diff --git a/.gitignore b/.gitignore index 38d73dd..1a334f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libsemanage-3.4.tar.gz +SOURCES/libsemanage-3.5.tar.gz diff --git a/.libsemanage.metadata b/.libsemanage.metadata index 67f689b..b999517 100644 --- a/.libsemanage.metadata +++ b/.libsemanage.metadata @@ -1 +1 @@ -a501eece6511d830a540e8349b5b2dc74ee76ad3 SOURCES/libsemanage-3.4.tar.gz +7dfb7935f03d08640a3afc5107d8e29405909a91 SOURCES/libsemanage-3.5.tar.gz diff --git a/SOURCES/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch b/SOURCES/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch deleted file mode 100644 index 2713ca7..0000000 --- a/SOURCES/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 556b2b91aad55680e1b50fd547ff749fa35cc2d2 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 8 Jun 2022 19:09:53 +0200 -Subject: [PATCH] libsemanage: always write kernel policy when - check_ext_changes is specified -Content-type: text/plain - -For the use case of rebuilding the policy after package updates, we need -the check_ext_changes operation to always do at least the do_write_kernel -step, because the various semanage dbs may have also changed content -relative to the current binary policy. As this step is itself relatively -fast, we can do it unconditionally. - -Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally") -Signed-off-by: Ondrej Mosnacek -Acked-by: Nicolas Iooss ---- - libsemanage/include/semanage/handle.h | 2 +- - libsemanage/src/direct_api.c | 8 +++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h -index 0157be4fbc46..4cf30815d803 100644 ---- a/libsemanage/include/semanage/handle.h -+++ b/libsemanage/include/semanage/handle.h -@@ -67,7 +67,7 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload); - extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); - - /* set whether to rebuild the policy on commit when potential changes -- * to module files since last rebuild are detected, -+ * to store files since last rebuild are detected, - * 1 for yes (default), 0 for no */ - extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); - -diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c -index 7206483a3ebb..7aa081abb3b7 100644 ---- a/libsemanage/src/direct_api.c -+++ b/libsemanage/src/direct_api.c -@@ -1437,13 +1437,15 @@ static int semanage_direct_commit(semanage_handle_t * sh) - * Determine what else needs to be done. - * We need to write the kernel policy if we are rebuilding - * or if any other policy component that lives in the kernel -- * policy has been modified. -+ * policy has been modified. We also want to force it when -+ * check_ext_changes was specified as the various dbases may have -+ * changes as well. - * We need to install the policy files if any of the managed files - * that live under /etc/selinux (kernel policy, seusers, file contexts) - * will be modified. - */ -- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | -- ibendports_modified | -+ do_write_kernel = do_rebuild | sh->check_ext_changes | -+ ports_modified | ibpkeys_modified | ibendports_modified | - bools->dtable->is_modified(bools->dbase) | - ifaces->dtable->is_modified(ifaces->dbase) | - nodes->dtable->is_modified(nodes->dbase) | --- -2.36.1 - diff --git a/SPECS/libsemanage.spec b/SPECS/libsemanage.spec index 81d0419..f210e5d 100644 --- a/SPECS/libsemanage.spec +++ b/SPECS/libsemanage.spec @@ -1,16 +1,15 @@ -%define libsepolver 3.4-1 -%define libselinuxver 3.4-1 +%define libsepolver 3.5-1 +%define libselinuxver 3.5-1 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 3.4 -Release: 2%{?dist} +Version: 3.5 +Release: 1%{?dist} License: LGPLv2+ -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz -# fedora-selinux/selinux: git checkout c9s; git format-patch -N 3.4 -- libsemanage +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libsemanage-3.5.tar.gz +# fedora-selinux/selinux: git checkout c9s; git format-patch -N 3.5 -- libsemanage # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start -Patch0001: 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -22,7 +21,7 @@ BuildRequires: audit-libs-devel BuildRequires: bison flex bzip2-devel BuildRequires: python3 -BuildRequires: python3-devel +BuildRequires: python3-devel python3-pip Requires: bzip2-libs audit-libs Requires: libselinux%{?_isa} >= %{libselinuxver} @@ -75,7 +74,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing SELinux management applications. %prep -%autosetup -n libsemanage-%{version} -p 2 +%autosetup -p 2 -n libsemanage-%{version} %build @@ -125,7 +124,7 @@ InstallPythonWrapper \ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %files -%license COPYING +%license LICENSE %dir %{_sysconfdir}/selinux %config(noreplace) %{_sysconfdir}/selinux/semanage.conf %{_libdir}/libsemanage.so.2 @@ -154,6 +153,18 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Thu Feb 23 2023 Petr Lautrbach - 3.5-1 +- SELinux userspace 3.5 release + +* Tue Feb 14 2023 Petr Lautrbach - 3.5-0.rc3.1 +- SELinux userspace 3.5-rc3 release + +* Tue Jan 17 2023 Petr Lautrbach - 3.5-0.rc2.1 +- SELinux userspace 3.5-rc2 release + +* Mon Jan 2 2023 Petr Lautrbach - 3.5-0.rc1.1 +- SELinux userspace 3.5-rc1 release + * Mon Jul 18 2022 Petr Lautrbach - 3.4-2 - Always write kernel policy when check_ext_changes is specified (#2104935)