Accepting request 810878 from home:jsegitz:branches:security:SELinux

- Added skip_cycles.patch to skip directory cycles and not error out OBS-URL: https://build.opensuse.org/request/show/810878 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=124
2020-06-02 15:31:13 +00:00 · 2020-06-02 15:31:13 +00:00 · c400328f5b
commit c400328f5b
parent 8d14ff5615
4 changed files with 37 additions and 27 deletions
--- a/libselinux-bindings.spec
+++ b/libselinux-bindings.spec
@ -89,17 +89,10 @@ make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src pywrap V=1
 make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags}" -C src rubywrap V=1

 %install
-make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" \
-    SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \
-    -C src install V=1
-make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" \
-    SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \
-    -C src install-pywrap V=1
-make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" \
-    SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a \
-    -C src install-rubywrap V=1
-rm -rf %{buildroot}/%{_lib} %{buildroot}%{_libdir}/libselinux.* \
-    %{buildroot}%{_libdir}/pkgconfig
+make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a -C src install V=1
+make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a -C src install-pywrap V=1
+make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a -C src install-rubywrap V=1
+rm -rf %{buildroot}/%{_lib} %{buildroot}%{_libdir}/libselinux.* %{buildroot}%{_libdir}/pkgconfig

 %files -n python3-selinux
 %{python3_sitearch}/*selinux*
--- a/libselinux.changes
+++ b/libselinux.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Mar 26 15:43:41 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Added skip_cycles.patch to skip directory cycles and not error
+  out
+
 -------------------------------------------------------------------
 Tue Mar  3 11:13:12 UTC 2020 - Johannes Segitz <jsegitz@suse.de>

--- a/libselinux.spec
+++ b/libselinux.spec
@ -29,6 +29,7 @@ Source1:        selinux-ready
 Source2:        baselibs.conf
 # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
 Patch4:         readv-proto.patch
+Patch5:         skip_cycles.patch
 BuildRequires:  fdupes
 BuildRequires:  libsepol-devel >= %{libsepol_ver}
 BuildRequires:  pcre-devel
@ -95,6 +96,7 @@ necessary to develop your own software using libselinux.
 %prep
 %setup -q
 %patch4 -p1
+%patch5 -p1

 %build
 %define _lto_cflags %{nil}
@ -106,21 +108,6 @@ mkdir -p %{buildroot}%{_libdir}
 mkdir -p %{buildroot}%{_includedir}
 mkdir -p %{buildroot}%{_sbindir}
 make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" BINDIR="%{_sbindir}" install
-rm -f %{buildroot}%{_sbindir}/compute_*
-rm -f %{buildroot}%{_sbindir}/deftype
-rm -f %{buildroot}%{_sbindir}/execcon
-rm -f %{buildroot}%{_sbindir}/getenforcemode
-rm -f %{buildroot}%{_sbindir}/getfilecon
-rm -f %{buildroot}%{_sbindir}/getpidcon
-rm -f %{buildroot}%{_sbindir}/mkdircon
-rm -f %{buildroot}%{_sbindir}/policyvers
-rm -f %{buildroot}%{_sbindir}/setfilecon
-rm -f %{buildroot}%{_sbindir}/selinuxconfig
-rm -f %{buildroot}%{_sbindir}/selinuxdisable
-rm -f %{buildroot}%{_sbindir}/getseuser
-rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
-rm -f %{buildroot}%{_sbindir}/selabel_get_digests_all_partial_matches
-rm -f %{buildroot}%{_sbindir}/validatetrans
 mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
 mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 install -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}/selinux-ready
@ -145,10 +132,18 @@ install -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}/selinux-ready
 %{_sbindir}/selinuxenabled
 %{_sbindir}/setenforce
 %{_sbindir}/togglesebool
-#%#{_sbindir}/selinux_restorecon
 %{_sbindir}/selinux-ready
 %{_sbindir}/selinuxexeccon
 %{_sbindir}/sefcontext_compile
+%{_sbindir}/compute_*
+%{_sbindir}/getfilecon
+%{_sbindir}/getpidcon
+%{_sbindir}/policyvers
+%{_sbindir}/setfilecon
+%{_sbindir}/getseuser
+%{_sbindir}/selinux_check_securetty_context
+%{_sbindir}/selabel_get_digests_all_partial_matches
+%{_sbindir}/validatetrans
 %{_mandir}/man5/*
 %{_mandir}/ru/man5/*
 %{_mandir}/man8/*
--- a/skip_cycles.patch
+++ b/skip_cycles.patch
@ -0,0 +1,16 @@
+Index: libselinux-3.0/src/selinux_restorecon.c
+===================================================================
+--- libselinux-3.0.orig/src/selinux_restorecon.c
+++ libselinux-3.0/src/selinux_restorecon.c
+@@ -991,9 +991,8 @@ int selinux_restorecon(const char *pathn
+ 			selinux_log(SELINUX_ERROR,
+ 				    "Directory cycle on %s.\n",
+ 				    ftsent->fts_path);
+-			errno = ELOOP;
+-			error = -1;
+-			goto out;
+			fts_set(fts, ftsent, FTS_SKIP);
+			continue;
+ 		case FTS_DP:
+ 			continue;
+ 		case FTS_DNR: