,root,root,-) -%{python3_sitearch}/*selinux* +%dir %{py_sitedir}/selinux +%{py_sitedir}/selinux/* %files -n ruby-selinux %defattr(-,root,root,-) -%{_libdir}/ruby/vendor_ruby/%{rb_ver}/%{rb_arch}/selinux.so +%{_libdir}/ruby/site_ruby/%{rb_ver}/%{rb_arch}/selinux.so %changelog +* Fri Aug 01 2008 ro@suse.de +- fix requires for debuginfo package +* Tue Jul 15 2008 prusnak@suse.cz +- initial version 2.0.67 + * based on Fedora package by Dan Walsh diff --git a/python3.patch b/python3.patch deleted file mode 100644 index 58a2136..0000000 --- a/python3.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: libselinux-2.7/src/Makefile -=================================================================== ---- libselinux-2.7.orig/src/Makefile -+++ libselinux-2.7/src/Makefile -@@ -1,7 +1,7 @@ - # Support building the Python bindings multiple times, against various Python - # runtimes (e.g. Python 2 vs Python 3) by optionally prefixing the build - # targets with "PYPREFIX": --PYTHON ?= python -+PYTHON ?= python3 - PYPREFIX ?= $(shell $(PYTHON) -c 'import sys;print("python-%d.%d" % sys.version_info[:2])') - RUBY ?= ruby - RUBYPREFIX ?= $(notdir $(RUBY)) diff --git a/readv-proto.patch b/readv-proto.patch deleted file mode 100644 index 795c9b2..0000000 --- a/readv-proto.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: libselinux-2.5/src/setrans_client.c -=================================================================== ---- libselinux-2.5.orig/src/setrans_client.c -+++ libselinux-2.5/src/setrans_client.c -@@ -9,6 +9,7 @@ - #include - #include - #include -+#include - - #include - #include diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/selinux-ready b/selinux-ready deleted file mode 100644 index 163489b..0000000 --- a/selinux-ready +++ /dev/null @@ -1,272 +0,0 @@ -#!/bin/bash - -KERNEL="unknown" -INITRD="unknown" -TD="" - - -# init needs /selinux to be there -check_dir() -{ - SLDIRS="/selinux /sys/fs/selinux" - FOUND="no" - - for DIR in $SLDIRS; do - if [ -d $DIR ]; then - printf "\tcheck_dir: OK. $DIR exists.\n" - FOUND="yes" - fi - done - - if [ $FOUND == "yes" ]; then - return 0 - else - printf "\tcheck_dir: ERR. Neither of $SLDIRS does exist. Please execute 'mkdir /sys/fs/selinux' as root\n" - return 1 - fi -} - -check_filesystem() -{ - FSPATH="/proc/filesystems" - FSNAMES="securityfs selinuxfs" - OK="O" - - for FSNAME in $FSNAMES; do - grep -w $FSNAME $FSPATH 1>&2 >/dev/null - - if [ $? == 0 ]; then - printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n" - else - printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n" - OK="1" - fi - done - if [ "$OK" == "0" ]; then - return 0; - else - return 1; - fi -} - -check_boot() -{ - BPARAM1="security=selinux" - BPARAM2="selinux=1" - - printf "\tcheck_boot: Assuming GRUB2 as bootloader.\n" - - # look for parameters of the current kernel - CURRENT_KERNEL=$(uname -r) - OTHERS="" - RETVAL="FAIL" - while read BLINE - do - K=$(echo $BLINE | awk -F' ' '{print $2}') - KERNEL=$(basename $K) - K=$(echo $KERNEL | sed s/vmlinuz-//) - - if [ "$K" == "$CURRENT_KERNEL" ]; then - INITRD=initrd-$K - RETVAL="OK" - else - OTHERS="$KERNEL $OTHERS" - fi - done < <(grep -- $BPARAM1 /boot/grub2/grub.cfg 2>/dev/null | grep -- $BPARAM2) - - if [ "$RETVAL" == OK ]; then - printf "\tcheck_boot: OK. Current kernel '$KERNEL' has boot-parameters '$BPARAM1 $BPARAM2'\n" - printf "\tcheck_boot: OK. Other kernels with correct parameters: $OTHERS\n" - return 0 - else - printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n" - printf "\t Please use YaST2 to add 'security=selinux selinux=1' to the kernel boot-parameter list.\n" - return 1 - fi -} - -check_mkinitrd() -{ - if [ "$INITRD" == "unknown" ]; then - return 1 - fi - MCMD="mount.*/root/proc.*" - - if ! [ -f "/boot/$INITRD" ];then - printf "\tcheck_mkinitrd: ERR. Unable to locate '/boot/$INITRD'\n" - return 2 - fi - - cp /boot/$INITRD $TD/ 2>/dev/null - - if ! [ -f "$TD/$INITRD" ];then - printf "\tcheck_mkinitrd: ERR. Error while copying initrd file.'\n" - return 2 - fi - - - pushd . 2>&1>/dev/null - cd $TD - mkdir initrd-extracted - cd initrd-extracted - INITRD_FORMAT=$(file $TD/$INITRD | awk -F' ' '{print $2}') - case $INITRD_FORMAT in - 'XZ' ) - xz -d -c $TD/$INITRD | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; - 'ASCII' ) - /usr/lib/dracut/skipcpio $TD/$INITRD | xz -d | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; - 'gzip' ) - gzip -d -c $TD/$INITRD | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; - * ) - printf "\tcheck_mkinitrd: ERR. Error while extracting initrd file.'\n" - return 2 - esac - if [ -d boot ]; then - grep -E -- $MCMD boot/* 2>&1 >/dev/null - FLG1=$? - grep -E -- load_policy boot/* 2>&1 >/dev/null - FLG2=$? - else - # looks like we're using dracut/systemd. We can only check if libselinux1 - # exists - if [ -f lib64/libselinux.so.1 ]; then - # if this exists - FLG1=0 - FLG2=0 - fi - fi - popd 2>&1>/dev/null - - if [ $FLG1 == 0 -a $FLG2 == 0 ];then - printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n" - return 0 - else - printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n" - printf "\t the root filesystem during boot and/or load_policy\n" - printf "\t is missing,\n" - printf "\t this may be a reason for SELinux not working.\n" - return 1 - fi -} - -check_pam() -{ - AA_PAM=0 - SE_PAM=0 - - # test for AA pam module - grep apparmor /etc/pam.d/* 2>&1 >/dev/null - FLG=$? - if [ $FLG == 0 ]; then - AA_PAM=1 - fi - - # test for SELinux pam module - grep selinux /etc/pam.d/* 2>&1 >/dev/null - FLG=$? - if [ $FLG == 0 ]; then - SE_PAM=1 - fi - - # suggest config - if [ $SE_PAM == 1 ] && [ $AA_PAM == 0 ]; then - printf "\tcheck_pam: OK. Your PAM configuration seems to be correct.\n" - return 0 - fi - printf "\tcheck_pam: ERR. Your PAM configuration seems to be incorrect.\n" - if [ $AA_PAM == 1 ]; then - printf " execute 'pam-config -d --apparmor' as root\n" - fi - if [ $SE_PAM == 0 ]; then - printf " execute 'pam-config -a --selinux' as root\n" - fi - - return 1 -} - -check_initupstart() -{ - CFGFILE="/etc/selinux/config" - - if ! [ -f $CFGFILE ]; then - printf "\tcheck_initupstart: ERR. $CFGFILE does not exist.\n" - return 1; - fi -} - -check_runlevel() -{ - if [ "$(systemctl is-enabled restorecond.service)" == "enabled" ]; then - printf "\tcheck_runlevel: OK. restorecond is enabled on your system\n" - return 0; - fi - printf "\tcheck_runlevel: ERR. please execute 'yast2 runlevel' and enable restorecond.\n" - return 1 -} - -check_packages() -{ - PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1 selinux-policy" - FAIL=0 - - for i in $PKGLST - do - rpm -q $i 1>&2 >/dev/null - if [ $? == 1 ];then - printf "\tcheck_packages: ERR. Package '$i' not installed, please run 'zypper in $i' as root\n" - FAIL=1 - fi - done - - if [ $FAIL == 0 ]; then - printf "\tcheck_packages: OK. All essential packages are installed\n" - return 0 - else - return 1 - fi -} - -check_config() -{ - CF="/etc/selinux/config" - - if [ -f $CF ];then - printf "\tcheck_config: OK. Config file seems to be there.\n" - # with -L because /etc/selinux/config is now a link to /etc/sysconfig/selinux-policy - if ! [ $(stat -L --printf=%a $CF) -eq "644" ]; then - printf "\tcheck_config: ERR. Config file '$CF' has wrong permissions.\n" - return 1 - fi - - # check that SELINUX is not disabled there - SELINUX_MODE=$(grep "^\s*SELINUX\s*=" $CF | sed "s/SELINUX\s*=\(\S*\)\s*"/\\1/) - case "$SELINUX_MODE" in - permissive | enforcing ) - printf "\tcheck_config: OK. SELINUX is set to '$SELINUX_MODE'.\n" - return 0 - ;; - * ) - printf "\tcheck_config: ERR. SELINUX is set to '$SELINUX_MODE' in '$CF'. Should be either 'permissive' or 'enforcing'\n" - return 1 - ;; - esac - else - printf "\tcheck_config: ERR. Config file '$CF' is missing.\n" - return 1 - fi -} - -TD=$(mktemp -q -d /tmp/selinux-ready.XXXXXX) - -echo "Start checking your system if it is selinux-ready or not:" -check_dir -check_filesystem -check_boot -check_mkinitrd -check_packages -check_config -check_initupstart -check_pam -check_runlevel - -rm -rf $TD