automatic import of augeasopeneuler24.03_LTS

1 files changed, 148 insertions, 0 deletions

diff --git a/0003-semanage-Fix-parsing-of-ignoredirs-758.patch b/0003-semanage-Fix-parsing-of-ignoredirs-758.patch
new file mode 100644
index 0000000..3939ef8
--- /dev/null
+++ b/0003-semanage-Fix-parsing-of-ignoredirs-758.patch
@@ -0,0 +1,148 @@
+From aca3def462ab141c3991a2d27c44341b809cf970 Mon Sep 17 00:00:00 2001
+From: rwmjones <rjones@redhat.com>
+Date: Thu, 6 Oct 2022 12:15:56 +0100
+Subject: [PATCH 3/5] semanage: Fix parsing of ignoredirs (#758)
+
+From /etc/selinux/semanage.conf from a RHEL 9.1 system, this line
+caused problems:
+
+  ignoredirs=/root;/bin;/boot;/dev;/etc [...]
+
+Parse this as a list of modified Rx.fspath, generating a tree like:
+
+  /files/etc/selinux/semanage.conf/ignoredirs/1 = /root
+  /files/etc/selinux/semanage.conf/ignoredirs/2 = /bin
+  /files/etc/selinux/semanage.conf/ignoredirs/3 = /dev
+  /files/etc/selinux/semanage.conf/ignoredirs/4 = /etc
+  [...]
+
+Also this adds the RHEL 9 file as another test case and adjusts the
+output of the existing test case.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2077120
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+(cherry picked from commit a3ba6e2d32b95507e2474a219e788ac3d54bc4a1)
+---
+ lenses/semanage.aug                  |  7 +++-
+ lenses/tests/test_semanage.aug       |  4 +-
+ tests/root/etc/selinux/semanage.conf | 60 ++++++++++++++++++++++++++++
+ tests/xpath.tests                    |  1 +
+ 4 files changed, 70 insertions(+), 2 deletions(-)
+ create mode 100644 tests/root/etc/selinux/semanage.conf
+
+diff --git a/lenses/semanage.aug b/lenses/semanage.aug
+index 46f93b32..edd97131 100644
+--- a/lenses/semanage.aug
++++ b/lenses/semanage.aug
+@@ -23,7 +23,12 @@ let sep = IniFile.sep "=" "="
+ let empty = IniFile.empty
+ let eol = IniFile.eol
+ 
+-let entry = IniFile.entry IniFile.entry_re sep comment
++let list_keys = "ignoredirs"
++let scl = del ";" ";"
++let fspath = /[^ \t\n;#]+/ (* Rx.fspath without ; or # *)
++
++let entry = IniFile.entry_list list_keys sep fspath scl comment
++          | IniFile.entry (IniFile.entry_re - list_keys) sep comment
+           | empty
+ 
+ let title = IniFile.title_label "@group" (IniFile.record_re - /^end$/)
+diff --git a/lenses/tests/test_semanage.aug b/lenses/tests/test_semanage.aug
+index a6ceaca0..f76b95f3 100644
+--- a/lenses/tests/test_semanage.aug
++++ b/lenses/tests/test_semanage.aug
+@@ -68,7 +68,9 @@ test Semanage.lns get conf =
+    { "usepasswd" = "False" }
+    { "bzip-small" = "true" }
+    { "bzip-blocksize" = "5" }
+-   { "ignoredirs" = "/root" }
++   { "ignoredirs"
++     { "1" = "/root" }
++   }
+    { }
+    { "@group" = "sefcontext_compile"
+      { "path" = "/usr/sbin/sefcontext_compile" }
+diff --git a/tests/root/etc/selinux/semanage.conf b/tests/root/etc/selinux/semanage.conf
+new file mode 100644
+index 00000000..406f16f1
+--- /dev/null
++++ b/tests/root/etc/selinux/semanage.conf
+@@ -0,0 +1,60 @@
++# Authors: Jason Tang <jtang@tresys.com>
++#
++# Copyright (C) 2004-2005 Tresys Technology, LLC
++#
++#  This library is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU Lesser General Public
++#  License as published by the Free Software Foundation; either
++#  version 2.1 of the License, or (at your option) any later version.
++#
++#  This library is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++#  Lesser General Public License for more details.
++#
++#  You should have received a copy of the GNU Lesser General Public
++#  License along with this library; if not, write to the Free Software
++#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++#
++# Specify how libsemanage will interact with a SELinux policy manager.
++# The four options are:
++#
++#  "source"     - libsemanage manipulates a source SELinux policy
++#  "direct"     - libsemanage will write directly to a module store.
++#  /foo/bar     - Write by way of a policy management server, whose
++#                 named socket is at /foo/bar.  The path must begin
++#                 with a '/'.
++#  foo.com:4242 - Establish a TCP connection to a remote policy
++#                 management server at foo.com.  If there is a colon
++#                 then the remainder is interpreted as a port number;
++#                 otherwise default to port 4242.
++module-store = direct
++
++# When generating the final linked and expanded policy, by default
++# semanage will set the policy version to POLICYDB_VERSION_MAX, as
++# given in <sepol/policydb.h>.  Change this setting if a different
++# version is necessary.
++#policy-version = 19
++
++# expand-check check neverallow rules when executing all semanage
++# commands. There might be a penalty in execution time if this
++# option is enabled.
++expand-check=0
++
++# usepasswd check tells semanage to scan all pass word records for home directories
++# and setup the labeling correctly. If this is turned off, SELinux will label only /home
++# and home directories of users with SELinux login mappings defined, see
++# semanage login -l for the list of such users.
++# If you want to use a different home directory, you will need to use semanage fcontext command.
++# For example, if you had home dirs in /althome directory you would have to execute
++# semanage fcontext -a -e /home /althome
++usepasswd=False
++bzip-small=true
++bzip-blocksize=5
++ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
++optimize-policy=true
++
++[sefcontext_compile]
++path = /usr/sbin/sefcontext_compile
++args = -r $@
++[end]
+diff --git a/tests/xpath.tests b/tests/xpath.tests
+index 4278e433..71c998b8 100644
+--- a/tests/xpath.tests
++++ b/tests/xpath.tests
+@@ -109,6 +109,7 @@ test descendant-or-self /files/descendant-or-self :: 4
+      /files/etc/ssh/ssh_config/Host/SendEnv[1]/4 = LC_TIME
+      /files/etc/ssh/ssh_config/Host/SendEnv[2]/4 = LC_TELEPHONE
+      /files/etc/aliases/4
++     /files/etc/selinux/semanage.conf/ignoredirs/4 = /dev
+      /files/etc/fstab/4
+      /files/etc/pam.d/login/4
+      /files/etc/pam.d/newrole/4
+-- 
+2.31.1
+