From 6dd5c78a955daec7bff449e963b0b95720d05084 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Feb 06 2024 13:25:48 +0000 Subject: * Tue Feb 06 2024 Zdenek Pytela - 40.12-1 - Rename all /var/lock file context entries to /run/lock - Rename all /var/run file context entries to /run - Invert the "/var/run = /run" equivalency --- diff --git a/.gitignore b/.gitignore index e2251ec..4dc1b44 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /container-selinux.tgz /macro-expander *.rpm +/varrun-convert.sh diff --git a/file_contexts.subs_dist b/file_contexts.subs_dist index c819832..6afa41b 100644 --- a/file_contexts.subs_dist +++ b/file_contexts.subs_dist @@ -1,5 +1,5 @@ -/run /var/run -/run/lock /var/lock +/var/run /run +/var/lock /run/lock /run/systemd/system /usr/lib/systemd/system /run/systemd/generator /usr/lib/systemd/system /run/systemd/generator.early /usr/lib/systemd/system diff --git a/selinux-policy.spec b/selinux-policy.spec index 9421aa8..fc48222 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,6 +1,6 @@ # github repo with selinux-policy sources %global giturl https://github.com/fedora-selinux/selinux-policy -%global commit 20114105ce9cccef6775736565f449c27c4a669e +%global commit 8973a73c7c534b51860b9350eacc6d946ab1e412 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat @@ -23,7 +23,7 @@ %define CHECKPOLICYVER 3.2 Summary: SELinux policy configuration Name: selinux-policy -Version: 40.11 +Version: 40.12 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz @@ -61,6 +61,9 @@ Source35: container-selinux.tgz Source36: selinux-check-proper-disable.service +# Script to convert /var/run file context entries to /run +Source37: varrun-convert.sh + # Provide rpm macros for packages installing SELinux modules Source102: rpm.macros @@ -92,6 +95,7 @@ the policy has been adjusted to provide support for Fedora. %{_usr}/lib/tmpfiles.d/selinux-policy.conf %{_rpmconfigdir}/macros.d/macros.selinux-policy %{_unitdir}/selinux-check-proper-disable.service +%{_libexecdir}/selinux/varrun-convert.sh %package sandbox Summary: SELinux sandbox policy @@ -277,6 +281,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \ %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \ %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \ %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \ +%ghost %{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun \ %nil %define relabel() \ @@ -424,6 +429,8 @@ mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/ cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/ mkdir -p %{buildroot}%{_bindir} install -m 755 %{SOURCE33} %{buildroot}%{_bindir}/ +mkdir -p %{buildroot}%{_libexecdir}/selinux +install -m 755 %{SOURCE37} %{buildroot}%{_libexecdir}/selinux # Always create policy module package directories mkdir -p %{buildroot}%{_datadir}/selinux/{targeted,mls,minimum,modules}/ @@ -584,6 +591,7 @@ exit 0 %posttrans targeted %checkConfigConsistency targeted +%{_libexecdir}/selinux/varrun-convert.sh targeted %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm %postun targeted @@ -697,6 +705,7 @@ exit 0 %posttrans minimum %checkConfigConsistency minimum +%{_libexecdir}/selinux/varrun-convert.sh minimum %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm %postun minimum @@ -771,6 +780,7 @@ exit 0 %posttrans mls %checkConfigConsistency mls +%{_libexecdir}/selinux/varrun-convert.sh mls %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm %postun mls @@ -814,6 +824,11 @@ exit 0 %endif %changelog +* Tue Feb 06 2024 Zdenek Pytela - 40.12-1 +- Rename all /var/lock file context entries to /run/lock +- Rename all /var/run file context entries to /run +- Invert the "/var/run = /run" equivalency + * Mon Feb 05 2024 Zdenek Pytela - 40.11-1 - Replace init domtrans rule for confined users to allow exec init - Update dbus_role_template() to allow user service status diff --git a/sources b/sources index 0781356..5a01d50 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ -SHA512 (selinux-policy-2011410.tar.gz) = bbc50497b5a551a20f65271ca2df2c010a0c63b1dcc0e069870aba888c0bb86f15275f2636a1dcc5a321d56060ab323452d0f02d6dd3da13b938cd8d9bff0b5b -SHA512 (container-selinux.tgz) = f8ad7e38fd170f5ee4b8fa3d2c4052ec3e80d3bc06a4d42f80ade040c8fefad2c76230cfadd7580d11a5349ba95bc819d5681f9e5df83330676e34896ac458fe +SHA512 (selinux-policy-8973a73.tar.gz) = 343077aa6eabf9016914cc2e056e3e3140b6eda92e1581919033fc05e81fe805876ffe8254dbfba9f7d05f0a016249c3914359358ba062f5cb8049e9c998f4f5 +SHA512 (container-selinux.tgz) = 8fe309ddb133ef57fcd61b59355a6aad36e05e5f94a33bcf4004ebfdf006999cd708ca7b023824596956ba7b2829632ec64406182aa271b5e0275f429d5880e5 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 +SHA512 (varrun-convert.sh) = e1514fb877fdd01a9880d23a0962a41fe6ba991cd7b288c430b537b9bddde4f5d98749c08821dfb16237621a73cb47e0df4e3b90124d7dec0f47e021c6afb9b1