ZhuningOS/libsemanage
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initialize for libsemanage

Browse source
This commit is contained in:
zyppe 2024-02-29 14:36:34 +08:00
commit f740fec5af
6 changed files with 432 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
libsemanage-3.1.tar.gz

1
.libsemanage.metadata Normal file
View file

@ -0,0 +1 @@
446a978042c8f45189a7df5e13b59f6a834911ffd6ef9d17ce9426e90a823ae1 libsemanage-3.1.tar.gz

1
baselibs.conf Normal file
View file

@ -0,0 +1 @@
libsemanage1

249
libsemanage.changes Normal file
View file

@ -0,0 +1,249 @@
* Wed Jul 29 2020 kukuk@suse.com
- Add /var/lib/selinux
* Wed Jul 15 2020 jsegitz@suse.com
- Remove libsemanage-update-map-file.patch to prevent checkers from declining
the submission. Keeping the snippet in the spec file in case we try to
enable LTO again
* Tue Jul 14 2020 jsegitz@suse.com
- Update to version 3.1
* Improved manpage
* fsync final files before rename
* Tue Jun 16 2020 jsegitz@suse.com
- Disabled LTO again. This breaks e.g. shadow and also other packages
in security:SELinux
* Fri Jun 12 2020 pmonrealgonzalez@suse.com
- Fix build with LTO: [bsc#1133102]
* Enable LTO (Link Time Optimization) and build with -ffat-lto-objects
* Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
* Thu Jun 4 2020 dimstar@opensuse.org
- Drop suse_path.patch: replace it with a grep/sed logic replacing
/usr/libexec in all files with the correct value for all distros
(taking into account that openSUSE is in progress of migrating
from /usr/lib to /usr/libexec).
* Fri May 29 2020 jsegitz@suse.de
- Apply suse_path.patch only for older distributions. Newer
use libexec
* Tue Mar 3 2020 jsegitz@suse.de
- Update to version 3.0
* Add support for DCCP and SCTP protocols
* include internal header to use the hidden function prototypes
* mark all exported function "extern"
* optionally optimize policy on rebuild
Refreshed suse_path.patch
* Thu Jun 20 2019 mliska@suse.cz
- Disable LTO due to symbol versioning (boo#1138812).
* Wed Mar 20 2019 jsegitz@suse.com
- Update to version 2.9
* Always set errno to 0 before calling getpwent()
* Include user name in ROLE_REMOVE audit events
* genhomedircon - improve handling large groups
* improve semanage_migrate_store import failure
* reset umask before creating directories
* set selinux policy root around calls to selinux_boolean_sub
* use previous seuser when getting the previous name
* Thu Nov 8 2018 jengelh@inai.de
- Use more %%make_install.
* Thu Nov 8 2018 jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
* Thu Sep 27 2018 pmonrealgonzalez@suse.com
- update to version 2.8
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
* Thu Mar 8 2018 rgoldwyn@suse.com
- Update to version 2.7. Changes:
* IB support
* saves linked policy and skips relinking whenever possible
* Fri Nov 24 2017 jsegitz@suse.com
- Update to version 2.6. Notable changes:
* genhomedircon: do not suppress logging from libsepol
* genhomedircon: use userprefix as the role for homedir
* Fix bug preventing the installation of base modules
* Use pp module name instead of filename when installing module
* genhomedircon: remove hardcoded refpolicy strings
* genhomedircon: add support for %%group syntax
* genhomedircon: generate contexts for logins mapped to the default user
* Validate and compile file contexts before installing
* Swap tcp and udp protocol numbers
* genhomedircon: %%{USERID} and %%{USERNAME} support and code cleanups
* Mon Dec 12 2016 dimstar@opensuse.org
- Split out the Policy Store Migration tool into
libsemanage-store-migrate: it is not a devel tool to start with.
Additionally, it causes the -devel package to depend on python,
which we want to avoid (libsemanabe being part of the core build
cycle). The library suggests libsemanage-store-migrate.
* Sun Jul 17 2016 jengelh@inai.de
- Update RPM groups, trim description, combine filelist entries,
ensure pkgconfig() symbols are generated.
* Thu Jul 14 2016 jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
sle-changelog-checker happy: bsc#988977
* Wed Jul 13 2016 jsegitz@novell.com
- Added suse_path.patch to fix path to hll compiler
* Fri Jul 8 2016 i@marguerite.su
- update version 2.5
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
* Store homedir_template and users_extra in policy store
* Fix null pointer dereference in semanage_module_key_destroy
* Add semanage_module_extract() to extract a module as CIL or HLL
* semanage_migrate_store: add -r <root> option for migrating inside chroots
* Add file_contexts and seusers to the store
* Add policy binary and file_contexts.local to the store
* Allow to install compressed modules without a compression extension
* Do not copy contexts in semanage_migrate_store
* Fix logic in bunzip for uncompressed pp files
* Fix fname[] initialization in test_utilities.c
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL
* Fix memory leaks when parsing semanage.conf
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size
- changes in 2.4
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories
* Fix bugs found by hardened gcc flags
* Add missing manpage links to security_load_policy
* Fix failing libsemanage pywrap tests
* Fix deprecation warning for bison
* Skip policy module relink when only setting booleans
* Only try to compile file contexts if they exist
* Fix memory leak when setting a custom store path
* Add semodule option to set store root path in semanage.conf and the
semodule command
* Add semanage.conf option to set an alternative root path for policy
store
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux
* Add python3 support to the migration script
* Use libcil to compile modules
* Use symbolic versioning to maintain ABI compatibility for old install
functions
* Add a target-platform option to semanage.conf to control how policies
are built
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux
* Only try to compile file contexts if they exist
* Sun May 18 2014 crrodriguez@opensuse.org
- version 2.3
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
* Tue Feb 11 2014 vcizek@suse.com
- add semanage.conf as SOURCE and install it instead of the default
one
* Thu Oct 31 2013 p.drouand@gmail.com
- Update to version 2.2
* Avoid duplicate list entries
* Add audit support to libsemanage
* Remove policy.kern and replace with symlink
* Apply a MAX_UID check for genhomedircon
* Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
* Thu Jun 27 2013 vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
* Thu Apr 4 2013 vcizek@suse.com
- fixed source url
- removed old tarball
* Fri Mar 29 2013 vcizek@suse.com
- update to 2.1.10
* Add sefcontext_compile to compile regex everytime policy is rebuilt
* Cleanup/fix enable/disable/remove module.
* redo genhomedircon minuid
* fixes from coverity
* semanage_store: do not leak memory in semanage_exec_prog
* genhomedircon: remove useless conditional in get_home_dirs
* genhomedircon: double free in get_home_dirs
* fcontext_record: do not leak on error in semanage_fcontext_key_create
* genhomedircon: do not leak on failure in write_gen_home_dir_context
* semanage_store: do not leak fd
* genhomedircon: do not leak shells list
* semanage_store: do not leak on strdup failure
* semanage_store: rewrite for readability
* Wed Jan 30 2013 vcizek@suse.com
- update to 2.1.9
* dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream)
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* do boolean name substitution
* Fix segfault for building standard policies.
* remove build warning when build swig c files
* additional makefile support for rubywrap
* ignore 80 column limit for readability
* semanage_store: fix snprintf length argument by using asprintf
* Use default semanage.conf as a fallback
* use after free in python bindings
* Alternate path for semanage.conf
* do not link against libpython, this is considered bad in Debian
* Allow to build for several ruby version
* fallback-user-level
* Mon Jan 7 2013 jengelh@inai.de
- Remove obsolete defines/sections
* Wed Oct 24 2012 vcizek@suse.com
- when building "standard" (not MCS/MLS) selinux-policies,
libsemanage will crash, because "level" is NULL
(libsemanage-2.1.6-NULL_level_fix.patch)
* Mon Aug 27 2012 cfarrell@suse.com
- license update: LGPL-2.1+
Could not find any LGPL-2.1 "only" licensed files in the pacakge
* Wed Aug 1 2012 meissner@suse.com
- Updated to 2.1.6
* changes too numerous to list
* Wed Oct 5 2011 uli@suse.com
- cross-build fix: use %%__cc macro
* Thu Sep 22 2011 dmueller@suse.de
- buildrequire libbz2-devel
* Mon May 23 2011 prusnak@opensuse.org
- split off python bindings to separate package to reduce build
dependencies for rpm [bnc#695436]
* Wed May 18 2011 coolo@novell.com
- add baselibs.conf for rpm-32bit to use
* Wed Feb 23 2011 coolo@novell.com
- disable parallel build, it breaks too often
* Thu Feb 25 2010 prusnak@suse.cz
- updated to 2.0.43
* changes too numerous to list
* Fri Jan 16 2009 prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
* Wed Jan 14 2009 prusnak@suse.cz
- updated to 2.0.31
* policy module compression (bzip) support from Dan Walsh
* hard link files between tmp/active/previous from Dan Walsh
* add semanage_mls_enabled() interface from Stephen Smalley
* Mon Dec 1 2008 prusnak@suse.cz
- updated to 2.0.29
* add USER to lines to homedir_template context file
* add compression support
* allow fcontext and seuser changes without rebuilding the policy
* don't rebuild on fcontext or seuser modifications
* modify genhomedircon to skip %%groupname entries
* Wed Oct 22 2008 mrueckert@suse.de
- fix debug_packages_requires define
* Tue Sep 23 2008 prusnak@suse.cz
- require only version, not release [bnc#429053]
* Tue Sep 2 2008 prusnak@suse.cz
- updated to 2.0.27
* Modify genhomedircon to skip %%groupname entries.
Ultimately we need to expand them to the list of users to support
per-role homedir labeling when using the %%groupname syntax.
- updated to 2.0.26
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
* Fri Aug 1 2008 ro@suse.de
- fix requires for debuginfo package
* Tue Jul 15 2008 prusnak@suse.cz
- initial version 2.0.25
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

129
libsemanage.spec Normal file
View file

@ -0,0 +1,129 @@
#
# spec file for package libsemanage
#
# Copyright (c) 2022-2023 ZhuningOS
#
Name: libsemanage
Version: 3.1
Release: 150400.1.65
Summary: SELinux policy management library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz
Source1: baselibs.conf
Source2: semanage.conf
# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
#Patch0: libsemanage-update-map-file.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel
BuildRequires: libustr-devel
BuildRequires: pkg-config
%description
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
%package -n libsemanage1
Summary: SELinux policy management library
Group: System/Libraries
Suggests: %{name}-migrate-store
%description -n libsemanage1
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package devel
Summary: Header files and libraries for SELinux's policy management libary
Group: Development/Libraries/C and C++
Requires: libsemanage1 = %{version}
Requires: libustr-devel
%description devel
The libsemanage-devel package contains the libraries and header files
needed for developing applications that manipulate SELinux policies.
%package devel-static
Summary: Static archives for SELinux's policy management library
Group: Development/Libraries/C and C++
Requires: libsemanage-devel
%description devel-static
The libsemanage-devel-static package contains the static libraries
needed for developing applications that manipulate binary policies.
%package migrate-store
Summary: SELinux Policy Store Migration
Group: Productivity/Security
%description migrate-store
In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy
module store was moved from /etc/selinux/<store>/modules/ to
/var/lib/selinux/<store>/. Once the libraries are upgraded, all policy
stores must be migrated before any commands that modify or use the store
(e.g. semodule, semanage) can be executed.
%prep
%setup -q
# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
%build
%define _lto_cflags %{nil}
make %{?_smp_mflags} clean
make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" CC="gcc"
make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_localstatedir}/lib/selinux
%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}"
ln -sf %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so
cp %{SOURCE2} %{buildroot}%{_sysconfdir}/selinux/semanage.conf
# Remove duplicate files
%fdupes -s %{buildroot}%{_mandir}
%post -n libsemanage1 -p /sbin/ldconfig
%postun -n libsemanage1 -p /sbin/ldconfig
%files -n libsemanage1
%dir %{_sysconfdir}/selinux
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
%{_libdir}/libsemanage.so.*
%dir %{_localstatedir}/lib/selinux
%files devel
%{_libdir}/libsemanage.so
%{_libdir}/pkgconfig/libsemanage.pc
%{_includedir}/semanage/
%{_mandir}/man3/*
%{_mandir}/man5/*
%{_mandir}/ru/man5/*
%files migrate-store
%dir %{_libexecdir}/selinux
%{_libexecdir}/selinux/
%files devel-static
%{_libdir}/libsemanage.a
%changelog

51
semanage.conf Normal file
View file

@ -0,0 +1,51 @@
# Authors: Jason Tang <jtang@tresys.com>
#
# Copyright (C) 2004-2005 Tresys Technology, LLC
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# Specify how libsemanage will interact with a SELinux policy manager.
# The four options are:
#
# "source" - libsemanage manipulates a source SELinux policy
# "direct" - libsemanage will write directly to a module store.
# /foo/bar - Write by way of a policy management server, whose
# named socket is at /foo/bar. The path must begin
# with a '/'.
# foo.com:4242 - Establish a TCP connection to a remote policy
# management server at foo.com. If there is a colon
# then the remainder is interpreted as a port number;
# otherwise default to port 4242.
module-store = direct
# When generating the final linked and expanded policy, by default
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
# given in <sepol/policydb.h>. Change this setting if a different
# version is necessary.
#policy-version = 19
# expand-check check neverallow rules when executing all semanage commands.
# Large penalty in time if you turn this on.
expand-check=0
# usepasswd check tells semanage to scan all pass word records for home directories
# and setup the labeling correctly. If this is turned off, SELinux will label /home
# correctly only. You will need to use semanage fcontext command.
# For example, if you had home dirs in /althome directory you would have to execute
# semanage fcontext -a -e /home /althome
usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root