diff --git a/SOURCES/0082-customize-allow-missing-SELINUXTYPE-in-SELinux-confi.patch b/SOURCES/0082-customize-allow-missing-SELINUXTYPE-in-SELinux-confi.patch new file mode 100644 index 0000000..16a65ba --- /dev/null +++ b/SOURCES/0082-customize-allow-missing-SELINUXTYPE-in-SELinux-confi.patch @@ -0,0 +1,123 @@ +From bd75249646ed03f4db3c5d0268db95ab8a0f39c8 Mon Sep 17 00:00:00 2001 +From: Pino Toscano +Date: Wed, 31 Jan 2018 12:29:15 +0100 +Subject: [PATCH] customize: allow missing SELINUXTYPE in SELinux config + +libselinux defaults to "targeted" when no SELINUXTYPE is specified in +/etc/config/selinux. Hence do the same here, instead of failing because +of the missing key. + +Add a slow test for checking SELinux relabeling on a Fedora 27 guest, +both with no changes, and with a modified configuration. + +(cherry picked from commit 719d68fa247cc3885ecf7ec1c010faf83267d786) +--- + customize/Makefile.am | 2 ++ + customize/SELinux_relabel.ml | 14 ++++++++++-- + customize/test-selinuxrelabel.sh | 49 ++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 63 insertions(+), 2 deletions(-) + create mode 100755 customize/test-selinuxrelabel.sh + +diff --git a/customize/Makefile.am b/customize/Makefile.am +index 07398b2e8..077194a1a 100644 +--- a/customize/Makefile.am ++++ b/customize/Makefile.am +@@ -23,6 +23,7 @@ EXTRA_DIST = \ + customize_main.ml \ + test-firstboot.sh \ + test-password.pl \ ++ test-selinuxrelabel.sh \ + test-settings.sh \ + test-virt-customize.sh \ + test-virt-customize-docs.sh \ +@@ -210,6 +211,7 @@ check-valgrind: + SLOW_TESTS = \ + $(firstboot_test_scripts) \ + $(password_test_scripts) \ ++ test-selinuxrelabel.sh \ + $(settings_test_scripts) + + check-slow: +diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml +index 11999299b..b6f394ac2 100644 +--- a/customize/SELinux_relabel.ml ++++ b/customize/SELinux_relabel.ml +@@ -36,8 +36,18 @@ let relabel (g : G.guestfs) = + g#aug_load (); + debug_augeas_errors g; + +- (* Get the SELinux policy name, eg. "targeted", "minimum". *) +- let policy = g#aug_get "/files/etc/selinux/config/SELINUXTYPE" in ++ (* Get the SELinux policy name, eg. "targeted", "minimum". ++ * Use "targeted" if not specified, just like libselinux does. ++ *) ++ let policy = ++ let config_path = "/files/etc/selinux/config" in ++ let selinuxtype_path = config_path ^ "/SELINUXTYPE" in ++ let keys = g#aug_ls config_path in ++ if Array.mem selinuxtype_path keys then ++ g#aug_get selinuxtype_path ++ else ++ "targeted" in ++ + g#aug_close (); + + (* Get the spec file name. *) +diff --git a/customize/test-selinuxrelabel.sh b/customize/test-selinuxrelabel.sh +new file mode 100755 +index 000000000..d13c0356c +--- /dev/null ++++ b/customize/test-selinuxrelabel.sh +@@ -0,0 +1,49 @@ ++#!/bin/bash - ++# Test SELinux relabel functionality. ++# Copyright (C) 2018 Red Hat Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ ++# This slow test checks that SELinux relabel works. ++ ++set -e ++ ++$TEST_FUNCTIONS ++slow_test ++ ++guestname="fedora-27" ++ ++disk="selinuxrelabel.img" ++disk_overlay="selinuxrelabel-overlay.qcow2" ++rm -f "$disk" ++ ++skip_unless_virt_builder_guest "$guestname" ++ ++# Build a guest (using virt-builder). ++virt-builder "$guestname" --quiet -o "$disk" ++ ++# Test #1: relabel with the default configuration works. ++rm -f "$disk_overlay" ++guestfish -- disk-create "$disk_overlay" qcow2 -1 backingfile:"$disk" ++virt-customize -a "$disk" --selinux-relabel ++ ++# Test #2: relabel with no SELINUXTYPE in the configuration. ++rm -f "$disk_overlay" ++guestfish -- disk-create "$disk_overlay" qcow2 -1 backingfile:"$disk" ++virt-customize -a "$disk" \ ++ --edit /etc/selinux/config:"s,^SELINUXTYPE=,#&,g" \ ++ --selinux-relabel ++ ++rm "$disk" "$disk_overlay" +-- +2.14.3 + diff --git a/SPECS/libguestfs.spec b/SPECS/libguestfs.spec index 6c0f1ab..4eee5e1 100644 --- a/SPECS/libguestfs.spec +++ b/SPECS/libguestfs.spec @@ -14,7 +14,7 @@ Summary: Access and modify virtual machine disk images Name: libguestfs Epoch: 1 Version: 1.36.10 -Release: 6%{?dist} +Release: 6%{?dist}.2 License: LGPLv2+ # Source and patches. @@ -114,6 +114,7 @@ Patch0078: 0078-builder-use-the-template-arch-when-caching-all-templ.patch Patch0079: 0079-v2v-docs-Match-the-two-instances-of-path-to-nbdkit-i.patch Patch0080: 0080-launch-direct-Omit-locking-option-for-non-file-disks.patch Patch0081: 0081-launch-direct-Use-old-style-file-and-format-paramete.patch +Patch0082: 0082-customize-allow-missing-SELINUXTYPE-in-SELinux-confi.patch # Use git for patch management. BuildRequires: git @@ -965,6 +966,13 @@ gzip --best installed-docs/*.xml # Split up the monolithic packages file in the supermin appliance so # we can install dependencies in subpackages. pushd $RPM_BUILD_ROOT%{_libdir}/guestfs/supermin.d + +# Fix the qemu-img-ma dependency, in case it was used instead of +# qemu-img (qemu-img-ma 'Provides: qemu-img'), which is the case of +# all the architectures different than x86_64. +sed 's/^qemu-img-ma$/qemu-img/' < packages > packages-t +mv packages-t packages + function move_to { grep -Ev "^$1$" < packages > packages-t @@ -1318,6 +1326,14 @@ install -m 0644 utils/boot-benchmark/boot-benchmark.1 $RPM_BUILD_ROOT%{_mandir}/ %changelog +* Mon Apr 23 2018 Pino Toscano - 1:1.36.10-6.el7_5.2 +- Fix qemu-img-ma dependency + resolves: rhbz#1570533 + +* Thu Mar 29 2018 Pino Toscano - 1:1.36.10-6.el7_5.1 +- Fix SELinux relabelling when the SELinux config has no SELINUXTYPE key + resolves: rhbz#1558922 + * Mon Jan 22 2018 Pino Toscano - 1:1.36.10-6 - Rebase to libguestfs 1.36.10 in RHEL 7.5. resolves: rhbz#1472272