testing/libsemanage
SHA256
3
0
Fork 0
forked from pool/libsemanage
Code Pull Requests Activity

Accepting request 1184294 from home:cahu:security:SELinux:userspace37

Browse Source 
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * Bugfixes: 
    * libsemanage: support huge passwd entries
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * Bugfixes: 
    * libsemanage: support huge passwd entries

OBS-URL: https://build.opensuse.org/request/show/1184294
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=114
This commit is contained in:
Cathy Hu 2024-07-02 09:43:29 +00:00 committed by Git OBS Bridge
commit e3aab34f8b
14 changed files with 1378 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

4
_multibuild Normal file
View File

@ -0,0 +1,4 @@
<multibuild>
<package>python-semanage</package>
</multibuild>

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libsemanage2

3
libsemanage-3.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60
size 182583

16
libsemanage-3.6.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF
CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA
XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N
8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN
Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC
fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx
1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD
YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w
10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw
C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me
LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy
XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858=
=xhK9
-----END PGP SIGNATURE-----

3
libsemanage-3.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1
size 182896

16
libsemanage-3.7.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX
8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq
r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ
kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL
j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP
AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7
dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ
kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI
G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt
Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd
D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps=
=aE6b
-----END PGP SIGNATURE-----

493
libsemanage.changes Normal file
View File

@ -0,0 +1,493 @@
-------------------------------------------------------------------
Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* Bugfixes:
* libsemanage: support huge passwd entries
-------------------------------------------------------------------
Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Remove dependency on /usr/bin/python3, making scripts to depends on
the real python3 binary, not the link. bsc#1212476
-------------------------------------------------------------------
Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Remove build counter syncing for real
-------------------------------------------------------------------
Thu May 4 14:20:40 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
of LTO
-------------------------------------------------------------------
Thu Mar 23 13:06:51 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO now (boo#1138812).
-------------------------------------------------------------------
Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* Allow user to set SYSCONFDIR
* always write kernel policy when check_ext_changes is specified
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:37:17 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
-------------------------------------------------------------------
Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop Buildrequires for libustr-devel, not needed anymore
-------------------------------------------------------------------
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
-------------------------------------------------------------------
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Link to correct so version
- Minor spec file cleanups
-------------------------------------------------------------------
Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Move configuration file to separate libsemanage-conf package to allow
for parallel installation in future versions
-------------------------------------------------------------------
Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
-------------------------------------------------------------------
Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Add /var/lib/selinux
-------------------------------------------------------------------
Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Remove libsemanage-update-map-file.patch to prevent checkers from declining
the submission. Keeping the snippet in the spec file in case we try to
enable LTO again
-------------------------------------------------------------------
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* Improved manpage
* fsync final files before rename
-------------------------------------------------------------------
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Disabled LTO again. This breaks e.g. shadow and also other packages
in security:SELinux
-------------------------------------------------------------------
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix build with LTO: [bsc#1133102]
* Enable LTO (Link Time Optimization) and build with -ffat-lto-objects
* Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
-------------------------------------------------------------------
Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop suse_path.patch: replace it with a grep/sed logic replacing
/usr/libexec in all files with the correct value for all distros
(taking into account that openSUSE is in progress of migrating
from /usr/lib to /usr/libexec).
-------------------------------------------------------------------
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Apply suse_path.patch only for older distributions. Newer
use libexec
-------------------------------------------------------------------
Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Add support for DCCP and SCTP protocols
* include internal header to use the hidden function prototypes
* mark all exported function "extern"
* optionally optimize policy on rebuild
Refreshed suse_path.patch
-------------------------------------------------------------------
Thu Jun 20 10:22:04 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO due to symbol versioning (boo#1138812).
-------------------------------------------------------------------
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Always set errno to 0 before calling getpwent()
* Include user name in ROLE_REMOVE audit events
* genhomedircon - improve handling large groups
* improve semanage_migrate_store import failure
* reset umask before creating directories
* set selinux policy root around calls to selinux_boolean_sub
* use previous seuser when getting the previous name
-------------------------------------------------------------------
Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Use more %make_install.
-------------------------------------------------------------------
Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
-------------------------------------------------------------------
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
- update to version 2.8
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
-------------------------------------------------------------------
Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com
- Update to version 2.7. Changes:
* IB support
* saves linked policy and skips relinking whenever possible
-------------------------------------------------------------------
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* genhomedircon: do not suppress logging from libsepol
* genhomedircon: use userprefix as the role for homedir
* Fix bug preventing the installation of base modules
* Use pp module name instead of filename when installing module
* genhomedircon: remove hardcoded refpolicy strings
* genhomedircon: add support for %group syntax
* genhomedircon: generate contexts for logins mapped to the default user
* Validate and compile file contexts before installing
* Swap tcp and udp protocol numbers
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
-------------------------------------------------------------------
Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org
- Split out the Policy Store Migration tool into
libsemanage-store-migrate: it is not a devel tool to start with.
Additionally, it causes the -devel package to depend on python,
which we want to avoid (libsemanabe being part of the core build
cycle). The library suggests libsemanage-store-migrate.
-------------------------------------------------------------------
Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de
- Update RPM groups, trim description, combine filelist entries,
ensure pkgconfig() symbols are generated.
-------------------------------------------------------------------
Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
sle-changelog-checker happy: bsc#988977
-------------------------------------------------------------------
Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com
- Added suse_path.patch to fix path to hll compiler
-------------------------------------------------------------------
Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su
- update version 2.5
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
* Store homedir_template and users_extra in policy store
* Fix null pointer dereference in semanage_module_key_destroy
* Add semanage_module_extract() to extract a module as CIL or HLL
* semanage_migrate_store: add -r <root> option for migrating inside chroots
* Add file_contexts and seusers to the store
* Add policy binary and file_contexts.local to the store
* Allow to install compressed modules without a compression extension
* Do not copy contexts in semanage_migrate_store
* Fix logic in bunzip for uncompressed pp files
* Fix fname[] initialization in test_utilities.c
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL
* Fix memory leaks when parsing semanage.conf
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size
- changes in 2.4
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories
* Fix bugs found by hardened gcc flags
* Add missing manpage links to security_load_policy
* Fix failing libsemanage pywrap tests
* Fix deprecation warning for bison
* Skip policy module relink when only setting booleans
* Only try to compile file contexts if they exist
* Fix memory leak when setting a custom store path
* Add semodule option to set store root path in semanage.conf and the
semodule command
* Add semanage.conf option to set an alternative root path for policy
store
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux
* Add python3 support to the migration script
* Use libcil to compile modules
* Use symbolic versioning to maintain ABI compatibility for old install
functions
* Add a target-platform option to semanage.conf to control how policies
are built
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux
* Only try to compile file contexts if they exist
-------------------------------------------------------------------
Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org
- version 2.3
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
-------------------------------------------------------------------
Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com
- add semanage.conf as SOURCE and install it instead of the default
one
-------------------------------------------------------------------
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Avoid duplicate list entries
* Add audit support to libsemanage
* Remove policy.kern and replace with symlink
* Apply a MAX_UID check for genhomedircon
* Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
-------------------------------------------------------------------
Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com
- fixed source url
- removed old tarball
-------------------------------------------------------------------
Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com
- update to 2.1.10
* Add sefcontext_compile to compile regex everytime policy is rebuilt
* Cleanup/fix enable/disable/remove module.
* redo genhomedircon minuid
* fixes from coverity
* semanage_store: do not leak memory in semanage_exec_prog
* genhomedircon: remove useless conditional in get_home_dirs
* genhomedircon: double free in get_home_dirs
* fcontext_record: do not leak on error in semanage_fcontext_key_create
* genhomedircon: do not leak on failure in write_gen_home_dir_context
* semanage_store: do not leak fd
* genhomedircon: do not leak shells list
* semanage_store: do not leak on strdup failure
* semanage_store: rewrite for readability
-------------------------------------------------------------------
Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com
- update to 2.1.9
* dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream)
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* do boolean name substitution
* Fix segfault for building standard policies.
* remove build warning when build swig c files
* additional makefile support for rubywrap
* ignore 80 column limit for readability
* semanage_store: fix snprintf length argument by using asprintf
* Use default semanage.conf as a fallback
* use after free in python bindings
* Alternate path for semanage.conf
* do not link against libpython, this is considered bad in Debian
* Allow to build for several ruby version
* fallback-user-level
-------------------------------------------------------------------
Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com
- when building "standard" (not MCS/MLS) selinux-policies,
libsemanage will crash, because "level" is NULL
(libsemanage-2.1.6-NULL_level_fix.patch)
-------------------------------------------------------------------
Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com
- license update: LGPL-2.1+
Could not find any LGPL-2.1 "only" licensed files in the pacakge
-------------------------------------------------------------------
Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com
- Updated to 2.1.6
* changes too numerous to list
-------------------------------------------------------------------
Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com
- cross-build fix: use %__cc macro
-------------------------------------------------------------------
Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de
- buildrequire libbz2-devel
-------------------------------------------------------------------
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
- split off python bindings to separate package to reduce build
dependencies for rpm [bnc#695436]
-------------------------------------------------------------------
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
- add baselibs.conf for rpm-32bit to use
-------------------------------------------------------------------
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
- disable parallel build, it breaks too often
-------------------------------------------------------------------
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
- updated to 2.0.43
* changes too numerous to list
-------------------------------------------------------------------
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
-------------------------------------------------------------------
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
- updated to 2.0.31
* policy module compression (bzip) support from Dan Walsh
* hard link files between tmp/active/previous from Dan Walsh
* add semanage_mls_enabled() interface from Stephen Smalley
-------------------------------------------------------------------
Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz
- updated to 2.0.29
* add USER to lines to homedir_template context file
* add compression support
* allow fcontext and seuser changes without rebuilding the policy
* don't rebuild on fcontext or seuser modifications
* modify genhomedircon to skip %groupname entries
-------------------------------------------------------------------
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz
- updated to 2.0.27
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support
per-role homedir labeling when using the %groupname syntax.
- updated to 2.0.26
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
-------------------------------------------------------------------
Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
- initial version 2.0.25
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

110
libsemanage.keyring Normal file
View File

@ -0,0 +1,110 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f
QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq
8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk
e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m
zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk
uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V
CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k
Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK
3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC
4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ
xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB
tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG
FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7
CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G
CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx
tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ
79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9
eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf
YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc
g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ
6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP
3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6
9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf
6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7
DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu
Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI
zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x
2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML
rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw
xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e
Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm
YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ
MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ
YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC
w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec
8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj
EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5
4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90
XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU
5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3
+4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4
G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv
LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z
b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k
dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb
ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2
6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo
hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2
QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV
9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg
ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC
APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5
APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO
Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6
is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1
/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS
f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m
khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7
8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5
XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+
ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV
TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY
BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE
LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup
PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT
raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq
DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I
V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+
ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD
VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF
CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb
96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu
O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec
qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5
/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw
w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50
THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY
nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k
uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57
c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D
vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378
d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0
P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X
QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64
G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3
QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ
MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO
17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC
JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ
lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT
xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd
7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp
ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ
A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB
56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh
z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY
eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3
q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh
C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy
BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F
G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY
zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x
pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr
6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi
TakEPw==
=odM9
-----END PGP PUBLIC KEY BLOCK-----

161
libsemanage.spec Normal file
View File

@ -0,0 +1,161 @@
#
# spec file for package libsemanage
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define soversion 2
%define libname libsemanage%{soversion}
Name: libsemanage
Version: 3.7
Release: 0
Summary: SELinux policy management library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
Source2: libsemanage.keyring
Source3: baselibs.conf
Source4: semanage.conf
# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
#Patch0: libsemanage-update-map-file.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
%description
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
%package -n %{libname}
Summary: SELinux policy management library
Group: System/Libraries
Suggests: %{name}-migrate-store
Requires: %{name}-conf >= %{version}
%description -n %{libname}
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package conf
Summary: Configuration for the SELinux policy management library
# before 3.1 the config file wasn't separated, so no parallel install is possible
Group: System/Libraries
Conflicts: %{name}1 <= 3.1
%description conf
Configuration file for libsemanage. Moved to a separate package to allow
parallel installation
%package devel
Summary: Header files and libraries for SELinux's policy management libary
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
%description devel
The libsemanage-devel package contains the libraries and header files
needed for developing applications that manipulate SELinux policies.
%package devel-static
Summary: Static archives for SELinux's policy management library
Group: Development/Libraries/C and C++
Requires: libsemanage-devel
%description devel-static
The libsemanage-devel-static package contains the static libraries
needed for developing applications that manipulate binary policies.
%package migrate-store
Summary: SELinux Policy Store Migration
Group: Productivity/Security
%description migrate-store
In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy
module store was moved from /etc/selinux/<store>/modules/ to
/var/lib/selinux/<store>/. Once the libraries are upgraded, all policy
stores must be migrated before any commands that modify or use the store
(e.g. semodule, semanage) can be executed.
%prep
%setup -q
# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
%build
%make_build clean
%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" CC="gcc"
%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_localstatedir}/lib/selinux
%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}"
ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so
cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf
# Fix shebang in scripts
for f in %{buildroot}%{_libexecdir}/selinux/*
do
[ -f $f ] && sed -i "1s@#!.*python.*@#!$(realpath %__python3)@" $f
done
# Remove duplicate files
%fdupes -s %{buildroot}%{_mandir}
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files -n %{libname}
%{_libdir}/libsemanage.so.*
%dir %{_localstatedir}/lib/selinux
%files conf
%dir %{_sysconfdir}/selinux
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
%files devel
%{_libdir}/libsemanage.so
%{_libdir}/pkgconfig/libsemanage.pc
%{_includedir}/semanage/
%{_mandir}/man3/*
%{_mandir}/man5/*
%files migrate-store
%dir %{_libexecdir}/selinux
%{_libexecdir}/selinux/
%files devel-static
%{_libdir}/libsemanage.a
%changelog

396
python-semanage.changes Normal file
View File

@ -0,0 +1,396 @@
-------------------------------------------------------------------
Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* Bugfixes:
* libsemanage: support huge passwd entries
-------------------------------------------------------------------
Tue May 28 10:40:17 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Build python-semanage for python311 in 15.4 and 15.5 instead of
python3.6 to fix build dependencies
-------------------------------------------------------------------
Tue Dec 19 11:13:19 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Thu May 4 14:20:40 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
of LTO
-------------------------------------------------------------------
Thu Mar 23 13:06:51 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO now (boo#1138812).
-------------------------------------------------------------------
Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* Allow user to set SYSCONFDIR
* always write kernel policy when check_ext_changes is specified
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:37:17 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
-------------------------------------------------------------------
Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop Buildrequires for libustr-devel, not needed anymore
-------------------------------------------------------------------
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
-------------------------------------------------------------------
Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random
build failures. The toplevel Makefile does not support concurrency,
and it resulted in parallel "make all" and "make pywrap" which weren't
aware of each other and stepped over the other's artifacts.
-------------------------------------------------------------------
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Minor spec file cleanups
-------------------------------------------------------------------
Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
-------------------------------------------------------------------
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* Improved manpage
* fsync final files before rename
-------------------------------------------------------------------
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Disabled LTO again. This breaks e.g. shadow and also other packages
in security:SELinux
-------------------------------------------------------------------
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix build with LTO: [bsc#1133102]
* Enable LTO (Link Time Optimization)
* Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
-------------------------------------------------------------------
Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop suse_path.patch: replace it with a grep/sed logic replacing
/usr/libexec in all files with the correct value for all distros
(taking into account that openSUSE is in progress of migrating
from /usr/lib to /usr/libexec).
-------------------------------------------------------------------
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Apply suse_path.patch only for older distributions. Newer
use libexec
-------------------------------------------------------------------
Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Add support for DCCP and SCTP protocols
* include internal header to use the hidden function prototypes
* mark all exported function "extern"
* optionally optimize policy on rebuild
Refreshed suse_path.patch
-------------------------------------------------------------------
Fri May 3 12:22:25 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO (boo#1133280).
-------------------------------------------------------------------
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Always set errno to 0 before calling getpwent()
* Include user name in ROLE_REMOVE audit events
* genhomedircon - improve handling large groups
* improve semanage_migrate_store import failure
* reset umask before creating directories
* set selinux policy root around calls to selinux_boolean_sub
* use previous seuser when getting the previous name
-------------------------------------------------------------------
Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Use more %make_install.
-------------------------------------------------------------------
Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
-------------------------------------------------------------------
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
- update to version 2.8
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
-------------------------------------------------------------------
Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com
- Update to version 2.7. Changes:
* IB support
* saves linked policy and skips relinking whenever possible
-------------------------------------------------------------------
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* genhomedircon: do not suppress logging from libsepol
* genhomedircon: use userprefix as the role for homedir
* Fix bug preventing the installation of base modules
* Use pp module name instead of filename when installing module
* genhomedircon: remove hardcoded refpolicy strings
* genhomedircon: add support for %group syntax
* genhomedircon: generate contexts for logins mapped to the default user
* Validate and compile file contexts before installing
* Swap tcp and udp protocol numbers
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
-------------------------------------------------------------------
Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com
- build both python2 and python3 version of the semanage binding
with the singlespec machinery
-------------------------------------------------------------------
Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de
- Summary/description update
-------------------------------------------------------------------
Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su
- update version 2.5
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
* Store homedir_template and users_extra in policy store
* Fix null pointer dereference in semanage_module_key_destroy
* Add semanage_module_extract() to extract a module as CIL or HLL
* semanage_migrate_store: add -r <root> option for migrating inside chroots
* Add file_contexts and seusers to the store
* Add policy binary and file_contexts.local to the store
* Allow to install compressed modules without a compression extension
* Do not copy contexts in semanage_migrate_store
* Fix logic in bunzip for uncompressed pp files
* Fix fname[] initialization in test_utilities.c
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL
* Fix memory leaks when parsing semanage.conf
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size
- changes in 2.4
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories
* Fix bugs found by hardened gcc flags
* Add missing manpage links to security_load_policy
* Fix failing libsemanage pywrap tests
* Fix deprecation warning for bison
* Skip policy module relink when only setting booleans
* Only try to compile file contexts if they exist
* Fix memory leak when setting a custom store path
* Add semodule option to set store root path in semanage.conf and the
semodule command
* Add semanage.conf option to set an alternative root path for policy
store
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux
* Add python3 support to the migration script
* Use libcil to compile modules
* Use symbolic versioning to maintain ABI compatibility for old install
functions
* Add a target-platform option to semanage.conf to control how policies
are built
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux
* Only try to compile file contexts if they exist
- changes in 2.3
* Fix memory leak in semanage_genhomedircon
-------------------------------------------------------------------
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Avoid duplicate list entries
* Add audit support to libsemanage
* Remove policy.kern and replace with symlink
* Apply a MAX_UID check for genhomedircon
* Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
-------------------------------------------------------------------
Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com
- update to 2.1.9
-------------------------------------------------------------------
Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com
- buildrequire libbz2-devel
-------------------------------------------------------------------
Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com
- updated to 2.1.6
* changes too numerous to list
-------------------------------------------------------------------
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
- split off python bindings to separate package to reduce build
dependencies for rpm [bnc#695436]
-------------------------------------------------------------------
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
- add baselibs.conf for rpm-32bit to use
-------------------------------------------------------------------
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
- disable parallel build, it breaks too often
-------------------------------------------------------------------
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
- updated to 2.0.43
* changes too numerous to list
-------------------------------------------------------------------
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
-------------------------------------------------------------------
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
- updated to 2.0.31
* policy module compression (bzip) support from Dan Walsh
* hard link files between tmp/active/previous from Dan Walsh
* add semanage_mls_enabled() interface from Stephen Smalley
-------------------------------------------------------------------
Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz
- updated to 2.0.29
* add USER to lines to homedir_template context file
* add compression support
* allow fcontext and seuser changes without rebuilding the policy
* don't rebuild on fcontext or seuser modifications
* modify genhomedircon to skip %groupname entries
-------------------------------------------------------------------
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz
- updated to 2.0.27
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support
per-role homedir labeling when using the %groupname syntax.
- updated to 2.0.26
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
-------------------------------------------------------------------
Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
- initial version 2.0.25
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

100
python-semanage.spec Normal file
View File

@ -0,0 +1,100 @@
#
# spec file for package python-semanage
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?sle15_python_module_pythons}
%define soversion 2
%define libname libsemanage%{soversion}
%define libsepol_ver 3.7
%define libselinux_ver 3.7
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-semanage
Version: 3.7
Release: 0
Summary: Python bindings for SELinux's policy management library
License: LGPL-2.1-only
Group: Development/Languages/Python
URL: https://github.com/SELinuxProject/selinux
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc
Source2: libsemanage.keyring
Source3: baselibs.conf
# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
# Patch0: libsemanage-update-map-file.patch
BuildRequires: %{python_module devel}
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: python-rpm-macros
BuildRequires: swig
# Ensure same version
Requires: %{libname} = %{version}
%python_subpackages
%description
This package contains the Python bindings for developing
SELinux policy management applications.
%prep
%setup -q -n libsemanage-%{version}
# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
%build
%make_build clean
%{python_expand # loop over possible pythons
%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" swigify
%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \
LIBDIR="%{_libdir}" \
LIBEXECDIR="%{_libexecdir}" \
SHLIBDIR="%{_lib}" \
pywrap
}
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
%{python_expand # loop over possible pythons
%make_install install-pywrap PYTHON="$python" \
LIBDIR="%{_libdir}" \
LIBEXECDIR="%{_libexecdir}" \
SHLIBDIR="%{_libdir}"
}
# remove files contained in other packages
rm -rf %{buildroot}%{_sysconfdir}
%if "%{_lib}" == "lib64"
rm -rf %{buildroot}%{_libexecdir}
%else
rm -rf %{buildroot}%{_libexecdir}/selinux
%endif
rm -rf %{buildroot}%{_includedir}
rm -f %{buildroot}%{_libdir}/libsemanage.*
rm -rf %{buildroot}%{_libdir}/pkgconfig
rm -rf %{buildroot}%{_mandir}
%files %{python_files}
%{python_sitearch}/*
%changelog

51
semanage.conf Normal file
View File

@ -0,0 +1,51 @@
# Authors: Jason Tang <jtang@tresys.com>
#
# Copyright (C) 2004-2005 Tresys Technology, LLC
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# Specify how libsemanage will interact with a SELinux policy manager.
# The four options are:
#
# "source" - libsemanage manipulates a source SELinux policy
# "direct" - libsemanage will write directly to a module store.
# /foo/bar - Write by way of a policy management server, whose
# named socket is at /foo/bar. The path must begin
# with a '/'.
# foo.com:4242 - Establish a TCP connection to a remote policy
# management server at foo.com. If there is a colon
# then the remainder is interpreted as a port number;
# otherwise default to port 4242.
module-store = direct
# When generating the final linked and expanded policy, by default
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
# given in <sepol/policydb.h>. Change this setting if a different
# version is necessary.
#policy-version = 19
# expand-check check neverallow rules when executing all semanage commands.
# Large penalty in time if you turn this on.
expand-check=0
# usepasswd check tells semanage to scan all pass word records for home directories
# and setup the labeling correctly. If this is turned off, SELinux will label /home
# correctly only. You will need to use semanage fcontext command.
# For example, if you had home dirs in /althome directory you would have to execute
# semanage fcontext -a -e /home /althome
usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root