Changes in 3.10:
- python/sepolicy: add support for DNF5
- sandbox/seunshare: replace system() with execv() to prevent shell
injection vulnerability
- seunshare: always use translations when printing
- setfiles: add -A option to disable SELINUX_RESTORECON_ADD_ASSOC
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Add --no-build-isolation to PYTHON_SETUP_ARGS. Without it, pip creates
an isolated build environment which fails during cross-compilation
because _sysconfigdata is missing for the target arch.
Add test.sh verifying python3-sepolgen module loads correctly and
selinux-audit2allow binary is functional.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* Added packages:
* python3-seobject
Contains the seobject.py library file which was previously included
in selinux-semanage
* selinux-sepolicy
Contains the sepolicy and sepolgen tools which were previously
included in python3-sepolicy
* selinux-sepolgen-ifgen
Contains the sepolgen-ifgen tool which was previously included in
selinux-audit2allow
* selinux-python
A meta-package to install all tools
* Change the python3-sepolgen data_dir from /usr/share/sepolgen to
/etc/sepolgen (updated 0001-sepolgen-adjust-data_dir.patch), and add
the directory to conffiles
By default, the sepolgen-ifgen tool writes to a file named
"interface_info" in the data directory, to be read by the audit2allow
tool. The header comment in the perm_map file also suggests that the
file is customizable.
The best place for these files would be in /var/lib, but /etc is more
appropriate than /usr.
* Remove gui files from python3-sepolicy (0003-sepolicy-no-gui.patch)
* Fix ModuleNotFoundError raised by sepolicy
(0004-sepolicy-fix-get_os_version-except.patch)
Patch has been submitted upstream:
https://lore.kernel.org/selinux/20230619063217.3165462-1-jeffery.to@gmail.com/
* Update package titles, descriptions, and dependencies
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Rename:
* Source package from python3-libsemanage to python-semanage
* Target package from python3-libsemanage to python3-semanage
* Update dependents with new target package name
* Update package title, license files, and dependencies
* Remove Build/InstallDev (files not used by any other package)
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Rename:
* Source package from python3-libselinux to python-selinux
* Target package from python3-libselinux to python3-selinux
* Update dependents with new target package name
* Remove patches:
* 010-setup-py-custom-cc.patch: LDSHARED is already set as part of
$(PYTHON3_VARS)
* 020-Make-use-of-variables-when-defining-libdir-and-inclu.patch: This
package doesn't install the libselinux.pc file
* Update package title and dependencies
* Remove Build/InstallDev (files not used by any other package)
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
be065c4b sepolicy: Do not try to load policy on import
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
e12f71e8 python/sepolgen: allow any policy statement in if(n)def
b15dff0f python/semanage: Sort imports in alphabetical order
92e01969 python/semanage: empty stdout before exiting on BrokenPipeError
fadcc839 python/sepolicy: allow to override manpage date
2a60de8e sepolgen: sort extended rules like normal ones
9e239e55 sepolgen: print extended permissions in hexadecimal
ccd973f7 python/audit2allow: add #include <limits.h> to sepolgen-ifgen-attr-helper.c
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and update dependencies]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Yanase Yuki